Phrack #40

EDB-ID:

42851

CVE:

N/A

Author:

phrack

Type:

papers

Platform:

Magazine

Published:

1992-08-01

                                ==Phrack Inc.==

                     Volume Four, Issue Forty, File 1 of 14

                                 Issue 40 Index
                              ___________________

                               P H R A C K   4 0

                                 August 1, 1992
                              ___________________

                              ~ Baby's Got Back! ~

Welcome to the special 40th Anniversary issue of Phrack Magazine!  A month
later, we are just barely recovering from the fun at the amazingly successful
SummerCon '92.   It was the largest turnout ever seen at a SummerCon and the
full details can be found in a special report by Knight Lightning and myself
with help from Holistic Hacker and Dr. Williams.

Brian Oblivion, whose name is regularly seen in the pages of Phrack returns
with part two of his file on Cellular Telephony (part one seen in Phrack 38).
Also relating to telephones in this issue is "The Fine Art of Telephony" by
Crimson Flash.  This equally in depth and detailed file focuses of RC/MAC,
FACS, and MARCH.

Even though the arrogant bastards at Southwestern Bell and BT Tymnet boast
about their great security, it appears that they had almost nothing to do with
the tracking down and apprehension of the MOD in New York.  As a few of us
already know, MOD was brought in by hackers.  Gee, imagine that.

I'm not going to play politics and make judgments about this, instead I'll let
you read all about it in Phrack World News, Part 2 and then you can draw your
own conclusions.

Since we're on the subject of Tymnet, I felt it appropriate <grin> to include
3 articles on the subject by Toucan Jones.  A special "kissy, kissy" to Dale
Drew (aka The Dictator aka Blind Faith aka Bartman) for his help and assistance
in getting us this valuable information.  Could a file on TRW be 'round the
corner?  Hmmmmmm could be. :-)

Starting with this issue, Mind Mage will be assisting with Phrack Loopback as
our Technical Advisor.  He will handle questions regarding technical problems
both for publication or for private response.  Feel free to send your questions
to phracksub@stormking.com and they will be forwarded and answered.

This issue's Loopback has a very special message from Jester Sluggo as he
gives notice of his official retirement from the hacking community.  Sluggo
remembers the past and give advice about the future; I continue my pursuit on
the so-called professionals in the anti-virus community and exposes their real
agenda; and, Sarlo takes us on a tour of the 1992 Consumer Electronics Show in
Chicago and there is lots more.

The Racketeer (Rack of The Hellfire Club) takes the reigns of the continuing
Network Miscellany column and Rambone returns with the latest on what is
happening in the underground world of computer software traders in Pirates
Cove.

Taran King is back for a special Phrack Pro-Phile with Lex Luthor, the founder
of the Legion of Doom and perhaps the most legendary underground hacker ever.

           "If it's older than a week, then we won't have it online."

You are invited to check out a great new BBS called Planet 10.  If you have
half a brain, you might even get access.  Planet 10 is run by Control C and
features messages and xfers that are timed to expire after 1 week maximum.
Give it a call at (313)683-9722.


                         "Phrack is a bad influence..."
                             -- TriZap, July 1992  :-)


                            DISPATER, Phrack Editor
              <phracksub@stormking.com> or <phrack@well.sf.ca.us>


      Editor-In-Chief : Dispater
       Eleet Founders : Taran King and Knight Lightning
 Technical Consultant : Mind Mage
   Network Miscellany : The Racketeer [HFC]
         Pirates Cove : Rambone
                 News : Datastream Cowboy
          Photography : Restricted Data Transmissions
            Publicity : AT&T, BellSouth, and the United States Secret Service
    Creative Stimulus : Camel Cool, Jolt Cola, and Taco Bell
              Shampoo : Mudge
        Other Helpers : Apollo, Brian Oblivion, Control C, Dr. Williams,
                        Dokkalfar, The Gatsby, Gentry, Guido Sanchez, Holistic
                        Hacker, Jester Sluggo, Legacy Irreverent, Lex Luthor,
                        Mr. Bigg, Nihil, The Omega, The Pope,.The Public,
                        Sarlo, TriZap, Tuc, Voyager, and White Knight

                         We're Back and We're Phrack!

               "Phrack.  If you don't get it, you don't get it."

   "Whaddya mean I don't support the system?  I go to court when I have to!"


                                -= Phrack 40 =-

 Table Of Contents
 ~~~~~~~~~~~~~~~~~
 1. Introduction by Dispater                                               06K
 2. Phrack Loopback by Dispater and Mind Mage                              50K
 3. Phrack Pro-Phile on Lex Luthor by Taran King                           36K
 4. Network Miscellany by The Racketeer [HFC]                              32K
 5. Pirates Cove by Rambone                                                57K
 6  Cellular Telephony, Part II by Brian Oblivion                          72K
 7. The Fine Art of Telephony by Crimson Flash                             65K
 8. BT Tymnet, Part 1 of 3 by Toucan Jones                                 57K
 9. BT Tymnet, Part 2 of 3 by Toucan Jones                                 55K
10. BT Tymnet, Part 3 of 3 by Toucan Jones                                 91K
11. SummerCon 1992 by Knight Lightning and Dispater                        35K
12. PWN/Part 1 by Datastream Cowboy                                        50K
13. PWN/Part 2 by Datastream Cowboy                                        48K
14. PWN/Part 3 by Datastream Cowboy                                        48K
                                                                   Total: 702K

      "Phrack.  The magazine the PHONE COMPANY doesn't want you to read!"


--------------------------------------------------------------------------------


                                ==Phrack Inc.==

                     Volume Four, Issue Forty, File 2 of 14

                          [-=:< Phrack Loopback >:=-]

                            By Dispater & Mind Mage

     Phrack Loopback is a forum for you, the reader, to ask questions, air
problems, and talk about what ever topic you would like to discuss.  This is
also the place Phrack Staff will make suggestions to you by reviewing various
items of note; magazines, software, catalogs, hardware, etc.

In this issue:

     Retirement of a Hacker             : Jester Sluggo
     Truth Is Out Of Style              : Dispater
     Tim Foley Virus                    : Guido Sanchez
     The Hacker Files (from DC Comics)  : Newsbytes
     Sneakers (from Universal Pictures) : Press Release
     Pirates v. AT&T: Posters           : Legacy Irreverent and Captain Picard
     Telco Trashing Yields Big Rewards  : Anonymous
     Anonymous Mail On IBM VM Systems?  : Apollo
     WWIV Link Hack                     : Mr. Bigg
     The Day Bell System Died           : Anonymous
     The 1992 Consumer Electronics Show : Sarlo

_______________________________________________________________________________

                                    x  x  x
                                    |  |  |
                                 +------------+
                                 | Retirement |
                                 |    of a    |
                                 |   Hacker   |
                             +---+------------+---+
                             |  by Jester Sluggo  |
                           +-+--------------------+-+
                           | Released: July 9, 1992 |
                           +------------------------+

I would like to begin by saying "Hello" to all readers of this file, but
unfortunately it will be my last time.  I've been a member of the "hacker
underground" for over a decade and am one of the few extremely lucky hackers
who has successfully hacked a great number of computer systems, phone systems,
and other technologies, yet has never been caught.  I wish to take this last
opportunity to reflect on my experiences, and express many personal views,
because although there are feelings of sadness, it is my pleasure to announce
my formal retirement from this "underground" community.

My decision to retire has been a carefully planned path which began several
years ago.  During the early 1980's, the innocence of hacking and exploring
computer systems for my quest of knowledge was a great thrill.  Every system
was like an unexplored door which lead to unlimited opportunities; various
computer systems, operating systems, languages, networks, software, and data.

But it was in the later part of the 1980's when I began to realize that I had
to focus my interests, knowledge and experience towards a legitimate career.
It's nearly impossible to earn a living solely within the resources of the
hacker underground, and the idea of abusing technology for monetary gain is
against the (unwritten) code of hacker ethics.  Also at this time, the
innocence of exploring various systems was being replaced by the realities of
ruining my entire future at such a young age if I was caught and convicted by
the United States' legal system.

The media and law-enforcement agencies have almost always been biased against
hackers, and these are two powerful entities that influence society.  Hackers
have always been presented in a negative context, whereas their discoveries,
efforts, creativeness, and hard work have been ignored except among fellow
hackers.  In a way, it's similar to how the U.S. government and corporations
support research and development: A group of researchers discover, explore,
refine, or exploit a certain technology over a period of many years, yet their
efforts go unnoticed unless their research results in a product acceptable to
society.  The researcher's results are shared, respected, and challenged among
the scientific community and journals long before they ever result in a product
(if they ever result in a product).  In the same way that researchers and
scientists relentlessly pursue their interests, I pursued answers to my
curiosities and interests.

It is the groups that want to control the society (the legal system, and
police) which have labeled "hackers" as notorious people.  Hackers can use
technology to access a variety of information which was previously accessible
only to these groups, and these controllers are afraid of losing their
advantages and control.  Currently in US, the FBI is afraid of losing their
ability to easily tap fiber optics so they're proposing to make it mandatory
for central offices to make it easier for them.  If people knew how common
illegal wiretaps occur, they'd be upset at the abuse of power.  Police are
making illegal search and seizures, and district attorneys are filing
outrageous affidavits to protect their control of power and access to
information.

It was in the middle to late 1980's when the legal system and law enforcement
agencies increased efforts to severely penalize hackers, when the risk of
getting caught began to outweigh the excitement of discovering.  It is
unbelievably difficult to carry the burden of a "serious" criminal record
throughout one's life when you're 20 years old (or for that matter 16 years
old), as well as the eternal monetary debt which comes with these consequences.
In the 1970's, the founders of Apple computer were caught selling Blue Boxes
while they were in college and got off with a minimal fine.  With todays laws,
the potential jail time, monetary damages, and lawyer fees, the system would
have wasted and banned the brilliance of Steve Wozniak and Steve Jobs.  Apple
Computer (and microcomputers) might not have been born (IBM would have loved
that).

Technology has changed faster than the legal system and society can adapt, so
for now, unapproved exploring of these technologies has been declared a serious
offense.  Society trusts the legal systems' judgement, but even in 1992 law-
makers are just barely beginning to understand technology: "Is software
patentable (do not confuse with copyrightable), and to what degree?", "What
privacy and freedom of speech should we have with electronic mail and
communications?"  Don't let unqualified law makers make decisions about
technology-related issues that will affect you, without them knowing what you
have to say. 

So it was in the late 1980's when I began preparing for my retirement.  I
outlined a set of goals and a plan to achieve them.  Unfortunately this plan
required several years to fulfill, but I knew it was the right time of my life
to begin this ambitious plan.  The goals I wanted to achieve were:

        1) Pass the knowledge I've gained onto others.
        2) Keep the "hacker" movement active.
        3) Prepare myself to be legitimately successful so that I can help to
           influence society's views about technology as a member of the
           society.

Due to the increasing danger of getting caught, and to become successful, I
was forced to hide from the mainstream hacker community and make my actions and
efforts unknown.  The first two goals were closely related and took slightly
longer to complete than my original plan.  However, they were a much greater
financial sacrifice than I ever imagined.  The third goal will probably require
the rest of my lifetime, but it's a challenge I accept.

To complete goals 1 and 2, I've spent the last 5 years preparing a "tomb" of
information and knowledge used within the hacker community.  Not all of the
information is complete, but neither is the seed that grows to become a tree.
Anyone with a telephone can guess ("hack" according to the media and law
enforcement) 4-digit passwords to telephone calling cards or PBX out-dial
lines, but I wanted "real" hackers.  I talked and met with 100's of hackers
world-wide to find the right individuals who can responsibly learn and append
to this "tomb" -- people who have the desire, respect, effort and ability to
encourage new generations of hackers.  This group has been selected and
trained, and I feel they are some of the best prospects.  Their international
mixing should give them an almost unlimited number of opportunities, and some
protection.  I wish them the best of all luck in their endless journey of
learning and knowledge.

To become legitimately successful meant getting a respectable job.  Obviously,
with my interests, I knew it would have to be in the high technology
industries.  Unfortunately, getting a job interview or a job offer with these
companies is difficult because the Human Resources departments always shun the
hiring of hackers.  This is ironic, because many of the engineers and
programmers within these companies are made of ex-hackers, or people who share
a similar intense interest in technology.  Also, since some of best experiences
of a hacker are discovered non-legitimately they can't be presented on a
resume.

My first step towards completing this goal was instinctive; to keep my
excitement and enjoyment focused intensely on technology.  This may sound
strange, but many hackers know friends who "burn out" on hacking or working 
in the high-tech companies, and I didn't want to 'burn out' at 20 years of age,
so I had to slow down my hacking activity. 

The next step was getting a college education, which I've completed.  College
is not the answer to everything... in fact it's not the answer to anything,
however, college is an experience I wish everyone could experience -- it's a
unique experience.  A college degree will not guarantee a job, but it might get
you past the Human Resources department.  If you have the chance to attend
college, don't miss this chance.  I realize employers prefer experienced
workers over inexperienced "fresh" college graduates, but if you have a focused
interest on a certain technology, then you will find a way to keep updating
yourself while suffering through college.  And like me, you will find the
college degree combined with the results of your focused efforts will open the
best job opportunities to you.  Be focused and patient... it worked for me!

I am currently working on the inside of a technology-related company, enjoying
the work I do for a living.  In fact, sometimes I think to myself, "Wow, I get
paid for doing this!?"  It's a thrill to be doing what I do, yet I must work
hard, and continue working hard to achieve the highest position I am able to
reach to make the most of my abilities.  In doing this, I hope someday to give
something back to the non-hacking society which may show them that hackers are
constructive to society, thus, changing their negative view which has labeled
hackers synonymous to "criminals."  I would like to see mature, legitimately-
successful hackers, form an interest group to help cultivate the energy of the
younger hackers.

Although I am retiring from the community, I can never retire the curiosity and
intense interest I have about technology.  Instead, I now focus these aspects
legitimately into my daily work and will continue to do so.  I've immensely
enjoyed my involvement in the hacking community and will always treasure it.  I
also hope to eventually persuade people to accept hackers and to not persecute
them.  This last goal is the most ambitious goal, but I feel it's the most
important goal, because those groups that control society are wasting a group
of young and talented individuals who could be inventors of future
technologies.  Now, I will formally say "goodbye" to my friends in the hacking
community... but not for the last time.

                                      Persevere,

                                      Jester Sluggo
_______________________________________________________________________________

                            "Truth Is Out Of Style"

          An Investigative Report Into Computer Security Corruption

                                  by Dispater

It seems that these days the anti-virus industry/community has brainwashed the
public into thinking that any use of a modem will put you in contact with an
unfathomable array of dangers.  It sounds like something your mom said, when
she didn't want you to stay out after dark doesn't it?

As it turns out the anti-virus community has all the moral fiber of television
evangelists.  As they preach on about the horrors of accessing information
(without purchasing one of their products), they are engaging in the activity
that they claim should be made a federal offense, in Congress.  That is the
"distribution of computer viruses.  Not only have they been involved in this
type of activity since they industry began, but now there is a self proclaimed
"elite" [smirk] group of so-called professionals within the industry that wish
to keep a monopoly on the virus trade, by ruining the reputation and lives of
independent researchers.  So in a way, we now have a "virus cartel" within the
computer security industry.


 The Little Black Book of Computer Viruses
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The Little Black Book of Computer Viruses is a printed text that has been
around for a few years, but is finally making waves with people who think
Prodigy and CompuServe are the best networks ever invented.  Anyway, this book
contains printed out versions of viruses.  Gee, viruses are SO difficult for
people to get their hands on aren't they?  Well, one of the information
dinosaurs got his name in print for condemning such immorality.

     "Professional virus fighters such as Alan Solomon at S&S
     International are madder than angry hornets over the publication.
     They are encouraging anti-black book campaigns that include
     PICKETING THE AUTHOR'S HOUSE, boycotting shops that sell the book,
     petitioning Congress, and even bringing in lawyers."
     -- ComputerWorld, June 29, 1992, page 4 (emphasis added)

Well isn't it interesting to note that while Mr. Solomon is encouraging
personal and economic harassment of Mr. Ludwig, his close friend and business
associate, Sarah Gordon is doing the dirty work for him.


 The Con
 ~~~~~~~
The National Computer Security Association's 1st Annual Conference on Viruses
took place in Washington, D.C. this past June.  Alan Solomon and Sarah Gordon
were there in full force.  Gordon has often been referred to as being Solomon's
sidekick and nowhere did she live up to this distinctive title more than at
this conference.

