Received: by lemuria.sai.com (/\==/\ Smail3.1.21.1 #21.11) id ; Mon, 2 Nov 92 00:54 EST Received: from uicvm.uic.edu by mv.MV.COM (5.65/1.35) id AA10364; Mon, 2 Nov 92 00:14:44 -0500 Message-Id: <9211020514.AA10364@mv.MV.COM> Received: from NIU.BITNET by UICVM.UIC.EDU (IBM VM SMTP V2R1) with BSMTP id 3656; Sun, 01 Nov 92 23:15:54 CST Date: Sun, 01 Nov 92 20:42 CST To: TK0JUT1@NIU.BITNET From: TK0JUT2%NIU.bitnet@UICVM.UIC.EDU Subject: Cu Digest, #4.54 Computer underground Digest Sun Oct 31, 1992 Volume 4 : Issue 54 Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET) Archivist: Brendan Kehoe Shadow-Archivists: Dan Carosone / Paul Southworth / Ralph Sims Copy Editor: Etaion Shrdleaux, Sr. CONTENTS, #4.54 (Oct 31, 1992) File 1--Two New Shadows File 2--Some comments on NBC Dateline's "Hacker" Segment File 3--Transcript of DATELINE NBC: ARE YOUR SECRETS SAFE File 4--Somebody gets access to freeway callbox codes, runs up bill Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are available at no cost from tk0jut2@mvs.cso.niu.edu. The editors may be contacted by voice (815-753-6430), fax (815-753-6302) or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115. Issues of CuD can also be found in the Usenet comp.society.cu-digest news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG, and DL0 and DL12 of TELECOM; on Genie in the PF*NPC RT libraries; from America Online in the PC Telecom forum under "computing newsletters;" on the PC-EXEC BBS at (414) 789-4210; in Europe from the ComNet in Luxembourg BBS (++352) 466893; and using anonymous FTP on the Internet from ftp.eff.org (192.88.144.4) in /pub/cud, red.css.itd.umich.edu (141.211.182.91) in /cud, halcyon.com (192.135.191.2) in /pub/mirror/cud, and ftp.ee.mu.oz.au (128.250.77.2) in /pub/text/CuD. Back issues also may be obtained from the mail server at mailserv@batpad.lgb.ca.us. European distributor: ComNet in Luxembourg BBS (++352) 466893. COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted for non-profit as long as the source is cited. Some authors do copyright their material, and they should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to computer culture and communication. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ---------------------------------------------------------------------- Date: Tue, 20 Oct 1992 18:20:24 -0400 From: Brendan Kehoe Subject: File 1--Two New Shadows I'm pleased to announce the availability of two additional mirrors of the Computer Underground Digest archives. The main archive at ftp.eff.org is now replicated by: IN THE US: red.css.itd.umich.edu (141.211.182.91) in /cud(Michigan) halcyon.com (192.135.191.2) in /pub/mirror/cud(Washington) IN AUSTRALIA: ftp.ee.mu.oz.au (128.250.77.2) in /pub/text/CuD All three are exact copies of the archives stored on the EFF's machine. Please save the bandwidth and visit the site closest to you. A shadow in Europe or Scandinavia would also help (there's a lot of interest from people in Finland, Sweden, Great Britain, and Germany particularly). Brendan Kehoe cudarch@eff.org ------------------------------ Date: Sat, 31 Oct 92 16:11:58 CST From: Jim Thomas Subject: File 2--Some comments on NBC Dateline's "Hacker" Segment About a month ago, Susan Adams, producer of NBC's Dateline called me. She indicated that Dateline was going to do a story on hackers, and she wanted to know how many "hacker busts" had gone to court. She limited the term "hacker" to teenaged computer intruders, and did not seem interested in the more serious crimes of professional criminals who ply their trade with computers or with computer abusers who prey on their employers. Suspecting a pre-defined slant to the story, I attempted to make it clear that, despite increased visibility of attention to computer abuse, there have been relatively few indictments. Operation Sun Devil, I explained, was mostly smoke and served more to dramatize "hacker activity" far more than its success in apprehending them. I provided some basic background in the Sun Devil, Len Rose, and Phrack cases, some of which she seemed to know. I emphasized the civil rights issues, the complexity of the "hacker phenomenon," and the hyperbole of law enforcement and media that distorts the nature of the problem and thereby