Freedom ~~~~~~~ Freedom Issue 1, December 24, 1992 File 1/7 Introduction ~~~~~~~~~~~~ Well after a bunch of delays, it's finally here... just in time for christmas. Merry Christmas everyone.. Welcome to Freedom Issue 1. First let me begin by explaining what Freedom is. Freedom is an electronic newsletter devoted to the freedom of information, we, like many other electronic newsletters, believe that the people have the right to know everything, and mostly things that they shouldn't (all legal of course). Since we are just starting out, this issue will be fairly small but hopefully in the future as our reader population grows so will our issues. Freedom is basically a reader supported newsletter. I will be writing articles as often as I can, whenever I find something interesting, but I also ask that if you have an article or an idea which would suit the magazine to please contact us. Anything of interest relating to the computer underground, hacking, phreaking, anarchy, and other issues would be welcomed. Material may be taken from this magazine as long as the source, and author are mentioned, and the article remains unchanged. Reaching Us ~~~~~~~~~~~ If you would like to submit an article, or just drop us a note, you can either call up our support board (204.669.7983). There is a new user password, to get on the system, login to the public USENet system first (waffle), and leave me mail asking for it. I'm in the process of hooking up UUCP feeds to the system, so in the next issue i'll include the address. Thanks to ElZorro for proof reading and editing this entire issue. till next time.... ICEMAN Index ~~~~~ I. Introduction and Index by ICEMAN. II. How to lock up TAG 2.6 boards by Thunder/ICEMAN. III. IBM's Voice Mail System by ICEMAN. IV. Air Frequency's For Manitoba by Thunder. V. How to make crystalline methylamphetamine (ICE) by Vox Populii. VI. How to make a miniature pipe bomb by Lazarus Long. VII. Hackers in Winnipeg? by ICEMAN. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Freedom Issue 1, December 24, 1992 File 2/7 How to lock up TAG 2.6 boards by Thunder/ICEMAN This was discovered by a friend of mine (Thunder) so I don't take credit for finding this but since he didn't want to write up the article I decided to since it was an interesting bug. This is extremely simple so if you don't understand this you will need help. Basically, what you have to do is write a message containing the required character sequence and then quote it. Now, if you want to write a public message or a private message to yourself is completely up to you but post a message. The first step is to write the message. What you have to do is hold down the up/down/left/right key (pick one of them) enough times to enter at least 85 or more escape sequences (considering of course your using a terminal program that supports arrow key ANSI movements). Don't bother counting them, if you hold your arrow key down for at least 15 seconds thats more than enough. We haven't bothered to test this with any other escape sequences but the arrow keys work nicely. This will fill the message with the chosen ANSI sequence. Hit enter after doing this for about 15 seconds and save your message. Now all you have to do is read the message you just wrote, reply to it, and when you attempt to quote it, it will lock up the system instantly. Pretty simple actually.. We predict that the reason this locks up the system has something to do with the 255 character string constant. Since each ANSI sequence (for the arrow keys) is 3 characters, 3*85=255. ICEMAN ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Freedom Issue 1, December 24, 1992 File 3/7 IBM's Voice Mail System By ICEMAN Disclaimer ~~~~~~~~~~ As the author of this article, I am not responsible for any actions that may result from the information in this article. This file is for informational and educational purposes only, detailing the features of this particular VMB system. None of this information should not be used without the permission of the authorized people in charge. Introduction ~~~~~~~~~~~~ I haven't encountered a VMB system such as the one IBM is using in our area yet, so i've decided to write an article on it. The specific system in this case is only a local system, and I'm not at all sure if IBM is using it on any 1-800's that they run. I have heard something about ROLM in the past while but I haven't been able to get any info on it in time for this issue... maybe there'll be a part ][ in the next one. First steps ~~~~~~~~~~~ Once you have called up the IBM VMB system, a high quality