At the conference, Gordon purchased not one, but two copies of Ludwig's book
and then immediately ran to the conference organizer to make a dramatic scene
over how immoral it was for Mr. Ludwig to be selling such a thing.  As it turns
out this is not the first time Sarah Gordon has engaged in such hypocritical
behavior.

Another interesting thing to note at the conference is the fact that one
evening, Knight Lightning and a couple of others noticed some people sitting
around a room and walked in out of curiosity to what was going on.  As it
turned out what was going on was a "midnight meeting" of sorts.  KL and friends
were asked to leave because "it was not appropriate that <they> be here."  Why
wasn't it appropriate?  It's because what these people were doing was
discussing the ways they were going to "take down bulletin boards" and damage
people's career's who distribute viruses.

Sometime after this conference, I learned about their plan to use "the media to
ruin these sysops.  For example, to use influence with the media to call
attention to this type of activity."  These people even went so far as to
compile a list of BBSes that they wish to "take down."

 The Hit List
 ~~~~~~~~~~~~
Phrack received anonymous mail containing the BBS "hit list" that the self-
proclaimed "elite" group of modem vigilantes put together to target first.
Upon our receipt of this list, Phrack staff members contacted the sysops of
these boards and as a result, many of the numbers have since been changed.

        +1-206-481-2728  The Festering Pit of Vile Excretions
                         [This phone number belongs to a construction company
                         called Custom Building Co.]
        +1-213-274-1333  West Coast Technologies (Tymnet 311021300023)
        +1-213-274-2222  DII
        +1-213-PRI-VATE\n                        )BBS-A-Holic
        +1-ITS-PRI-VATE/
        +1-301-PRI-VATE\n                        )Digital Underground
        +1-301-913-5915/
        +1-301-948-7761  Cornerstone III
                         [              ]
        +1-305-669-1347  The Penthouse
        +1-516-466-4620\n                        )Hamburger Heaven: this was down for
        +1-517-PRI-VATE/ software problems, was titled Sentinel's Gate
        +1-602-491-0703  The Final Frontier
        +1-708-541-1069  Pirate's Guild
        +1-717-367-3501  Night Eyes
        +1-818-831-3189  Pirate's Cove
        +1-901-756-4756  Silicon Central
        +1-916-729-2112  The Welfare Department
                         [This is an insurance companies phone number]
        +1-213-274-1333  West Coast Technologies (Tymnet 311021300023)
        +1-213-274-aaaa  DII
        +1-313-LIM-ITED  Canterbury Woods
        +1-409-372-5511  The Crowbar Hotel
        +1-514-PRI-VATE\n                        )The Sacred Reich
        +1-514-975-9362/
        +1-516-328-0847  The Grave of the Lost
        +1-516-541-6324  Realm of Heroes
        +1-708-459-7267  Hell Pit
        +1-713-464-9013  South of Heaven
        +1-818-831-3189  Pirate's Cove
        +1-819-PRI-VATE  Brain Damage

It is unclear as to whom is directly responsible for the organization of this
group or who is responsible for creating and distributing the list, however
there were representatives from CERT, ISPNews, and several other well known
individuals who are self-proclaimed security experts as well as a slew of
nobodies who wish to make a name for themselves.


 The Hell Pit BBS
 ~~~~~~~~~~~~~~~~
The Hell Pit is a BBS system in Chicago and operated by a sysop named Kato.
Kato has a legitimate curiosity (as if a curiosity needs to be validated) about
the inner-workings of viruses.  I shall let him relate his experience:

   "I have been running The Hell Pit BBS for the past 3 years.  It's gone
   through many phases in that time, but the most recent has been my affection
   for computer viruses.  I became interested in viruses about one and a half
   years ago and I set up a virus file base on my system.  At first I had a
   mere 5 or 6 viruses that I had collected from a system in the area.  My
   collection has grown to about 700 IBM computer viruses."

   "It seems to be their objective to shut down my bulletin board system and
   therefore eliminate my virus database.  Considering these anti-virus
   personnel claim to be interested in aspects of computer security, I find
   their tactics highly questionable.  There was recently a NCSA anti-virus
   conference.  I learned from sources that one of the people attending the
   conference [Sarah Gordon] had committed certain acts on my BBS.  This person
   claimed to have called up, uploaded 3 fake viruses, gained access to my
   virus database and then downloaded several viruses.  This is their proof
   that I do not adequately control virus access on my system.  The anti-virus
   personnel do not allow me to defend myself."

   "Anti-virus personnel themselves have committed the same mistakes as I did,
   probably much more often.  There is no set of rules that determines what
   makes someone an anti-virus authority.  Certain people that seem to fit the
   mold are allowed to exchange viruses with anti-virus personnel.  What are
   the criteria for these people?  Is there any?  It has been my experience
   that if you get involved with the right circles, you are considered an anti-
   virus authority.  However, there are many places in the anti-virus community
   for viruses to leak out.  For one thing, you can never be certain who you
   are dealing with.  Just because someone is smart and claims to hold an anti-
   virus attitude is no guarantee that that person isn't an "in the closet"
   virus writer.

   "At anti-virus conferences such as the NCSA anti-virus conference, guests
   were exchanging viruses like they were baseball cards.  That isn't what I
   would consider controlling access."

   "They do help a lot of people with computer troubles.  However, to criticize
   me for not properly controlling access to my collection of viruses is being
   hypocritical."

   "If anyone would like to call my system to check things out, feel free.  I
   have a lot more to offer than just computer viruses.  I have a good number
   of text files and some pretty active message bases.  The Hell Pit BBS -
   (708)459-7267" - Kato


 Conclusions
 ~~~~~~~~~~~
It seems there is a move afoot in the anti-virus community to rid the world of
bulletin board systems that disseminate viruses openly and freely.  The anti-
virus professionals believe that they must "defend the world" from this type of
activity.  Even though during a recent conference in Washington, D.C., it was
disclosed that an anti-virus researcher recently uploaded three (3) viruses
onto a virus BBS (Hell Pit).  Why was this done?  To "expose the fact that the
sysop was not as careful as he claims to be."  The person that did this was
then able to download viruses which was against the policy the sysop claimed
was in place (of course this statement is based upon the integrity of the anti-
virus community and their integrity is obviously suspect).

So, the anti-virus community set-up this sysop and made an example of him in a
national conference without allowing him the opportunity to defend himself.  In
fact, the sysop may still be totally unaware that this event has even occurred,
until now that is.

These anti-virus researchers were openly exchanging copies of viruses for
"research purposes only."  It seems okay for them to disseminate viruses in the
name of research because of their self-proclaimed importance in the anti-virus
community, but others that threaten their elite (NOT!) status are subject to be
framed and have examples made of them.


 Do As I Say, Not As I Do
 ~~~~~~~~~~~~~~~~~~~~~~~~
This type of activity raises a very interesting question.  Who gives private
sector computer security employees or consultants carte blanche to conduct this
type of activity?  Especially when they have the gall to turn around and label
hackers as criminals for doing the exact same thing.  The answer is not who,
but what; money and ego.  Perhaps the most frightening aspect of this whole
situation is that the true battle being fought here is not over viruses and
bulletin board systems, but instead the free dissemination of information.  For
a group of individuals so immersed in this world, there is a profound ignorance
of the concepts of First Amendment rights.

Phrack Magazine is ready to stand tall and vigorously keep a close watch and
defend against any incursion of these rights.  We've been around a long time,
we know where the bodies are buried, our legion of followers and readers have
their eyes and ears open all across the country.  Those of you in the security
industry be warned because every time you slip up, we will be there to expose
you.

Dispater
_______________________________________________________________________________

 Tim Foley Virus
 ~~~~~~~~~~~~~~~
 By Guido Sanchez

Right after I moved from 512 to 708, I had the misfortune to realize that Steve
Jackson Games, a company whose games I readily buy and play, had a BBS up in my
home town called the Illuminati BBS.  This was my misfortune as I could have
called it locally in Texas, but now instead had to spend my phone bill on it
from Illinois.

A good year after the Secret Service assault of Steve Jackson Games, after most
of the "evidence" was returned with nifty little green stickers on it, a text
file was put up on the BBS called FOLEY.TXT, a simple copy of the lawsuit that
Steve Jackson Games had filed against the government, also known as
JACKSUIT.TXT, distributed by the EFF I believe.

[Editor's Note:  We have been unable to confirm that EFF ever released a file
                 called JACKSUIT.TXT, however details of the EFF's
                 participation in the Steve Jackson Games lawsuit can be found
                 in EFFector Online 1.04.]

It was called FOLEY.TXT obviously because of Timothy Foley, a big-shot
government guy [actually an agent for the U.S. Secret Service] who is one of
the defendants in the case. I downloaded the file, and zipped it into a file
called, surprisingly enough, FOLEY.ZIP.

Within the next week, I was gleefully spreading information as usual, and
uploaded the FOLEY.ZIP file along with a batch of viral files to a local BBS
with a beginning virus base.  The theory here is to spread viruses about,
accessible to all so that wonderful little Anti-Viral programmers cannot
succeed.

Unfortunately, the FOLEY.ZIP file was put into the viral file base, and before
I could warn the sysop to move it into the appropriate file base, about 8 lame
warezwolves had downloaded it and by the end of the week it was widely spread
around the 708 NPA.

The moral of this story?  None really, it's just an amusing vignette of what
can happen when people become involved in the intense bartering of information
that takes place via modem, and can get ridiculed if they're not sure of their
commodity.  That's all this huge business is, everyone is a courier.  Whether
they're pirated files, adult files, sound files, viruses, or text files; 90% of
the time they're just downloaded from one 1.2 gig board and uploaded to the
next one for more credits to download more files, etc.

It's a great big cycle, just like life.  So, to risk sounding cliche, my rally
to all is this: "Slow down! Sit back and pick the roses, eat them, digest them,
and eventually <hopefully> excrete them!"  Mr. Warhol, my fifteen minutes are
up.  The soapbox is now free.
_______________________________________________________________________________

 The Hacker Files                                                 June 22, 1992
 ~~~~~~~~~~~~~~~~
 By Barbara E. McMullen & John F. McMullen (Newsbytes)

NEW YORK -- DC Comics has announced the introduction of a new twelve-issue
series, "The Hacker Files."  DC spokesperson Martha Thomases said that the
first issue will ship on June 23rd.

