####################################### # # # # # ======== =\ = ====== # # == = \ = = # # == = \ = ====== # # == = \ = = # # == = \= ====== # # # # # # # # ''''''''''''''''''''' # # # # # # > Written by Dr. Hugo P. Tolmes < # # # # # ####################################### Issue Number: 33 Release Date: April 2, 1988 We'll start Issue #33 with an article on hacking. There are some quotes from John "Cable Pair" Maxfield other computer crime experts. $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ TITLE: Breaking and Entering- High Tech Style FROM: The Chicago Tribune DATE: March 20, 1988 By Lamont Wood We've learned about computer security- or insecurity- from the movie "WarGames," which shows that an American kid with a computer can bring the Pentagon to its knees, and from Pentagon kid Col. Oliver North, who was brought to his knees by his computer. So the question arises: Are these things safe? Is "computer security" an oxymoron, a phrase that combines mutually exclusive concepts. Let's consider the terrifying side of the questions, as emboidied in "WarGames," where a teenager uses his home computer to crack the access code of a Pentagon computer and nearly triggers World War III. Yes, there are kids (and adults) who make a hobby of intruding on large, corporate computers through telephone access ports. (They're often called "hackers," which in the computer field indicates anyone who approaches his job as if it were an intricate puzzle.) Some maintain computer bulletin boards to exchange information with other hackers. "There are probably about 200 dangerous hackers in the country," said John Maxfield, a computer security consultant in Southfield, Mich., who follos the hacker community. "Most are thrill-seekers - the joy-rider mentality, but with a computer. "A boy will usually get started through software piracy [copying software without buying it] and will access the hacker boards to exchanges programs," using names such as Fatal Error, Glitch or Agent Steal, Maxfield said. "The danger sign is that suddenly, he has hundreds of floppy disks. "Often, the parents will complain to him about the large long-distance bill he has rung up. The next month, the bill's back to normal and the parents are happy, but what it means is that the boy is now engaging in long-distance toll fraud as well. The next danger sign is the sudden appearance of new computer equipment that he could not have afforded; he'll say he won it at a drawing at the computer store." He probably bought it with a stolen credit card number, acquired in nighttime forays into corporate dumpsters, where hackers look for discarded computer manuals and often find credit-card sales slips. Lest we sound sexist, Maxfield said girls are heavily represented in toll-fraud cases and in cor invasions by "hackers" armed only with push-button telephones. (A voice mail system is sort of multiuser computerized answering machine. About all you need to invade it is a knowledge of the system and a push-button phone.) "They're just not concerned about the consequences of their actions" said Maxfield of hackers in general. "And when they're caught, they usually fall all over each other turning in their friends. The courts are usually too lenient, but then again, what are you going to do with a 14-year-old?" On the other side, you could not say that hackers are a flood tide threatening to swamp the nation's computers. For instance, BIX (Byte Information Exchange), a national computer bulletin board run by Byte Magazine out of Peterborough, N.H., advertises in magazines by giving partial instructions for logging into the system. You'd think the ads would be an invitation to hackers, who would simply have to guess a valid password and a user name. "But to my knowledge, no one has ever hacked their way into the system," said George Bond, executive editor of BIX. "The problem has been people registering with stolen credit-card numbers. To me, it has been a real object lesson about tearing up your carbons [of credit card sales slips]." So if the hackers' fixation is on credit-card numbers, you'd think they would crack into the computers of TRW Inc.'s Information Services Division in Orange, Calif. TRW, the nation's leading supplier of credit reports, has files on about 138 million Americans. These files provide the credit status of a stolen card number and show the numbers of the victim's other cards. Various credit bureaus and merchants make about 400,000 inquiries a day into the files, largely over the kind of dialup connections a hacker could exploit. But TRW polices the traffic-using software that tracks the usage pattern of each subscriber and looks for things that don't fit, said Bill Tener, director of operational and regulatory compliance for the division. "We've never had anyone hack their way into the system," Tener said. "Most of the intruders we have followed already knew an access code and were masquerading as a legitimate subscriber. Two such scases a month is the most we've had." These have included private investigators, Tener said, certain "credit clinics" trying to appear legitimate and employees in subscriber's offices sneaking a peek after hours. In other words, people who have acquired inside information. The insider is always the main source of danger, said Donn B. Parker, senior management consultant at the research firm SRI International in Menlo Park, Calif. He has examined more than 2,000 computer crimes in the last 18 years. "The biggest form of loss is insider embezzlement," Parker said. "The increased complexity that computer add tends to limit the crimes to insiders. And the most common method is the modification of data before it goes into the computer." In other words, cooking the books to cover what you've purloined. The situroving as tomp management comes to understand computers better, he said. "Computers can be made more secure than manual systems, using passwords, encryption and data access controls. Most business take most of the measures. But security is a relative thing- and with computers the stakes can be higher." "Viruses" also cause problems. These are programs written by vandals, designed to destroy data and distributed on computer bulletin boards under innocent disguises. This has been going on for