voice will answer and give you the following options: o Press 1 if you are using a touchtone phone o Hold the line if you are using a rotary dial phone Note that you want to select 1. If you are using a rotary dial phone, get a touch tone phone. If you hold the line you will be connected to a live operator, and this defeats the purpose. Next you will be presented with the following options: o Press 1 if you know the name of the person you are trying to call o Press 2 if you want to make a service call o Press 3 if you would like information on IBM's products or services o Press 4 if you want to leave a comment about the automated phone system Now you want to pick option 1, since the whole purpose of your call is to get into the actual Voice Mail section. Finding Valid VMB's ~~~~~~~~~~~~~~~~~~~ After choosing 1, you are prompted to enter the persons name of who you want to reach. You enter the name by using your touch-tone keypad corresponding to the first 3 letters of the persons last name. If you want to reach someone with a last name of Doe, you would enter 363 (DOE). Since the letters Q and Z don't appear on standard keypads, use the 7 key for Q and the 9 key for Z. It will probably be difficult to actually find a valid mail-box, so it may help by actually calling up the local IBM service department and using some social engineering skills to get some of the employee names out of the operator. Or you could go as far as dumpster diving, but this is probably far too much trouble to get a person's name. After finding 1 valid Mailbox it is easier to scan for others as well. When the voice asks you to enter the mailbox number, after 2 invalid attempts, enter one the valid ones which you have found. This will prevent the system from hanging up on you and you can keep on scanning from there. Once you have entered a valid name, the system will say something like this: 'You dialed ', then an actual recording of the persons voice will be played, saying his own name, so the result will be 'You have reached John Doe'. It sounds a little silly mind you, but at least you've found a valid Mailbox. It will then ask you if this is correct. o Press # if it is the correct person. o Press * if it is incorrect. After You've Found One ~~~~~~~~~~~~~~~~~~~ Now the persons greeting will play, and you will be prompted to enter a message for them. During the greeting, or during message entry if you press the 0 key, you will be presented with the following options: o Press # if you would like to talk to someone taking calls for John Doe o Press 0 to talk to an operator o Press * to enter another persons name (VMB) o Or enter an extension number, to transfer to another extension. You probably won't need to use any of these functions, so just continue listening to the greeting. Now it's time to try and get into it by hacking out the persons personal password. To do this you must first enter a message to the person, enter a completely blank message, unless you want to harrass an IBM employee or something (not suggested since you dont want to leave traces of your visit and this would be very unethical). Once the time has elapsed, you will be presented with the following options: o Press 7 then 3 to replay the message o Press 1 to re-record the message o Press # to accept and save the message o Press 6 to erase the message o Press 7 to disconnect You now want to delete the message since you don't want to leave any traces whatsoever of your visit. When selecting 6 you'll be presented with: o Press # to continue deletion o Press 1 to re-record the message Select # to delete the message and proceed. You will then be presented with the following options: o Press 0 to transfer to another extension o Press # to access the phone mail features Now we want to access the phone mail features so press #. You will now once again be prompted to enter an extension or name, once again enter the same name that you are currently hacking. You now have the following options: o Press * if this is the incorrect person (Obviously not) o Enter the password for this Mailbox, then press # Ah-Hah. We have finally reached the password entry prompt. You now have your chance to try to enter the correct password try every combination of the VMB number that you can think of or any other information about the employee that could be relevant. These systems are incredibly secure (This is IBM we're dealing with here), and after 3 invalid password entries, you will be unable to get to the password entry prompt again. This is a major drawback and will deter all but the