The series, created by science fiction author Lewis Shiner, deals with the
adventures of "super-hacker" Jack Marshall who, prior to the events chronicled
in the series, unjustly lost his job at Digitronix and now operates as a free-
lance consultant.

The first story line, covering the first four issues of the series, deals with
Marshall's attempt to uncover those responsible for jamming ARPANET (Network of
Advanced Research Projects Agency) and causing NORAD's Space Surveillance
Center inside Cheyenne Mountain, Wyoming to malfunction, bringing the United
States to the brink of nuclear war.

In the course of his investigation, Marshall, AKA "Hacker," is assisted by a
number of members of the hacker community -- "Master Blaster," "Sue Denim," and
"Spider" (Master Blaster, whose real name is Mikey is a student at New York
City's Bronx High School of Science).

Fiction comes close to reality when it appears that the person responsible for
the virus that caused the damage is Roger P. Sylvester, a student at Columbia
University and the son of a high ranking official at the National Security
Agency (NSA); on November 2, 1988 Robert T. Morris, Jr., a Cornell student and
son of NSA's chief computer scientist, caused the crippling of the Internet
through his release of the "Internet Worm."

Shiner told Newsbytes, "The similarity of the characters was, of course done
intentionally -- you might even note the somewhat subtle connection of the
names: 'Sylvester The Cat' and 'Morris The Cat.'  I did it partially to show
those somewhat knowledgeable about computers that the plot was not made out of
whole cloth but was the result of a good deal of research."

Shiner continued, "When reading comics, I look for information density and I
tried to make the Hacker Files rich in that regard.  I'm hoping to attract some
computer-literate young people to comics -- comics were one of the earliest
forms of expression to make great use of computers and I hope, with the Hacker
Files, to involve more computer types in the medium."

Shiner also told Newsbytes that his experience as a programmer with a small
Dallas software firm provided him with an ongoing interest in computer and
communications technology.  He added, "The firm was sold to EDS (Electronic
Data Services), Ross Perot's firm, and, with long hair and jeans, I didn't fit
into the EDS mold so I left and concentrated on writing."
_______________________________________________________________________________

 "Sneakers" by Universal Pictures                                 June 24, 1992
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 Taken from PR Newswire

                  Follow A Team of High-Tech Security Experts
                   Into The Complex World of Computer Crime

"I was trying to break into Protovision.  I wanted to get the programs for
their new games." -- David Lightman (Matthew Broderick, "WarGames").

"The world isn't run by weapons anymore, or energy or money.  It's run by
little ones and zeros.  Little bits of data.  It's all just electrons." --
Cosmo (Ben Kingsley, "Sneakers").

In 1984, screenwriters Walter F. Parkes and Lawrence Lasker received an Academy
Award nomination for their script which followed the adventures of a young high
school hacker (Matthew Broderick) whose computer made contact with the
mainframe computers at North American Air Defense Command (NORAD).

A critical and box office success, "WarGames" was the first major motion
picture to explore the emerging worlds of computer games, hacking, crashing and
data piracy.  It soon found a legion of fans who had also discovered the vast
frontiers available through their personal computer.

Eight years later, Parkes and Lasker along with writer-director Phil Alden
Robinson ("Field of Dreams") have collaborated on "Sneakers," a Universal
Pictures release which follows a team of high-tech security experts into the
complex world of computer crime.  The caper film, directed by Robinson, stars
Robert Redford, Dan Aykroyd, Ben Kingsley, River Phoenix, Sidney Poitier, David
Strathairn, James Earl Jones, and Mary McDonnell.

Parkes and Lasker first heard the term "sneakers" at a computer convention in
1981 as a nickname for IBM's kid programmers.  Months later, they met the
editor of a small computer magazine who had a very different definition of the
word.  "Sneakers," their source explained, is a term that is synonymous with
"black hatters" and "tiger teams," or individuals who are hired to break into
places in order to test the security of the installation.

Teaming up with Robinson, the trio wrote the basic outline of a story about a
team of sneakers whose questionable pasts had brought them together.  Robinson
then embarked on some extensive research, but what had begun as basic fact-
finding about computer outlaws soon evolved into clandestine meetings with
underground hackers, FBI men, cryptologists, wire tappers, professional
penetrators and an endless stream of cyberpunks who were the pioneers in system
break-ins.

The "Sneakers" research led to meetings with numerous characters, ranging from
the notorious Captain Crunch (John Draper) to renowned mathematician Leonard
Adelman, called the father of public-key encryption.  Using computer
encryption as a plot device, the writers were able to concoct an intricate
"what if" story which explored the possibility of a "black box" that could
potentially crack the code of any electronic information in the world.

"'Sneakers' has to do with a new age... the information age," said Redford.
"It's quite possible that a war in the future will be a war of information.
Whoever has it, wins."

Coming to theaters this September.
_______________________________________________________________________________

 Pirates v. AT&T: Posters
 ~~~~~~~~~~~~~~~~~~~~~~~~
 Special thanks to Legacy Irreverent and Captain Picard

On May 24 1992, two lone pirates, Legacy (of CyberPunk System) and Captain
Picard (of Holodeck) had finally had enough of AT&T.  Together, they traveled
to the AT&T Maintenance Facility (just west of Goddard, Kansas) and claimed the
property in the name of pirates and hackers everywhere.

They hoisted the Jolly Roger skull and crossbones high on the AT&T flagpole,
where it stayed for two days until it was taken down by security.

This event was photographed and videotaped by EGATOBAS Productions, to preserve
this landmark in history.  And now you can witness the event.  For a limited
time they are offering full color posters and t-shirts of the Jolly Roger
Pirate flag flying high over AT&T, with the AT&T logo in plain view, with the
caption; "WE CAME, WE SAW, WE CONQUERED."

Prices:  11" x 17" Full Color poster........................... $ 7.00 US
         20" x 30" Full Color poster                            $20.00 US
         T-shirts                                               $20.00 US

If you are interested in purchasing, simply send check or money order for the
amount, plus $1.00 US for postage and handling to:

CyberPunk System
P.O. Box 771027
Wichita, KS  67277-1072

Be sure to specify size on T-shirt.

A GIF of this is also available from CyberPunk System, 1:291/19, 23:316/0,
72:708/316, 69:2316/0.  FREQ magicname PIRATE
_______________________________________________________________________________

 Telco Trashing Yields Big Rewards                                July 20, 1992
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 by Anonymous

A few days ago, I was faced with a decision about what to do that fine evening:
Try and make amends with my girlfriend or go dumpster diving down at the Bell
Central Office.  Well I guess I am a true lamer since I opted for the telco,
but my choice did not go unrewarded as I found a nice little treasure.

The building is a old 1940's brick place with almost no security whatsoever,
not even a guard on Sunday nights.  So, it was no problem to jump the barbed
wire fence that surrounded the truck lot where the dumpster was located.  After
rooting around through the dumpster for something worth my while, I came across
a medium sized box that apparently had been used by one of the employees for
moving since written on the were the words "pots and pans, kitchen."

Naturally intrigued by this strange box in a telco dumpster, I opened it and
found quite a surprise!  There, staring up at me, was a binder with a label
stuck on it that read "Phrack 23."  Inside I found the entire collection of
Phrack 1-39, Informatik 1-4, and LOD/H Technical Journals 1 and 2 (apparently
they were too cheap to print out the rest).  They were poorly printed on a
laser printer (or well printed on a ink jet), but they were much better than
the cheesy job I had done printing out mine.  :-)

Apparently someone at the telco is a phreaker that infiltrated the ranks of
South Central Bell or they have been reading up on the latest and greatest in
the phreaker/hacker community.

Perhaps not as valuable as a list of COSMOS passwords or dialups, but still it
was quite a find.
_______________________________________________________________________________

 Anonymous Mail On IBM VM Systems?
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Date: Tue, 28 Apr 92 14:54:58 EST
From: Apollo
Subject: Anonymous Mail
To: Phrack Staff

Dear Phrack Staff,
     I was reading a past Phrack issue and noticed that you can send anonymous
mail from a UNIX system.  I know that there is a way to send it from a VM
system.  However, the people at my node don't want anonymous mail sent, so they
do not tell us how it's done. Can someone PLEASE tell me how I can send
anonymous mail via a VM system?

-- Apollo --

From: Mind Mage
Subject: Anonymous Mail
To: Apollo

I assume that you know you can telnet to any VM system on the Internet and send
anonymous mail using port 25 and a commands that are very similar to that of
the UNIX SMTP.

If you want to send it from your particular system, you can try telneting to
port 25 of your own machine and doing it from there.

Mind Mage
_______________________________________________________________________________

 WWIV Link Hack
 ~~~~~~~~~~~~~~
 By Mr. Bigg (Rebel-*-Jedi)

Not that many people care but here is a nice little trick I happened to come
across and feel like sharing.

Hack for WWIV Systems Using Multi-Net v1.0 Mod
Usually used for LinkNet

Main Login: @-!NETWORK!-@ 
Link Login: 1 (or whoever is sysop)
//edit config.dat
find system password in file
abort editing
//dos
enter system password


Viola, access to Dos :)

Lamely enough there is no password.  Check for users when using this mod.
_______________________________________________________________________________

 The Day Bell System Died
 ~~~~~~~~~~~~~~~~~~~~~~~~
 Sung to the tune of American Pie (with apologies to Don McLean)

Long, long, time ago,
I can still remember,
When the local calls were "free".
And I knew if I paid my bill,
And never wished them any ill,
That the phone company would let me be...

But Uncle Sam said he knew better,
Split 'em up, for all and ever!
We'll foster competition:
It's good capital-ism!

I can't remember if I cried,
When my phone bill first tripled in size.
But something touched me deep inside,
The day... Bell System... died.

And we were singing...

Bye, bye, Ma Bell, why did you die?
We get static from Sprint and echo from MCI,
"Our local calls have us in hock!" we all cry.
Oh Ma Bell why did you have to die?
Ma Bell why did you have to die?

Is your office Step by Step,
Or have you gotten some Crossbar yet?
Everybody used to ask...
Oh, is TSPS coming soon?
IDDD will be a boon!
And, I hope to get a Touch-Tone phone, real soon...

The color phones are really neat,
And direct dialing can't be beat!
My area code is "low":
The prestige way to go!

Oh, they just raised phone booths to a dime!
Well, I suppose it's about time.
I remember how the payphones chimed,
The day... Bell System... died.

And we were singing...

Bye, bye, Ma Bell, why did you die?
We get static from Sprint and echo from MCI,
"Our local calls have us in hock!" we all cry.
Oh Ma Bell why did you have to die?
Ma Bell why did you have to die?

Back then we were all at one rate,
Phone installs didn't cause debate,
About who'd put which wire where...
Installers came right out to you,
No "phone stores" with their ballyhoo,
And 411 was free, seemed very fair!

But FCC wanted it seems,
To let others skim long-distance creams,
No matter 'bout the locals,
They're mostly all just yokels!

And so one day it came to pass,
That the great Bell System did collapse,
In rubble now, we all do mass,
The day... Bell System... died.

So bye, bye, Ma Bell, why did you die?
We get static from Sprint and echo from MCI,
"Our local calls have us in hock!" we all cry.
Oh Ma Bell why did you have to die?
Ma Bell why did you have to die?

I drove on out to Murray Hill,
To see Bell Labs, some time to kill,
But the sign there said the Labs were gone.
I went back to my old CO,
Where I'd had my phone lines, years ago,
But it was empty, dark, and ever so forlorn...

No relays pulsed,
No data crooned,
No MF tones did play their tunes,
There wasn't a word spoken,
All carrier paths were broken...

And so that's how it all occurred,
Microwave horns just nests for birds,
Everything became so absurd,
The day... Bell System... died.

So bye, bye, Ma Bell, why did you die?
We get static from Sprint and echo from MCI,
"Our local calls have us in hock!" we all cry.
Oh Ma Bell why did you have to die?
Ma Bell why did you have to die?

We were singing:

Bye, bye, Ma Bell, why did you die?
We get static from Sprint and echo from MCI,
"Our local calls have us in hock!" we all cry.
Oh Ma Bell why did you have to die?
_______________________________________________________________________________

 The 1992 Consumer Electronics Show
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 By Sarlo

The Consumer Electronic Show is the annual event held in Chicago, Illinois,
that gives a sneak peek at the electronic products to come to market, as well
as products that are currently on the market.

The show is usually closed to the public.  This year however, for a MEASLY $10
fee, the common shmoe can waltz his ignorant ass right up to the door, get a
green stamp on his hand, and walk up to several displays, oohing and ahhhing,
and gape like landed fish at the wonderous booths set up by various
participating companies such as AT&T, most major bell companies, IBM, Prodigy,
dozens of cellular manufacturers, Nintendo, Sega, and more software producers
than I really have the patience to list.

I take a taxi to the McCormick center, a convention haven, and enter through
the underground entrance.  I walk down the nondescript hallway, noting that for
a center that is supposed to be housing the latest in the future technology,
nothing was that awe-inspiring.  Expecting a lame show with shoddy video
graphics, I purchased my ticket, got my hand stamped and entered the doors.

Into an enormous room, filling my senses with an array of Lights and Sound.
You could almost smell the silicon as I made my way down the aisle displaying
the giant Phillips Digital Compact Cassettes screen.  Not being a huge fan of
stereo equipment, I head over to the Sharp Electronics Display.  It was a turn
in the right direction, as it brought me face to face with one of the clearest
and, per the name, sharpest video displays I have seen in my life.  Their LCD
big-screen televisions, displaying a aquarium scene.  Even close up, distortion
of the images were at a minimum.  Along the north wall, a smaller, gutted
version of the LCD display was shown, giving electronics buffs a firsthand look
at the inner workings of the viewscreens.  Turning a corner, I came face to
face with their dual-projection wallscreen television.  Instead of ghost images
and a fuzzy, indistinct picture, I found that it may have very well be the
highest quality video projection system I have ever come in contact with.

 Cellular Mania
 ~~~~~~~~~~~~~~
The highlight of the Cellular Phone section was the Motorola Cordless/Cellular
display area with a large sign showing the spokesperson for Motorola, the eye-
catching slogan above him:

                 "Cordless Phone Eavesdroppers Are Everywhere."