obstructs solutions. At some length I attempted to explain the problem of media sensationalism, the problems of balancing Constitutional rights with legitimate law enforcement interests and the potential for abuse that created by an imbalance, and the need for responsible and incisive reporting by the media. Ms. Adams indicated that she had talked to Mike Godwin of the EFF, who I presumed would have told her the same thing, and others who claimed to have been contacted by Dateline staff indicated that they, too, cautioned against sensationalism. Believing that NBC would like to think that its quality of programming exceeds that of Geraldo's "Now it can be Told" (See CuD #3.37 special issue on "Mad Hacker's Key Party"), I anticipated a balanced, accurate, and non-sensationalized depiction of "hackers." To paraphrase H.L. Mencken, nobody ever went broke underestimating the accuracy of tv tabloid journalism. The program that aired on Tuesday, October 27, 1992, could have been worse, but that's hardly a sound way to evaluate a program. The teaser to the "Are Your Secrets Safe" segment framed the story around the potential dangers that "hackers" pose: They can wipe-out your bank account, crash the E911 system, and destroy the nation's telephone networks. In case we missed the point, footage from Sneaker's linked Ben Kingsly's scene, in which he discussed his mad scheme of "bringing down the whole damn system" with the activities of "hackers." The opening shot of a silhouetted young hacker identified only under the pseudonym "Quintin" bragging about his exploits reinforced the shadowy activities. Quintin demonstrated no skills, and other than simply assert that he had previously engaged in vague activities, his primary function on the show seemed to be little more than as a dramatic prop that enabled the producers to shape the mood of their recreation. Quintin may or may not be an arch-fiend, but he neither did nor said anything that established credibility. Even the screen shot of nic.ddn.mil and UFO information has a piscine smell--there was no evidence that it was anything more than a file readily obtained either by ftp or even (shades of Cliff Stoll) a file inserted in a computer system to trap intruders. Either way, the mystery of Quintin's identity seemed the message, and he provided nothing of any substance not known to anybody who roams the Internet. Brief interviews with Kent Alexander, the prosecutor in the "Atlanta 3" case, and with Scott Ticer of BellSouth, elicited the corporate/law-enforcement view of hackers as dangerous criminals who should be prosecuted. For them, the issues are black and white, simple, and unequivocal. The solutions to the problem are clear, as the Atlanta Legion of Doom cases indicated: Put 'em in prison. The moderator, Jon Scott, then informed the audience that, to learn more about the hacker world, he went "underground." Dramatic terminology, but grossly inaccurate. To go "underground" presumably would mean hooking up with people surreptitiously involved in on-going intrusion who could clearly demonstrate how one might break into military computers, access and re-program the E911 system, or shift money from one bank account to another. Scott did none of this. Instead, he interviewed two former LoD participants, both of whom are visible and quite "above ground," and neither of whom demonstrated much of value, let alone anything that could be considered dangerous. Adam Grant, sentenced to a brief stint in Federal prison in the "Atlanta 3" case, and Scott Chasin, a former LoD participant who, with some LoD friends, were partners in ComSec, a short-lived computer security consulting firm, demonstrated a few "hacker tricks," but nothing that could even remotely be considered dangerous. Grant explained "trashing"--rummaging through trash to find useful information--to Scott. Grant took Scott to a BellSouth trashbin to illustrate how he used to trash. Although BellSouth presumably implemented policies requiring locks on trashbins, on one side of the bin the lock was unlocked and there was no lock on the other side. One presumes nothing of interest was found, or it would have become another prop in the show. In Hacker Crackdown, Bruce Sterling provides an account