patient, determined individual. You must wait for the person who owns the mailbox to talk to the system administrator to 'unlock' the mailbox and then try again the next day. The person will probably become extremely paranoid due to people trying to hack into their mailbox every day, and change their password often. I'm currently not sure of the length of the password since you are able to enter as many digits as you like before pressing the pound key. The fact that you are only allowed 3 attempts to enter the correct password seems quite stupid in my opinion since even though you are locked out from attempting to access the VMB so is the owner of the mailbox. This means that the owner is unable to read their mail or do anything about it. This could become very annoying to them if done repeatedly and would be one way to really get on their nerves. There's no telling what IBM can or will do. This is wasting their time, they could go as far as installing traces since this is probably considered mischief. So it may be a good idea to do it from a payphone, if you must. Summary ~~~~~~~ Here is a simplified rundown of what to do: o Call the VMB system o Press 1 since you have a touch-tone phone o Press 1 to enter a persons VMB number o Press # if it's the correct person o Wait for the greeting to finish, and enter the blank message o Press 6 to erase the message o Press # to verify deletion o Press # to access phone mail features o Enter the Mailbox number again o Enter the password then # to complete After this you are on your own. We have been unable to enter ANY boxes to date due to the tight security involved. If you are able to actually get into one of these mailboxes please let us know or write up a text file explaining the options availible from within. Considering the options availible on other similar systems, these could range from Forwarding Messages, Mass Messages, Creating Guest Accounts, Placing outgoing calls (an outdial), Listening to your Messages (obviously), Programming Mailboxes to Call certain phone numbers, and play certain messages at specified times, plus may other possible features. ICEMAN ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Freedom Issue 1, December 24, 1992 File 4/7 DOC Frequencies for Manitoba by Thunder What follows are various frequencies for the province of Manitoba, most of them can be received with a scanner, depending on the quality. Having these frequencies is by no means illegal, but it is considered illegal to listen to them. Freq(khz) Name Area Service ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 46.610 MTS Cordless Phones Provincial Phones 46.970 MTS Cordless Phones Provincial Phones 118.000 Air Centre Provincial Aircraft 118.300 Tower Provincial Aircraft 119.000 Radar Provincial Aircraft 119.500 Arrival Provincial Aircraft 119.900 Departure Provincial Aircraft 121.000 VFR Advisory Provincial Aircraft 121.300 Clearance Provincial Aircraft 121.500 Emergency Provincial Aircraft 121.900 Ground Provincial Aircraft 122.400 Weather - Aircraft Provincial Aircraft 122.800 Unicom Provincial Aircraft 123.000 Unicom Provincial Aircraft 123.500 Unicom Provincial Aircraft 124.300 Pagers Provincial Aircraft 131.775 Air Canada Dispatch Winnipeg Aircraft 131.950 Perimeter Aviation Dispatch St. Andrews Aircraft 142.750 Mobile Phone YR Provincial Aircraft 143.415 Bison Electronics Repeater Provincial Business 148.685 Emergency Measures Org. Winnipeg Emergency 150.605 United Towing Winnipeg Towing 151.025 Unicity Taxi Winnipeg Taxi 151.145 Selkirk Works & Operations Selkirk Town 151.325 Selkirk Parks & Recreation Selkirk Town 151.350 Stoney Mountain Penitentiary Stoney Mtn Police 151.480 Mobile Phone JJ Provincial Phones 152.510 Mobile Phone JL Provincial Phones 152.540 Mobile Phone YL Provincial Phones 152.570 Mobile Phone JP Provincial Phones 152.600 Mobile Phone YP Provincial Phones 152.630 Mobile Phone YJ Provincial Phones 152.660 Mobile Phone YK Provincial Phones 152.690 Mobile Phone JS Provincial Phones 152.720 Mobile Phone YS Provincial Phones 152.780 Mobile Phone JK Provincial Phones 152.810 Mobile Phone JR Provincial Phones 152.840 Mobile Phone JW Provincial Phones 154.980 Winnipeg Transit Winnipeg Bus 155.220 Selkirk Mental Hospital Selkirk Crazy 155.310 R.C.M.P. Local Selkirk Police 155.550 R.C.M.P. Channel A Provincial Police 155.580 R.C.M.P. Channel B Provincial Police 155.640 R.C.M.P. Channel D Provincial Police 155.700 R.C.M.P. Channel C Provincial Police 155.760 R.C.M.P. Car to Car Provincial Police 157.530 Unicity Taxi Winnipeg Taxi 157.680 Unicity Taxi Winnipeg