Immediately catching my interest, I wandered over to check out the smaller
print:

"But with my Motorola Secure Clear (tm) Cordless Phone, my private
conversations stay private."

Secure Clear, as the literature explains it, is an exclusive technology that
assures you that no eavesdroppers will be able to use another cordless phone,
scanner or baby monitor to listen to your cordless conversations.

As most of us know, security codes and multi-channels don't always prevent
eavesdropping.  With the latest technology these days, security codes, one of
65,000 possible codes that are randomly assigned every time you set the handset
into the base, keeps someone from using your phone base as an outgoing
phoneline.

Using the Auto Channel Scan (ACS), the Secure Clear Cordless Phones
automatically skip any channels that register noise or interference.  Three
guesses what Sarlo is getting himself for Christmas.

For more information on this or any other Motorola product, call their Consumer
Products Division at (800)331-6456.

On other notes, Technophone had a wide variety of cellular accessories,
including a Desk stand, spare batteries, an in-car charger, a new life of
antennae, QuickCharge AC chargers, and a hands-free unit for safe operation in
a car.

Omni Cellular had one of their Model "A" V833k Portable Hand-Helds open for a
demonstration, giving a static-free conversation with one of the salesmen.
Many of the features of this phone were:

        o 90 Minutes of Talk Time
        o 10 hours of Stand-by Time.
        o and a sturdy design built right here in the USA.

Other features included Auto-Power Shutoff, Electronic Lock, 50 number memory,
and signal strength indicator.


 East Building Hipster Hi-Jinx
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Growing bored, I headed over to the map.  Searching it, I found, almost
literally, my green light.  On their illuminated map display, the green section
of the map beamed out to me.

"Computers"

Hauling ass to the door, stopping for a quick inspection of my bags by the
security guard, I strolled over to the east building (purchasing a way-keen
CES-92 T-Shirt along the way), I burst into the building with a renewed vigor.

Right smack-dab in the front of the entrance there is the awful stench of men
in business suits and cheap computer services.  Right away, I knew I had found
the Prodigy display.

With free trials and the salesmen prodding the consumers to subscribe to their
system, I decided to take a look.

"Where else can you get such a great service, allowing you access to such a
wide variety of things such as an online message service, up-to-date news, an
online encyclopedia, and thousands of interesting users, people just like
yourselves?"  The Online-Conman peddled his wares to the unsuspecting
consumers, not only misinforming them as to think that Prodigy is a useful
service at all, but to actually have the gall to shove a PS/1 in their faces
and tell them it's a quality computer.

"Umm... what about any Public Access Unix Site with an Internet or Usenet
feed," I asked.  The clod then got on his high-horse and addressed me.

"Perhaps.  But most Public Unix's, or bulletin boards, for that matter don't
have high-quality graphics to accompany the information."  The man had
definitely done his homework.  But apparently IBM and Sears soaped the man's
brains out thoroughly enough to the point where he actually bought the bull
that they were forcing down peoples throats.

"Yea," I said.  "But most public access sites don't waste a quarter of your
screen space with worthless advertisements.  I wasn't aware that pretty
pictures made the news or messages any more informative, either.  But I might
also point out that they don't charge you a extra amount of money for every
message over the 30th one, read your mail or censor your public posts, or, many
times, even charge you a fee at all, other than possibly an optional
subscription fee, around $50 a YEAR at most, nor do they have small datafiles
that collects information from the fat table from the subscribers."  As I was
speaking, the salesman was trying to interrupt me, finally succeeding at this
point.

"Well, I can see you have a lot of questions," the salesman evades rather well.
"So I'm sure this gentleman over here will be glad to answer any of your
questions, while I can take this lady's question...Yes?"

I was approached by another salesman who asked me what questions I needed
answered.  I said none, seeing as I didn't have much interest in his system
anyhow, and that I was just seeing how good the Prodigy salespeople worked
under pressure.  He said he would be glad to answer any questions I had, but if
I were only there to harass people, to please take it elsewhere.

Then it was off to the various other setups.  Magazines were on display and
free for the taking here, including Mobile Office, Various Nintendo/Game System
magazines, and Audio Equipment.  Walking down one of the back isles, I heard a
bit of conversation that caught my ears.

 Star Trek Straight To Your Home
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Computer.  Recognize Picard, Jean-Luc.  Kitchen Lights ON, Turn ON the VCR and
hit RECORD.  Close the Curtains, and turn on the Extasy Channel.  Prepare to
record "Chicks with Dicks."
                                - Jean Luc Picard
                                  Stardate 1992.4, 2:45 A.M.

Such a Scenario is something you would think you could find only on Star Trek,
right?  Wrong.  With the Mastervoice, the "Ultimate in Home Automation", the
mastervoice is much like your own personal butler, telling the correct time,
activating and operating any device in your household, and even with it's own
alarm system.  All of this, at the command of your voice.

Mastervoice can be designed to be used by up to four people, can be trained in
any language.  It distinguishes who is speaking, obeys the commands, but also
speaks back to you -- in a HUMAN sounding voice.  Male or Female.  You can add
or delete voices from it's recognition systems, you can also create new
response words as well.

Featuring control over lights, stereo, TV, coffee maker, heating and cooling
systems.  It also has a Household Noise Override that allows you to have stupid
children racing around your home in an obnoxious manner without disturbing the
unit.

Plus, it is also a speakerphone/telephone with stored numbers.  At the sound of
your voice, it will dial or answer incoming calls and allow you to carry on a
conversation without ever having to touch the system.  It also interfaces with
your PC for memory storage or control operations.

Built in infrared sensor and intrusion detection systems are another highlight
of this demonstration.  As it recognizes up to four voices, you can assign a
password for each voice, being anything from "I am home" to
"Supercalafragilisticexpialidoshes".  If all fails, it can call the police for
you.  Nutty as all hell.

Mastervoice operates thru carrier current modules.  This model, as one of the
top of the line voice-recognition home-use systems, it is up there in the
$4,000 plus range, but seeing all the stuff it does, it's well worth the price.

Skipping the Game Module Section (Nintendo/Sega/TurboGraphix/etc) entirely, I
ran into an interesting palmtop known as the Psion Series 3, and their new
interlink software. Windows Compatable, the palmtop not only has communication
software for a link between your PC and Palmtop, but also will support standard
Hayes and Hayes compatible modems.  Sporting a qwerty style keyboard and a
romcard port, 128k and a 40 column screen, the Series 3 may be limited, but
provides an acceptable amount of access to other online services.  Though for
now, a Windows based software package is only available, at the time of this
writing, there will be DOS and UNIX compatible packages available to the public
in 5 to 6 months.


--------------------------------------------------------------------------------


                                ==Phrack Inc.==

                     Volume Four, Issue Forty, File 3 of 14

                              ==Phrack Pro-Phile==

                    Written and Created by Taran King (1986)

     Welcome to Phrack Pro-Phile.  Phrack Pro-Phile is created to bring info to
you, the users, about old or highly important/controversial people.  This
month, I bring you perhaps the most famous all underground hackers and the
founder of the Legion of Doom.

                                   Lex Luthor
_______________________________________________________________________________

 Personal
 ~~~~~~~~
       Handle:  Lex Luthor
      Call me:  I really no longer identify with "Lex Luthor" and don't ever
                expect me to use the handle again with regards to calling
                boards so you CAN call me "Johnson."
 Past handles:  I was too status conscious to have more than one handle.  All
                my effort went into just one persona.
Handle origin:  From the Superfriends/Justice League of America (ABC TV)
                cartoon series where the Legion of Doom (LOD) kicked their
                asses until the series writers thought up some lame way for
                them to win, but of course, LOD always escaped to fight another
                day.
Date of Birth:  You should know better than that.
       Height:  You should know better that that.
       Weight:  Approximately 610 Newtons plus or minus a few.
    Eye color:  With or without colored contact lenses?
   Hair color:  With or without my wig disguise?
     Computer:  Apple //+ collecting dust and a soon to be obsolete IBM 286.
Email address:  lex@stormking.com


 The Interview Of Lex Luthor!
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 by Taran King

TK = Taran King
LL = Lex Luthor

TK:  So Lex, why have you finally relented to a Pro-Phile/interview when I have
     been after you to do one for about 5 years now?

LL:  Well, I have to admit that I am still reluctant.  This whole issue of
     computer security/insecurity, hacking/phreaking, philes/electronic
     publishing, etc. is still quite controversial and I would prefer to
     concentrate on strictly legitimate activities.  Especially areas where the
     importance of opinions are negligible and the importance of facts are
     paramount, as in Science and Engineering.  However, I realize that Phrack
     won't be around forever, so I thought that if I had any last words left to
     say I'd better say it now so here I am.

TK:  How did you get started into hacking/phreaking?

LL:  It was easy. I had a delicious shake for breakfast, one for lunch and oh
     sorry.  No really, it WAS easy.  I had a friend who bought an Apple and I
     used to go over to his house and watch him play Ultima I, a fantasy/
     adventure game.  After drooling over Ultima long enough, I took all my
     savings and bought a system, which was in excess of $1000 at the time.
     Being penniless, I had nothing else to do but learn the machine.  My
     friend then purchased a modem and started calling boards.  I followed
     suit. He was interested in cracking software and became rather well known
     using the handle "The Punk".  After he gave me some codes for various LD
     companies I started calling around.  A short while later, I noticed that
     there were boards, sections of boards, and most importantly INFORMATION
     that I was not permitted to use/see.  I was unhappy about being excluded
     especially from RACS III (Tuc eventually came around though) and took it
     upon myself to learn what was involved in accessing these systems and
     getting more information.  I realized as most have, that providing
     information that others do not possess allowed me to be noticed and
     therefore gain more information.  By the way, I still play Ultima, I
     BOUGHT Ultima VI two years ago but am just getting around to playing it
     now.

TK:  What was more important to you, getting noticed or getting information?

LL:  The information was undoubtedly the goal.  I realize now, as many hackers
     and phreaks have in retrospect, that I am an INFORMATION JUNKIE.  The
     notoriety was simply the means to be trusted with more information and
     knowledge.  Unfortunately back then I was unaware that most of the
     information that I seeked was available LEGALLY.  I was blinded by the
     information itself, and did not concentrate on the *methods of obtaining
     information*.  Now with the advent of CD rom databases, and also online
     databases, the information is readily found.  The problem is that the
     service providers are pricing the disks and online time out of the reach
     of common people, which of course puts me back to square one in a way.

TK:  Why do you need information?

LL:  Look, if there is one thing that prevents people from doing things or
     pursuing their dreams, its INFORMATION.  Not money, not guts, not
     anything.  With the right information just about everything else can be
     obtained with the exception of health and happiness I suppose.  

TK:  Give me an example.

LL:  Okay.  If you have ever been up late watching TV and 'ol Dave Del Dotto or
     Carlton Sheets or whomever gets on and is trying to sell you their
     "courses" on Real Estate, Buying at Government Auctions, etc. then you
     know what I am talking about.  These guys made millions simply by
     obtaining information that the majority of people were not aware of and
     put it to use, they could have been anybody.

TK:  What types of information do you look for?

LL:  Although I always look to learn new ways of how to obtain information in
     general, i.e., what new databases are available and how to use them, etc.
     I am currently concentrating on scientific data since I am working on my
     Master's Thesis and a comprehensive literature search is required to
     prevent me from duplicating what has already been accomplished.  The
     "don't re-invent the wheel" philosophy.

TK:  You mention a thesis, what schooling have you had/are pursuing?

LL:  I don't want to be too specific, however, I have an undergraduate
     engineering degree and am currently in the process of completing dual
     Master's degrees, one in Quantum Physics and the other in Engineering.

TK:  Sounds heavy, but why be vague, you must have a computer-type or
     electrical engineering degree?

LL:  No, and I get that a lot from old friends: "You are so good with
     computers, why aren't you doing that?"  My interest in computers now is
     simply to make them calculate equations and do simulations of physical
     systems.  And to help me get more information.

TK:  Let's get back to the H/P subject, there's a few people who have always
     contended that you and the guys in LOD really didn't know much of
     anything, is that true?

LL:  Well I can't speak much about the old members, but their expertise
     satisfied me and other members (we would usually vote on new members, I
     wasn't a dictator you know).  As for me, I realized early on that only
     certain people can be trusted with certain information, and certain types
     of information can be trusted to no one.  Giving out useful things to
     irresponsible people would inevitably lead to whatever thing it was being
     abused and no longer useful.  I was very possessive of my information and
     frequently withheld things from my articles.  By not providing much data,
     some people may conclude that I didn't know anything at all.  Its just
     that I didn't release it to just anyone and that dismayed various people
     probably to the point of lashing out at me and LOD.


 Some People to Mention
 ~~~~~~~~~~~~~~~~~~~~~~
Taran King:        You were always hounding me for a Phrack Pro-Phile.  Hope
                   you are enjoying it.

