==Phrack Magazine== Volume Five, Issue Forty-Six, File 1 of 28 Issue 46 Index ___________________ P H R A C K 4 6 September 20, 1994 ___________________ "La cotorra que chi, no canta" Honey, I'm home! Anyway, like the little proverb above indicates, I've been a very busy man since the last issue. I've been denied entry to a federal prison in North Carolina (imagine the irony of THAT); I've been whoring in the Red-Light District of Amsterdam with military intelligence officers from England, Spain and the US; estuve chicaito en Nuevo Lardeo; I've tested wireless networks in Canada; and I've been on TV a few more times. (No, nimrod, Phrack is not my job...I WORK for a living.) Needless to say, it has been a chore for me to get Phrack out at all, much less only a month or so past my self-imposed quarterly deadline. But hell, I love doing this magazine, so here it is. Phrack is the only way I can completely thrill and simultaneously piss off so many people at once, so I don't think I'll stop any time soon. Pissing people off. It's what I like to do, and it would appear that I'm quite good at it. I realize that there are several extremely vocal erikb-bashers out there. And to them I say, "smooches!" Let's face it, sour grapes make bad whiners. But hey, "As long as they're talking about Erikb, let 'em talk." (Sorry Mr. Ford) Besides piecing together this issue, I've been working on getting the WWW pages together. They still aren't 100%, but they are getting there. By the time I finally get them together, the Phrack Web Site should be the ultimate underground resource on the net. Check it out: http://freeside.com/phrack.html You may be interested in the federal prison remark from the first paragraph. I had a meeting at IBM out in Research Triangle Park. I figured that this would be an ideal time to go see Co/Dec who still has several years of federal time left to serve. Co/Dec is in the Federal Correctional Institute at Butner, North Carolina, a short 30 or so minutes from where I was staying in RTP. Anyway, I receive the necessary forms from Co/Dec to get on the approved visitors list, and sent them back in. After several weeks, Co/Dec said that I still had not been added. My trip was slated for a week away, so I called his counselor, Wilbert LeMay. Mr. LeMay told me that he never got my forms. I then fed-ex'ed a copy (that I luckily had kept). It arrived on Friday morning, and I was to arrive on Monday. Mr. LeMay had assured me that it would be no problem to get me added to Co/Dec's list. When I arrived on Monday, I called the prison to make sure the visit had been cleared. Mr. LeMay would not return my calls. In fact, not only would he not return any of the 5 or so calls I made, but he didn't even bother to enter my name on the visitor list until the Wednesday after I had already left North Carolina. I'm sorry, but this man must be a real prick. A bit of background on LeMay. First off, according to those on the inside, LeMay dislikes white people. He supposedly keeps a picture of slaves picking cotton on his desk as a constant reminder of the oppression his people were subjected to. But perhaps working in the prison system where you have constant view of the Aryan Brotherhood in action, I'm sure many would begin to feel likewise. (Can't we all just get along?) Secondly, LeMay dislikes Co/Dec. He put Co/Dec in solitary confinement for weeks because Co/Dec had a DOS MANUAL! A fucking DOS MANUAL! You do not put someone in the fucking hole for brushing up on the syntax for xcopy! You put them in the hole for inciting a fucking shank war, or for stealing food, or for punching a guard. Later, Co/Dec found himself in solitary confinement AGAIN because he traded some smokes for telephone parts he was going to use to fix a radio. The hole again. Not for weapons and drugs, NO! Much worse: wires and a speaker! The prison now considers Co/Dec a security risk, and read all OUTGOING mail he sends. Not just the regular reading of all incoming mail that any inmate would expect. He can't take any clases, he's had several more days added to his sentence for "bad time served," and in addition, all of his phone calls are live monitored and recorded. (A funny note, during one conversation I found that my touchtones would control the equipment they were using to record the call. The equipment they were using was improperly connected and gave off a terrible hum when activated. I kept turning off the recording, and the security officer kept having to turn it back on.) All of this, due to Counselor Wilbert LeMay. Thanks guy. If someone can so grossly abuse their power to completely remove the dignity of another human being, inmate or otherwise, that person needs to face severe disciplinary action. I'm writing the warden. Directory Assistance says that Wilbert can be reached at: Wilbert LeMay 701 East E St. Butner, NC 27509 919-575-6375 Fun fact: Butner is serviced by GTE. You know, its pretty odd that as hackers, we probably know a larger number of ex-cons and current inmates than most people. But anyway, on to Phrack. This issue is pretty odd in that "The Man" has consented to write a few syllables for us to distribute. Yes, Winn Schwartau submitted his unique perspectives of Defcon and HOPE. It's funny how many people left Defcon this year and ran home to find information on HIRF weapons after hearing Winn speak. (If you've actually built one by now, email me.) What else? GS1, Pagers, Voice Mail, VisaNet, Area 51, Programs, Conferences, and an incomplete university dialup list. (Putting out an incomplete list really irritates me, but hell, its taking a LOT longer than I expected to get some 1300 dialups without more help. AHEM!) Can you dig it? I knew that you could. ------------------------------------------------------------------------- READ THE FOLLOWING IMPORTANT REGISTRATION INFORMATION Corporate/Institutional/Government: If you are a business, institution or government agency, or otherwise employed by, contracted to or providing any consultation relating to computers, telecommunications or security of any kind to such an entity, this information pertains to you. You are instructed to read this agreement and comply with its terms and immediately destroy any copies of this publication existing in your possession (electronic or otherwise) until such a time as you have fulfilled your registration requirements. A form to request registration agreements is provided at the end of this file. Cost is $100.00 US per user for subscription registration. Cost of multi-user licenses will be negotiated on a site-by-site basis. Individual User: If you are an individual end user whose use is not on behalf of a business, organization or government agency, you may read and possess copies of Phrack Magazine free of charge. You may also distribute this magazine freely to any other such hobbyist or computer service provided for similar hobbyists. If you are unsure of your qualifications as an individual user, please contact us as we do not wish to withhold Phrack from anyone whose occupations are not in conflict with our readership. _______________________________________________________________ Phrack Magazine corporate/institutional/government agreement Notice to users ("Company"): READ THE FOLLOWING LEGAL AGREEMENT. Company's use and/or possession of this Magazine is conditioned upon compliance by company with the terms of this agreement. Any continued use or possession of this Magazine is conditioned upon payment by company of the negotiated fee specified in a letter of confirmation from Phrack Magazine. This magazine may not be distributed by Company to any outside corporation, organization or government agency. This agreement authorizes Company to use and possess the number of copies described in the confirmation letter from Phrack Magazine and for which Company has paid Phrack Magazine the negotiated agreement fee. If the confirmation letter from Phrack Magazine indicates that Company's agreement is "Corporate-Wide", this agreement will be deemed to cover copies duplicated and distributed by Company for use by any additional employees of Company during the Term, at no additional charge. This agreement will remain in effect for one year from the date of the confirmation letter from Phrack Magazine authorizing such continued use or such other period as is stated in the confirmation letter (the "Term"). If Company does not obtain a confirmation letter and pay the applicable agreement fee, Company is in violation of applicable US Copyright laws. This Magazine is protected by United States copyright laws and international treaty provisions. Company acknowledges that no title to the intellectual property in the Magazine is transferred to Company. Company further acknowledges that full ownership rights to the Magazine will remain the exclusive property of Phrack Magazine and Company will not acquire any rights to the Magazine except as expressly set forth in this agreement. Company agrees that any copies of the Magazine made by Company will contain the same proprietary notices which appear in this document. In the event of invalidity of any provision of this agreement, the parties agree that such invalidity shall not affect the validity of the remaining portions of this agreement. In no event shall Phrack Magazine be liable for consequential, incidental or indirect damages of any kind arising out of the delivery, performance or use of the information contained within the copy of this magazine, even if Phrack Magazine has been advised of the possibility of such damages. In no event will Phrack Magazine's liability for any claim, whether in contract, tort, or any other theory of liability, exceed the agreement fee paid by Company. This Agreement will be governed by the laws of the State of Texas as they are applied to agreements to be entered into and to be performed entirely within Texas. The United Nations Convention on Contracts for the International Sale of Goods is specifically disclaimed. This Agreement together with any Phrack Magazine confirmation letter constitute the entire agreement between Company and Phrack Magazine which supersedes any prior agreement, including any prior agreement from Phrack Magazine, or understanding, whether written or oral, relating to the subject matter of this Agreement. The terms and conditions of this Agreement shall apply to all orders submitted to Phrack Magazine and shall supersede any different or additional terms on purchase orders from Company. _________________________________________________________________ REGISTRATION INFORMATION REQUEST FORM We have approximately __________ users. Enclosed is $________ We desire Phrack Magazine distributed by (Choose one): Electronic Mail: _________ Hard Copy: _________ Diskette: _________ (Include size & computer format) Name:_______________________________ Dept:____________________ Company:_______________________________________________________ Address:_______________________________________________________ _______________________________________________________________ City/State/Province:___________________________________________ Country/Postal Code:___________________________________________ Telephone:____________________ Fax:__________________________ Send to: Phrack Magazine 603 W. 13th #1A-278 Austin, TX 78701 ----------------------------------------------------------------------------- Enjoy the magazine. It is for and by the hacking community. Period. Editor-In-Chief : Erik Bloodaxe (aka Chris Goggans) 3L33t : Ice-9 (for helping me get this done!) Rad Band : Green Day News : Datastream Cowboy Photography : The Man Prison Consultant : Co / Dec The Young Girl : Jane March Motor Trend's Car of the Year : The 2600 Van Dickhead of the Month : Wilbert LeMay at FCI Butner Thanks To : Szechuan Death, Carl Corey, The Shining, Dcypher Hitman Italy, Herd Beast, Dr. Delam, Maldoror, The Red Skull, PsychoSpy, Seven Up, Erudite, Ice Jey Special Thanks To : Winn Schwartau Phrack Magazine V. 5, #46, September 20, 1994. ISSN 1068-1035 Contents Copyright (C) 1994 Phrack Magazine, all rights reserved. Nothing may be reproduced in whole or in part without written permission of the Editor-In-Chief. Phrack Magazine is made available quarterly to the amateur computer hobbyist free of charge. Any corporate, government, legal, or otherwise commercial usage or possession (electronic or otherwise) is strictly prohibited without prior registration, and is in violation of applicable US Copyright laws. To subscribe, send email to phrack@well.sf.ca.us and ask to be added to the list. Phrack Magazine 603 W. 13th #1A-278 (Phrack Mailing Address) Austin, TX 78701 freeside.com (Phrack FTP Site) /pub/phrack http://freeside.com/phrack.html (Phrack WWW Home Page) phrack@well.sf.ca.us (Phrack E-mail Address) or phrackmag on America Online Submissions to the above email address may be encrypted with the following key : (Not that we use PGP or encourage its use or anything. Heavens no. That would be politically-incorrect. Maybe someone else is decrypting our mail for us on another machine that isn't used for Phrack publication. Yeah, that's it. :) ) ** ENCRYPTED SUBSCRIPTION REQUESTS WILL BE IGNORED ** Phrack goes out plaintext...you certainly can subscribe in plaintext. -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQCNAiuIr00AAAEEAMPGAJ+tzwSTQBjIz/IXs155El9QW8EPyIcd7NjQ98CRgJNy ltY43xMKv7HveHKqJC9KqpUYWwvEBLqlZ30H3gjbChXn+suU18K6V1xRvxgy21qi a4/qpCMxM9acukKOWYMWA0zg+xf3WShwauFWF7btqk7GojnlY1bCD+Ag5Uf1AAUR tCZQaHJhY2sgTWFnYXppbmUgPHBocmFja0B3ZWxsLnNmLmNhLnVzPg== =q2KB -----END PGP PUBLIC KEY BLOCK----- -= Phrack 46 =- Table Of Contents ~~~~~~~~~~~~~~~~~ 1. Introduction by The Editor 17 K 2. Phrack Loopback / Editorial 52 K 3. Line Noise 61 K 4. Line Noise 56 K 5. Phrack Prophile on Minor Threat 12 K 6. Paid Advertisement 62 K 7. Paid Advertisement (cont) 45 K 8. The Wonderful World of Pagers by Erik Bloodaxe 24 K 9. Legal Info by Szechuan Death 13 K 10. A Guide to Porno Boxes by Carl Corey 13 K 11. Unix Hacking - Tools of the Trade by The Shining 42 K 12. The fingerd Trojan Horse by Hitman Italy 32 K 13. The Phrack University Dialup List 12 K 14. A Little About Dialcom by Herd Beast 29 K 15. VisaNet Operations Part I by Ice Jey 50 K 16. VisaNet Operations Part II by Ice Jey 44 K 17. Gettin' Down 'N Dirty Wit Da GS/1 by Maldoror & Dr. Delam 25 K 18. Startalk by The Red Skull 21 K 19. Cyber Christ Meets Lady Luck Part I by Winn Schwartau 45 K 20. Cyber Christ Meets Lady Luck Part II by Winn Schwartau 42 K 21. The Groom Lake Desert Rat by PsychoSpy 44 K 22. HOPE by Erik Bloodaxe 51 K 23. Cyber Christ Bites the Big Apple by Winn Schwartau 60 K 24. The ABCs of Better Hotel Staying by Seven Up 12 K 25. AT&T Definity System 75/85 by Erudite 13 K 26. Keytrap v1.0 Keyboard Key Logger by Dcypher 35 K 27. International Scenes by Various Sources 44 K 28. Phrack World News by Datastream Cowboy 38 K Total: 996 K _______________________________________________________________________________ "Most hackers would have sold out their mother." Justin Tanner Peterson "Treason is loved of many but the traitor hated of all." Robert Greene (1552-1592) "They smile in your face, but all the while they want to take your place." The O'Jays ==Phrack Magazine== Volume Five, Issue Forty-Six, File 2 of 28 **************************************************************************** Phrack Loopback ------------------------------------------------------------------------------ I'd like to write you about my friends cat. His name is 'Cid. Cid loves reading, in fact he'll read just about anything, from the labels on his cat food tins to the instructions on the "real" use of his Grafix (incense burner :) ). Well one take, 'Cid (or was it me) was indulging in the reason he got his moniker and mentioned that he'd like to receive Phrack. Well i told him he could just subscribe to it and then he went into a real sob story about how he doesn't have net access. So as a favor to 'Cid (who really does exist, and really has tripped out on brain blotters) i'd like to subscribe to Phrack. [You my want to take note that Phrack can also be printed on paper. Now, that's a lot of blotter. You've got your subscription, now go watch some anime.] ------------------------------------------------------------------------------ I recently got a new job and shortly after beginning working there, they decided to retool and reorganize a bit for better productivity. While we were going through some old boxes and stuff, I came across a little black box with the words "Demon Dialer" molded into the front of it, it even had the (functional!) 