Taxi 157.740 Mobile Phone JJ Provincial Phones 157.770 Mobile Phone JL Provincial Phones 157.800 Mobile Phone YL Provincial Phones 157.830 Mobile Phone JP Provincial Phones 157.860 Mobile Phone YP Provincial Phones 157.890 Mobile Phone YL Provincial Phones 157.920 Mobile Phone YK Provincial Phones 157.950 Mobile Phone JS Provincial Phones 157.980 Mobile Phone YS Provincial Phones 158.070 Mobile Phone JR Provincial Phones 158.100 Mobile Phone JW Provincial Phones 158.340 MacArthurs Towing Winnipeg Towing 158.760 Selkirk Ambulance Selkirk Hospital 158.880 Selkirk Volunteer Fire Dept. Selkirk Fire 158.925 Provincial Fire Commissioner Provincial Fire 159.500 R.C.M.P. East St. Paul E. St. Paul Police 159.810 CNR - Symington Yard Winnipeg Railway 160.485 CNR - Symington Yard Winnipeg Railway 160.905 CNR - Symington Yard Winnipeg Railway 161.415 CNR - Police Winnipeg Police 161.870 Unicity Taxi Winnipeg Taxi 162.150 Selkirk Taxi Selkirk Taxi 162.400 USA National Weather Service Fargo ND Weather 162.550 Canadian Weather Service Provincial Weather 163.230 Unicity Taxi Winnipeg Taxi 164.460 South End Towing Winnipeg Towing 165.990 Manitoba Motor League Towing Provincial Towing 168.990 Brandon Jail Brandon Police 236.000 ATC Winnipeg Tower Winnipeg Aircraft 243.000 ATC Country Emergency Provincial Aircraft 275.800 ATC Winnipeg Ground Winnipeg Aircraft 282.700 ATC Winnipeg Radar Winnipeg Aircraft 283.500 ATC Winnipeg Clear/Delay Winnipeg Aircraft 291.400 ATC Winnipeg Winnipeg Aircraft 294.500 ATC Winnipeg Centre Winnipeg Aircraft 308.800 ATC Pilot to Metro Winnipeg Aircraft 325.900 Winnipeg Tower Radar Winnipeg Aircraft 341.300 VFR Advisory Service Winnipeg Aircraft 349.600 Winnipeg Centre Winnipeg Aircraft 356.600 Winnipeg Arrival Winnipeg Aircraft 363.800 Winnipeg Departure Winnipeg Aircraft 412.562 Winnipeg Transit Winnipeg Bus 412.637 Winnipeg Transit Winnipeg Bus 412.662 Winnipeg Transit Winnipeg Bus 413.012 Winnipeg Fire Department Winnipeg Fire 413.062 R.C.M.P. Airport Security Winnipeg Police 413.125 Winnipeg Police District 3,4,5 Winnipeg Police 413.162 Winnipeg Fire Dept. City Wide Winnipeg Fire 418.225 Winnipeg Police District 1,2,6 Winnipeg Police 418.362 Winnipeg Ambulance Ch 2 Winnipeg Ambulance 418.412 Winnipeg Fire Department Ch 3 Winnipeg Fire 418.575 Winnipeg Police - Vice Winnipeg Police 418.587 Winnipeg Ambulance Ch 4 Winnipeg Ambulance 418.625 Winnipeg Fire Department Ch 4 Winnipeg Fire 418.650 Winnipeg Police - Detective Uplink Winnipeg Police 418.737 Winnipeg Police - Mobile Cell Winnipeg Police 418.787 Winnipeg Police - Uplink Winnipeg Police 418.902 Winnipeg Ambulance - Dispatch Winnipeg Ambulance 418.975 Winnipeg Police - Uplink Winnipeg Police 420.012 Mobile Phone ACT Winnipeg Phones 420.037 Mobile Phone ACT Winnipeg Phones 451.237 Auto-Route Towing Winnipeg Towing 460.212 R.C.M.P. Winnipeg Airport Winnipeg Police 461.787 R.C.M.P. Winnipeg Airport Winnipeg Police 464.762 Buchanan Towing Winnipeg Towing 800.000+ MTS Cellular Phones Provincial Phones Thunder ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Freedom Issue 1, December 24, 1992 File 5/7 How to make crystalline methylamphetamine (ICE) by Vox Populii Disclaimer ~~~~~~~~~~ I'm a firm believer in the concept of evolution and natural selection; basically, the strong survive and the weak get shit upon. I also believe that reality tends to punish those who are stupid. If you DON'T thoroughly understand working with ALL of these concepts, please don't try this...well, if you kill yourself, the IQ of the average human being will be that much greater. Forward We Go ~~~~~~~~~~~~~ Materials: 95-100% ethanol, Sodium Borohydride, 250 ml round bottom glass flask, reflux condenser, rubber tubing, Sudafed nasal decongestant capsules ( VERY IMPORTANT ), glass extraction funnel, 1 molar Sodium Hydroxide, anhydrous Sodium Sulfate, diethyl ether, Safety goggles(!!!!), Safety shield ( plexiglass...1-2" thick ), Safety apron and gloves. It's also advisable to have a dry chemical fire extinguisher available at all times. Blue and red litmus paper, and about a litre of saturated salt solution (1 gram per 23 mls). Where do I get all this shit? Steal it from your high school, or buy it at a laboratory supply house (none of these materials are prohibited or restricted in any way!) Why make this stuff?: Because it's an illegal drug. You can get really wacked on the stuff if you're stupid enough to use it. It's probably quite fun if you're into death and that kinda shit. Theory: You will perform a catalytic dehydrogenolysis on pseudoephedrine, converting it into