Knight Lightning:  Great guy, but how did he get so famous even though he never
                   even broke into the E911 computer?  Sad to see him get
                   screwed by overzealous "professionals."  Wish I had some
                   money to donate to his defense fund.

The Blue Archer:   Always wanted to meet him.  I never got a chance to meet him
                   face to face although I have known him for 8 years.  To be
                   honest, he was better at getting into systems than I was.

Tuc:               Always willing to bend over backwards to help you out.  I
                   still use the briefcase he bought me in NYC many years ago.

Paul Muad'Dib:     The one in New York.  He is one of the smartest people I've
                   ever met.  I hope he is doing something worthwhile.

Bioc Agent 003:    Talked to him quite a number of times and met him at TAP
                   meetings, but we never got to be friends.

Cheshire Catalyst: I still owe him $20.  He lent it to me in NYC.

Control-C:         A wildman with the women.  I hope he gives me his STARGATE
                   videogame when he gets tired of it.  I don't play it every
                   day like him, but I still can kick his ass.

Phantom Phreaker:  He has a spiritual side to him that most people never
                   realize.

The Videosmith:    A fun person with talent.  I was sad to see him leave the
                   scene so early.  Met with him in his home state two years
                   ago just to say hello.

Dr. Who:           Here is a guy who loved hacking and exploring systems.  I
                   mean he really enjoyed it.  He got quite good at it too.

Telenet Bob:       Met him up in Massachusetts at Dr. Who's conference.

Jester Sluggo:     Met him up in Massachusetts along with The Sprinter.
                   Obviously he knew more than he let on even way back then.

Compu-Phreak:      I liked listening to his pirate radio station while he
                   operated it.  The FCC never did catch on.

Silver Spy:        A very smart guy with a future.  Someone who knows when to
                   stop, but was a little bit panicky at times.

Erik Bloodaxe:     Part of the original LOD group.  I think he always wanted my
                   job.  I consider him a friend even though we had our
                   misunderstandings.

Mark Tabas:        Part of the original LOD group and sysop of Farmers of Doom
                   (FOD) for the short time it was up.  I hope he isn't in any
                   trouble again.

Flash Hoser:       A fellow information junkie in the Great White North (GWN).

Gary Seven:        Probably one of the least known yet talented hackers around
                   except that I mentioned him in the acknowledgement section
                   of many of my files.  He has since quit.

Digital Logic:     Ran a good board for quite a while.  An idealist who could
                   give a great speech.  Too bad no one would listen.

The Ronz!:         Old friend who no one ever heard of unless they called
                   Digital Logic's Data Service BBS.

Al Capone:         Should have been born a few years earlier so he could have
                   gotten into hacking when it was fun.  He got into it too
                   late and the risk became a little too high for him.

Quasi Moto:        Sysop of Plovernet.  Was a good sysop, but not much of a
                   hacker.  Still talk to him on the net.

King Blotto:       Known him a long time.  Glad he never put me on
                   TeleTrial!

The Mentor:        A fantastic writer.  He ran a great board (Phoenix Project).
                   The last time I talked to him was a few years ago, but he
                   wasn't very talkative.  I think he fell for the 'ol Lex is a
                   rat rumors.

The Leftist:       I hitched a ride with him to one of the SummerCons in
                   St. Louis.  Haven't talked to him since his trouble began, I
                   hope he's cleaned up his act.  I thought he was cool until I
                   heard he was making stuff up about me to the investigators.

The Prophet:       A kindlier gentler hacker.  Sorry to see him get screwed by
                   the system.

The Urvile:        Met him at SummerCon '89.  Definitely seemed to be the type
                   who you could trust not to screw you over.

Sir Francis Drake: Met him at SummerCon '87.  I'm glad I got a chance to.

Sir Knight:        What a character.

Shooting Shark:    I appreciate the favorable comments he made about me in HIS
                   Phrack Pro-Phile.

 A Few Other Things
 ~~~~~~~~~~~~~~~~~~
While I'm on the subject of people, there is one thing that I have not see
published in any form, and that's a "Where are they now" type of thing for
ex-hacks/phreaks.  Just so people know, there are a number of us who are doing
quite well at lawful pursuits.

For example:

Silver Spy          - Completing a Master's Degree in Electrical Engineering.
Knight Lightning    - Working to become a lawyer.
The Unknown Soldier - A high level manager at a successful software company.
The Mentor          - Creating games at a well known game company.
Jester Sluggo       - Working for a 'high technology' company.
The Disk Jockey     - Working in the computer business.
Gary Seven          - Chief engineer at a radio station.


 The Interview With Lex Continues
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
TK:  In an early issue of Phrack you were referred to by the following:
     "There is paranoia and beyond paranoia there is Lex."  How do you respond
     to that?

LL:  Ha Ha, I remember that one.  Well of course there is some truth to it.
     And the saying, "better paranoid than sorry." is true as you can see since
     I am not behind bars... not that I ever did anything illegal of course,
     ahem.  I should mention that I met two individuals early in my hacking
     career that had a significant influence on me, and both are the absolute
     epitome of paranoid.

     One was "Eliott Ness" who was probably in his late 30's to 40's by the
     sound of his voice.  He used to call LOD, I met him on a local board.  He
     was extremely knowledgeable, but always knew when to stop giving general
     information, never gave out ANY personal information, and never
     communicated for any length of time.

     The other guy was "Number 6" from TAP meetings in NYC.  I met him a few
     times.  Six was another older gentleman.  He was very calm until anyone
     showed up with a camera.  Then he "went off" until the camera threat was
     negated.  This guy had a way of extracting information out of you without
     you even realizing what he was up to.

     As I recall people would ask him a question and he would simply turn it
     around and say, "well, what do you think (or know) about so and so" and
     the hapless phreak would spill his guts with Six taking notes and
     sometimes making corrections to what the phreak said much to the phreak's
     surprise.  But Six never really gave out much information although it was
     completely apparent to me that he knew a great deal just by the way he
     carried himself.

     A few phreaks would try to follow him after the TAP meetings, but he
     always lost them without ever letting on that he knew he was being
     followed.  It should be mentioned that paranoia can destroy you (as the
     song goes).  A number of times I ran into real problems trying to escape
     from suspected problems that probably weren't anything to worry about. 

TK:  What memorable H/P BBSes do you recall?

LL:  OSUNY:  Caught the tail end when I first started.  I was impressed.

     Plovernet:  That BBS was crazy.  Constantly busy since it had hundreds of
                 active users and Quasi Moto let everyone post whatever they
                 wanted and never deleted messages unless there was no disk
                 space left.  We helped start the "philes" trend there also.
                 It was easy to spot who knew what they were talking about so I
                 invited them onto the LOD BBS.  Some of the people on the LOD
                 BBS were then asked to join the now infamous LOD group.

TK:  (*Interrupts*) Did you ever think the group you started would become a
     household name in security and hack/phreak circles?

LL:  Although I knew the guys in the group were good hacks/phreaks, I had no
     clue of where it was leading.  Since we did not tolerate destructive/
     malicious behavior nor things like credit card fraud I did not think there
     was much risk in the group as a whole getting any real attention.  Of
     course, all that changed with time.

TK:  Sorry for the interruption.  Please continue.

LL:  Metal Shop Private:  The users were idealistic and good natured which was
                          refreshing.  I liked it most because it was a good
                          source of information/files and we were the first to
                          see new Phrack issues.

     Farmers Of Doom:  Mark Tabas did a fantastic job with this one.  It was
                       quite busy, but did not remain up very long.

     Phoenix Project:  Again, another fantastic job.  The Mentor had some
                       rather unconventional ideas like letting security people
                       on, which I thought was a good idea.

     RACS III:  Tuc didn't give me the time of day at first, but eventually I
                got on.  Then he took it down.

     Pirates Cove:  The board in 516 (Long Island, NY).  One of the classics.
                    It's where I met Emmanuel Goldstein and invited him onto
                    Plovernet to help sell 2600 subscriptions.

     Catch-22:  Absolutely positively the most secure BBS I ever encountered.
                Besides passwording subboards along with requiring users to
                have a high enough security level to access them, it made use
                of many concepts from the "basic security model" introduced by
                Lampson and later augmented by Graham and Dorothy Denning.  Of
                course Silver Spy and I had no clue what an access matrix was
                and things of that nature.  A duress password was implemented
                so if someone got nailed they could enter the password, not
                compromise the system, yet appear as to be cooperating with the
                authorities who we presumably thought would ask the hacker to
                call.  It was never used but nice to have.

     BlottoLand:  Good board for a while, but he let too many of his "loyal
                  subjects"  on the system who were locals and they eventually
                  overran it.

TK:  Do you REALLY think you are ELITE or what?

LL:  I really don't know how anyone got the idea that I considered myself
     elite.  The only people who said I thought I was elite were those who I
     never met or talked to. Contrary to some people's belief, I never
     considered myself as elite.  I was just a guy who liked to pass
     information on to others so I wrote some files.  The files did help me get
     access to more information by making me more well known.  When I read the
     newspaper, I'm one of those annoying people who keeps interrupting your
     breakfast to tell you details about all the neat stories.

TK:  Speaking about the group, what do you think about Erik Bloodaxe and others
     starting ComSec Data Security?

LL:  When I first called Bloodaxe after I saw them in the papers/magazines he
     thought I would be mad, maybe that he took my idea or something.  I told
     him I am familiar with the computer security consulting business and don't
     want any part of it.  It's too tough to get people to pay money for
     something that they cannot get a verifiable return on their investment.
     Besides, getting them to trust you with their inner most secrets is
     extremely difficult.

     I told ComSec to write articles about security until their fingers fell
     off.  Legitimize themselves as soon as they can.  There was too much
     prejudice out there against them with ComputerWorld leading the pack.  I
     really think they could have helped some companies if given a chance.  But
     I don't think they had enough knowledge about the whole security picture,
     i.e., Physical Security, Environmental Systems (fire suppression, UPS,
     etc), Administrative Security (Hiring/firing policies, etc.), what goes on
     in big IBM shops MVS, CICS, ROSCOE, etc.  There is a lot involved.

TK:  How did you feel when Knight Lightning and Phrack erroneously insinuated
     that you might have informed on other hackers, maybe even the Atlanta
     Legion of Doom members a few years ago?

LL:  Well as you now know, Craig (KL) has seen all the documents and records
     from his trial and many documents from the Atlanta case and there was no
     mention whatsoever of me in regards to providing information, being a
     witness, testifying, etc.

     Although I haven't talked to the Atlanta guys since before their trial I
     am sure they know I had absolutely nothing to do with what happened to
     them.  The real story has since come out.  If there is one thing I hate,
     it's being accused of something you didn't do.

     If someone does something they are accused of, he should be man enough to
     admit it.  I have said this before a number of times, I have never
     provided information to anyone about other hacks/phreaks that directly nor
     indirectly led to them being visited, arrested, or prosecuted.  It's just
     not my way.  What goes around comes around and that kind of boomerang is
     something I knew I didn't want to play with.

     My success in avoiding trouble is fairly straightforward:  Most of all it
     was secrecy and misdirection (ala Stainless Steel Rat), avoiding phone
     company computers especially those in which I was a customer of (i.e., my
     local RBOC) because if you get THEM pissed at you, they'll get you one way
     or another.  Also, lots of LUCK and not intentionally making any enemies
     although there have been a few hackers mad at me whom I never even talked
     to and I have no idea as to why they didn't care for me.

TK:  Do you have any advice for people out there who may want to begin hacking
     or phreaking?

LL:  I am not one to dictate what people should or should not do, but I
     wouldn't if I were them.  The technology to prevent and detect security
     breaches and then to track down their source is ever improving.  The
     Cuckoo's Egg (by Cliff Stoll) provides a good example of that.  But that
     shouldn't even come into the picture.

     I think they should examine objectively why they want to do it.  Then make
     an honest attempt at finding other legal ways to accomplish whatever they
     were trying to do.  I don't care how you justify it, its dishonest.
     Forget about the law part of it. It just causes other people problems.  I
     didn't know how much until my school's systems were hacked and I was
     unable to read my e-mail for a week.  I was angry and thought to myself
     that I'd like to get my hands on that asshole hacker.  Then I laughed for
     quite awhile realizing what I was thinking and the irony of it all.
     Poetic justice I suppose.  None of my data was touched, but I was denied
     service and denial of service can be just as damaging.  As for the
     challenge of it, well I can't deny that that was very addicting, but there
     are many legal ways to challenge yourself.

TK:  What conventions/involvements outside of phone calls have you done?

LL:  TAP meetings were probably the first.  Then a Con in Massachusetts, the
     Con in Philly with Videosmith et al. and of course the few SummerCons
     (1987 and 1989) in St. Louis.  There were some computer security
     conferences that were interesting also.  Those helped to sensitize me to
     the "other side."

TK:  I remember at SummerCon '89 that you were accidentally caught on video
     tape for about 2 seconds and requested that it be erased, which it was.
     What is the deal with cameras?

LL:  It may sound a little odd, but I don't think anyone has the right to take
     another person's picture without their permission.  Especially when the
     person who is on film has no idea where the picture will end up.

     I predict within 5-10 years maximum that states will start using video
     cameras to digitize your picture when you go for a new driver's license.
     The  digitized image will be stored with the rest of your personal
     information and probably be available to people like private investigators
     and others who gain access to the information illegally.  With ISDN,
     Multi-Media, etc., it will be possible to "set up" people very easily by
     altering images via computers, etc. to make them look like they are doing
     just about anything you can think of.  When things like that start to
     happen I will not look crazy but smart, at least to my friends who think
     my avoidance of cameras is abnormal.


 Most Memorable Experience
 ~~~~~~~~~~~~~~~~~~~~~~~~~
TK:  What are your most memorable experiences (funny things that happened to
     you during your phreaking/hacking or not so funny)?