20volt power supply. Needless to say I was pretty happy with my find. I asked if I could have it and since no one else there seemed to know what to make of it, mine it was! My only problem now... I've played around with it, and it seems to do a lot more than what I originally thought, but the fact of the matter is.. I really haven't the foggiest idea of how to get it to REALLY work for me. If anyone has any information, or better still, actual documentation for a Telephonics Inc, Demon Dialer.. I'd really appreciate passing it on to me. Also, something rater strange. The phone cable attached to it had a normal looking 4-wire connector on one end, but the other was split to have RJ jacks, one with the yellow-black combo and one with the red-green. The split ends (sorry :)) were plugged into the WALL and PHONE jacks on the demon dialer. The purpose for this perplexes me since one's supposed to be input and one's supposed to be a passthrough for the phone to be plugged into. Anyway, any info would be nice. Thanks guys. [Telephonics was one of those odd telco device manufacturers back in the 80's. They made the demon dialer (a speed dialing device), a two-line conference box, a divertor, etc. Essentially, they provided in hardware what the telco's were beginning to roll-out in software. I think the line splitter you have was merely plugged into those two jacks for storage purposes. What that probably was for was to allow two lines to use the Demon Dialer. It was probably just reversed when your company boxed it so it wouldn't get lost. I'm not sure if Telephonics is still in business. A good place to start looking for info would be comp.dcom.telecom or alt.dcom.telecom. Another good place may be Hello Direct (800-HI-HELLO). They used to do have Telephonics equipment available for mail-order.] ------------------------------------------------------------------------------ I saw an ad for a book called "Secrets of a SuperHacker" by Knightmare. Supposedly it intersperses tales of his exploits with code and examples. I have big doubts, but have you heard anything good/bad about it? [Your doubts are well founded. I got an advance copy of that book. Let's put it this way: does any book that contains over a dozen pages of "common passwords" sound like ground breaking material? This book is so like "Out of the Inner Circle" that I almost wanted to believe Knightmare (Dennis Fiery) was really yet another alias for Bill Landreth. Imagine "Out of the Inner Circle" with about a hundred or more extra pages of adjectives and examples that may have been useful years back. The Knightmare I knew, Tom in 602, whose bust by Gail Thackeray gave law enforcement a big buffer of the Black Ice Private BBS and help spark the infamous LOD Hacker Crackdown, certainly didn't have anything to do with this. In fact, the book has a kind of snide tone to it and is so clueless, that leads me to believe it may have been written by a cop or security type person looking to make a quick buck. As far as source code, well, there is a sample basic program that tries to emulate a university login. If you want a good book, go buy "Firewalls and Internet Security" by Cheswick and Bellovin.] ------------------------------------------------------------------------------ Hey Chris, I'm sure you are under a constant avalanche of requests for certain files, so I might as well add to your frustration . I know of a program that supposedly tracks cellular phone frequencies and displays them on a cellmap. However, I don't know the name of the program or (obviously) where to find this little gem. I was wondering if you could possibly enlighten me on a way to acquire a program similar to the one I have described. I have developed some other methods of tracking locations of cellular calls. However my methods rely on a database and manually mapping cellular phones, this method is strictly low tech. Of course this would be for experimental use only, therefore it would not be used to actually track actual, restricted, radio spectrum signals. I wouldn't want the aether Gestapo pummeling our heads and necks. [I don't know of anything that plots frequencies on a cellmap. How would you know the actual locations of cells for whatever city you may be in to plot them accurately? There are a number of programs written to listen to forward channel messages and tell you when a call is going to jump to another channel. The cellular telephone experimenter's kit from Network Wizards has a lot of nice C source that will let you write your own programs that work with their interface to the OKI 900. I suppose you could get the FCC database CD-ROM for your state and make note of longitude and latitude of cell sites and make your own database for your city, and then make a truly visual representation of a cellmap and watch calls move from cell to cell. But I don't think there is such a thing floating around the underground at present. Of course the carriers have this ability, and are more than happy to make it available to Law Enforcement (without a warrant mind you). Hi OJ! email Mark Lottor mw@nw.com for more info about the CTEK.] ------------------------------------------------------------------------------ I saw this in a HoHoCon ad: Top Ten Nark List 1. Traxxter 2. Scott Chasin 3. Chris Goggans 4. Aget Steal 5. Dale Drrew 6. Cliff Stoll 7. [blank] 8. Julio Fernandez 9. Scanman 10. Cori Braun What did Chris Goggans do? Isn't he Erik Bloodaxe, the publisher of Phrack? I sincerely doubt that the feds would have someone working for them that puts out a publication like Phrack. It would be way too much of an embarrassment for them. I wrote to the editor of Phrack when I read that Agent Steal said that the publisher of Phrack was a Fed - IN PHRACK no less. He said it was a stupid rumor. Is there anything to support this fact? And why is there now some manhunt for Agent Steal (at CFP the FBI was checking legs) if Steal was admittedly their employee? The whole thing is very confusing to me. Please explain. If Goggans isn't Bloodaxe then he'd Knight Lightning (this just came to me). Nevertheless, what's the story here? [First off, I think you take things a little too seriously. If you are on a nark hunt, worry about your associates, not people you obviously don't even know. Chris Goggans (ME) is most positively Erik Bloodaxe. Thanks for remembering. Agent Steal was involved with the FBI. This is a fact. In his case, he even appeared to have some kind of immunity while trying to gather information on other hackers like Mitnik and Poulsen. This immunity is under scrutiny by the Bureau's own Internal Affairs (or so the new rumors go), since Steal was pulling a fast one and committing crimes the Bureau didn't know about to get some quick cash while he set up his friends. My story is a bit more convoluted. You can sum it up by saying, if you interfere with my businesses, I'll try my best to track you down and turn you in. I guess I am a nark.] ------------------------------------------------------------------------------ I read in the last Phrack (45) that you wanted someone to write a few words on scrambling systems. Give me a rough outline of what you want and I'll see if I can help :-) Basically I wrote the Black Book (European Scrambling Systems 1,2,3,4,5 and World Satellite TV & Scrambling Methods) and also edit Hack Watch News & Syndicated HackWatch. They all deal with scrambling system hacks as opposed to computer hacking & phreaking. (Things are a bit iffy here as regards phreaking as all calls are logged but the eprom phone cards are easy to hack) Oh yeah and another claim to fame ;-) if you can call it that, is that I was quoted in an article on satellite piracy in "Wired" August issue. This Hawkwind character that you had an article from in Phrack43 sounds like a *real* hacker indeed :-> Actually there is an elite in Ireland but it is mainly concerned with satellite hacking and that Hawkwind character is obviously just a JAFA (Irish hacker expression - Just Another Fu**ing Amateur). Most of the advanced telco stuff is tested in the south of the country as Dublin is not really that important in terms of comms - most of the Atlantic path satellite comms gear and brains are on the south coast :-) Actually the Hawkwind article really pissed off some people here in Ireland - there were a few questions asked on my own bbs (Special Projects +353-51-50143) about this character. I am not even sure if the character is a real hacker or just a wannabe - there were no responses from any of his addresses. SP is sort of like the neutral territory for satellite and cable hacking information in Europe though there are a few US callers. With the way things are going with your new DBS DirecTv system in the US, it looks like the European satellite hackers are going to be supplying a lot of information (DirecTv's security overlay was developed by News Datacom - the developers of the totally hacked VideoCrypt system here in Europe). There telco here uses eprom phone cards. These are extremely easy to hack (well most real hackers in .IE work on breaking satellite scrambling systems that use smart cards) as they are only serial eprom. Regards [About the satellite information: YES! Write the biggest, best article the whole fucking hacker world has ever seen about every aspect of satellite tv!! Personally, I'm more interested in that than anything else anyone could possibly write (seeing as how I'm about to buy a dish for both C and Ku). About Hawkwind's article on hacking in Ireland: If I were to write an article about hacking in America, it would be entirely different than anyone else in America would write. A country is a big place. Just because someone else's hacking experience is different than your own, it's no reason to discredit them. However, if your exposure to the scene in Ireland is so completely different than Hawkwind's, I would LOVE to print it as well.] ------------------------------------------------------------------------------ The Columbus Freenet uses a password generating routine that takes the first and last initial of the user's real name, and inserts it into a randomly chosen template. Some of the templates are: E(f)www5(l) (f)22ww5(l) where f and l are first and last initials (f)2ww97(l) (f)2ww95(l) and so on. There are not too many of these templates, I guess maybe 50. I imagine most people go in and change their password right away, but then again that's what a prudent person would do (so they probably don't). Columbus 2600 meetings: Fungal Mutoid-sysop of The KrackBaby BBS (614-326-3933) organized the first 2600 meetings in Columbus, unfortunately hardly anyone shows up... I don't know why HP is so dead in Central Ohio, but fear and paranoia run rampant. That's all for now...keep up with the good work! R.U.Serius?! [Hmmm...templates are always a bad thing. All one has to do is get the program that generates them, and viola, you've got a pre-made dict file for your crack program. Not very smart on the part of the Freenet, but hacking a Freenet, is like kicking a puppy. I hope more people go to your 2600 meetings. The ones here in Austin kinda died out too. Maybe our cities are just lame.] ------------------------------------------------------------------------------ A complaint: That piece about McDonald's in Phrack 45 was, in a word, LAME. Surely Phrack can do better. Maliciousness for its own sake isn't very interesting and frankly the article didn't have any ideas that a bored 13-year-old couldn't have thought up--probably written by one. That aside, I found some good stuff in there. Some of it was old news, but Phrack serves an archival purpose too, so that was ok. On a more personal note, I could really relate to your account of HoHoCon--not that I was there, just that I have started to feel old lately even though I don't turn 25 for another 2 days :) Sometimes I feel myself saying things like "Why, sonny, when I was your age the Apple II was king..." Keep up the good work, and don't let the lamers get you down. [Thanks for the letter. I personally thought the McDonald's file was a laugh riot. Even if it was juvenile and moronic, I wouldn't expect anyone to analyze it and go through with anything it contained. It was just for fun. Lighten up :) I am glad to see that at least someone else recognizes that Phrack is attempting to serve as an archive of our subculture, rather than just a collection of technical info that will be outdated overnight, or a buglist that will be rendered mostly unusable within hours of release. There is so much going on within the community, and it is becoming such a spectacle in the popular media, that in 20 years, we can all go back and look at Phrack and remember the people, places, and meetings that changed the face of the net. Or maybe I'm just terribly lame, and either 1) refuse to put in the good stuff, 2) don't have access to the good stuff, 3) exist only as a puppet agent of The Man, or 4) Don't know nothin' 'bout Telco! But you know what they say about opinions.] ---------------------------------------------------------------------------- I have a few comments on your editorial in Phrack 44 (on information wants to be free). Thanks for voicing an opinion that is shared by many of us. I am glad to see a public figure in the CuG with nutz enuff to actually come out and make such a statement and mean it. Again, thanks. Now on the subject of hacking as a whole. Is it just me, or are the number of losers on the increase? There have