COMPUTER PHREAKING $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ One of the most pressing needs in all computers systems is computer security. The penetration of a computer system can cause devastating losses. These losses include losses in personal pri- vacy,equiptment,capability,money,time and opportunity. monetary losses due to computer-related crime and who you talk to. compare this amount to the $50 mil- lion lost per year due to armed bank robberies. The trend towards distribu- ted systems present many new possibili- es for security and privacy violations. Computer criminals are becoming more and more sophisticated and learned in their practice. According to the FBI, only about 1% of all computer crimes are ever discovered, and those discov- ered,less than 5% leads to convictions. Failures in some computer systems can cause world war,economic collapse, nuclear power plant meltdown,or massive blackouts! These failures can be caused by many factors. One major factor is the purposeful or accidental byproduct of a computer crime. Computer crimes average 30 times more $ than others. Computer crime or"phreaking" as a crime category is no doubt the most lucrative and least risky of all crimes category Little of it is reported on the news, and those cases reported are generally the more amateurish attempts. "PHREAKING" is what a "phreak" does. In the 1960s, groups of "hippies,""radical ," etc., bored with the middle and upper class successes of their families ,engaged in wild,daring,and dangerous activities. These activities included "ripping-off" (originally a hippie term ) Ma Bell by making free long distance and pay phone calls,using homebuilt, handheld Blue and Red boxes,respectiv- ly. These perpetrators became known as "PHONE FHREAKS", and later, as "PHREAKS ". Their publication, TAP , founded by Abbie Hoffman and others,operated from Room 603 147 w.42nd St. NYC,NY, until burglarized and burned out in 1983. As the 1980s arrived, Ma Bell consider- aly tightened security, and Red and Blue boxes., phreaking has apparently leveled off. The primary phone phreak- ing objective today is credit card fraud. One lady was recently billed $109,000 for 15,000+ credit card calls in one month using her credit card number, which,apparently, someone had overheard her say. Ma Bell readjusted her bill to $47.00! With the increasing popularity of small microcomputers,particulary the portable and transportable kinds,communications between computers systems using modem/ phone hook-ups have also increased. Hundreds of computer Bulletins Boards (BBS) now flourish all over the count- ry. These permit computerists to use their computers to post messages and software accessible by those permitted to use the BB(which may include the general public or limited to some type of club,business or other special arr- angement). Most of the computer phone traffic is legal, but much of it is questionable, and some clearly illegal. The primary purpose of some BBs is to transfer information of mostly illegal appli- cation, such as credit card numbers, passwords, copyrighted software, etc., and to put people in contact with each other withe like questionable or ille- gal intentions. Along with the in- creased use of BBs to facilitate criminal activity, is the increased activity of some people to use this information, and to develop their own, to penetrate systems not intended for their use. The FBI and other legal authorities, and Ma Bell security are more closely scrutinizing the activities of BBs. BBs have been raided and shut down. Sting operations have been set up. Suspected BBs are regularly monitored while nearly all others are periodi- cally examined to gain intelligence on phreakers, and those associated with underground radical organizations. The Red and Blue Box Phreaker of yesterday has evolved into the Compu- ter Phreaker of today. He is daring, intelligent and knowledgeable. He may be reckless, or cool and systematic. He is generally young, single, white, male, middle class, secure, highly intelligent and a good student. The term, "whiz" is often used to describe him. The term "Computer Phreaking" is stead- ily evolving from misusing a microcom- puter and Ma Bell to penetrate other computer systems ala WAR GAMES, to a generalized term to cover all crimes in which a computer is programmed to act as an accomplice. Today, the bulk of computer phreaking is done by offi- cers and employees of the Government, financial institutions, and large cor- porations for themselves or the insti- tution which employs them, with little or no associaion with whiz kids, long distance phone calls and BBs. DISCLAIMER: While every attempt has been made to provide correct and com- plete information, we do not assume responsibility for any errors or omis- sions. We assume no liability whatever for loss or damage caused directly or indirectly, or alleged to be caused by the information found herein. COMPUTER PHREAKING is printed as is, and is printed for educational and entertain- ment purposes only. We do NOT recom- mend, suggest or encourage any illegal use of computers. TERMINOLOGY The following terms are used here: ACCOUNT: Refers to savings, checking, credit, debit, inventory or general ledger account. ATM: Automated or Automatic Teller Machine. A computerized cash dispen- ser/acceptor used