LL:  Dr. Who in Massachusetts had a conference in which me, Tuc, and The
     Videosmith drove up at 4 AM in Tuc's VW Beetle hydroplaning all the way
     due to the rain, and dead tired.  We were all in a silly mood and had a
     lot of laughs.

     Also, the time when I was in NYC with Paul Muad'Dib and we had no money to
     eat.  He was the first person I know of who had any real knowledge of
     phone company switching systems.  He engineered a switch in Manhattan to
     put call forwarding on a pay phone.  Once this was done, all the money put
     into the phone would remain in the phone but would not drop into the coin
     box.  Those who put money in didn't really have to since the phone was
     converted to a POTS (Plain Old Telephone Service).  Alas, humans are
     creatures of habit.  So after a couple of hours (since it was a busy
     phone) he had the guy put the phone back to the way it was.  When this was
     done, all the money held in the phone was returned.  It was like hitting
     the jackpot in Las Vegas.  We then proceeded to McDonald's.

     The story about me running around naked in a Motel 6 parking lot that
     Control-C has tried to get people to believe is, of course, grossly
     exaggerated.  His girlfriend hooked me up with a friend of her's.  Dan and
     his girl were in another room.  He called me to come over, but I was in my
     underwear.  We had been drinking so I ran the 8 feet or so to his room (we
     were on the 2nd floor with a solid balcony so no one from the ground could
     see anyway), I said hello and then ran back to my room to go another
     round.

     Probably my favorite memory is relatively recent.  J.J. Bloombecker,
     Director of the National Center for Computer Crime Data, spoke at my
     school.  I sat in the very back as usual (I hate to have anyone sitting
     behind me, anywhere) in a room of about 40 people and listened to his
     speech which basically was to promote his book, "Spectacular Computer
     Crimes."  I spoke to him but never let on who I really was.  He talked
     about Craig's (Knight Lightning) case and then he went on about whomever
     named LOD, the Legion of Doom, should have named them something like the
     "Legion of Ineffectual Pansies."  The reason being that, what prosecutor
     in his/her right mind would go to a judge and say how dangerous a group of
     ineffectual pansies are.

     I sat there trying not to blush and thinking that of all the hundreds of
     people he said that to, he probably never expected to say it to the person
     who really named the group. 

     I did meet Donn B. Parker, whom I consider the father of computer
     security, twice.  The first time I just shook his hand.  The second time
     was relatively recently and we spoke for 20 minutes or so.  I never told
     him who I really was, not that he would know anyway.  But I complimented
     him enough so even if he found out, he couldn't have gotten too mad at me.

TK:  What were some of your memorable accomplishments (newsletters/files/etc.)?

LL:  The REAL accomplishments (non-files) will remain anonymous, but my
     favorite files were the IBM VM/CMS series because they were well written
     along with the Attacking, Defeating, and Bypassing Physical Security
     Devices series.  Before I wrote a file I scoured boards and other
     traditional sources for the information I sought.  If I came up empty
     handed, I researched it and wrote about it myself.

     Although the COSMOS files helped me get started, they were a complete
     joke.  They provided enough information to be dangerous and didn't help my
     standing with the RBOC's.  The VAX/VMS files got better as they
     progressed, but except for some of Part III they didn't provide much that
     wasn't available in manuals.  I enjoy writing, but it usually takes me
     many revisions to get it just right.  As for newsletters, the LOD/H
     Technical Journal is another thing that I was involved in.

TK:  What is the story behind the LOD/H Technical Journal?

LL:  The LOD/H Technical Journal almost never was.  As you are aware, LOD had
     gotten a group of files together to be published in PHRACK as an "all LOD
     issue," but some of the members thought we should put out our own stuff.
     The idea grew on me and I said okay.  I should let it be known that you
     helped us out for the first issue by spell checking it and performing some
     editing and critique.  But we were only able to produce 4 issues since it
     was difficult in getting quality non-plagiarized or non-highly paraphrased
     material.

     After the third issue, I realized that I was probably not doing anyone any
     favors by exposing security holes and weaknesses in systems.  Some people
     may not believe hearing this from ME, but I don't agree with those hackers
     who think they are doing people a service by exposing their system
     vulnerabilities.  Nobody needs someone checking their door at night to see
     if its locked.  And although the old door analogy isn't exactly the same
     as the pseudo-physical computer login, its close enough.  Sorry about
     getting off the subject a little.

TK:  That's okay.  Why did you quit the H/P community?

LL: I wrote a letter to 2600 Magazine about a year ago that goes into it a
    little.  Between that and what I've said here, it should be fairly
    apparent.  In brief, I realized I was mainly in it for the purpose of
    getting information.  It got too dangerous and I decided to direct my
    energy to graduating instead of how to defeat security systems.  The
    thought processes involved in hacking and those in solving problems in
    Engineering Design are remarkably similar and I think my hacking experience
    makes me a much better designer and problem solver.  Not that I am
    advertising for a job or anything...


 Lex's Favorite Things
 ~~~~~~~~~~~~~~~~~~~~~
  Women:  Without Diseases.
   Cars:  So fast that you are terrified to put the pedal all the way down to
          the floor.
  Foods:  Anything that does not contain pesticides, herbicides, heavy metals,
          radioactive elements, toxic chemicals, harmful microorganisms,
          artificial colors, or preservatives.  I guess that rules out fish,
          produce, meat, processed foods, drinking water, and so on.  In other
          words there's nothing left to eat.  In all seriousness, I do like
          great big salads and if I was rich I would have an awesome wine
          cellar.
  Music:  Heavy Metal, some Punk, and Classical.
Authors:  Richard P, Feynman, Isaac Asimov, Stephen Hawking, Jane Roberts, Budd
          Hopkins, Jacques Valee, Bruce Sterling, K. Eric Drexler, and Matthew
          Lesko.
  Books:  I liked the Cuckoo's Egg, anything about physics, and non-kook
          metaphysical books.  The only thing I collect these days are books.
          I have hundreds of them.
  Games:  Atari's ASTERIODS DELUXE was probably the most difficult videogame
          ever (even though it's more than ten years old) and which I am one of
          the best there is at playing it.  When it comes to this, I admit I AM
          Elite.  There's almost no one on this planet who can beat me.
          Defender and Stargate are also great.  They don't make games like
          they used to.  And of course, the Ultima series.
 Actors:  Dana Carvey, Bill Moyers, Patrick Stewart (ST:TNG), Jonathan Frakes
          (ST:TNG), Andy Griffith (Matlock), and too many movie stars to 
          mention.


 The Interview Concludes
 ~~~~~~~~~~~~~~~~~~~~~~~
TK:  Is there anyone specifically that you want to say a few things to?

LL:  To all those who subscribe to the "Once a thief, always a thief" mentality
     and to those few die-hard law people who would love to get their hands on
     me and other ex-hackers:  Don't bother, people are basically good and can
     be "rehabilitated" without going to prison.

LL:  The other thing that I have never understood about the hack/phreak
     community is some of the obsession with tracking people down.  I could
     understand it a little better when the reason was to check out others to
     make sure they were not feds.

     I never compiled lists of who I talked to with anything except their
     handle, first name, and phone number.  I never CNA'd them for their last
     names, or tried to find out where they worked.

     But some guys just had to know everything about everyone.  Don't they have
     anything better to do?  I was careful yes, but not to the point of
     invading everyone's privacy especially when the person stated they just
     wanted to be left alone.  I am not saying I NEVER invaded another's
     privacy, but I don't now and almost never did it in the past.

     I left an Internet mailing address at the beginning of this Pro-Phile so
     people can contact me.  I don't mind talking to people, but I just don't
     think it's fair to harass and threaten people who don't want to be
     bothered.  I am open to useful and constructive conversations via email,
     but I really don't think it's necessary to compile individual's personal
     information.  I never did it and will never understand why people do it.

     Besides, it's no great accomplishment to find people these days.  The ways
     of getting information are numerous and many are legal, so how much skill
     does it really take to get someone's info?  Almost none.  Anyone can do
     it... on just about anyone they want.

TK:  What do you think about the future of the hack/phreak world or telecom
     communications in general?

LL:  As for the hack/phreak aspect, every time I think hacking is dead and
     people would have to be deranged to break into computers or make phone
     calls illegally for free, I read about another hapless person or group of
     people who have done it.  Don't they realize there are better and easier
     ways of going about whatever they are doing?  Don't they realize that the
     technology to CATCH you is such that you have lost the fight before you
     even get started?

     Yes there will be new technologies that will help both sides, but there is
     the law of diminishing returns.  As for what hackers should be doing, if
     anything they should keep an eye on our right to privacy.  If it weren't
     for hackers, TRW would still be screwing people over (worse than they do
     now) and would have never apologized for not correcting invalid credit
     information.

TK:  And of course the question that no Phrack Pro-Phile does without...

     Of the general population of phreaks you have met, would you consider most
     phreaks, if any, to be computer geeks? 

LL:  Absolutely NOT.  I don't judge people on how they look anymore (yes I used
     to).  As The Mentor so eloquently put it in his Hacker Manifesto (Phrack 7
     and again in Phrack 14), of which this is, but a lame paraphrase, it's
     more important to relate to people on what they know and on their ideas
     than what they look like or what color their skin is, etc.  And the vast
     majority have non-geeky ideas.

TK:  Thanks for your time, Lex.

LL:  Thank you for letting me ramble on for so long.


--------------------------------------------------------------------------------


                                ==Phrack Inc.==

                     Volume Four, Issue Forty, File 4 of 14

                               Network Miscellany
            *******************************************************
           <    How to Acquire Information on Internet Computers   >
            *******************************************************
                         Compiled from Internet Sources

                                by The Racketeer
                              of The Hellfire Club

                    Network Miscellany created by Taran King


Generally speaking, information is everything.  A lot of hacking any computer
on a network is being able to gather information about the machine and its
vulnerabilities.  This file is about using the available resources on the
Internet network in order to gain important information about any perspective
sites.

A large amount of information has been printed in Phrack recently about the
Internet, most of it copied straight from manuals and in my opinion lacking
hacking flair.  Therefore, I'm going to take you straight into the heart of the
heart of the matter with this file on acquiring information!

Now, the Internet is notorious for not having an instruction manual.  Most
people who find out what the Internet is learn from their friends.  It used to
be that there was only one real landmark on the Internet, and that was the
SIMTEL-20 FTP archive.  Now, the Internet is probably the largest free network
in existence.  In fact, it's a hacker's paradise!

Unfortunately, you have to know about "public" sites on the network before you
can use them.  Likewise, how are you going to hack an organization if you don't
know any machines on it?  Sort of like trying to complain to Packard-Bell about
your computer equipment not working when the bastards don't supply their name,
address, or phone number. You are going to have to find another way to get that
information if you want to get anything done.

There is not any one particular way to learn about a site.  In fact, you'll
have to combine several unusual methods of gathering information in order to
obtain anything resembling a "complete picture."  However, using the
combinations of techniques described in this file, you can maneuver through any
network on the Internet and learn about the machines within.

The first stop on this journey is the ARPANet Network Information Center
(frequently called "NIC" by experienced network users).  NIC's purpose is
simply to keep track of all the network connections, fields, domains, and hosts
that people wish to be told about.

To connect to NIC, you would issue a command from your Internet connected
machine similar to this:

               .----------------------- command
              /
[lycaeum][1]> telnet nic.ddn.mil

This will (within a short period of time) route you to the Network Information
Center and grant you access.  There isn't a straight forward login/logout
system on NIC like other Unix computers; it will just connect you to the
Information System upon connection.  The message you will get will be similar
to this:

*  -- DDN Network Information Center --
*
*  For TAC news, type:                    TACNEWS <return>
*  For user and host information, type:   WHOIS <return>
*  For NIC information, type:             NIC <return>
*
*  For user assistance call (800) 235-3155 or (415) 859-3695
*  Report system problems to ACTION@NIC.DDN.MIL or call (415) 859-5921

 SRI-NIC, TOPS-20 Monitor 7(21245)-4
@ <prompt>

Great, now we are in.  Essentially, since NIC is just a great big telephone
book, we need to let our fingers to the walking.  Let's demonstrate a few
simple commands as I go after one of the government contract giants, the
corporation known as UNISYS.  Let's start by entering WHOIS.

@WHOIS
SRI-NIC WHOIS 3.5(1090)-1 on Tue, 22 Aug 91 15:49:35 PDT, load 9.64
  Enter a handle, name, mailbox, or other field, optionally preceded
  by a keyword, like "host sri-nic".  Type "?" for short, 2-page
  details, "HELP" for full documentation, or hit RETURN to exit.
---> Do ^E to show search progress, ^G to abort a search or output <---
Whois:

Okay, now we are in the database.  Since Unisys is our target, let's go ahead
and ask it about "Unisys."