always been those who would try and apply these skills to ripoff scams and system trashing but now that seems to be the sole intent of many of the "hackers" I come into contact with. What ever happened to hacking to learn more about the system. To really hack a system (be it phone, computer), is a test of skill and determination, and upon success you walk away with a greater understanding of the machine and its software. Hacking is more than just knowing how to run crack on a filched password file, or using some exploitation scripts picked up on IRC, it is a quest for knowledge and gaining superiority over a system by use of great skill acquired by a deliberate effort. Once was a time when things like toll fraud (I do miss blue boxes) were a means to an end, now they seem to be the end in itself. Also, I am researching info on OSI comsec procedures and have found some really interesting goodies, if you are interested in publishing my piece when completed, let me know.. [(NOTE: This came from a .mil) Man, I'm glad to see that people in the armed forces still have minds of their own. Not many people would express such a thing openly. Yes, the destructive/profit-motivated trends of many of the hackers of today are pretty sad. But you have to realize, as the technology becomes more and more like consumer electronics, rather than the traditional mold of computer as scientific research tool, an entirely different market segment will be exposed to it and use the technology for less than scrupulous means. Even the act of hacking itself. Today, I can basically gain access to any model of system known to man by asking. I realize that there are many who cannot accomplish such a thing, but with the proliferation of public access sites, almost everyone can afford access to the net to explore and learn. The point comes down to this: if you have an account on a Sun, why do you need an account on a Sun at Boeing, unless you either 1) want to sell the cad files of the 777 to Airbus or McDonnell-Douglas 2) want to get financial information to make a killing on Wall Street, or 3) just want to have an ego boost and say "I OWN BOEING!" Personally, I can understand the ego boost aspect, but I've decided that I'd much rather get paid by a company like Boeing to hack for them than against them. I don't want to sell anyone's info, so hacking into any company is basically useless to me, unless they are paying me to look for potential weaknesses. Granted, it's not an easy market to get into, but it's a goal to shoot for. And for those who find it impossible to quit due to fear of losing their edge, check out my editorial in this issue for a possible solution.] ------------------------------------------------------------------------------ I am looking for a Macintosh app that does the same thing as an app called "Demon Dial" that has been lost in the annals of software history due to the fact that some people (sysops) question whether it is illegal software (it dials up a series of phone #'s looking for data connections). Do you know where I could find an application for the Mac that does this simple function? [We had a guy ask in an earlier issue for Macintosh hacking/phreaking apps. Noone responded. Hell, I know SOMEONE has to use a Mac out there. Are you Mac-weenies all embarrassed to speak up? Hell, uuencode and email me your aps, and I'll put them up for ftp! Help out your poor fellow Macintosh users. I certainly would if I could, but the thought of touching a Mac gives me the chills.] ------------------------------------------------------------------------------ Have you ever heard of being denied access to your own cell phone? I am currently in the process of buying a cell phone and was informed that I COULD NOT have the programming guide of the security code they enter to program my phone. In my opinion the key word is "MY." If I get a digital security system for my house you better damn well figure I will have the security codes for that. The phone was a Motorola flip phone. I called Motorola and explained how displeased I was with this company and they said they could not interfere with a reps. policy. When I was selling car phone we kept the programming guide unless they asked for it. I demanded it and they laughed in my face. Who said "the customer is always right" anyway? Thanks, any info is greatly appreciated. By the way, you wouldn't happen to have the CN/A number for 815 would you? Also, any ANAC would be very helpful. [Well, I hate to say it, but you got typical service from your cellular agent. Let's face it, these sales reps probably knew about as much about that programming manual as I do nuclear physics: "Its confusing, but if you understand it, you can fuck things up." I am surprised that Motorola wouldn't sell you the book though. Motorola will sell anybody anything. You probably called the wrong place. Moto is so huge they've got multiple groups working on somewhat similar technologies with absolutely no communication between the groups. Sometimes they are in different countries, but sometimes they are in the same city! I would suggest you call a local FAE (Field Applications Engineer) and get them to get the book for you. Make up some story about working on some computer controlled application with the phone, and that you need any and all documentation on the phone. They'll do it. Money is money. As far as the 815 CNA, hell, just call the business office. I haven't called a CNA in years, only the business office. They are nice people. And no PINs. 815 ANAC: ok guys, someone must have one...email it! "The customer is always right" wasn't in Bartlett's or Columbia's books of famous quotations. I guess that phrase has been written out of out history. So, from now on you aren't always right, I guess.] ------------------------------------------------------------------------------ Dear Phrack: We want you! We want you to be a part of our cutting edge documentary that is traversing across the "NEW EDGE" of computers, culture, and chaos. Working in conjunction with Douglas Rushkoff, the best selling author of "CYBERIA," we are currently gathering together the leaders of this technological and cultural revolution. This is not a documentary in the traditional sense of the word. It is more of an exploration, a journey, a unique vision of the world as seen through the eyes of those who live on the bleeding edge; where technology, art, science, music, pleasure, and new thoughts collide. A place people like you and me like to call home. "New Edge" will deliver a slice of creativity, insanity, and infallibility, and feed those who are hungry for more than what Main Street USA has to offer. This project will detonate across the US and around the world. It will become the who's who of the new frontier and you belong on it's illustrious list of futurians. Please look over the enclosed press release description of the project. Phrack has long been the ultimate source for hack/phreak info, and helped to push the limits of free speech and information. The role that Phrack has played in the Steve Jackson Games Case set an important precedent for CyberLaw. We will also be interviewing several people from the EFF. Please call me ASAP to schedule an interview for "New Edge", or send me E-Mail. Sincerely, Todd LeValley Producer, N E W E D G E (310) 545-8138 Tel/Fax belief@eworld.com W E L C O M E T O T H E W O R L D O N T H E E D G E O F T H E F U T U R E W E L C O M E T O T H E N E W E D G E -the documentary- T h e O r g a n i z a t i o n Belief Productions in association with Film Forum. T h e M i s s i o n Journey through the labyrinth of cyberia and experience the people, places and philosophy that construct cyberspace and the shores of the technological frontier. This fast paced visual voyage through the digital revolution will feature interviews with the innovators, artists, cyberpunks, and visionaries from all sides of the planet. These specialists are the futurists who are engineering our cybergenic tomorrow in laboratories today. Along the way we will investigate the numerous social and political issues which are cropping up as each foot of fiber optic cable is laid. Artificial intelligence, the Internet, nanotechnology, interactive media, computer viruses, electronic music, and virtual reality are just a few of the many nodes our journey will explore. T h e F u n d i n g This exploration is sponsored in part by a grant from The Annenberg Foundation in association with the LA based non-profit cutting-edge media group Film Forum. T h e P r o c e s s The New Edge project will capture moving images with a variety of input devices and then assemble them into one fluid documentary using Apple Macintosh Quadras & PowerMac computers. The post production work will be done entirely on the computers using the Radius Video Vision Telecast Board in conjunction with Quicktime software applications such as Adobe Premiere 4.0 and CoSA After Effects 2.01. The final piece will be recorded to BETACAM SP videotape for exhibition and distribution. The capture formats for the project will include: BETACAM SP, Super VHS, Hi-8, 16MM Film, Super-8 Film, 35MM Stills, and the Fisher Price Pixelvision 2000. T h e R e s u l t s New Edge will pride itself on an innovative visual and aural style which before today, could only be created on high-end professional video systems and only for short format spots. The New Edge documentary will be two hours in length and will have a dense, layered look previously featured only in much shorter pieces. New Edge will be a showcase piece not only for the content contained within, but for the way in which the piece was produced. It will be a spectacular tribute to the products and technology involved in its creation. D i s t r i b u t i o n Direct Cinema - Distributes videos to Libraries, Schools, and Universities throughout the United States. Mico Entertainment/NHK Enterprises - Provider of American programming for Japanese Television. Labyrinth Media Ltd. - European reality-based documentary distributor T h e A u d i e n c e New Edge is aimed at both the technophiles and technophobes alike. While the show will feature very complex and sophisticated topics, the discussions will be structured to appeal to both those who do and do not have the technical framework that underlines the cyberian movement. The show's content and style will make it readily available to the MTV and Generation X demographic groups as well as executives who want to stay on top of the latest technological advances. Individuals who read Mondo 2000 and Wired magazine will also naturally latch on to this electronic presentation of their favorite topics. T h e G u i d e s Mike Goedecke - Director/Graphic Designer Mike was the Writer/Director/Cinematographer for the Interplay CD-ROM game entitled Sim City. Acting as graphic designer for the Voyager Co.- Criterion Laser Disc Division his work is featured on titles such as: Akira, DEVO-The Truth About De-Evolution, The Adventures of Baron Munchausen, and Spartacus. Most recently he collaborated with Los Angeles Video Artist Art Nomura on a video installation piece entitled Digital Mandala. The piece was edited, composited , and mastered to Laser Disc using an Apple Macintosh Computer and off-the-shelf software. The installation is scheduled to tour museums and art galleries across the United States and Europe. While attending Cinema/Television Graduate School at the University of Southern California, Mike directed the award winning documentary short Rhythm, which celebrates various musical cultures. Todd LeValley - Producer/Graphic Designer Todd is the Producer/Director of CyberCulture: Visions From The New Edge, a documentary that introduces the electronic underground. This project has been warmly received at numerous "Cyber Festivals" around the country, as well as at the Director's Guild Of America, and is currently being distributed by FringeWare Inc. Todd's commercial experience includes being the in-house graphic designer for Barbour/Langley Productions designing, compositing, and producing the graphic packages for several 20th Century Fox Television pilots and The Sci-Fi Trader for the USA Network/Sci-Fi Channel. Todd is a graduate of the Cinema/Television program at Loyola Marymount University. Jeff Runyan - Cinematographer/Editor Jeff received an MFA from the University of Southern California's Graduate School of Cinema/Television with an emphasis in cinematography and editing. He studied cinematography under the guidance of Woody Omens, ASC. and Earl Rath, ASC., and editing with Edward Dmytryk. Jeff was the cinematographer on the award wining documentary Rhythm. He has recently completed shooting and editing a documentary on Academy Award winning Cinematographer Conrad Hall for the ASC and has just finished directing a short film for USC Teleproductions. Douglas Rushkoff - Cyber Consultant/Author Douglas is the author of the best selling Harper Collins San Francisco novel, Cyberia. He spent two years of his life living among the key players in the cyber universe. Douglas knows the New Edge well and is providing us with the map to its points of interest, rest stops and travelers. For more information, please contact: Todd LeValley, Producer Belief Productions (310) 545-8138 belief@eworld.com [Dear New Edge: You have got to be kidding me. "Readers of Wired and Mondo 2000 will naturally latch on to this electronic presentation of their favorite topics?" Aren't we awful fucking high on ourselves? Christ. Mondo & Wired readers and writers (and stars) are themselves so fucking far removed from the real meat of the underground, that they wouldn't even be able to relate to it. Obviously this "documentary" is going to be aimed at the wannabes who sit at home furiously masturbating to "Cyborgasm" while installing FRACTINT, being very careful not to soil their copy of "The Hacker Crackdown." Oh joy. These guys are so fucking out of it, they sent me two letters. One addressed to Phrack, the other to Phrack / Emmanuel Goldstein. Maybe they think we're 2600. CYBER-COUNT: 12 occurrences. That's kind of low. I'm surprised your public relations people didn't have you add in a few more cyber-this's or cyber-that's into the blurb. Gotta keep that cyber-count high if you want to get those digi-bucks out of those cyberians! CYBER!!! Read my review of Cyberia guys...find a new pop-fad to milk for cash.] ------------------------------------------------------------------------------ In less than 3 weeks, I will be leaving for Basic Training. Once out of there, I will be working on Satellite Data Transmissions for the US Army. I am highly excited, just waiting to see what type of computers I will be working on. Anyways, I will be enrolled in a 32-week accelerated technical class teaching me all about satellites, and the computers that I will be using. Here's the kick. I'll be writing a series of Tech Journals detailing the workings/operations of/weaknesses, and the use of the systems. I was wondering if you would be interested in carrying these. I've read