of his own trashing experience during a moment of boredom at a law enforcement computer security conference (pp. 197-202) that was far more interesting and produced far more detailed information. The interview with Scott Chasin was equally misleading. Chasin typed what appeared to by a simple "whois" command that lists the Internet addresses of the target. "whois NSA" would produce a list of all accessible NSA addresses. For example, typing "whois jthomas" would produce the following addresses on military computers: whois jthomas Thomas, James (JT276)jthomas@TECNET1.JCTE.JCS.MIL (703) 695-1565 225-1565 Thomas, James (JT5)jthomas@WSMR-EMH82.ARMY.MIL (505) 678-5048 (DSN) 258-5048 Thomas, Jeffery (JT21)jthomas@TACHOST.AF.MIL (804) 764-6610 (DSN)574-6610 Thomas, Jeffrey K. (JKT9)jthomas@WSMR-EMH02.ARMY.MIL (505) 678-4597 (DSN) 258-4597 Thomas, Jennifer L. (JLT9)jthomas@APG-EMH5.APG.ARMY.MIL (301) 671-2619 (DSN) 584-2619 Thomas, Joseph, Jr. (JT168)jthomas@REDSTONE-EMH2.ARMY.MIL (205) 876-7407 (DSN) 746-7407 Thomasovich, John L. (JLT5)jthomas@PICA.ARMY.MIL (201) 724-3760 (DSN) 880-3760 Or, "whois 162.45.0.0" would give: Central Intelligence Agency (NET-CIA) Central Intelligence Agency OIT/ESG/DSED Washington, DC 20505 Netname: CIA Netnumber: 162.45.0.0 Coordinator: 703-281-8087 Record last updated on 22-Jul-92. Or, "ftp nic.ddn.mil" would connect us to the Network Information Center, which was shown on Quintin's screen, a military system that allows anonymous ftp privileges, where the command "cd /pub ; ls" would produce a list of the documents that one could (legally) rummage through. One could "grep" or "find" "UFO" or any other key word quite legitimately. Dateline did a major disservice to viewers by not explaining at least minimal basics of computer technology and the workings of Internet. Nothing portrayed by Chasin or Scott or on the screen necessarily indicated wrong doing, and in fact it seemed nothing more than a routine use of commands available to anyone with a Unix system and Internet access. In fact, we learned nothing that isn't explained in Krohl's "The Whole Internet" or Kehoe's "Zen and the Art of the Internet." Dateline took basic information and made it appear arcane, dangerous, and of special significance. Chasin next demonstrated "social engineering," in which a telephone caller attempts to con useful information from somebody through deception. Chasin was given a week to access any point of a system belonging to a corporation identified only as one of the "Fortune 500." Posing as a company computer operator, it took only a few calls and 90 minutes (collapsed for dramatic effect into about a minute on the program) to con a receptionist out of her password. Whether this access would allow deeper penetration into the computers or simply allow the intruder to read the secretary's private mail remains unknown. Although a convincing demonstration of social engineering, it also emphasizes a point that Dateline glossed over, which hackers and security personnel have been saying for years: The greatest threat to computer security is the individual user. Computer crime is serious. It is unacceptable. Computer predations are wrong. But, the Dateline description did little to illustrate its nature and complexity and did much to re-inforce public technophobia and fears of computer literate teenagers. The issue here isn't whether the term "hacker" is again abused, whether "hackers" receive good or bad press, or whether a program develops a slant that is merely not to one's liking. Dateline's error was far more serious than any of these trivial cavils. At root, Dateline presented misinformation, seemed to have a story carved out in advance and merely sought detail for it, and depicted little of substance in contriving a fear-mongering story organized around assertion rather than evidence. It only confused the nature of computer crime, and confused perceptions lead to bad laws, bad law enforcement, and no solutions. As Adam Grant pointed out, the fact that people have the ability to intrude upon a system or to shoot somebody does not mean they are necessarily social threats. To exaggerate a "hacker threat" feeds the folly of excessive punishment for computer delinquents, and it suggests