methylamphetamine (speed, ice, or glass are common names). C-----C // \\ C CH2-CHCH3 \ _____ / | C-----C NH2 Structure of synthesis: This procedure is broken up into two parts; 1) the production and purification of pseudoephedrine free base. 2) the production and purification of methylamphetamine free base. The production and purification of pseudoepehdrine free base ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Buy sudafed capsules; the more the merrier! Method: Take 10 sudafed capsules apart, and place the little round granules into a clean dish. These granules contain the pseudoephedrine hydrochloride and inorganic filler. Crush the granules until they are no more than a very fine powder. I suggest using the 100 milligram capsules at this point. Approximate end yield will be roughly 1 gram of product. Place 100 mls of room temperature water into the extraction funnel, and CAREFULLY add all of the powdder into the funnel. Place a cap on the funnel, invert, and open the stopcock. MAKE SURE YOU ARE WEARING YOUR SAFETY GOGGLES AT THIS POINT! Swirl the funnel around to dissolve the material. There will be a significant amount of undissolved white powder; do not be concerned, this is inorganic filler. After 10 mins of shaking, dip a glass rod into the liquid and touch the drop on the tip of the stirring rod to a piece of moist BLUE litmus paper. The litmus paper should turn red where it has been touched. This means that the solution is acidic, and that a significant proportion of the pseudoephedrine hydrochloride has in fact dissolved in the water. If the litmus paper has turned red, you can go on to the next step. If not, repeat he shaking 5 more minutes until the litmus paper does turn red. Add 50 mls of diethyl ether to the separation funnel. BE VERY CAREFUL AT THIS STAGE. MAKE SURE YOU ARE WORKING IN A WELL VENTILATED AREA AND PLEASE DON'T DO SOMETHING FUCKING STUPID LIKE SMOKE CIGARETTES OR YOU DESERVE WHAT WILL HAPPEN! YOU DESERVE TO GET LUNG CANCER OR HAVE YOUR FUCKING FACE BLOWN OFF! The diethyl ether is less dense than the water solution and will float on top. Add 10 mls of the 1 molar sodium hydroxide, cap the funnel, invert and IMMEDIATELY release the stopcock to vent off the gas that forms. Point the end of the funnel AWAY from your eyes! Periodically swirl and vent the funnel to release any gas. When no more gas is given off after venting, draw off a little of the liquid from the lower layer into a thimble. Test it with a piece of moist RED litmus paper. If it stays red, add 10 more mls of the sodium hydroxide solution, invert funnel, swirl and vent until no more gas is given off. Repeat this UNTIL the red litmus paper turns blue. At this stage, the water solution is basic, the pseudoephedrine hydrochloride is in the free base form, and is located entirely within the diethyl ether layer. Draw off the lower water layer and discard it. Pour off the ether layer into a beaker with 10 grams of anhydrous sodium sulfate. The sodium sulfate is a drying agent and will remove most of the water that is in the ether solution (very little really since ether is non polar and water is very polar). Cap the beaker with a piece of saran wrap and let it sit in a well ventilated COOL area overnite (not the fridge). Don't smoke within 2 miles of this. Ether is FLAMMABLE and forms EXPLOSIVE peroxides which tend to spontaneously detonate. Decant off the ether into a dry round bottom flask. Heat this flask over a pot of very hot water. This will take only a few minutes to evaporate. You will be left with a clear syrupy liquid that looks like childrens tylenol drops. This is the pure pseudoephedrine free base. If you have a death wish, you can try some now (scoop it up with a spoon, a toothpick, etc). Swallow it, or put it on a cigarette and smoke it. I don't care. You're stupid if you do. Production of methylamphetamine free base ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Add the 95% ethanol or everclear drop by drop until the sludge is dissolved. It should go into solution very easily. I doubt it if many people will be able to get 100% ethanol, but the purer the better, since trace amounts of water inhibit the next step in the preparation. Total volume should not exceed 50 mls at this point. You can make the solution up to 50 mls if you wish. VERY carefully add 1 gram of sodium borohydride to the solution, add the relux condensor to the top of the round bottom flask, and start to boil the mixture (eg, on a hot plate...NOT on an open flame. The cold water going thru the reflux condensor will keep the ethanol from