Phrack for a long time, but it is an off the wall subject. I'll also be playing with the military phone system, in hopes of finding out what the ABCD tones do. (I heard from a file that Military phones utilize them but I'm still a civilian, and am clueless). Thanks for keeping me informed Kalisti! [Sorry to hear about your impending Basic Training. I'm not big on the military, as they would make me chop off all my hair. About the Satellite systems: YES If you do indeed find time to write up any files on how they work, systems involved, weaknesses, etc. I'D LOVE TO PRINT THAT! Just make sure you don't blow your clearance. Satellites are very cool. I'm about to buy a Ku Band disk to do some packet radio type stuff. A bit low-tech compared to the Army, but hell, I'm on a budget. ABCD...they are used for prioritizing calls on AUTOVON. FTS doesn't use them (I think), and they can only be used on certain lines. They are: A = priority B = priority override C = flash D = flash override For instance, if you want to make it known that this is an important call, you hit the "a" button before dialing. It establishes a priority-class call, which may cause a light to come on or something as equally attention grabbing at the called party's end. Priority calls cannot be interrupted, except by a Priority Override" etc, with Flash Override being the highest class. If you do these from an improper line, you will get an error message. The one I used to get when BS'ing AUTOVON op's long ago was "The President's use of this line is not authorized." Funny. Let me know if any of this is still valid.] ------------------------------------------------------------------------------ Dear Phrack, The following is a copy of a Toneloc found file my friend got. As happens to my friend a lot the numbers aren't valid. But, you'll see he found at least one System 75. It appears that the 75 had a tracer installed on it already. My friend did not get a call back on it, and nothing has been done as far as we know. But, I still wonder -- Is scanning no longer safe? Castor [612] 56X-XXXX 22:57:34 03-Apr-94 C CONNECT 1200 Login: b Password: INCORRECT LOGIN Login: c Password: INCORRECT LOGIN 56X-XXXX 23:04:12 03-Apr-94 C CONNECT 1200 c Unknown command error Ready d Unknown command error Ready e Unknown command error Ready b Unknown command error Ready 56X-XXXX 23:49:19 03-Apr-94 C CONNECT 1200 KEYBOARD LOCKED, WAIT FOR LOGIN [1;24r [1;1H [0J Login: b Password: INCORRECT LOGIN 56X-XXXX 01:23:28 04-Apr-94 C CONNECT 1200 Login: b Password: INCORRECT LOGIN Call traced to 612-XXX-XXXX. Saving number in security log for further investigation. [Jeez. That sure does suck. Well, live and learn kiddoes. 1994 is not the time to be hacking by direct dialing local numbers. It's just not all that smart. Caller-ID has been tariffed in a lot of RBOCS. A lot of modem manufacturers implemented caller-id features into their equipment. Having these features in the equipment means that it won't be long before people redesign all their login programs to make use of these features. I would. I've got an ISDN line. Every time I call out, the SPID (phone number) of the B channel I'm using is broadcast. There is nothing I can do about that. On a remote connection, almost all decent ISDN terminal adaptors have the option to block any SPID they don't know. They won't even answer the phone, because they receive and interpret the phone number before any session is established. Yeah, well, that's ISDN, but it will not take a genius to do a few quick hacks on some linux box and we will suddenly be inundated with all kinds of "security packages" that use modems with Caller-ID. Yeah, I know, *67 (or whatever it is) to block the data, or route the call through another carrier so the data won't get passed (10288-NXX-XXXX). The data is still in the system, just not being transmitted from the switch out to the party being called. It amazes me how many really smart people I know have been busted solely because they were hacking local systems and calling them directly. Scanning has always been a very tricky subject. Since you are paying for a phone line, and if you have flat-rate service, you are thereby entitled to call as many numbers as you want. The big issue a while back was dialing sequentially (which set some telcos on a rampage because call usage patterns looked like telemarketing machines). The other problem is harassment. One call to an individual is a wrong number. Two is bordering on harassment. So, doing a complete scan and calling the carriers back through some other method would be a fairly good idea. And always have your calls forwarded to a non-working number so the 5,000 assholes who call-return you during the scan won't interfere. If you are lucky enough to live in the boonies, you are probably still somewhat safe, but everyone else...be careful.] ------------------------------------------------------------------------------ Phrack- I was wondering if anyone has ever done an article on breaking Novell Network through a workstation. I've heard it can be done through the SysAdmin computer, but is there a way to find the userlist and passwords? Also how would I go about cleaning up after myself so as to not leave a trace on the logs. I would appreciate a way other than screen capture, but if anyone knows of a good boot record booting program to do a capture of every key typed that would be great, and maybe it could be uuencoded in the next Phrack! Thanks again for making the best, ass kickin', a step above the rest, brain moving, earth shaking, body shivering, fist shaking, totally bitchin', muy excelente, awesome H/P magazine in the whole world! :) Sincerely, The Warden [Thanks for the compliments... About your question though, I'm not quite sure what you mean. In a NetWare environment there really isn't any userlist and passwords that you can get at. You can run the syscon utility and look at all the usernames, but not much more. The passwords are stored in what's known as the "bindery." These are 3 files in the sys/system directory called NET$OBJ.SYS, NET$VAL.SYS, and NET$PROP.SYS. If you can pull a password out of those files, I will shit in my hat and eat it. Beyond that, yes, a key-capture program is definitely the ideal solution for monitoring activity on a PC workstation. There is one in this issue.] ------------------------------------------------------------------------------ Hi, I've Been reading your magazine for a long time now, my eyes light up when I see an advert for a UK BBS with related hacking/phreaking articles or files on it, but when I try to ring them they are usually gone. I've been searching for ages for BBS's in the UK with these kind of articles on them but I've had no luck, Even postings on the USENET had little results. I have had a few boards which are shady but they ask unusual questions about abiding to rules/laws about hacking then they prompt with fake login and registration schemes. If you have some, could you possibly send or publish a list of shady UK BBS's Id be extremely grateful Cheers, Steven [Steven: Hell, I don't even know the numbers to any "shady" bulletin boards here in America. The only UK hacker bbs I knew of in recent years was Unauthorised Access, but I'm sure that's the advert you are referring to. Maybe someone else in the UK knows something decent to call over there. Any takers? ] ------------------------------------------------------------------------------ [THE GRADY FILES] Many of you may remember the NSA Security Manual we published last issue. That single file generated more press and hype than I'd seen in a long time. It was mentioned in several newspapers, it appeared on television. It was ridiculous. The document is available to anyone who can fill out a FIOA request. Regardless, people went zany. At first I couldn't figure out why everyone was so worked up, and then I caught wind of Grady Ward. Grady had posted the document to the net (with all mention of Phrack deleted from it) in several USENET forums alt.politics.org.nsa, talk.politics.crypto and comp.org.eff.talk. Several readers of Phrack were quick to jump up and point out that Grady had obtained it from the magazine (thanks guys!) which he grudgingly admitted. Grady got to be in the spotlight for a while as the Phrack/NSA Handbook thread continued to grow. In the meantime, Grady was either calling, or giving him the benefit of the doubt, getting called by an awful lot of press. And even more compelling is the way he'd began pronouncing my impending federal raid on so many newsgroups. And of course, I don't have time to read any of that USENET crap so I'm oblivious to all of this. Then I got a message from Grady. [GRADY WRITES] You might want to get ready for the FBI serving a warrant on you for information about the NSA security employee manual published in Phrack 45; the NSA security people called me about 10 minutes ago to talk about how it got on the net. I being very cooperative, gave him your address in Austin. Grady 707-826-7715 [I REPLY] Get a grip. Nothing that was contained in that file could not be obtained through other sources. [GRADY REPLIES] Just because you did nothing illegal, doesn't mean that you won't be annoyed by the FBI. Generally they will be very polite however. Gripping. Now what? [I REPLY] Ok, If someone actually did contact you, what was his name and number. I will forward that to my lawyer. [GRADY REPLIES] I have received your mail regarding "Re: NSA" It will be read immediately when I return. If you are seeking more information on the Moby lexical databases, please run finger grady@netcom.com for general information or help downloading live samples and a postscript version of our current brochure via anonymous ftp. Thanks - Grady Ward ------------------- He never answered my mail. ------------------------------------------------------------------------------ Dear Sir: Please refrain from sending such material to this address in the future! Since this address has been usubscribed from the Phrack mailing list, it means that further mailings are undesirable. I would also wish to remind you that maintaining lists of people's email without consent is quite immoral and devious. How hypocritical of you, who decry all such behavior when it is practiced by corporations or governments. Thank you. robbie@mundoe.maths.mu.oz.au [PHRACK EDITOR ABUSES POWER: Dear Sir: Please excuse the mailing. Have you ever heard of a mistake? Have you ever heard of an oversight? Is it really that much of an inconvenience for you to hit the "d" key to remove one small piece of unwanted mail? This being said, I would also like to invite you to go fuck yourself. ** I guess this guy does not like to get unsolicited mail **] ------------------------------------------------------------------------------ You people really piss me off! You're undermining the fun and enjoyment of the rest of the internet users just for your juvenile games and illegal activities. Do you realize how much better off we'd be if you all just went away and left the Net to honest people like me? There is no place in today's society for a bunch of maladjusted paranoid psychotics like yourselves. Please do all of us users a favor and go jump in a river. Kevin Barnes kebar@netcom.com [ABUSE OF POWER CONTINUES...WILL ERIKB EVER STOP? Hey Keith: Thanks a lot for the letter! You know, it does my heart good to hear from such kind and caring folks like yourself. It's so fortunate for the Internet that there are people like yourself who take it upon themselves to become martyrs for their causes and express their ideals in such an intelligent manner. It's fascinating to me that you can send such email sight-unseen. Do you know who you are writing to? Do you even have the slightest idea? What do you hope to accomplish? Do you have any idea? This particular "maladjusted paranoid psychotic" to whom you have so eloquently addressed is an engineer in the R&D of a Fortune 500 computer company, and that along with outside consulting will net me about six-figures this tax year. I've consulted for telephone companies, governments, aerospace, financial institutions, oil companies (the list goes on...) and quite frankly I don't do anything even remotely illegal. In fact, one recent and quite prominent quote from me was "I only hack for money." Now, about the silent majority of "honest people" like yourself that you have so self-rightously chosen to represent... I've been using the net since the early 80's (arpa-days) initially through a rms granted guest account on MIT-OZ. I've continued to work with other Internet Providers to cover the asses of the so-called "honest people" of which you include yourself. Now, in my view, if it were not for people like us, who consistently expose and pinpoint weaknesses in the operating systems and networking technologies that you use for your "fun and enjoyment" and that I use for MY JOB, you would continue to be at serious risk. But, perhaps ignorance is truly bliss, and if so, then Keith, you are probably one of the happiest people on this fine planet. Now, per your request, I may just go jump in a river, as the one near my house is quite nice, and it is almost 100 degrees here in Texas. I only ask that you do me one small favor: print out 500 copies of this letter, roll them up into a paper fist, and shove them into any orifice on your person that meets your criteria as deserving. ** I guess this guy doesn't like me...or you ** EDITORIAL ABUSE ENDS] ----------------------------------------------------------------------------- ==Phrack Magazine== Volume Five, Issue Forty-Six, File 2a of 28 **************************************************************************** Phrack Editorial If you aren't from America, this editorial really isn't meant for you, so read on with warning, or go on to the next file. ----------------------------------------------------------------------------- Stupid hackers. We've got to do something to clean up our image. We truly are "America's Most Valuable Resource," as ex-CIA spook Robert Steele has said so many times. But if we don't stop screwing over our own countrymen, we will never be looked at as anything more than common gutter trash. Hacking computers for the sole purpose of collecting systems like space-age baseball cards is stupid, pointless and can only lead to a quick trip up the river. Obviously, no one is going to stop hacking. I've been lucky in that I've found people willing to pay me to hack for them rather than against them, but not everyone can score such a coup. What kind of alternative can the rest of the community have? Let's say that everyone was given an opportunity to hack without any worry of prosecution with free access to a safe system to hack from, with the only catch being that you could not hack certain systems. Military, government, financial, commercial and university systems would all still be fair game. Every operating system, every application, every network type all open to your curious minds. Would this be a good alternative? Could you follow a few