to replace a bank clerk. One inserts an encoded debit card into the ATM's slot to initiate the transaction. BB: Computer Bulletin Board. Func- tions similarly to other bulletin boards except that access is made by computers via phone/modem hook-ups. DATA: Data in the generalized sense to include numerical data, messages and text. May be raw data or processed data (information). EFTS: Electronic Fund Transfer System A gerneralized term that refers to all computerized banking operations invol- ving the communication of financial information from one point to another. Although EFTS has come to mean many diverse electronic automation projects, it usually denotes ATMs,POSs, Automated Clearing Houses, and a type of national banking or money settlement and clear- ing function. FILE: A Computer File, which may be a computer program routine or data file. A data file is any computer file which is not a routine of program. INSTITUTION: Refers to financial instutions, large corporations, govern- ment, and other businessess which rely upon computers. KEY DATA: Refers to a data file record descriptor, such as name, ad- dress, account number, transaction number(ex. banking, Social Security #, VA #, etc.), part number, sales iden- titifier, department number, applicable discount rate, account number, vendor identifier, account type, privileges, activity status, expiration or monthly closing date, etc. OS: Computer Operating System- the master software which manages and supervises computer operation. A UTILITY is a program used to perform frequent operations required by the OS and-or application programs, such as spooling, printer dump, file conversion etc. An APPLICATION PROGRAM is a pro- gram designed for a specific user application, such as a game, wordproc- essor, general ledger, etc. PAYMENT: Refers to a payroll, divi- dent, interest, commission, loan, rent, installment, account deposit, annuity, pension, disability, welfare, unemploy- ment compensation, insurance, Social Security, etc. payment. PERPETRATOR: Refers to one who perpetrates an action or crime, and includes all his accomplices and accessories. POS: Point of Sale terminal. An ATM device used in stores to enter, verify and debit the cost of purchases. TARGET: Refers to the person (in the objective sense) targetted by the com- puter crime. The target may be a cus- tomer, client, patron, vendor, contrac- tor, employee, employer, pensioner, stockholder, taxpayer, salesman, patient, welfare recipient, disability recipient, etc. Usually, Target refers to the victim, but not always. Depen- ding upon use, it may refer to an accomplice, or refer to one who neither gains nor loses by the crime but whose participation is required. TRANSACTION: Refers to the transfer of money between accounts or between an account and a person. It also refers to adding and deleting a data file, or changing a data file which ultimately affects the transfer of money. CRIME-RELATED TERMS The following terms are defined in con- text to their relationship to computer crime. ACCESS NUMBER: An Access Number is a secret phone, extension, account or project number used to access a compu- ter or program. AUTHENTICATION PROCEDURES: (See section on this topic). BODY SNATCHER: A Body Snatcher is a program whish takes a file, and auto- matically creates from it a Mutant. It may or may not destroy the original and rename the new one as the original. BOMB: A Bomb is a program or program function which fails because of bug(s). BUG: 1) A program mistake or defect. 2) An electronic surveillance device, wired or unwired. BREAKAGE: Breakage is the bleeding- off of small sums from numerous sources such as accumulating all the roundoffs from numerous savings accounts interest computations. Each data file may lose less than a penny but, in large banks, the total breakage losses can amount to $ Thousands per day. CANDYMAN: A Candyman is a person who compromises key computer, accounting or purchasing personnel to obtain intelligence critical to computer pene- tration, usually with bribes of money or sex. CHEESEBOX: A Cheesebox is an elec- tronic device which, upon receipt of a certain phone number or data sequence automatically switches a line to an unauthorized line (perhaps to a Wire- tap). CHECKSUM: A Checksum is a sum derived from a summation check usually without regard to overflow. Checksums are very effective in detecting random, natur- ally caused errors but can be manipu- lated to not detect fraud errors. To minimize the probability of manipula- tion, make the Checksum also depended upon a key and-or random information. Two types: 1) STANDARD CYCLIC REDUN- DANCY CHECK (CRC): The message is expressed as a polynymial, and is then divided by a small, fixed polynomial, "F". The remainder is the CRC. The CRC is then appended to the transmitted message. The combined message received must be evenly divisible by "F" to be correct. 