that the answer to the "hacker problem" is to apprehend the hacker rather than address the broader questions of computer responsibility, computer security, and computer literacy. Even with its hyperbole, Dateline could have salvaged some respectability if it had concluded by informing users that computer systems generally are intended to be open, that *trust* is a crucial element of computer use, and that users themselves can take significant steps to increase security little effort. Dateline seemed uninterested in its responsibility to the public. It seemed more interested in presenting a sexy story. When Geraldo presented "Mad Hacker's Key Party," the producer had the class to engage in a dialogue with critics and seemed genuinely interested in learning from criticism. I wonder if Susan Adams, producer of this Dateline segment, will do the same? ------------------------------ Date: Wed, 28 Oct 92 10:00:55 MST From: ahawks@NYX.CS.DU.EDU(we're tiny we're toony) Subject: File 3--Transcript of DATELINE NBC: ARE YOUR SECRETS SAFE From the same guy that brought you a transcript of Geraldo's NOW IT CAN BE TOLD, here's a transcript of last night's DATELINE NBC episode which featured a segment called ARE YOUR SECRETS SAFE that dealt with hackers: ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Transcript of ARE YOUR SECRETS SAFE segment of DATELINE NBC airing October 27, 1992 PRODUCER: SUSAN ADAMS EDITOR: MARY ANN MARTIN ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Announcer: Well, when we come back, how computer hackers can make you and me their victims. The computer underground can potentially shut down our high-tech society. Our financial records, medical data, communications systems, it's all at their finger tips. Jon Scott reports. Next. Announcer: ...you knew it. Today, it's not that simple. In our high tech society, we can be targets of crime and never suspect a thing. It's crime by computer hackers. They've been glamorized by Hollywood most recently in the hit film "Sneakers." But, how do real hackers operate, and just what kind of damage can they do? Tonight, Jon Scott goes into their world to see how they access ours. [shot of computer screen, keys being pressed is the sound heard. [FADE to silhouette of shadowed hacker, voice altered electronically] "QUINTIN": I have accessed - you name it, really: credit card companies, telephone companies, government installations, military installations, political organizations, senators' computer systems. JON SCOTT [reporter]: His voice is altered. His face hidden. His name - an alias. [fade to A HACKER {white male, approx. 14-18, wearing blue Yankess hat backwards, t-shirt and jeans} sitting at small desk in front of a laptop] SCOTT: In fact we don't even know his real name. That's the only way "Quintin" would agree to talk to us. Because "Quintin" is a hacker: a computer genius who illegally breaks into computers for fun. [fade back to silhouette shot, camera shot alters between SCOTT {reporter} and QUINTIN] SCOTT: Have you ever shared information, say, about a company with one of their competitors? QUINTIN: That I have not done. SCOTT: Have you ever been tempted to? QUINTIN: Umm, there's always kind of the lurking temptation. [fade to shot of QUINTIN's hands at keyboard] SCOTT: It's a frightening thought: someone breaking into your computer and roaming around in it with the potential to share, sell, even alter what they see. That's what hackers can do. Quintin told us he's read the private mail of a US Senator, [close-up shot of laptop screen showing info from nic.ddn.mil concerning UFO info at Wright-Patterson Air Force Base in Ohio] browsed through secret government files on UFOs, and gone snooping in our nation's military computers. [fade back to silhouette shot again] SCOTT: Do you recognize that what you do is illegal? QUINTIN: Yeah, Yeah I do. SCOTT: Is it immoral? QUINTIN: To me, no. [fade to shot standing in the midst of a room filled with computers] SCOTT: More and more hackers like "Quintin" are out there, illegally breaking into systems that could contain information about you. Think about how much of your life is on a computer: your credit rating, financial records, your paycheck at work - computers run your telephone, your