evaporating, yet the high temperature of the reaction vessel will allow the reaction to go forward as desired. Let this go for about 4 hours. Take away from the hot plate and let cool slowly to room temperature. AFTER the solution has cooled to room temperature, add 50 mls of saturated salt solution. At this point, you should see little oil drops floating on the surface of the liquid. This is methylamphetamine. Add 50 mls of diethyl ether to the COOLED flask( room temperature is ok ). Transfer the contents to a separatory funnel, cap, invert, and IMMEDIATELY open the stopcock. Some gas will escape. Close the stopcock, gently swirl, and open to vent off and gas. Repeat until no more pressure developes after 5-10 seconds of gentle agitation. Draw off the lower layer and set aside for a moment. Drain the upper ether layer into a beaker containing 10 grams of sodium sulfate. Add the layer that you had set aside BACK to the separatory funnel, and add another 50 mls of ether. Cap, invert, vent, etc until NO more pressure developes. Drain off the lower water layer and discard. Drain the ether layer into the beaker with the first portion of ether. Cover this with saran wrap and let sit over nite. Decant the ether solution into a clean beaker and gently heat this over very hot water. As the ether evaporates( please use good ventilation ), you will be left with a beige sludge. This beige sludge is methylamphetamine. You can do two things at this stage; i) Prepare 'glass' for smoking or freebasing (very fucking stupid), or prepare crystal meth for shooting up (very very fucking stupid). i) if you want to prepare solid ice, stick the beaker in the freezer, and hope that crystal formation starts. If it doesn't, take 5 or 6 chemistry course and you'll learn where you fucked up. ii) if you want to prepare `crystal' for shooting up, dissolve the beige ice in about 10 mls of anhydrous (very dry) diethyl ether. Add ethereal HCL drop by drop. After each drop, you'll see a little white suspension form. This is methylamphetamine hydrochloride. Add ethereal HCL until no more white powder forms. You could then decant off any ether, and let the powder dry on tinfoil or whatever. This should be 90% pure. Reliabilty of this synthetic method: It works, and in a lab, you can go from starting material to finished product in about 8 hours IF you know what you're doing (and you probably don't). To the best of my knowledge, this has never been published, but the general reaction scheme of catalyic hydrogenolysis is well documented. At ALL stages, glassware should be kept very dry. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Freedom Issue 1, December 24, 1992 File 6/7 How to make a Miniature Pipe Bomb By Lazarus Long This device is not a weapon of terrorism like a genuine pipe bomb. It is essentially just a firecracker, a very loud firecracker, that can mangle a finger or two if you aren't careful. First, I will advise you to go out and buy a pound of Pyrodex. This is a smokeless powder sold at most gun/hunting supply stores for roughly $15 (Canadian) per pound. It is an exceptionally versatile explosive as it is less sensitive to friction and impact, and it also does not absorb moisture as readily, as other similar compounds like black powder. Pyrodex is also exceptionally easy to make into simple fuses. A pound will last a long time depending on how you use it. What you will need: o A Papermate Flexgrip pen o Pyrodex o A couple cotton balls o A fuse Part 1 - Making Fuses ~~~~~~~~~~~~~~~~~~~~~ For those of you that don't know how to make fuses out of pyrodex I will explain this first. Mix some pyrodex into a small amount of water until you have a thin paste, it shouldn't be too thick or too watery. Take a cotton ball and stretch it into a long string. Coat this string with the paste and loosely pull it through your fingers to scrape off excess paste (do not flatten the fuse). Place on a cookie pan (use wax paper, or place them on the back of the pan), aluminum foil, or other similar surface. Keep making these until you run out of paste, there is no need to let it go to waste. Bake in your oven at 250 degrees until the fuse is stiff. When ready it will be both stiff and dry, and have a steel grey appearance. Try not to bend this fuse as areas that incur bends will sometimes fail. This is the most expedient method I have found and, except for the Pyrodex, requires items frequently already in the home. Using the same principles you can also use cotton string, or even toilet paper (toilet paper is not recommended). My last bit of advice: never bake a large amount of fuses at once. Although powders like Pyrodex don't explode unless confined, they do burn. I have never had any problems with the above method, but caution should always be used. Part ][ - The Bomb ~~~~~~~~~~~~~~~~~~ Now to the mini pipe bomb itself. The Papermate Flexgrip pen is the perfect container for such an explosive. They are, unfortunately, fairly expensive as pens go, so except for one or two experimental bombs you are going to want to use them first (fortunately the Flexgrip is also one of the best pens out there). The reason it is such a good container is that, like a pipe bomb, both ends are screw on, one of which has a hole the perfect size for a fuse. The rest of the container has no holes in it, unlike the cheap Bic pens. First take out the ink cartridge, you don't need it anymore. Second, unscrew the metal end out of which the writing part formerly jutted. Insert the fuse through the hole starting from the inside and pulling out, remember to avoid bending the fuse too much. Leave enough fuse on the inside to just barely reach above the threads on the metal cone. You should then screw this metal end back onto the pen. Now fill the pen with Pyrodex nearly to the top. Tap the pen with your finger to eliminate air pockets. Fill again if necessary. Finally put some cotton in the top of the pen, and the hollow part of the screw on top. Screw the top back into place. You now have a miniature pipe bomb. When firing this off you don't want to be nearby, it produces a fair amount of shrapnel, and a very loud bang. Use a long fuse. When making this using Pyrodex is advised. If you choose to use black powder or match heads (match heads are dumb!) be VERY careful when screwing on the top piece that you don't have any powder in the threads. You should be wary of this even when using Pyrodex but it isn't nearly as dangerous. I've made over two dozen of these and had no problems whatsoever, except for the occasional failed fuse. If the fuse fails don't approach the bomb for at least five to ten minutes. When you recover it you will have to empty the Pyrodex and start over with a new fuse. This mini pipe bomb with the cap on looks just like a pen without alterations and could be rigged into a booby trap if necessary (ie. placing the pen cap back on in a way that would light a very short fuse when removed). Pen booby traps such as these, although not made in the same fashion, were used as antipersonal devices by Germans against the British. The idea behind such a booby trap is not usually to kill, but to maim, thus taking the enemy personnel out of action and forcing the enemy to expend resources on medical care. To be used for recreational purposes though the fuse should be too long to place the cap on properly and therefore doesn't look nearly as innocent. Hopefully this makes it in on time to be a part of the LANDMARK issue one of Freedom, and furthermore I hope to be a regular contributor. See you soon... Lazarus Long (LAZ). December, 1992. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Freedom Issue 1, December 24, 1992 File 7/7 Hackers in Winnipeg? by ICEMAN After hearing about my friend having his computer confiscated for crashing a board, I was astonished... even more astonishing was what came a few days later. An article on the FRONT page of our local paper, on his story. A little extreme in my opinion... Following is the article which appeared on the front page of the Winnipeg Free Press, on November 26, 1992. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - STAFF THREATENED, FILES RUINED AS TEEN COMPUTER WHIZ STRIKES By George Nikides Staff Reporter A teen hacker uncovered a hole in a downtown software shop's computer system and went on a rampage, destroying every file and threatening employees. " It's an ego thing. 'Boy look what i've accomplished,' " said Sgt. Dennis Loupin of the Winnipeg police fraud unit. " He's very, very intelligent. He's got a tremendous future in the computer world. " An 18 year-old, who can't be named because he's charged under the Young Offender's Act, faces fraud charges. Police say a hacker discovered a "hole" - an opening that allows a user to circumvent a computer system's passwords - in the bulletin board program at Adventure Software Ltd., a Hargrave Street software shop. The computer whiz unlocked the program several times, at one point destroying every file. Bulletin Board The hacking is believed to have been carried out with an IBM-style computer from a home. Adventure Software offers a computer bulletin board where customers can