2) MODULO ARITHMETIC SUM: The results of a Modulo n operation. CODE 10: A Code 10 is a procedure instituted by credit and debit card issuers to stop fraud. If a merchant is suspicious of a customer, he calls the card issuer for "verification." While on the phone, he says the words "Code 10." He is automatically hooked- up to security, which asks him a set of questions requiring only "yes" and "no" answers. COUNTERMEASURE: A Countermeasure is a defensive technique used to detect, prevent or expose crime. CRASH: A Crash is similar to a Bomb but generally refers to a major OS or program failure. Also caused by power failures. DIVERSION: A Diversion is a secondary activity used to divert attention away from a crime or perpetrator. Examples are staged crashes, program bugs, or other criminal activity. EARMARK: An Earmark is a character(s) (ex. a non-printable character) used to secretly identify files or data ele- ments for special treatment. Earmarks are used for fraud purposes. Earmarks can also be used as a Countermeasure. ENCRYPTION SCHEMES: To encrypt data or text means to encode or encipher it. Most savvy computer users do not rely solely upon passwords and complex sign- on procedures to protect their systems and software. They can be too easily guessed or compromised. The data or text is encoded using a "key" designed by the encoding scheme. The encoded or encrypted message is then trans- mitted. When it is received by an authorized receiver, a "key" is used to decode the data or text so that it is again meaningful. Uncoded or decoded data is called PLAINTEXT. Encoded data is called CIPHERTEXT. GODFATHER or BIG-BROTHER: A God- father or Big-Brother is a Trojan Horse which modifies the OS, or a utility routine or program which performs an OS function. When it is active, it takes over the control of certain OS or utility functions. The controlled applications or utility program or routine becomes a Zombie. The primary illegal purpose of a Godfather is to modify the function or programs without changing the code in the programs them- selves. Thus, the programs will oper- ate as designed when the Godfather is absent, but differently when it is pre- sent. Godfathers can be designed to be activated or deactivated by user entry (ex. pressing a certain key combination ). EXAMPLE: A modification of the OS's printer output routine to intercept all printer outputs and to screen out bogus transaction inputs. The OS code is zapped to add an extra CALL or JUMP routine(s), which diverts the proces- sing of printer outputs to the perpe- trator's Godfather code located else- where in memory or on disk or tape. After the Godfather screens out all bogus transactions, it returns control back to the OS printer routine to resume normal processing of output data. KEY: A Key is a sequence of charac- ters, which are combined with data to change Plaintext to Ciphertext or vice- versa. Encoded data requires knowledge of the key to decode. Many encoding schemes are possible, the most pop- ular methods use character substitu- tions, matrix operations, the U.S. Government's Data Encryption Standard (DES), or Public Keys. LAPPING: Lapping is a scheme in which meticulous record keeping and time management permits the phreaker to de- select an existing target while selec- ting a new one to minimize the risk of discovery and identification. LOGIC BOMB: A Logic Bomb is a Trojan Horse which activates usually at a certain date or time, and destroys files, its host program or routine, and usually itself. An interesting appli- cation of Logic Bombs are in some com- mercial software packages. Most people do not want to spend $ Hundreds for a program without actually applying it themselves first. The problem is, once you lend a program to a potential cus- tomer to try out, how do you collect payment for the program if the poten- tial customer keeps it, and, how do you guarantee that he won't pirate your program? You install a Logic Bomb in the program. After the stolen program has been run for a certain amount of time, the program destroys itself. Once the program is paid for, the programmer removes or deactivates the Logic Bomb. MOLE: A Mole is a spy for another country, business or agency who infil- trates an organization to steal natio- nal security information, trade secrets strategies, files, money, etc., or to sabotage or create havoc. MUTANT: A Mutant is created by a Body Snatcher, and closely resembles another file except for a few critical changes. PASSWORD: A Password is a word or phrase that must be correctly entered into the computer for the computer to allow access to programs and-or data in the computer. Most computer secur- ity schemes rely upon more than one password to protect the system. There are basically two types of passwords: A. ACCESS PASSWORDS: Passwords which level of access is dictated by assigned Protection Levels or Attributes. B. UPDATE PASSWORDS: Passwords which permit the user "Total Privilege" in the system. "Total Privilege" permits the user to execute, read, write, re- name and kill files. PATCH or ZAP: A Patch is a software modification, usually by using a utility (ex. IBM'S SUPERZAP) to change the actual bytes of program or data stored on disk, tape or memory. Zaps are used to implant Trojan Horses, and to make other file changes. PIRACY: Piracy is the theft of pro- prietary software or data. Many com- puter programmers now use sophisticated protection schemes, both hardware and software in nature, to protect their software from unauthorized duplication. These techniques, however, are overcome by computer whizzes just about as fast as new methods appear, and they prevent authorized users from making needed backups in case the original program is destroyed. The piracy of data from financial