simple guidelines for the offer of virtually unlimited hacking with no worry of governmental interference? Where am I going with this? Right now we are at war. You may not realize it, but we all feel the implications of this war, because it's a war with no allies, and enormous stakes. It's a war of economics. The very countries that shake our hands over the conference tables of NATO and the United Nations are picking our pockets. Whether it be the blatant theft of American R&D by Japanese firms, or the clandestine and governmentally-sanctioned bugging of Air France first-class seating, or the cloak-and-dagger hacking of the SWIFT network by the German BND's Project Rahab, America is getting fucked. Every country on the planet is coming at us. Let's face it, we are the leaders in everything. Period. Every important discovery in this century has been by an American or by an American company. Certainly other countries have better profited by our discoveries, but nonetheless, we are the world's think-tank. So, is it fair that we keep getting shafted by these so-called "allies?" Is it fair that we sit idly by, like some old hound too lazy to scratch at the ticks sucking out our life's blood by the gallon? Hell no. Let's say that an enterprising group of computer hackers decided to strike back. Using equipment bought legally, using network connections obtained and paid for legally, and making sure that all usage was tracked and paid for, this same group began a systematic attack of foreign computers. Then, upon having gained access, gave any and all information obtained to American corporations and the Federal government. What laws would be broken? Federal Computer Crime Statutes specifically target so-called "Federal Interest Computers." (ie: banks, telecommunications, military, etc.) Since these attacks would involve foreign systems, those statutes would not apply. If all calls and network connections were promptly paid for, no toll-fraud or other communications related laws would apply. International law is so muddled that the chances of getting extradited by a country like France for breaking into systems in Paris from Albuquerque is slim at best. Even more slim when factoring in that the information gained was given to the CIA and American corporations. Every hacking case involving international breakins has been tried and convicted based on other crimes. Although the media may spray headlines like "Dutch Hackers Invade Internet" or "German Hackers Raid NASA," those hackers were tried for breaking into systems within THEIR OWN COUNTRIES...not somewhere else. 8lgm in England got press for hacking world-wide, but got nailed hacking locally. Australia's Realm Hackers: Phoenix, Electron & Nom hacked almost exclusively other countries, but use of AT&T calling cards rather than Australian Telecom got them a charge of defrauding the Australian government. Dutch hacker RGB got huge press hacking a US military site and creating a "dquayle" account, but got nailed while hacking a local university. The list goes on and on. I asked several people about the workability of my proposal. Most seemed to concur that it was highly unlikely that anyone would have to fear any action by American law enforcement, or of extradition to foreign soil to face charges there. The most likely form of retribution would be eradication by agents of that government. (Can you say, "Hagbard?") Well, I'm willing to take that chance, but only after I get further information from as many different sources as I can. I'm not looking for anyone to condone these actions, nor to finance them. I'm only interested in any possible legal action that may interfere with my freedom. I'm drafting a letter that will be sent to as many different people as possible to gather a fully-formed opinion on the possible legal ramifications of such an undertaking. The letter will be sent to the FBI, SS, CIA, NSA, NRO, Joint Chiefs, National Security Council, Congress, Armed Forces, members of local and state police forces, lawyers, professors, security professionals, and anyone else I can think of. Their answers will help fully form my decision, and perhaps if I pass along their answers, will help influence other American hackers. We must take the offensive, and attack the electronic borders of other countries as vigorously as they attack us, if not more so. This is indeed a war, and America must not lose. ->Erik Bloodaxe...Hacker...American. --------------------------- Ok, so maybe that was a bit much. But any excuse to hack without fear should be reason enough to exert a bit of Nationalism. I'd much rather be taken out by the French in some covert operation and go out a martyr, than catch AIDS after being raped by the Texas Syndicate in the metal shop of some Federal Prison. Wouldn't you? ==Phrack Magazine== Volume Five, Issue Forty-Six, File 3 of 28 // // /\ // ==== // // //\\ // ==== ==== // // \\/ ==== /\ // // \\ // /=== ==== //\\ // // // // \=\ ==== // \\/ \\ // // ===/ ==== PART I ------------------------------------------------------------------------------ !! NEW PHRACK CONTEST !! Phrack Magazine is sponsoring a programming contest open to anyone who wishes to enter. Write the Next Internet Worm! Write the world's best X Windows wardialer! Code something that makes COPS & SATAN look like high school Introduction to Computing assignments. Make the OKI 1150 a scanning, tracking, vampire- phone. Write an NLM! Write a TSR! Write a stupid game! It doesn't matter what you write, or what computer it's for! It only matters that you enter! Win from the following prizes: Computer Hardware & Peripherals System Software Complete Compiler packages CD-ROMS T-Shirts Magazine Subscriptions and MANY MORE! STOP CRACKING PASSWORDS AND DO SOMETHING WITH YOUR LIFE! Enter the PHRACK PROGRAMMING CONTEST! The rules are very simple: 1) All programs must be original works. No submissions of previously copyrighted materials or works prepared by third parties will be judged. 2) All entries must be sent in as source code only. Any programming language is acceptable. Programs must compile and run without any modifications needed by the judges. If programs are specific to certain platforms, please designate that platform. If special hardware is needed, please specify what hardware is required. If include libraries are needed, they should be submitted in addition to the main program. 3) No virii accepted. An exception may be made for such programs that are developed for operating systems other than AMIGA/Dos, System 7, MS-DOS (or variants), or OS/2. Suitable exceptions could be, but are not limited to, UNIX (any variant), VMS or MVS. 4) Entries may be submitted via email or magnetic media. Email should be directed to phrack@well.com. Tapes, Diskettes or other storage media should be sent to Phrack Magazine 603 W. 13th #1A-278 Austin, TX 78701 5) Programs will be judged by a panel of judges based on programming skill displayed, originality, usability, user interface, documentation, and creativity. 6) Phrack Magazine will make no claims to the works submitted, and the rights to the software are understood to be retained by the program author. However, by entering, the Author thereby grants Phrack Magazine permission to reprint the program source code in future issues. 7) All Entries must be received by 12-31-94. Prizes to be awarded by 3-1-95. -------------------------INCLUDE THIS FORM WITH ENTRY------------------------- Author: Email Address: Mailing Address: Program Name: Description: Hardware & Software Platform(s) Developed For: Special Equipment Needed (modem, ethernet cards, sound cards, etc): Other Comments: ------------------------------------------------------------------------------ COMPUTER COP PROPHILE FOLLOW-UP REPORT LT. WILLIAM BAKER JEFFERSON COUNTY POLICE by The Grimmace In PHRACK 43, I wrote an article on the life and times of a computer cop operating out of the Jefferson County Police Department in Louisville, Kentucky. In the article, I included a transcript of a taped interview with him that I did after socially engineering my way through the cop-bureaucracy in his department. At the time I thought it was a hell of an idea and a lot of PHRACK readers probably got a good insight into how the "other side" thinks. However, I made the terminal mistake of underestimating the people I was dealing with by a LONG shot and felt that I should write a short follow-up on what has transpired since that article was published in PHRACK 43. A lot of the stuff in the article about Lt. Baker was obtained by an attorney I know who has no reason to be friendly to the cops. He helped me get copies of court transcripts which included tons of information on Baker's training and areas of expertise. Since the article, the attorney has refused to talk to me and, it appears, that he's been identified as the source of assistance in the article and all he will say to me is that "I don't want any more trouble from that guy...forget where you left my phone number." Interesting...no elaboration...hang up. As I recall, the PHRACK 43 issue came out around November 17th. On November 20th, I received a telephone call where I was living at the home of a friend of mine from Lt. Baker who laughingly asked me if I needed any more information for any "future articles". I tried the "I don't know what you're talking about" scam at which time he read to me my full name, date of birth, social security number, employer, license number of my car, and the serial number from a bicycle I just purchased the day before. I figured that he'd run a credit history on me, but when I checked, there had been no inquiries on my accounts for a year. He told me the last 3 jobs I'd held and where I bought my groceries and recited a list of BBSs I was on (two of which under aliases other than The Grimmace). This guy had a way about him that made a chill run up my spine and never once said the first threatening or abusive thing to me. I suppose I figured that the cops were all idiots and that I'd never hear anything more about the article and go on to write some more about other computer cops using the same method. I've now decided against it. I got the message...and the message was "You aren't the only one who can hack out information." I'd always expected to get the typical "cop treatment" if I ever got caught doing anything, but I think this was worse. Hell, I never know where the guy's gonna show up next. I've received cryptic messages on the IRC from a variety of accounts and servers all over the country and on various "private" BBSs and got one on my birthday on my Internet account...it traced back to an anonymous server somewhere in the bowels of UCLA. I don't know anyone at UCLA and the internet account I have is an anonymous account actually owned by another friend of mine. I think the point I'm trying to make is that all of us have to be aware of how the cops think in order to protect ourselves and the things we believe in. But...shaking the hornet's nest in order to see what comes out maybe isn't the coolest way to investigate. Like I wrote in my previous article, we've all gotten a big laugh from keystone cops like Foley and Golden, but things may be changing. Local and federal agencies are beginning to cooperate on a regular basis and international agencies are also beginning to join the party. The big push to eradicate child-pornography has led to a number of hackers being caught in the search for the "dirty old men" on the Internet. Baker was the Kentucky cop who was singularly responsible for the bust of the big kiddie-porn FSP site at the University of Birmingham in England back in April and got a lot of press coverage about it. But I had personally never considered that a cop could hack his way into a password-protected FSP site. And why would he care about something happening on the other side of the world? Hackers do it, but not cops...unless the cops are hackers. Hmmm...theories anyone? I don't live in Louisville anymore...not because of Baker, but because of some other problems, but I still look over my shoulder. It would be easier if the guy was a prick, but I'm more paranoid of the friendly good-ole boy than the raving lunatic breaking in our front doors with a sledge hammer. I always thought we were safe because we knew so much more than the people chasing us. I'm not so certain of that anymore. So that's it. I made the mistakes of 1) probably embarrassing a guy who I thought would never be able to touch me and 2), drawing attention to myself. A hacker's primary protection lies in his anonymity...those who live the high profiles are the ones who take the falls and, although I haven't fallen yet, I keep having the feeling that I'm standing on the edge and that I know the guy sneaking up behind me. From the shadows-- The Grimmace [HsL - RAt - UQQ] ------------------------------------------------------------------------------ !! PHRACK READS !! "Cyberia" by Douglas Rushkoff Review by Erik Bloodaxe Imagine a book about drugs written by someone who never inhaled. Imagine a book about raves written by someone saw a flyer once. Imagine a book about computers by someone who someone who thinks a macintosh is complex. Imagine an author trying to make a quick buck by writing about something his publisher said was hot and would sell. And there you have Cyberia, by Douglas Rushkoff. I have got to hand it to this amazing huckster Rushkoff, though. By publishing Cyberia, and simultaneously putting out "The Gen X Reader," (which by the way is unequaled in its insipidness), he has covered all bases for the idiot masses to devour at the local bookseller. Rushkoff has taken it upon himself to coin new terms such as "Cyberia," the electronic world we live in; "Cyberians," the people who live and play online; etc... Like we needed more buzzwords to add to a world full of "Infobahns" "console cowboys," and "phrackers." Pardon me while I puke. The "interviews" with various denizens of Rushkoff's "Cyberia" come off as fake as if I were to attempt to publish an interview with Mao Tse Tung in the next issue of Phrack. We've got ravers talking on and on about "E" and having deep conversations about smart drugs and quantum physics. Let's see: in the dozens of raves I've been to in several states the deepest conversation that popped up was "uh, do you have any more of that acid?" and "this mix is cool." And these conversations were from the more eloquent of the nearly all under 21 crowd that the events attracted. Far from quantum physicians. And beyond that, its been "ecstasy" or "X" in every drug culture I've wandered through since I walked up the bar of Maggie Mae's on Austin, Texas' 6th Street in the early 80's with my fake id and bought a pouch of the magic elixir over the counter from the bartender (complete with printed instructions). NOT "E." But that's just nit-picking. Now we have the psychedelic crowd. Listening to the "Interviews" of these jokers reminds me of a Cheech and Chong routine involving Sergeant Stedanko. "Some individuals who have smoked Mary Jane, or Reefer