Whois: unisys

Cartee, Melissa (MC142)         unisys@email.ncsc.navy.mil     (904) 234-0451
Ebersberger, Eugen (EE35)       UNISYS@HICKAM-EMH.AF.MIL       (808) 836-2810
Lichtscheidl, Mark J. (MJL28)   UNISYS@BUCKNER-EMH1.ARMY.MIL   (DSN) 634-4390
Naval Warfare Assessment Center (UNISYS) UNISYS.NWAC.SEA06.NAVY.MIL
                                                                  137.67.0.11
Navratil, Rich (RN74)           UNISYS@COMISO-PIV.AF.MIL       (ETS) 628-2250

There are 28 more matches.  Show them?  y      -->  of course

Peterson, Randy A. (RP168)      UNISYS@AVIANO-SBLC.AF.MIL      (ETS) 632-7721
Przybylski, Joseph F. (JP280)   UNISYS@AVIANO-SBLC.AF.MIL      (ETS) 632-7721
UNISYS Corporation (BIGBURD)    BIGBURD.PRC.UNISYS.COM          128.126.10.34
UNISYS Corporation (GVLV2)      GVL.UNISYS.COM                128.126.220.102
UNISYS Corporation (MONTGOMERY-PIV-1) MONTGOMERY-PIV-1.AF.MIL      26.5.0.204
Unisys Corporation (NET-MRC-NET)MRC-NET                           192.31.44.0
Unisys Corporation (NET-SDC-PRC-CR) UNISYS-ISF-11                 192.26.24.0
Unisys Corporation (NET-SDC-PRC-LBS) UNISYS-ISF-9                 192.26.22.0
UNISYS Corporation (NET-SDC-PRC-NET) UNISYS-ISF-7                192.12.195.0
Unisys Corporation (NET-SDC-PRC-SA) UNISYS-ISF-10                 192.26.23.0
Unisys Corporation (NET-SDC-PRC-SW) UNISYS-ISF-8                  192.26.21.0
Unisys Corporation (NET-UNISYS-CULV) UNISYS-CULV                  192.67.92.0
Unisys Corporation (NET-UNISYS-PRC) UNISYS-PRC                    128.126.0.0
Unisys Corporation (NET-UNISYS-RES1) UNISYS-RES1                  192.39.11.0
Unisys Corporation (NET-UNISYS-RES2) UNISYS-RES2                  192.39.12.0
Unisys Corporation (NET-UNISYS2)UNISYS-B2                         129.221.0.0
Unisys Corporation (STARS)      STARS.RESTON.UNISYS.COM         128.126.160.3
Unisys Corporation (UNISYS-DOM)                                    UNISYS.COM
Unisys Linc Development Centre (NET-LINC) LINC                     143.96.0.0
UNISYS (ATC-SP)                 ATC.SP.UNISYS.COM             129.218.100.161
Unisys (FORMAL)                 FORMAL.CULV.UNISYS.COM           192.67.92.30
UNISYS (KAUAI-MCL)              KAUAI.MCL.UNISYS.COM            128.126.180.2
UNISYS (MCLEAN-UNISYS)          MCLEAN-UNISYS.ARMY.MIL             26.13.0.17
UNISYS (NET-UNISYS-RES3)        UNISYS-RES3                      192.67.128.0
Unisys (NET-UNISYS-SP)          UNISYS-SP                         129.218.0.0
UNISYS (SALTLCY-UNISYS)         SALTLCY-UNISYS.ARMY.MIL           26.12.0.120
UNISYS (SYS-3)                  SYS3.SLC.UNISYS.COM             129.221.15.85
Wood, Roy (RW356)               UNISYS@LAKENHEATH-SBLC.AF.MIL
                                              0044-0638-522609 (DSN) 226-2609

As you can see, the details on these computers get fairly elaborate.  The first
"column" is the matching information, second column is the network name or
title, then it is followed by a phone number or IP port address.  If the phone
number has an area code, then it is of a standard phone nature; however, if it
is (DSN) then it's on the "Data Security Network," aka Autovon (the military
phone system).

Now, as you can tell from the above list, there are several UNISYS accounts at
military machines -- including a military machine NAMED after Unisys (mclean-
unisys.army.mil).  This stands to reason since Unisys deals mostly in military
computer equipment.  Since it is a secretive military group, you'd figure an
outsider shouldn't be able to gain much information about them.

Here is what happens if you center on a specific person:

Whois: cartee
Cartee, Melissa (MC142)            unisys@email.ncsc.navy.mil
   7500 McElvey Road
   Panama City, FL 32408
   (904) 234-0451
   MILNET TAC user

   Record last updated on 18-Apr-91.

Hmm..  Very interesting.  This user obviously has access to military computers
since she has a TAC card, and goes under the assumed identity as "Unisys" in
general.  Could this person be a vital link to the Unisys/U.S.  Defense
connection?  Quite possibly.  More likely she is a maintenance contact, since
she can use her TAC card to contact multiple (confined) military networks.

I've gone ahead and requested specific information about kauai.mcl.unisys.com,
which as far as I know is a focal point for the Unisys Networks.  Of course,
the information on this machine is non-classified (or if it IS classified,
Unisys will probably be chewed out by Uncle Sam).  Notice all the great
information it gives:

Whois: kauai.mcl.unisys.com
UNISYS (KAUAI-MCL)
   Building 8201, 10th Floor Computer Room
   8201 Greensboro Drive
   McLean, VA 22102

   Hostname: KAUAI.MCL.UNISYS.COM
   Nicknames: MCL.UNISYS.COM
   Address: 128.126.180.2
   System: SUN-3/180 running SUNOS

   Coordinator:
      Meidinger, James W.  (JWM3)  jim@BURDVAX.PRC.UNISYS.COM
      (215) 648-2573

   domain server

   Record last updated on 05-Aug-91.

   No registered users.

Aha!  The Coordinator on this machine doesn't use it!  There are no registered
users!  Namely, if you wanted to hack it, you aren't screwing with the higher
ups (this is good).  Since when does Unisys buy computers from other companies?
Can't they just grab a few off the assembly line or something?  The computer is
stationed in McLean, Virginia!  That's where the CIA is!  Could Unisys be
developing computers for the international espionage scene?  Obviously, there
is a great deal of information to be sucked out of this machine.

How?  The answer was listed there.  The machine is a DOMAIN SERVER.  That means
this computer holds the network information used to identify all the computer
systems on its network and all we need to do right now is figure out a way to
squeeze that information out!  But first, let's see if our hunch was correct in
assuming the bigwigs are far away by checking out the head honcho, "Mr.
Meidinger."

Whois: jim@burdvax.prc.unisys.com
Meidinger, James W. (JWM3)             jim@BURDVAX.PRC.UNISYS.COM
   Unisys Corporation
   Computer Resources
   Room g311
   P.O. Box 517
   Paoli, PA 19301-0517
   (215) 648-2573

   Record Last Updated on 04-Jul-90.

Yup, Mr. Meidinger is far away -- Pennsylvania, to be exact.  Not exactly
keyboard's length away, is he?  Besides, being in the "Computer Resources"
department, I'd suspect he is just an accountant.  Accountants are to computing
as beavers are to trees (unless, of course, they actually like computers, which
isn't a foregone conclusion in the business world).

I'm going to skip the rest of the information on NIC, since it has been
overkilled in this particular magazine anyway.  The only hint I have is to read
CERT's and DDN's news blurbs, since they give out some interesting information
which would be useful and educational.  Besides, messing around with the CIA's
hired goons sounds much more fun.

Now is the time for a little bit of a lesson in critical reasoning: the
Internet isn't exactly a "free to the public" network, meaning you just can't
attach your computer to a machine on the Internet and expect it to work all of
a sudden.  You need to configure your machine around the computers in the
network domain you are linking into, and if you have their permission, then
everything is cool.  But once you're configured, and your router and/or server
has been notified of your existence, does that mean anyone else has that
information?  The answer is yes, although that info won't be forwarded to a
place like NIC -- it will have to be obtained another way.

All packets of data on the Internet need to be routed to and from valid
computer hosts.  Therefore, all of this information is stored on the network's
gateway.  But the routing information stored is simply in numeric format, such
as 128.126.160.3.  At least, that is as understandable as it gets, since
Ethernet addresses are even more elaborate and in binary.

However, as Internet users know, there is more than a single way of describing
a computer.  "telnet 128.126.160.3" would be one way of connecting to a
computer, or "telnet aviary.stars.reston.unisys.com" would be another way of
connecting to the same computer.  These names are chosen by the owner of the
network, and are described through the use of "domain servers."

As you recall, kauai.mcl.unisys.com was listed by NIC as a domain server.  This
means that the names of the computer systems on that network are stored on that
particular host.  Of course, that's not the only thing.  The domain server
presents the computer name and IP number to the connecting machine allowing you
to connect to the computer by using a "domain style name."  Ultimately,
everything is converted to IP numbers.

Most network software allows compatibility with domain servers, meaning if you
want to connect to nic.ddn.mil, and you specify a command "telnet nic.ddn.mil"
then you will connect to nic.ddn.mil.  Sadly, this isn't true of all computers
(which require IP numbers only), but at least it is true enough that the
general user is likely to have such computer resources.

Reaching back to the Dark Ages, there is a computer program that allows
machines that don't directly interpret domain style addresses to IP addresses
to still find out what the name of a machine is.  This program is called
"nslookup" and is usually found in the Unix operating system (at least, I
haven't used it anywhere else -- it might only work on Unix).

"nslookup" stands for Name Server Lookup (there has been some debate, it seems,
if a domain server is really a name server, or visa versa; in fact, both
describe what they do well enough to have conflict).  Regardless, let's go
ahead and work on learning how to use nslookup.

[lycaeum][2]> nslookup
Default Name Server:  lycaeum.hfc.com
Address:  66.6.66.6


Now, going back to that NIC information we got earlier, let's continue to hack
on poor old Unisys, which is giving up its info every step we make.  We
determined that the kauai.mcl.unisys.com was a domain server, so let's jump
ahead to that by changing our server to their server (after all, the computers
we are after aren't on our machine).

> server kauai.mcl.unisys.com
Default Server:  kauai.mcl.unisys.com
Address:  128.126.180.2

Okay, now we have connected to the server.  This isn't a constant connection,
by the way.  It will only establish a connection for the brief instant that it
takes for it to execute commands.  It doesn't require a password or an account
to get this information off of a nameserver.

Let's start off by having it give us a list of everything about Unisys that
this server knows.  "Everything" is pretty much a good place to start, since we
can't go wrong.  If we come up with nothing, then that's what's available.  The
basic command to list machines is "ls" like the Unix directory command.

> ls unisys.com
[kauai.mcl.unisys.com]
Host of domain name            Internet address
 unisys.com                     server = burdvax.prc.unisys.com         3600
 burdvax.prc.unisys.com         128.126.10.33                   3600
 unisys.com                     server = kronos.nisd.cam.unisys.com     3600
 kronos.nisd.cam.unisys.com     128.170.2.8                     3600
 unisys.com                     server = kauai.mcl.unisys.com           3600
 kauai.mcl.unisys.com           128.126.180.2                   43200
 unisys.com                     server = io.isf.unisys.com              3600
 io.isf.unisys.com              128.126.195.20                  3600
 reston.unisys.com              server = aviary.stars.reston.unisys.com 3600
 aviary.star.reston.unisys.com  128.126.160.3                   3600
 aviary.star.reston.unisys.com  128.126.162.1                   3600
 reston.unisys.com              server = kauai.mcl.unisys.com           3600
 kauai.mcl.unisys.com           128.126.180.2                   43200
 rosslyn.unisys.com             server = aviary.stars.reston.unisys.com 3600
 aviary.stars.reston.unisys.com 128.126.160.3                   3600
 aviary.stars.reston.unisys.com 128.126.162.1                   3600
 rosslyn.unisys.com             server = kauai.mcl.unisys.com           3600
 kauai.mcl.unisys.com           128.126.180.2                   43200
 rmtc.unisys.com                server = rmtcf1.rmtc.unisys.com         3600
 rmtcf1.rmtc.unisys.com         192.60.8.3                      3600
 rmtc.unisys.com                server = gvlv2.gvl.unisys.com           3600
 gvlv2.gvl.unisys.com           128.126.220.102                 3600
 sp.unisys.com                  server = dsslan.sp.unisys.com           3600
 dsslan.sp.unisys.com           129.218.32.11                   3600
 sp.unisys.com                  server = sys3.slc.unisys.com            3600
 sys3.slc.unisys.com            129.221.15.85                   3600
 cam.unisys.com                 server = kronos.nisd.cam.unisys.com     3600
 kronos.nisd.cam.unisys.com     128.170.2.8                     3600
 cam.unisys.com                 server = burdvax.prc.unisys.com         3600
 burdvax.prc.unisys.com         128.126.10.33                   3600
 prc.unisys.com                 server = burdvax.prc.unisys.com         3600
 burdvax.prc.unisys.com         128.126.10.33                   3600
 prc.unisys.com                 server = kronos.prc.unisys.com          3600
 kronos.prc.unisys.com          128.170.2.8                     3600
 prc.unisys.com                 server = walt.prc.unisys.com            3600
 walt.prc.unisys.com            128.126.2.10                    3600
 walt.prc.unisys.com            128.126.10.44                   3600
 culv.unisys.com                server = formal.culv.unisys.com         3600
 formal.culv.unisys.com         192.67.92.30                    3600
 culv.unisys.com                server = kronos.nisd.cam.unisys.com     3600
 kronos.nisd.cam.unisys.com     128.170.2.8                     3600
 slc.unisys.com                 server = sys3.slc.unisys.com            3600
 sys3.slc.unisys.com            129.221.15.85                   3600
 slc.unisys.com                 server = dsslan.sp.unisys.com           3600
 dsslan.sp.unisys.com           129.218.32.11                   3600
 slc.unisys.com                 server = nemesis.slc.unisys.com         3600
 nemesis.slc.unisys.com         128.221.8.2                     3600
 bb.unisys.com                  server = sunnc.wwt.bb.unisys.com        3600
 sunnc.wwt.bbs.unisys.com       192.39.41.2                     3600
 bb.unisys.com                  server = burdvax.prc.unisys.com         3600
 burdvax.prc.unisys.com         128.126.10.33                   3600
 isf.unisys.com                 server = orion.ISF.unisys.com           3600
 orion.ISF.unisys.com           128.126.195.7                   3600
 isf.unisys.com                 128.126.195.1                   3600
 isf.unisys.com                 server = burdvax.prc.unisys.com         3600
 burdvax.prc.unisys.com         128.126.10.33                   3600
 isf.unisys.com                 server = io.isf.unisys.com              3600
 io.isf.unisys.com              128.126.195.20                  3600
 gvl.unisys.com                 128.126.220.102                 172800
 gvl.unisys.com                 server = gvlv2.gvl.unisys.com           3600
 gvlv2.gvl.unisys.com           128.126.220.102                 3600
 gvl.unisys.com                 server = burdvax.prc.unisys.com         3600
 burdvax.prc.unisys.com         128.126.10.33                   3600
 mcl.unisys.com                 128.126.180.2                   43200
 mcl.unisys.com                 server = kauai.mcl.unisys.com           43200
 kauai.mcl.unisys.com           128.126.180.2                   43200
 mcl.unisys.com                 server = burdvax.prc.unisys.com         43200
 burdvax.prc.unisys.com         128.126.10.33                   3600
 mcl.unisys.com                 server = kronos.nisd.cam.unisys.com     43200
 kronos.nisd.cam.unisys.com     (dlen = 1152?)                  4096
ListHosts: error receiving zone transfer:
  result: NOERROR, answers = 256, authority = 0, additional = 3.