years, Parker said, but a rash last fall in San Franciscon Bay area caught media attention. And the computer is never insecure when you need it to be, as Nort found during the Iran-Contra hearings. He had tried to cover his tracks by deleting memos from his office computer, but later found that some helpful person had been making backup copies of everything, just in case. And if North's case reverses the usualy complaint about computer security, perhaps that just shows that computers have come of age. $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ A Few Notes on This Article: ---------------------------- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - "We've learned about computer security- or insecurity- from the movie 'WarGames,' which shows that an American kid with a computer can bring the Pentagon to its knees"- A lot of people, especially r0dentz, are basing hacking on this movie. I think all real hackers are able to laugh at the movie. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - "..using names such as Fatal Error, Glitch or Agent Steal, Maxfield said."- Again, the hackers mentioned: - Fatal Error - Glitch ("The Glitch" actually) - Agent Steal All of these people were on Executive Inn, which is not down. This might indicate that Maxfield was on Executive Inn. This rather interesting because Maxfield was being discussed on Executive Inn before it went down. Here are just a few messages from Executive Inn: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Message #52 of 68 Subject: Dan the man.... From : Marc Blitz [Level 70] To: ALL Time: 12/14/87 at 11:07 pm Probibaly means your on his private database that he uses for "consulting" like the Detroit Maxfield story..... Hmmm...I believe a visit to motor city is in order..... "Machineguns ready to go....." -Queen Message #57 of 68 Subject: Maxfield From : Fatal Error [Level 60] To: ALL Time: 12/18/87 at 4:47 am John maxfield (cable parer) lives about 5 minutes from me... we have on occasion gone by his house and gave him little prei was just wondering does anyone know of anyone else that keeps records like mansfield... F.E. Message #58 of 68 Subject: Well From : Argos [Level 1002] To: ALL Time: 12/18/87 at 10:52 am A lot of rumors were going around sayingaxfield Informants included, Dan the Operator and Mad Hatter but that is yet to be confirmed. Argos. Message #64 of 68 Subject: R) Maxfield From : Marc Blitz [Level 70] To: Fatal Error Time: 12/19/87 at 10:37 pm r Im doing a workup on his profile, i know a canadian relative of his. Ill report occasionaly as i find out stupj on him. Message #66 of 68 Subject: maxfield.... From : Fatal Error [Level 60] To: ALL Time: 12/20/87 at 3:56 am Somewhere around here I have Maxfield's # and address. I used to have his cable pairs but that was a while ago.....I might still have one of his phone bills i stole from his mailbox....oh, and maxfield doesn't just work for mci, he has his own security company and leases his 'services' to anyone interested....... ive already published copies of his phone bill...what should i do now? make it interesting... F.E. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - This isn't to say that Maxfield was definitely on the Executive Inn. It might just be a coincidence that the three people he named (Fatal Error, Glitch, and Agent Steal) were all on E.I. There is also the possibility that all three of these hackers are all on another bulletin board. About Maxfield: --------------- John Maxfield has been discussed in previous issues of TNS and you might read them to find more information on him. He runs an operation called BoardScan which keeps track of hackers across the country. He has been hired out as a security analyst to many corporations. It is also believed that he worked for MCI for a while. BoardScan keeps track of hackers and what they are doing. For many people, he has the hacker's real name/address/telephone number. For some hackers he just has a list of what they have done. Some people say that he has become obsessed with LOD/H. He's been in other newspapers/magazines before this such as U.S. News & World Report. It's said that he can be hired out as a mercenary to find people. One thing that he does is infiltrate phreak/hack bulletin boards under various handles. He does this to find out what is going on in the phreak/hack world and to find what certain phreaks/hackers are doing. One project that he was involved with was "THE BOARD" a sting operation in which he set up a phreak/hack board and obtained the real names and phone numbers of many hackers. He's dangerous and should be avoided. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - "Yes, there are kids (and adults) who make a hobby of intruding on large, corporate computers through telephone access ports."- I suppose it could be called a hobby. All this is very basic on the hacker world. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - "And when they're caught, they usually fall all over each other turning in their friends."- Unfortunately, this is true in many cases. Certain people will do anything to get out of - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ON TRW: "'We've never had anyone hack their way into the system,'"- This might be true. The people who go on TRW do so by obtaining discarded passwords and such. The most famous case of a hacker on TRW occurred when a hacker found out Richard Sandza's credit-card numbers. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - "... Donn B. Parker, senior management consultant at the research firm SRI International in Menlo Park, Calif. He has examined more than 2,000 computer crimes in the last 18 years."- It seems that whenever there is an article about hackers, Donn Parker makes a statement about what hackers are doing. Please see previous issues of TNS for more information on Mr. Parker. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - "'Viruses' also cause problems. These are programs written by vandals, designed to destroy data and distributed on computer bulletin boards under innocent disguises."- This was probably put in because viruses are currently a hot topic in the news. See TNS Issues #26-29 for more information on computer viruses. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$