oftimes turn to harder drugs such as LSD." That's not a quote from the book, but it may as well be. People constantly talk about "LSD-this" and "LSD-that." Hell, if someone walked into a room and went on about how he enjoyed his last "LSD experience" the way these people do, you'd think they were really really stupid, or just a cop. "Why no, we've never had any of that acid stuff. Is it like LSD?" Please. Then there are the DMT fruitcakes. Boys and girls, DMT isn't being sold on the street corner in Boise. In fact, I think it would be easier for most people to get a portable rocket launcher than DMT. Nevertheless, in every fucking piece of tripe published about the "new psychedlicia" DMT is splattered all over it. Just because Terrance Fucking McKenna saw little pod people, does not mean it serves any high position in the online community. And Hackers? Oh fuck me gently with a chainsaw, Douglas. From Craig Neidorf's hacker Epiphany while playing Adventure on his Atari VCS to Gail Thackeray's tearful midnight phonecall to Rushkoff when Phiber Optik was raided for the 3rd time. PLEASE! I'm sure Gail was up to her eyebrows in bourbon, wearing a party hat and prank calling hackers saying "You're next, my little pretty!" Not looking for 3rd-rate schlock journalists to whine to. The Smart Drink Girl? The Mondo House? Gee...how Cyber. Thanks, but no thanks. I honestly don't know if Rushkoff really experienced any of this nonsense, or if he actually stumbled on a few DMT crystals and smoked this reality. Let's just say, I think Mr. Rushkoff was absent the day his professor discussed "Creative License in Journalism" and just decided to wing it. Actually, maybe San Francisco really is like this. But NOWHERE else on the planet can relate. And shit, if I wanted to read a GOOD San Francisco book, I'd reread Armistead Maupin's "Tales of the City." This book should have been called "Everything I Needed to Know About Cyber-Culture I Learned in Mondo-2000." Seriously...anyone who reads this book and finds anything remotely close to the reality of the various scenes it weakly attempts to cover needs to email me immediately. I have wiped my ass with better pulp. ------------------------------------------------------------------------------ BOOK REVIEW: INFORMATION WARFARE CHAOS ON THE ELECTRONIC SUPERHIGHWAY By Winn Schwartau INFORMATION WARFARE - CHAOS ON THE ELECTRONIC SUPERHIGHWAY By Winn Schwartau. (C)opyright 1994 by the author Thunder's Mouth Press, 632 Broadway / 7th floor / New York, NY 10012 ISBN 1-56025-080-1 - Price $22.95 Distributed by Publishers Group West, 4065 Hollis St. / Emeryville, CA 94608 (800) 788-3123 Review by Scott Davis (dfox@fennec.com) (from tjoauc1-4 ftp: freeside.com /pub/tjoauc) If you only buy one book this year, make sure it is INFORMATION WARFARE! In my 10+ years of existing in cyberspace and seeing people and organizations debate, argue and contemplate security issues, laws, personal privacy, and solutions to all of these issues...and more, never have I seen a more definitive publication. In INFORMATION WARFARE, Winn Schwartau simply draws the line on the debating. The information in this book is hard-core, factual documentation that leaves no doubt in this reader's mind that the world is in for a long, hard ride in regards to computer security. The United States is open to the world's electronic terrorists. When you finish reading this book, you will find out just how open we are. Mr. Schwartau talks about industrial espionage, hacking, viruses, eavesdroping, code-breaking, personal privacy, HERF guns, EMP/T bombs, magnetic weaponry, and the newest phrase of our generation... "Binary Schizophrenia". He exposes these topics from all angles. If you spend any amount of time in Cyberspace, this book is for you. How much do you depend on technology? ATM machines, credit cards, toasters, VCR's, televisions, computers, telephones, modems...the list goes on. You use technology and computers and don't even know it! But the point is...just how safe are you from invasion? How safe is our country's secrets? The fact is - they are NOT SAFE! How easy is it for someone you don't know to track your every move on a daily basis? VERY EASY! Are you a potential victim to fraud, breech of privacy, or general infractions against the way you carry on your daily activities? YES! ...and you'd never guess how vulnerable we all are! This book will take you deep into places the government refuses to acknowledge. You should know about INFORMATION WARFARE. Order your copy today, or pick it up at your favorite book store. You will not regret it. ------------------------------------------------------------------------------ _Firewalls and Internet Security: Repelling the Wily Hacker_ William R. Cheswick Steven M. Bellovin Addison-Wesley, ISBN 0-201-63357-4 306 + XIV = 320 pages (Printed on recycled paper) A-Somewhat-Less-Enthusiastic-Review Reviewed by Herd Beast The back of this book claims that, "_Firewalls and Internet Security_ gives you invaluable advice and practical tools for protecting your organization's computers from the very real threat of hacker attacks." That is true. The authors also add something from their knowledge of these hacker attacks. The book can be roughly separated into two parts: Firewalls, and, you guessed it: Internet Security. That is how I see it. The book itself is divided into four parts (Getting Started, Building Your Own Firewall, A Look Back & Odds and Ends), three appendixes, a bibliography, a list of 42 bombs and an index. The book starts with overall explanations and an overview of the TCP/IP protocol. More than an overview of the actual TCP/IP protocol, it is a review of services often used with that protocol, and the security risks they pose. In that chapter the authors define "bombs" -- as particularly serious security risks. Despite that fact, and the tempting bomb list in the end, this book is not a guide for someone with passing knowledge of Internet security who wants to learn more explicit details about holes. It is, in the authors' words, "not a book on how to administer a system in a secure fashion." FIREWALLS (Including the TCP/IP overview: pages 19-131) What is a firewall and how is it built?(*) If you don't know that, then definitely get this book. The Firewalls chapter is excellent even for someone with a passing knowledge of firewalls or general knowledge of what they set out to accomplish. You might still learn more. In the Firewalls chapter, the authors explain the firewall philosophy and types of firewalls. Packet-filtering gateways rely on rule-based packet filtering to protect the gateway from various types of attacks. You can filter everything and achieve the same effect of disconnecting from the Internet, you can filter everything from misbehaving sites, you can allow only mail in, and so on. An application-level gateway relies on the applications set on the firewall. Rather then let a router filter traffic based on rules, one can strip a machine clean and only run desired services -- and even then, more secure versions of those services can be run. Circuit-level gateways relay data between the gateway and other networks. The relay programs copy data from inside the firewall to the outside, and log their activity. Most firewalls on the Internet are a combination of these gateways. Next, the authors explain how to build an application-level gateway based on the work they have done with the research.att.com gateways. As mentioned, this chapter is indeed very good. They go over setting up the firewall machines, router configuration for basic packet filtering (such as not allowing Internet packets that appear to come from inside your network). They show, using the software on the AT&T gateway as example, the general outline of proxies and give some useful advise. That chapter is very interesting; reading it with Bill Cheswick's (older) paper, "The Design of a Secure Internet Gateway" makes it even better. The examples given, like the NFS and X proxies run on the gateway, are also interesting by themselves. INTERNET SECURITY (pages 133-237) Internet security is a misleading name. This part might also be called "Everything else." Most of it is a review of hacker attacks logged by AT&T's gateway probes, and of their experience with a hacker. But there is also a chapter dedicated to computer crime and the law -- computer crime statutes, log files as evidence, the legalities of monitoring intruders and letting them keep their access after finding them, and the ethics of many actions performed on the Internet; plus an introduction to cryptography under Secure Communication over Insecure Networks. The later sections are good. The explanation of several encryption methods and short reviews of applications putting them to use (PEM, PGP and RIPEM) are clear (as clear as cryptography can get) and the computer crime sections are also good -- although I'm not a lawyer and therefore cannot really comment on it, and notes that look like "5 USC 552a(b)(c)(10)" cause me to shudder. It's interesting to note that some administrative functions as presented in this book, what the authors call counter-intelligence (reverse fingers and rusers) and booby traps and fake password file are open for ethical debate. Perhaps they are not illegal, but counter-intelligence can surely ring the warning bells on the site being counter-fingered if that site itself is security aware. That said, let's move to hackers. I refer to these as "hacker studies", or whatever, for lack of a better name. This is Part III (A Look Back), which contains the methods of attacks (social engineering, stealing passwords, etc), the Berferd incident (more on that later), and an analysis (statistical and otherwise) of the Bell Labs gateway logs. Back to where we started, there is nothing new or innovative about these chapters. The Berferd hacker case is not new, it is mostly just uninteresting. The chapter is mostly a copy (they do state this) of Bill Cheswick's paper titled "A Night with Berferd, in Which a Cracker is Lured, Endured and Studied." The chapter concerning probes and door-knob twisting on the Internet (Traps, Lures, and Honey Pots) is mostly a copy (they do not state this) of Steven Bellovin's paper titled, "There Be Dragons". What do we learn from the hacker-related chapters? Let's take Berferd: The Sendmail DEBUG hole expert. After mailing himself a password file and receiving it with a space after the username, he tries to add accounts in a similar fashion. Cheswick calls him "flexible". I might have chosen another F-word. Next are the hacker logs. People finger. People tftp /etc/passwd. People try to rlogin as bin. There are no advanced attacks in these sections. Compared with the scary picture painted in the Firewalls chapter -- that of the Bad Guy spoofing hostnames, flooding DNS caches, faking NFS packets and much more -- something must have gone wrong.(**) Still, I cannot say that this information is totally useless. It is, as mentioned, old. It is available and was available since 1992 on ftp://research.att.com:{/dist/internet_security,/dist/smb}. (***) The bottom line is that this book is, in my opinion, foremost and upmost a Firewaller's book. The hacker section could have been condensed into Appendix D, a copy of the CERT advisory about computer attacks ("Don't use guest/guest. Don't leave root unpassworded.") It really takes ignorance to believe that inexperienced hackers can learn "hacker techniques" and become mean Internet break-in machines just by reading _Firewalls and Internet Security_. Yes, even the chapter dedicated to trying to attack your own machine to test your security (The Hacker's Workbench) is largely theoretical. That is to say, it doesn't go above comments like "attack NFS". The probes and source code supplied there are for programs like IP subnet scanners and so on, and not for "high-level" stuff like ICMP bombers or similar software; only the attacks are mentioned, not to implementation. This is, by the way, quite understandable and expected, but don't buy this book if you think it will make you into some TCP/IP attacker wiz. In summary: THE GOOD The Firewalls part is excellent. The other parts not related to hacker-tracking are good as well. The added bonuses -- in the form of a useful index, a full bibliography (with pointers to FTP sites), a TCP port list with interesting comments and a great (running out of positive descriptions here) online resources list -- are also grand (whew). THE BAD The hacker studies sections, based on old (circa 1992) papers, are not interesting for anyone with any knowledge of hacking and/or security who had some sort of encounters with hackers. People without this knowledge might either get the idea that: (a) all hackers are stupid and (b) all hackers are Berferd-style system formatters. Based on the fact that the authors do not make a clear-cut statement about hiring or not hiring hackers, they just say that you should think if you trust them, and that they generally appear not to have a total draconian attitude towards hackers in general, I don't think this was intentional. THE UGLY (For the nitpickers) There are some nasty little bugs in the book. They're not errors in that sense of the word; they're just kind of annoying -- if you're sensitive about things like being called a hacker or a cracker, they'll annoy you. Try this: although they explain why they would use the term "hacker" when referring to hackers (and not "eggsucker", or "cracker"), they often use terms like "Those With Evil Intention". Or, comparing _2600 Magazine_ to the Computer underground Digest. (*) From the Firewalls FAQ : ``A firewall is any one of several ways of protecting one network from another untrusted network. The actual mechanism whereby this is accomplished varies widely, but in principle, the firewall can be thought of as a pair of mechanisms: one which exists to block traffic, and the other which exists to permit traffic. Some firewalls place a greater emphasis on blocking traffic, while others emphasize permitting traffic.'' (**) This would be a great place to start a long and boring discussion about different types of hackers and how security (including firewalls) affect them. But... I don't think so. (***) ftp://research.att.com:/dist/internet_security/firewall.book also contains, in text and PostScript, the list of parts, chapters and sections in the book, and the Preface section. For that reason, those sections weren't printed here. All the papers mentioned in this review can be found on that FTP site. ------------------------------------------------------------------------------ Announcing Bellcore's Electronic Information Catalog for Industry Clients... To access the online catalog: telnet info.bellcore.com login: cat10 or dial 201-829-2005 annex: telnet info login: cat10 [Order up some E911 Documents Online!] ------------------------------------------------------------------------------ TTTTT H H EEEEE T H H E T HHHHH EEEEE T H H E T H H EEEEE CCC U U RRRR M M U U DDDD GGG EEEEE OOO N N C