electricity, and your gas. In corporate America, it seems, they run everything. [fade to shot from the movie SNEAKERS - Ben Kingsley and Robert Redford sitting and talking] REDFORD: Stock market? KINGSLEY: Yes. REDFORD: Currency market? KINGSLEY: Yes. REDOFRD: Commodities market? KINGSLEY: Yes? REDFORD: Small countries? KINGSLEY: I might even be able to crash the whole damn system. SCOTT: In the movie SNEAKERS, Ben Kingsley dreamed of using a computer to dismantle the world's financial system. To some it's not so far-fetched. [fade to shot of Kent Alexander in empty courtroom] KENT ALEXANDER: Most people think of this movie as science-fiction. After prosecuting this case, I think of it as reality. SCOTT: Former computer prosecuter Kent Alexander was one of the first to win a conviction against computer hackers. ALEXANDER: I've seen hackers who've tapped into phone systems and litterally tapped into phone lines to listen in on telephone conversations. Hackers have broken into credit bureaus to get people's credit histories, hackers have broken into credit card records to have money wired to themselves. [shot of newspaper clippings related to the Atlanta 3 LoD case] SCOTT: In a highly-publicized trial in 1990, Alexander sent three Atlanta hackers to jail, among them - Adam Grant. [fade to shot of Grant and Scott walking to BellSouth building at night.] SCOTT: So how often would you come over here? GRANT: In the beginning as maybe as much as a couple times a week. SCOTT: Adam belonged to an elite hacker club called the Legion of Doom. One of the methods he used to obtain secret computer codes was to rummage through the trash at BellSouth - the regional phone company in Atlanta. [they stop in front of a BFI trash dumpster and examine it] GRANT: Back a few years ago they weren't locked. You could just slide the doors open, reach in, grab a bag, leave. This one's not even locked. SCOTT: Using the information he found here Adam was able to sit in front of his home computer and hack into the heart of BellSouth. SCOTT: They didn't learn something on this side [pointing to unlocked dumpster - slides it open, it contains a bunch of folded up cardboard boxes]. GRANT: At BellSouth we were able to get into all manner of computers. [fade to shot of Grant sitting and talking] uh, the phone switches themselves. SCOTT: In essence you got to the point where you could've turned off everybody's phones in Georgia. GRANT: About any one of a couple dozen of us could've done that. [fade to shot of interior of BellSouth command center] SCOTT: for more than a year, Adam and his friends had free access to the inner workings of 12 BellSouth computer systems. [back to previous shot] SCOTT: They say you could've crashed or broken the 911 system. GRANT: Mmm-hmm . The operative word for me is *could have*. SCOTT: You could have done that? GRANT: Yes. I could go out and shoot people. You can. SCOTT: BellSouth cracked down hard on Adam and the others, even though it acknowledges they never disrupted phone service or changed any customer accounts. [shot of US phone network display] [fade to shot of BellSouth spokesman Scott Ticer] TICER: We don't care what the motive may or may not be. SCOTT: Scott Ticer is a corporate spokesman for BellSouth. TICER: We are not talking about Wally and the Beav, much less Eddie Haskel. We're not dealing with a bunch of mischievous pranksters playing in some high-tech toyland [possibly toilet, not clear]. This is a crime. [shot of skyscraper] SCOTT: BellSouth is just one example of a company stalked by hackers. In a recent New York case, members of a club known as the Masters of Deception [shots of MoD-related newspaper articles] were indicted, accused of hacking into institutions like: [corporate logos appear on computer monitor] the Bank of America, Martin Marietta, PacificBell, SouthwesternBell, New York Telephone, TRW, Information America, and New York University. So how does a hacker get into these systems? To find out, Dateline went underground into the hacker's world. [fade to shot of Scott Chasin] CHASIN: Power and ego have a lot to do with hacking. SCOTT: 21 year-old Scott Chasin spent 9 years as a hacker. He says his hacker days are behind him now, but he still keeps tabs on the