communicate, read about news products, or leave messages from their home systems. The system has about 400 users, police say. An Adventure Software employee, who asked not to be identified, said threatening messages were left in the system, some suggesting that selling software was immoral. Some messages attacked a store employee. The system was out of operation at one point for 3 1/2 weeks, he said. But the employee said police are overstating the hacker's skills. " It doesn't take a genius to hear about a 'hole' in the program," said the man. The system was infiltrated four to six times, he said. " It's not crippling. It's just extremely annoying, " the employee said. By breaking into the system the computer bandit found home phone numbers and addresses, he said. Police say they are also investigating the teen in connection with break-ins at other systems across North America. Mischief " He's now going to have to face the consequences of something he thought was just a challenge but it's more than that - it's a crime, " said Loupin. A Victor Street teenager was arrested Tuesday night and charged with using a computer service to commit mischief, an offence that carries a maximum 10-year sentence. The teen is now 18, but police say he was 17 when the alleged crimes occured. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - I decided to ask him a few questions about how he fellt about it, and that's what follows. He didn't want any of his other aliases mentioned, so we decided to use one which he uses on private boards. FR=Freedom BL=Big Leacher FR: Can you give us a brief rundown of the events that happened on November 24th 1992? BL: Oh nothing really, just the police department came down and confiscated my system, thats about the only thing that happened. I was also taken down for questioning. FR: Do you feel that the Free Press highly exploited your story? BL: Yes, they seem to want to sell papers, more than tell the truth. The Winnipeg Sun told a more realistic story. FR: Can you justify Duncan Falconer's (Adventure Software employee) statement that it took them 120 hours to setup their system again? BL: No, and I don't think Duncan could either, he's bullshitting, and even lamers know it couldn't take that long. FR: What do you expect will come out of this? Do you expect to be charged? (Just a note that no charges have yet been laid, only a computer was confiscated) BL: I expect to be charged, but it's no sweat, it was a stupid thing to do. Better yet, an even stupider thing to get caught for. FR: Did you learn anything from this experience? BL: Not really.. just that the police are good at tracing, and that you should allways have a failsafe for the data on your computer. FR: Will you continue hacking after this is all over? BL: Hack? Naaaaah.. would never get caught doing something as bad as that again. :) FR: What do you think was meant by the statement saying you were being investigated in connection with other break-ins across North America? BL: I had access to many boards through Internet and other LD places. Also I was/am in a group which believes in the freedom of expression, so I think they are trying to key me as the leader of this group. I didn't hack other systems, just Adventure Software, because I had a score to settle with an employee there. FR: What do you mean when you said you 'had a score to settle'? BL: The sysop of Adventure Software and I had dealings in the past which cause alot of negativity in my family. I no longer hold a grudge. FR: Do you feel any sympathy towards Adventure Software? BL: No.. why? Selling software for the prices they do is wrong, since kids use games, they'll get them any way they can. There should be a copying fee, and that's all. FR: What do you think of the fact that this is our city's first computer crime investigation? BL: It's cool, if I was still a youth, I would love the publicity of this, but i've turned 18 after the crime, so I can't state how I 'really' feel. :) FR: Will you continue to BBS after this is over? BL: Of course, this is nothing, and I'm both amused and suprised of the publicity it has received (i.e. Free Press, Sun, Cud) and possibly more as the case goes on. FR: Is there anything else you want to say to ours readers? BL: Yeah, hacking a bbs sucks, go for new things, and allways watch your ass. Damn I need a modem, anyone wanna donate a C64 compatible one? Get in touch with ICEMAN. Anyways i'll be back in a few months. Well that's all... ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ End of Freedom Issue 1 - Freedom, Copyright 1992