C U U R R MM MM U U D D G G E O O NN N C U U RRRR M M M U U D D G EEEEE O O N N N C C U U R R M M U U D D G GG E O O N NN CCC UUU R R M M UUU DDDD GGG EEEEE OOO N N Bill Clinton promised good health care coverage for everyone. Bill Clinton promised jobs programs for the unemployed. Bill Clinton promised that everyone who wanted could serve in the military. Bill Clinton promised a lot. So does the Curmudgeon. But unlike Bill Clinton, we'll deliver... For only $10 a year (12 issues) you'll get alternative music reviews and interviews, political reporting, anti-establishment features and commentary, short fiction, movie reviews, book reviews, and humor. Learn the truth about the Gulf War, Clipper, and the Selective Service System. Read everything you wanted to know about bands like the Offspring, R.E.M., the Cure, Porno for Pyros, Pearl Jam, Dead Can Dance, Rhino Humpers, and Nine Inch Nails. Become indoctrinated by commentary that just might change the way you think about some things. Subscribe to the Curmudgeon on paper for $10 or electronically for free. Electronic subscribers don't get everything that paying subscribers do like photos, spoof ads, and some articles. Paper: send $10 check or money order to the Curmudgeon 4505 University Way N.E. Box 555 Seattle, Washington 98105 Electronic: send a request to rodneyl@u.washington.edu ------------------------------------------------------------------------------ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% % The Journal Of American Underground Computing - ISSN 1074-3111 % %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% Computing - Communications - Politics - Security - Technology - Humor -Underground - Editorials - Reviews - News - Other Really Cool Stuff- Published Quarterly/Semi-Quarterly By Fennec Information Systems This is one of the more popular new electronic publications. To get your free subscription, please see the addresses below. Don't miss out on this newsworthy publication. We are getting hundreds of new subscriptions a month. This quarterly was promoted in Phrack Magazine. If you don't subscribe, you're only cheating yourself. Have a great day...and a similar tomorrow * Coming soon * A Windows-based help file containing all of the issues of the magazine as well as extensive bio's of all of the editors. Subscription Requests: sub@fennec.com Comments to Editors : editors@fennec.com Back issues via Ftp : etext.archive.umich.edu /pub/Zines/JAUC fc.net /pub/tjoauc Submissions : submit@fennec.com Finger info : dfox@fc.net and kahuna@fc.net ------------------------------------------------------------------------------ Make the best out of your European pay telephone by Onkel Dittmeyer, onkeld@ponton.hanse.de ----------------------------------------------------- Okay guys and girls, let's come to a topic old like the creation but yet never revealed. European, or, to be more exact, German pay phone technology. Huh-huh. There are several models, round ones, rectangular ones, spiffy looking ones, dull looking ones, and they all have one thing in common: If they are something, they are not what the American reader might think of a public pay telephone, unlike it's U.S. brothers, the German payphones always operate off a regular customer-style telephone line, and therefore they're basically all COCOTS, which makes it a lot easier to screw around with them. Let's get on with the models here. You are dealing with two classes; coin-op ones and card-op ones. All of them are made by Siemens and TELEKOM. The coin-op ones are currently in the process of becoming extinct while being replaced by the new card-op's, and rather dull. Lacking all comfort, they just have a regular 3x4 keypad, and they emit a cuckoo tone if you receive a call. The only way to tamper with these is pure physical violence, which is still easier than in the U.S.; these babies are no fortresses at all. Well, while the coin-op models just offer you the opportunity of ripping off their money by physically forcing them open, there is a lot more fun involved if you're dealing with the card babies. They are really spiffy looking, and I mean extraordinary spiffy. Still nothing compared to the AT&T VideoFoNeZ, but still really spiffy. The 2-line pixel-oriented LCD readout displays the pure K-Radness of it's inventors. Therefore it is equipped with a 4x4 keypad that has a lot of (undocumented) features like switching the mother into touch-tone mode, redial, display block etc. Plus, you can toggle the readout between German, English, and French. There are rumors that you can put it into Mandarin as well, but that has not been confirmed yet. Let's get ahead. Since all payphones are operating on a regular line, you can call them up. Most of them have a sign reading their number, some don't. For those who don't, there is no way for you to figure out their number, since they did not invent ANI yet over here in the country famous for its good beer and yodel chants. Well, try it. I know you thought about it. Call it collect. Dialing 010 will drop you to a long-distance operator, just in case you didn't know. He will connect the call, since there is no database with all the payphone numbers, the payphone will ring, you pick up, the operator will hear the cuckoo tone, and tell you to fuck off. Bad luck, eh? This would not be Phrack if there would be no way to screw it. If you examine the hook switch on it closely, you will figure out that, if you press it down real slow and carefully, there are two levels at whom it provokes a function; the first will make the phone hang up the line, the second one to reset itself. Let me make this a little clearer in your mind. ----- <--- totally released | | | <--- hang up line press to this level --> | | <--- reset | ----- <--- totally hung up Involves a little practice, though. Just try it. Dial a number it will let you dial, like 0130, then it will just sit there and wait for you to dial the rest of the number. Start pressing down the hookswitch really slow till the line clicks away into suspense, if you release it again it will return you to the dial tone and you are now able to call numbers you aren't supposed to call, like 010 (if you don't have a card, don't have one, that's not graceful), or 001-212-456-1111. Problem is, the moment the other party picks up, the phone will receive a charge subtraction tone, which is a 16kHz buzz that will tell the payphone to rip the first charge unit, 30 pfennigs, off your card, and if you don't have one inserted and the phone fails to collect it, it will go on and reset itself disconnecting the line. Bad luck. Still good enough to harass your favorite fellas for free, but not exactly what we're looking for, right? Try this one. Push the hook lever to the suspension point, and let it sit there for a while, you will have to release it a bit every 5 seconds or so, or the phone will reset anyway. If you receive a call while doing this, a buzz will appear on the line. Upon that buzz, let the lever go and you'll be connected, and the cuckoo tone will be shut up! So if you want to receive a collect call, this is how you do it. Tell the operator you accept the charges, and talk away. You can use this method overseas, too: Just tell your buddy in the states to call Germany Direct (800-292-0049) and make a collect call to you waiting in the payphone, and you save a cool $1.17 a minute doing that. So much for the kids that just want to have some cheap fun, and on with the rest. Wasting so much time in that rotten payphone, you probably noticed the little black box beneath the phone. During my, erm, research I found out that this box contains some fuses, a standard Euro 220V power connector, and a TAE-F standard phone connector. Completing the fun is the fact that it's extremely easy to pry it open. The TAE-F plug is also bypassing the phone and the charge collection circuits, so you can just use it like your jack at home. Bring a crowbar and your laptop, or your Pentium tower, power it over the payphone and plug your Dual into the jack. This way you can even run a board from a payphone, and people can download the latest WaReZzzZzz right from the booth. It's preferable to obtain a key for the lock of the box, just do some malicious damage to it (yes, let the animal take control), and call Telekom Repairs at 1171 and they will come and fix it. Since they always leave their cars unlocked, or at least for the ones I ran across, you can either take the whole car or all their k-rad equipment, manuals, keys, and even their lunch box. But we're shooting off topic here. The keys are usually general keys, means they fit on all payphones in your area. There should also be a nationwide master key, but the German Minister of Tele- communications is probably keeping that one in his desk drawer. The chargecards for the card-op ones appear to have a little chip on them, where each charge unit is being deducted, and since no-one could figure out how it works, or how to refill the cards or make a fake one, but a lot of German phreaks are busy trying to figure that out. A good approach is also social-engineering Telekom so they turn off the charge deduction signal (which doesn't mean the call are free, but the buzz is just not transmitted any more) so the phone doesn't receive a signal to charge you any money no matter where you call. The problem with this method is that the world will spread in the neighborhood that there is a payphone where you can call for free, and therefore it will be so crowded that you can't use it, and the phone pals will catch up fast. It's fun though, I tried it, and I still get free drinks at the local pub for doing it. Another k-rad feature on them is the built-in modem that they use to get their software. On a fatal error condition they appear to dial a telecom number and download the latest software just how their ROM commands them to do. We will shortly take a phone, install it some- where else and figure out where it calls, what the protocol is and what else is being transmitted, but that will probably be in another Phrack. If you found out anything that might be of interest, you are welcome to mail it to onkeld@ponton.hanse.de using the public key beneath. Unencrypted mail will be killed since ponton.hanse.de is run by a paranoid bitch that reads all traffic just for the hell of it, and I don't want the phedzZz to come and beat me over the head with a frozen chunk o' meat or worse. Stay alert, watch out and have fun... -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQCNAize9DEAAAEEAKOb5ebKYg6cAxaiVT/H5JhCqgNNDHpkBwFMNuQW2nGnLMvg Q0woIxrM5ltnnuCBJGrGNskt3IMXsav6+YFjG6IA8YRHgvWEwYrTeW2tniS7/dXY fqCCSzTxJ9TtLAiMDBgJFzOIUj3025zp7rVvKThqRghLx4cRDVBISel/bMSZAAUR tChPbmtlbCBEaXR0bWV5ZXIgPG9ua2VsZEBwb250b24uaGFuc2UuZGU+ =b5ar -----END PGP PUBLIC KEY BLOCK----- ------------------------------------------------------------------------------ _ _ _ _ ((___)) INFORMATION IS JUNK MAIL ((___)) [ x x ] [ x x ] \ / cDc communications \ / (' ') -cDc- CULT OF THE DEAD COW -cDc- (' ') (U) (U) deal with it, presents unto you 10 phat t-files, deal with it, S U C K E R fresh for July 1994: S U C K E R New gNu NEW gnU new GnU nEW gNu neW gnu nEw GNU releases for July, 1994: _________________________________/Text Files\_________________________________ 261: "Interview with Greta Shred" by Reid Fleming. Reid conducts an in-depth interview with the editor of the popular 'zine, _Mudflap_. 262: "_Beverly Hills 90210_ as Nostalgia Television" by Crystal Kile. Paper presented for the 1993 National Popular Culture Association meeting in New Orleans. 263: "What Color Is the Sky in Your World?" by Tequila Willy. Here's your homework, done right for you by T. "Super-Brain" Willy. 264: "Chicken Hawk" by Mark E. Dassad. Oh boy. Here's a new watermark low level of depravity and sickness. If you don't know what a "chicken hawk" is already, read the story and then you'll understand. 265: "Eye-r0N-EE" by Swamp Ratte'. This one's interesting 'cause only about half-a-dozen or so lines in it are original. The rest was entirely stuck together from misc. files on my hard drive at the time. Some art guy could say it's a buncha post-this&that, eh? Yep. 266: "Interview with Barbie" by Clench. Barbie's got her guard up. Clench goes after her with his rope-a-dope interview style. Rope-a-dope, rope-a-dope. This is a boxing reference to a technique mastered by The Greatest of All Time, Muhamed Ali. 267: "About a Boy" by Franken Gibe. Mr. Gibe ponders a stolen photograph. Tiny bunnies run about, unhindered, to find their own fate. 268: "Mall Death" by Snarfblat. Story about a Dumb Girl[TM]. Are you surprised? 269: "Prophile: Future History" by THE NIGHTSTALKER. It's the future, things are different, but the Master Hacker Dude lives on. 270: "Time out for Pop" by Malcolm D. Moore. Sad account of a hopless-pop. __________________________________/cDc Gnuz\__________________________________ "And that no man might buy or sell, save he that had the mark, or the name of the Cow, or the number of his name. Here is wisdom. Let him that hath understanding count the number of the Cow: for it is the number of a man; and his number is eight billion threescore and seven million nine hundred fourty- four thousand three hundred threescore and two. So it is written." -Omega Yowsah, yowsah, yowsah. JULY once again, the super-hooray month which marks cDc's 8th year of existence. Outlasting everyone to completely rule and dominate all of cyberspace, blah blah blah. Yeah, think a special thought about cDc's significance in YOUR life the next time you go potty. Name your firstborn child after me, and we'll call it karmicly even, pal. My name is Leroy. We're always taking t-file submissions, so if you've got a file and want to really get it out there, there's no better way than with cDc. Upload text to The Polka AE, to sratte@phantom.com, or send disks or hardcopy to the cDc post office box in Lubbock, TX. No song lyrics and bad poetry please; we'll leave that to the no-class-havin', bottom-feeder e-shoveling orgs. out there. News item of the month, as found by Count Zero: "ROTTING PIG FOUND IN DITCH VERDEN, OKLAHOMA - Responding to a tip from an employee, Verden farmer Bill McVey found a rotting pig in a ditch two miles north of town. Farmer McVey reported the pig to the authorities, because you cannot, legally, just leave a dead pig in a ditch. You must dispose of your deceased livestock properly. There are companies that will take care of this for you. As for proper disposal of large dead animals, McVey contracts with Used Cow Dealer." "...and the rivers ran red with the bl00d of the Damned and the Deleted..." -Dem0nSeed S. Ratte' cDc/Editor and P|-|Ear13zz |_3@DeRrr "We're into t-files for the groupies and money." Middle finger for all. Write to: cDc communications, P.O. Box 53011, Lubbock, TX 79453. Internet: sratte@phantom.com. ALL cDc FILES LEECHABLE FROM FTP.EFF.ORG IN pub/Publications/CuD/CDC. _____________________________________________________________________________ cDc Global Domination Update #16-by Swamp Ratte'-"Hyperbole is our business" Copyright (c) 1994 cDc communications. All Rights Reserved. ------------------------------------------------------------------------------ ===[ Radio Modification Project ]===========================================> Tuning in to Lower Frequency Signals June 26, 1994 ====================================================[ By: Grendel / 905 ]===> The lower frequency regions of the radio spectrum are often ignored by ham'ers, pirates, and DX'ers alike due to the relatively little known ways of tuning in. The following article will detail how to construct a simple-made antenna to tune in to the LF's and show how to adjust an amateur band type radio to receive the desired signals. ___________ \ / \/: \/ / . \ \_______/he lower frequency spectrum has been made to include the very low frequency ("VLF" 2 kHz to 30 kHz) band and a small part of the medium frequency ("MF" 300 - 500 kHz) band. For our purposes, a suitable receiver must be able to cover the 2 kHz to 500 kHz range as well as being calibrated at 10 kHz intervals (standard). The receiver must also be capable of covering AM and CW broadcasts. For best capabilities, the receiver should also be able to cover LSB ("lower side band") and USB ("upper side band"). The Receiving System `'`'`'`'`'`'`'`'`'`' The receiver I use consists of a standard amateur HF ("High Frequency") band receiver adjusted between the 3,500 and 4,000 kHz bands. This causes the receiver to act as a tuneable IF ("Intermediate Frequency") and also as demodulator. You will also require a wideband LF ("Low Frequency") converter which includes a 3,500 kHz crystal oscillator. See Fig. 1: .