hacker underground. [shot of monitor with a bunch of Account: and Password: 's] CHASIN: Basically these are passwords for a university that somebody has cracked. SCOTT: Scott showed as a hacker's secret meeting place - a private electronic bulletin board. [shot of login to board called TCH] individual hacker clubs set up these boards so members may swap information. "I need some help figuring out how to crash my school's computer system"? Is he serious? CHASIN: Sure. Why wouldn't he be? [varying shots of crack screens from pirated software and hacking utilities : Hacker clubs, some of whose logos you see here, are very competitive. Sometimes its club v. club, sometimes its member v. member. [shot of Grant] GRANT: You want to make yourself unique. And one of the best ways of doing that is being forceful - being obnoxious. [shot of Grant typing] SCOTT: For many like Adam, the underground is the first place they found where they felt like they had power. GRANT: You think about: "I can do something that's really different. I can do nothing that none of my friends can. I can do something that most people anywhere can't. And that makes you stand out - makes you want to do it." It's like a criminal olympics. [shot of Chasin typing] SCOTT: Hackers might break into a computer with your name in it by accessing one of the computer networks which link millions of computers world-wide. Scott showed us what he could reach from his living room. We went looking for the top-secret National Security Agency. We found it. [shot of Chasin typing "NSA" on monitor, then: National Security Agency (NSA) Network Services Agency (NET-NSA) Whois: _ ] Same with the Pentagon. [shot of monitor: PENTAGON-HQDADSS.ARMY.MIL 26 ] CHASIN: Let's do a search for NASA. SCOTT: It's like searching the phonebook for someone's street address and learning where they live. [screen shows 'whois' output of NASA matches] CHASIN: Found over 247 of 'em. SCOTT: 247 NASA computers? CHASIN: Computers and networks, that are on the Internet. Correct. SCOTT: But each of these NASA computers has a lock on it, and only authorized users like NASA employees are allowed to have th keys. To "unlock" most computer systems, authorized employess type in their username and then their password. Passwords and user names are supposed to be kept secret, but hackers have ways of getting them. [shot of Quintin] QUINTIN: Sometimes it's as simple as a phone-call to the company and portraying myself as another employee, to pulling telephone records, to actually entering the building and places where I physically should not be. SCOTT: So on the one-hand you break into the building and then you break into the computers? QUINTIN: Yes. [shot of Scott] SCOTT: Most hackers don't resort to burglary - they can get the information they need over the phone. They call it social engineering - basically, it's a con job. We asked Scott, the former hacker, to show us how it's done. Dateline obtained permission from a Fortune 500 company to have Scott try and hack in. The company gave him 1 week to land anywhere inside its computer system. Posing as a fellow staff member, Scott began by making random calls to unsuspecting employees. [Chasin on phone, ringing] CHASIN: Hi. My name's Scott Chasin and I'm calling from Business Affairs. I'm at home right now and I'm wondering if there's a way I could get into the network - I just bought a PC. EMPLOYEE1: You have Crosstalk? CHASIN: Yes I do. SCOTT: Hist first call was to the computer department. He's looking for the 800 number he needs to dial to have his computer connect to the company's system. CHASIN: What is the number it has to dial? EMPLOYEE1: Your best bet is to dial the 800 number. CHASIN: Right. But, I don't show that on my screen. EMPLOYEE1: What do you show? CHASIN: It just says xxx-xxx-xxxx, I think, yeah. EMPLOYEE1: Oh, it's 800-***-****. SCOTT: With the phone-numbers, he's at the company's front door. Now he needs the "keys": a username and password, to get inside. [phone rings] CHASIN: Hi, *****, this is Scott Chasin calling from the computer center. EMPLOYEE2: Hi. CHASIN: How ya doin'? EMPLOYEE2: Ok! CHASIN: Is everything up and runnin' down there? EMPLOYEE2: Uhhh, why? 