and government data banks is largely thwarted by the use of Passwords, complex Encryption schemes, Security Codes, Access Numbers, Authentication procedures, and dedicated lines. Still the piracy of data is widespread and increasing. Whatever scheme is devised by man to thwart penetration can also be undone by man. PROTECTION LEVELS or ATTRIBUTES: Access Passwords are assigned Protec- tion Levels. These are: A. EXECUTE: Only permits the user to execute a program, but not to read a data file. B. READ: Permits the user to execute, AND to read data files. C. WRITE: Permits the user to exe- cute, read files, AND to write to data files. D. RENAME: Permits the user to exe- cute, read, write, AND to rename files. E. KILL or TOTAL PRIVILEGE: Permits the user to execute, read, write, and rename files AND to kill files. Protection Levels are important be- cause they allow you to assign access capability based upon the need of the user. For example, if a shipping clerk needs to verify that an order was placed, he should not have the power to kill customer files. PUBLIC KEY SYSTEMS: (See section on this topic). SCRAMBLER: A Scrambler is a device which electronically scrambles data, usually by frequency inversion, frequ- ency hopping, bandsplitting, or time- division multiplexing. SECURITY CODE: A Security Code is an identifier or combination used to access a computer or program. SHAKE or LOSE: To Shake or Lose is to evade detection. SILENT ALARM: A Silent Alarm is a computer system protection scheme that detects efforts to penetrate a computer system - particulary trial-and-error type efforts. Usually at least three sign-on attempts are permitted before an alarm is activated. Unknown to the offender, the program enters a silent trap or interrupt routine, and a sys- tem alarm is activated. System and security personnel, the phone company, and-or law enforcement personnel are then notified, usually but not always immediatly. Also, "entrapment" pro- cedures are activated to determine who the offender is, and to record all that transpires. These usually consist of a phone trace and-or a "game" in which the violator is "roped" into playing. The "game" cleverly probes the perpe- trator for indentifying information. Of course, the alarm in not detectable by the violator. The Milwaukee "414" group was caught largely due to infor- mation derived from a Silent Alarm "game" in a California bank they penetrated. SMOE: Surreptious Methods of Entry. The art of penetrating a computer system without leaving a clue or evi- dence. SOLO ARTIST: A Solo Artist is a soph- isticated criminal who words by him- self. TAP or WIRETAP: A Tap or Wiretap is an unauthorized monitoring circuit directly connected to a computer's communications line. TRAPDOOR: A Trapdoor is a Trojan Horse which modifies an OS utility, or applications program to permit the use of an unauthorized Master Password(s) to gain access. This second Password penetrates by bypassing all other Passwords and security schemes used by the System - even after they've been changed! Trapdoors are often installed by programmers to ease the development and troubleshooting of programs, or to assure access to them no matter who has them or how they are used. In WAR GAMES it was the place- ment of an easily guessed Trapdoor routine (his son's name was used as the password) by the eccentric program de- signer that permitted easy penetration. TROJAN HORSE: A Trojan horse is a software routine which is insidiously implanted in a program or routine. When a certain combination of events occur the Trojan Horse routine is activated and performs a function(s) alien or contrary to the true inten- tion of the program. The "programming events" may include the date, the amount of time the program is run, a data entry or combination of data entries, the calling of a legitimate routine or combination of routines, or by certain keyboard entries. The Trojan Horse is designed to periodi- cally inspect for these "programming events", and upon their occurrence, to launch into special routines. Trojan Horses are frequently used to defraud. Examples of Trojan Horses are Logic Bombs, Trapdoors and Godfathers. For example, when the targeted com- bination of programming events occur, the Trojan Horse in a bank's savings accounts program activates. It trans- fers a huge quantity of money to another account. It then changes or erases both itself from the program and the record of to whom the money was transferred. The money literally disappears with little or no trace! Trojan Horses are usually difficult to detect in program code, and to prevent. How Destructive can Trojan Horses be? The type of penetration depicted in WAR GAMES is virtually impossible. However, what if the Soviets penetrate our missile systems and plant Trojan Horses in the computer programs which control the launching of our inter- continental ballistic missiles? When we try to launch these missiles against the Soviet Union, the Soviet Trojan Horses are activated, co-ordinates are changed, and our missiles destroy our own cities, or fail to launch! Were the Korean Airline passengers a victim of a Soviet Trojan Horse implanted in the Inertial Guidance computers - the same type of Inertial Guidance System used in our jets and missiles?? ZOMBIE: A Zombie is a program con- trolled by a Godfather.