==[ Fig 1. Block Diagram ]============================. | _____ | | \ANT/ | | \./ crystal | | | ______|______ ____________ | | `-----| 2 - 500 kHz | | 3-4000 kHz | | | | Converter* |--~--| IF Receiver|---OUTPUT | | .-----|_____________| |____________| | | | | | GND | |______________________________________________________| *The converter is a circuit board type 80D/L-101/PCB available from L.F. Engineering Co, 17 Jeffry Road, East Haven CT, 06513 for $43 US including S & H.One may be constructed to work with your receiver (but at a higher price no doubt). Phono jack plugs and sockets are used for the interconnections throughout the receiving system and the converter and receiver (~) are connected with RG58 coax cable of no greater length than 4 ft. When tuning, the station frequency is measured by deducting 3,500 kHz from the scale on the main receiver (ie. 340 kHz = 3,840 kHz on the main receiver, 120 = 3,620 kHz, 95 = 3,595 kHz, etc.) The Ferrite End-fed Antenna `'`'`'`'`'`'`'`'`'`'`'`'`'` This is a small antenna designed to tune between 95 kHz and 500 kHz. It consists of a coil wound around a ferrite rod, with a 4 ft. lead. Materials: o 7 7/8" x 3/8" ferrite rod o 5" 24 SWG double cotton covered copper wire o 2 PLASTIC coated terry clips o a wood or plastic base (8 1/2" x .8" x .5") o 2 standard, two-gang 500 pF tuning capacitors o a plastic plate (preferably 2" high) ------------------------------------------------------------------------------ -- A Few Things on Van Eck's Method of Eavesdroping -- Opticon the Disassembled - UPi Dr Wim Van Eck, was the one who developed the anonymous method for eavesdroping computers ( and, apparently, not only ) from distance, in the laboratories of Neher, Holland. This method is based on the fact that monitors do transmit electromagnetic radiations. As a device, it is not too complex and it can be constructed from an experienced electronics phreak. It uses a simple-direction antenna which grabs monitor signals from about 800 meters away. Simplified schematics are available from Consumertronics. TEMPEST stands for Transient ElectroMagnetic Pulse Emanation STandard. It concerns the quantity of electromagnetic radiations from monitors and televisions, although they can also be detected on keyboards, wires, printers and central units. There are some security levels in which such radiations are supposed to be untraceable by Van Eck systems. Those security levels or standards, are described thoroughly in a technical exposition called NACSIM 5100A, which has been characterized by NSA classified. Variations of the voltage of the electrical current, cause electromagnetic pulses in the form of radio waves. In cathode ray tube ( C.R.T. ) devices, such as televisions and monitors, a source of electrons scans the internal surface and activates phosphore. Whether or not the scanning is interlaced or non-interlaced, most monitors transmit frequencies varying from 50 to 75 Mhz per second. They also transmit harmonic frequencies, multiplies of the basic frequencies; for example a transmitter with signal of 10 Mhz per second will also transmit waves of 20, 30, 40 etc. Mhz. Those signals are weaker because the transmiter itself effaces them. Such variations in the voltage is what the Van Eck system receives and analyzes. There are ways to prevent or make it harder for someone to monitor your monitor. Obviously you cannot place your computer system underground and cover it with a Faraday cage or a copper shield ( If your case is already that, then you know more about Van Eck than I do ). What else ? (1) Certain computers, such as Wang's, prevent such divulges; give preference to them. (2) Place your monitor into a grounded metal box, 1.5 cm thick. (3) Trace your tracer(s). They gonna panic. (4) Increase of the brightness and lowering of the contrast reduces TEMPEST's power. Metal objects, like bookshelves, around the room, will also help a little bit. (5) Make sure that two or more monitors are transmitting at the same frequency and let them operate simultaneously; this will confuse Van Eck systems. (6) Buy or make on your own, a device which will transmit noise at your monitor's frequency. (7) Act naturally. That is: (a) Call IRC, join #hack and never mumble a single word. (b) Read only best selling books. (c) Watch television at least 8 hours a day. (d) Forget altruism; there is only you, yourself and your dick/crack. (8) Turn the monitor off. ------------------------------------------------------------------------------ -Almost Busted- By: Deathstar It all started one week in the last month of summer. Only my brother and I were at the house for the whole week, so I did whatever I wanted. Every night, I would phreak all night long. I would be either at a payphone using AT&Tz, or at home sitting on a conference. I would be on the phone till at least four or five in the morning. But one night, my luck was running thin, and I almost phreaked for the last time. I was at a payphone, using cards. I had been there since around twelve midnight.. The payphone was in a shopping center with a supermarket and a few other stores. Most every thing closed at eleven.. Except for the nearby gas station. Anyway, I was on the phone with only one person that night. I knew the card would be dead by the end of the night so I went ahead and called him on both of his lines with both of the payphones in the complex with the same card. I had talked for hours. It started to get misty and hard to see. Then, I noticed a car of some kind pulling into the parking lot. I couldn't tell what kind of car it was, because it was so dark. The car started pulling up to me, and when it was around twenty feet away I realized it was a police car. They got on the loudspeaker and yelled "Stay where you are!". I dropped the phone and ran like hell past the supermarket to the edge of the complex. I went down a bike path into a neighborhood of townhouses. Running across the grass, I slipped and fell about two or three times. I knew they were following me, so I had to hide. I ran to the area around the back of the supermarket into a forest. I smacked right into a fence and fell on the ground. I did not see the fence since it was so dark. Crawling a few feet, I laid down and tried to cover my body with some leaves and dirt to hide. I was wearing an orange shirt and white shorts. I laid as still as I could, covered in dirt and leaves. I could hear the police nearby. They had flashlights and were walking through the forest looking for me. I knew I would get busted. I tried as hard as I could to keep from shaking in fear. I lay there for around thirty minutes. Bugs were crawling around on my legs biting me. I was itching all over. I couldn't give up though, because if they caught me I knew that would be the end of my phreaking career. I was trying to check if they were still looking for me, because I could not hear them. Just as I was about to make a run for it, thinking they were gone I heard a police radio. I sat tight again. For another hour, I lay there until finally I was sure they were gone. I got up and started to run. I made my way through the neighborhood to my house. Finally I got home. It was around five thirty a.m. I was filthy. The first thing I did was call the person I was talking to on the payphone and tell him what happened. Then, I changed clothes and cleaned myself up. I checked my vmb to find that a conference was up. I called it, and told my story to everyone on. I thought that was the end of my confrontation with the police, but I was wrong. The next day I had some people over at my house. Two or Three good friends. One of them said that there was a fugitive loose in our town. We were bored so we went out in the neighborhood to walk around and waste time. Hardly anyone was outside, and police cars were going around everywhere. One guy did leave his house but he brought a baseball bat with him. We thought it was funny. Anyway, we soon got bored and went back home. Watching tv, we turned to the news. They had a Report about the Fugitive. We watched. It showed a picture of the shopping center I was at. They said "One suspect was spotted at this shopping center last night at around four thirty in the morning. The officer is around ninety five percent sure that the suspect was the fugitive. He was wearing a orange shirt and white shorts, and ran when approached." I then freaked out. They were searching my neighborhood for a fugitive that didn't exist! I called back the guy I was talking to the night before and told him, and then told everyone that was on the conference the night before. It ended up that the fugitives never even entered our state. They were caught a week later around thirty miles from the prison they escaped from. Now I am known by two nicknames. "NatureBoy" because everyone says I communed with nature for a hour and a half hiding from the police, and "The Fugitive" for obvious reasons. Anywayz, That's how I was almost busted.. -DS ------------------------------------------------------------------------------ The following is a *true* story. It amused the hell out of me while it was happening. I hope it isn't one of those "had to be there" things. Copyright 1994 Captain Sarcastic, all rights reserved. On my way home from the second job I've taken for the extra holiday ca$h I need, I stopped at Taco Bell for a quick bite to eat. In my billfold is a $50 bill and a $2 bill. That is all of the cash I have on my person. I figure that with a $2 bill, I can get something to eat and not have to worry about people getting pissed at me. ME: "Hi, I'd like one seven layer burrito please, to go." IT: "Is that it?" ME: "Yep." IT: "That'll be $1.04, eat here?" ME: "No, it's *to* *go*." [I hate effort duplication.] At his point I open my billfold and hand him the $2 bill. He looks at it kind of funny and IT: "Uh, hang on a sec, I'll be right back." He goes to talk to his manager, who is still within earshot. The following conversation occurs between the two of them. IT: "Hey, you ever see a $2 bill?" MG: "No. A what?" IT: "A $2 bill. This guy just gave it to me." MG: "Ask for something else, THERE'S NO SUCH THING AS A $2 BILL." [my emp] IT: "Yeah, thought so." He comes back to me and says IT: "We don't take these. Do you have anything else?" ME: "Just this fifty. You don't take $2 bills? Why?" IT: "I don't know." ME: "See here where it says legal tender?" IT: "Yeah." ME: "So, shouldn't you take it?" IT: "Well, hang on a sec." He goes back to his manager who is watching me like I'm going to shoplift, and IT: "He says I have to take it." MG: "Doesn't he have anything else?" IT: "Yeah, a fifty. I'll get it and you can open the safe and get change." MG: "I'M NOT OPENING THE SAFE WITH HIM IN HERE." [my emp] IT: "What should I do?" MG: "Tell him to come back later when he has REAL money." IT: "I can't tell him that, you tell him." MG: "Just tell him." IT: "No way, this is weird, I'm going in back." The manager approaches me and says MG: "Sorry, we don't take big bills this time of night." [it was 8pm and this particular Taco Bell is in a well lighted indoor mall with 100 other stores.] ME: "Well, here's a two." MG: "We don't take *those* either." ME: "Why the hell not?" MG: "I think you *know* why." ME: "No really, tell me, why?" MG: "Please leave before I call mall security." ME: "Excuse me?" MG: "Please leave before I call mall security." ME: "What the hell for?" MG: "Please, sir." ME: "Uh, go ahead, call them." MG: "Would you please just leave?" ME: "No." MG: "Fine, have it your way then." ME: "No, that's Burger King, isn't it?" At this point he BACKS away from me and calls mall security on the phone around the corner. I have two people STARING at me from the dining area, and I begin laughing out loud, just for effect. A few minutes later this 45 year oldish guy comes in and says [at the other end of counter, in a whisper] SG: "Yeah, Mike, what's up?" MG: "This guy is trying to give me some [pause] funny money." SG: "Really? What?" MG: "Get this, a *two* dollar bill." SG: "Why would a guy fake a $2 bill?" [incredulous] MG: "I don't know? He's kinda weird. Says the only other thing he has is a fifty." SG: "So, the fifty's fake?" MG: "NO, the $2 is." SG: "Why would he fake a $2 bill?" MG: "I don't know. Can you talk to him, and get him out of here?" SG: "Yeah..." Security guard walks over to me and says SG: "Mike here tells me you have some fake bills you're trying to use." ME: "Uh, no." SG: "Lemme see 'em." ME: "Why?" SG: "Do you want me to get the cops in here?" At this point I was ready to say, "SURE, PLEASE," but I wanted to eat, so I said ME: "I'm just trying to buy a burrito and pay for it with this $2 bill." I put the bill up near his face, and he flinches like I was taking a swing at him. He takes the bill, turns it over a few times in his hands, and says SG: "Mike, what's wrong with this bill?" MG: "It's fake." SG: "It doesn't look fake to me." MG: "But it's a **$2** bill." SG: "Yeah?" MG: "Well, there's no such thing, is there?" The security guard and I both looked at him like he was an idiot, and it dawned on the guy that he had no clue. My burrito was free and he threw in a small drink and those cinnamon things, too. Makes me want to get a whole stack of $2 bills just to see what happens when I try to buy stuff. If I got the right group of people, I could probably end up in jail. At least you get free food. -----------