'we sposed to be down? CHASIN: Yeah we're having some problems, we've been having some reoccuring problems since last night. EMPLOYEE2: Believe me, I'm not a computer maven person. hahaha. CHASIN: Hahah. That's all right, I'll help ya out! If you log out and log back in, we'll go through the whole scenario so I can see if everything's ok on my end. Can you do that for me? EMPLOYEE2: I think so...hold on... SCOTT: Bare in mind he [Chasin] still can't see anything on his end - it's a ruse. All he wants is a username and a password. Even if he only gets a username from someone, a hacker can make an educated guess at a password. [cut to interview of Chasin] SCOTT: What are some common passwords that people use? CHASIN: money, sex, love, secret, password. Mostly first names, husband names, wife names, pet's names, social security numbers, parts of their telephone.... [cut back] SCOTT: But as we saw, most of the time a hacker doesn't even have to guess. CHASIN [on phone]: Why don't you tell me what your login id is cuz I'm gonna watch you come across the network so I can see where the problem's arising from. EMPLOYEE3: What my login is? CHASIN: Yeah. EMPLOYEE3: ****** CHASIN: What password do you enter to get into the BIOS, [BIOC, BIAC {unintelligible}]? EMPLOYEE3: shy. CHASIN: s-h-y is your password? EMPLOYEE3: Yep. CHASIN: s-h-y. EMPLOYEE3: shy. CHASIN: Ok, I'll tell ya what I'm gonna do, I'll go in there and see if you have any stuck processes and I'll call ya back and tell ya when it's all right. SCOTT: Remember, he'd been given a week to break into the system. It took him an hour-and-a-half. CHASIN[on phone still]: Alright? EMPLOYEE3: Thanx. CHASIN: Ok, bye-bye. CHASIN: I'm in. SCOTT: So the receptionist, who simply hands you a password, might be giving you access to the CEO's office. CHASIN: Might be giving me the ability to shut down the company. [cut to Quintin again] SCOTT: The moral to computer users: don't give out your password, and change it often. Hackers like Quintin are out there, and to them it's a game - a challenge - to break into your system. [cut to Grant again] Just listen to Adam Grant, the guy who spent 7 months in jail for Breaking into BellSouth's computers. SCOTT: What's the lesson, in your story, for other hackers? GRANT: Don't get caught. SCOTT: Not "don't do it". GRANT: People are going to do what they're going to do. SCOTT: How do think it plays to people at home when you tell others, simply, "don't get caught"? GRANT: That's their own business. I don't think it's right for other people to tell me how to live my life. So, I shouldn't tell other people how to live their life. SCOTT: And yet you acknowledge that hacking is wrong. GRANT: Smoking is wrong. Taking drugs is wrong. People do it all the time. [FADE to computer monitor, showing: Goodnight. ------------------------------ Date: Fri, 23 Oct 92 16:45:16 PDT From: clarinews@CLARINET.COM(UPI) Subject: File 4--Somebody gets access to freeway callbox codes, runs up bill GARDEN GROVE, Calif. (UPI) -- Somebody apparently got hold of the serial number and telephone number of a Southern California freeway callbox, and used them to rack up nearly $2,000 in phone bills. The Orange County Transportation Authority is trying to determine just how the phone thief used the electronic serial number and telephone number of the freeway emergency callbox to make 11,733 calls totaling 25,875 minutes, and who will foot the bill. OCTA Executive Director Stan Oftelie said they got suspicious because calls charged to the callboxes' supposedly secret numbers average fewer than 100 a month. Oftelie said OCTA officials also are trying to determine how the freeway box could be used for in-state and out-of-state calls since the boxes connect directly to California Highway Patrol dispatch headquarters. "We're concerned about it," Oftelie said. "They shouldn't be able to call anywhere but Highway Patrol headquarters." OCTA said it has tightened security measures, and is talking with GTE Cellular and L.A. Cellular to determine who will pay the bill. The callbox is one of 1,100 solar cellular phone boxes in the county. Most average 10 to 100 calls per month from motorists in trouble. ------------------------------ End of Computer Underground Digest #4.54 ************************************