Bummer, an error.  Funny, it claims there isn't an error, yet it screwed up the
kronos address and knocked me out.  Apparently, this domain server is screwed.
Oh well, I guess that's really their problem because in the information it gave
us, it was able to provide all the answers we needed to figure out the next
step!

Quick analysis of the above information shows that most of the servers were
connected to at LEAST two other servers.  Quite impressive:  A fault-tolerant
TCP/IP network.  Since it is fault tolerant, we can go ahead and use a
different machine to poke into the "mcl.unisys.com" domain.  Since "mcl" stands
for McLean, that's where we want to go.

Remember that NIC told us that kauai.mcl.unisys.com had an alias?  It was also
called "mcl.unisys.com".  Looking at the above list, we see toward the bottom
that mcl.unisys.com is also domain served by the computers
burdvax.prc.unisys.com and kronos.nisd.cam.unisys.com.  Let's connect to one of
them and see what we can gather!

Whenever a server starts acting screwy like kauai was doing, I make it a habit
of using IP numbers when they are available.  I'm going to connect to
burdvax.prc.unisys.com through its IP address of 128.126.10.33.

> server 128.126.10.33
Default server: [128.126.10.33]
Address:  128.126.10.33

Now that we are connected, let's see the network information again, but this
time let's try something different and possibly more useful.  This time we will
use the -h command, which happens to describe the computer type (CPU) and the
operating system it runs on (OS) which will give us a better idea of what we
are dealing with.

> ls -h mcl.unisys.com
Host or domain name           CPU          OS
 maui.mcl.Unisys.COM           SUN-2/120    UNIX        43200
 cisco.mcl.Unisys.COM          CISCO GATEWAY CISCO              43200
 kauai.mcl.Unisys.COM          SUN-3/180    UNIX        43200
 voyager.mcl.Unisys.COM        SUN-4/330    UNIX        43200
 dial.mcl.Unisys.COM           SUN-3/260    UNIX        43200
 astro.mcl.Unisys.COM          SUN-3/60     UNIX        43200
 hotrod.mcl.Unisys.COM         Unisys 386   SCO/UNIX            43200
 oahu.mcl.Unisys.COM           VAX-11/785   UNIX        43200
 lanai.mcl.Unisys.COM          SUN-3/160    UNIX        43200
 mclean_is.mcl.Unisys.COM      386          NOVELL              43200

WOW!  Look at all those Suns!  I guess Unisys has no faith in their own
computers or something!  If only President Bush could see this display of a
company backing their product!  In fact, the only Unisys computer in this whole
lot is a cheesy 386 clone which probably is some guy's desktop machine.

Once again, there is some fascinating information here.  Let's run through it
really quick:

Maui is a Sun 2, which is a really old RISC computer.  You don't see many of
these around but they still can be useful for storing stuff on.  But then
again, it probably is faster than a PC!

Oahu is a Vax-11 which is apparently running Ultrix.  This may be where Unisys
hoards all their programmers since it isn't being used for serious networking
(at least, as far as we can tell).

Mclean_is happens to be the file server for a PC network.  We can't really tell
from this point how many computers are on this network, but it could be
possible it is used for public information trade, where secretaries or
receptionists use it to confirm trade and scheduling.

Hotrod is also a 386, made by Unisys even!  Oddly, it is running a copy of SCO
Unix, which means it is, no doubt, a personal computer someone uses for Unix
programming.  If Unisys were itself a part of the government, I'd think this
computer would have been a kludged bidding contract which they got stuck with
because they were aiming for lowest bid and were unfortunately not very picky.

Voyager is an interesting machine, which is apparently the most modern on this
network.  Since it is a Sun-4 computer (probably IPX) it would be a high-speed
graphics workstation.  This could be the machine where many CAD applications
are stored and worked on.  Another possibility is that Sun 4 computers were
extremely expensive when they purchased this network of Suns, and they
purchased this one machine to be the file server to the other Sun 3s and the
Sun 2.  If you were to gain access to one of the other machines, it's possible
you would have access to all of them.

Cisco is just a standard Cisco Router/Gateway box, linking that particular
network to the Internet.

Kauai is a messed up domain server, big deal.  It might work on the same
network as Astro and Lanai.

Dial is a Sun-3.  Is there something in a name?  This could be the
telecommunications dial-in for the network.  Maybe the same computer system has
a dialout attached to it.  It might even be possible that "dial" has a guest
account for people logging in so that they can easily connect to other
computers on the same network (probably not).

Astro and Lanai are also Sun 3 computers.  It isn't quite obvious what their
purpose is.  Essentially, we have the impression that they were all purchased
about the same time (explaining the large number of Sun-3 computers in this
network) and it is quite possible they are just linked up to the Sun 4 in a
file sharing network.  It is also possible they are older and fundamental to
the operation of Unisys's communication platform at this particular site.

There is one flaw that makes using the -h switch somewhat unreliable:
Sometimes people realize you can do this and take the time to remove or never
include the information about the individual machines on the network.
Therefore, it is always best for you to do a "ls <domain>" and check everything
out in case a computer has been removed.  Using "telnet" to connect to the
computer is usually a foolproof method of finding out what computer it is they
are talking about.

> ls mcl.unisys.com
[[128.126.10.33]]
Host or domain name             Internet address
 mcl.Unisys.COM                  server = kauai.mcl.unisys.com         3600
 kauai.mcl.unisys.com            128.126.180.2                 3600
 mcl.Unisys.COM                  server = burdvax.prc.unisys.com       3600
 burdvax.prc.unisys.com          128.126.10.33                 3600
 mcl.Unisys.COM                  server = kronos.nisd.cam.unisys.com   3600
 kronos.nisd.cam.unisys.com      128.170.2.8                   3600
 mcl.Unisys.COM                  128.126.180.2                 43200
 maui.mcl.Unisys.COM             128.126.180.3                 43200
 cisco.mcl.Unisys.COM            128.126.180.10                43200
 kauai.mcl.Unisys.COM            128.126.180.2                 3600
 voyager.mcl.Unisys.COM          128.126.180.37                43200
 dial.mcl.Unisys.COM             128.126.180.36                43200
 LOCALHOST.mcl.Unisys.COM        127.0.0.1                     43200
 astro.mcl.Unisys.COM            128.126.180.7                 43200
 hotrod.mcl.Unisys.COM           128.126.180.125               43200
 oahu.mcl.Unisys.COM             128.126.180.1                 43200
 lanai.mcl.Unisys.COM            128.126.180.6                 43200
 mclean_is.mcl.Unisys.COM        128.126.180.9                 43200

Well, running down the list, it appears that there aren't any more computers
important to this domain that we don't know already.  LOCALHOST is just another
way of saying connect to where you are, so that isn't a big deal.  Hotrod being
separate from the rest of the machines seems apparent since its IP address is
x.x.x.125, which is quite separate from the others.  Even though this doesn't
have to be, it seems it is a wiring kludge -- probably for an office like I
surmised.

The next step?  Go ahead and hack away!  This is where all those system hacks
people trade on the net and all those CERT Advisories become useful.  If you
become good hacking a single machine (Suns, for example), using nslookup will
help you identify those machines and make it easier for you to hack.

Looking for annex computers, libraries, guest machines, and other such
computers also becomes easy when you use nslookup, because the names and
computer types are there for your convenience.  Checking on sites by selecting
interesting "special purpose" machines with nslookup first can yield good
results.  People have called this "netrunning," and it sounds like as good a
name as any.

Of course, the other big problem when dealing with domain servers is trying to
identify them.  The largest list of domain servers can be found off of the
Department of Defense Network Listing (usually called hosts.txt) which is
available almost everywhere on the Internet through anonymous FTP.  Here is a
rundown on how to get the file:

[lycaeum][3]> ftp wuarchive.wustl.edu

220 wuarchive.wustl.edu FTP server (Version 6.24 Fri May 8 07:26:32 CDT 1992)
ready.
Remote host connected.
Username (wuarchive.wustl.edu:rack): anonymous
331 Guest login ok, send your complete e-mail address as password.
Password (wuarchive.wustl.edu:anonymous):
230-  This is an experimental FTP server.  If your FTP client crashes or
230-  hangs shortly after login please try using a dash (-) as the first
230-  character of your password.  This will turn off the informational
230-  messages that may be confusing your FTP client.
230-
230-  This system may be used 24 hours a day, 7 days a week.  The local
230-  time is Wed Jun  3 20:43:23 1992.
230-
230-Please read the file README
230-  it was last modified on Mon Mar  2 08:29:25 1992 - 93 days ago
230-Please read the file README.NFS
230-  it was last modified on Thu Feb 20 13:15:32 1992 - 104 days ago
230 Guest login ok, access restrictions apply.

ftp> get /network_info/hosts.txt
200 PORT command successful.
150 Opening ASCII mode data connection for /network_info/hosts.txt (1088429 bytes).
226 Transfer complete.
Transferred 1109255 bytes in 182.95 seconds (6063.29 bytes/sec, 5.92 KB/s).

ftp> quit
221 Goodbye.

Now let's convert it to a file we can use effectively:  let's take out of that
huge list of only the machines that are domain servers:

[lycaeum][4]> grep -i domain hosts.txt > domains

Okay, now that we have done that, let's prove that this is a way of finding a
domain server without connecting to anyplace.  Let's just use the grep command
to search the file for a server in the mcl.unisys.com domain:

[lycaeum][5]> grep -i mcl.unisys.com domains
HOST : 128.126.180.2 : KAUAI.MCL.UNISYS.COM,MCL.UNISYS.COM : SUN-3/180 :
SUNOS : TCP/TELNET,TCP/FTP,TCP/SMTP,UDP/DOMAIN :
[lycaeum][6]>

And there you have another way.  Everything we looked at is here: IP number,
the name, the "alias," the computer type, the operating system, and a brief
list of network protocols it supports, including the domain server attribute.
However, none of the other machines on the mcl.unisys.com network were
displayed.  The DoD isn't a complete list of network machines, only the network
machines that are vital to the functioning of the Internet (in the last year,
this list has grown from about 350K to 1.1 megabytes -- and this only reflects
the "new" networks, not including the addition of new machines onto old
networks; the Internet is definitely "in;"  I believe it was estimated 25%
growth per month!).

Obviously, this is very effective when going after university sites.  It seems
they have too many machines to take good care of security on.  Essentially, the
DoD list contains much the same information as NIC does, and is about a million
times more discreet.  I'm not sure if NIC is fully logged, but it does have a
staff Head of Security (*snicker*).

Well, that will pretty much wrap it up for this file.  Hope some of it was
useful for you.


--------------------------------------------------------------------------------


                                ==Phrack Inc.==

                     Volume Four, Issue Forty, File 5 of 14

                                  Pirates Cove

                                   By Rambone


Welcome back to Pirates Cove.  My apologies for not providing you with this
column in Phrack 39.  However, in this issue we take a look at some recent
busts of pirate boards and the organization most to blame for it all... the
Software Publishers Association.  Plus we have news and information about
Vision-X, game reviews, BAD Magazine, and more.  Enjoy.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 FBI Raids Computer Pirate; SPA Follows With Civil Lawsuit        June 11, 1992
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
BOSTON -- The Federal Bureau of Investigation raided [on June 10] "Davy Jones
Locker," a computer bulletin board located in Millbury, Massachusetts, which
has allegedly been illegally distributing copyrighted software programs.

The Davy Jones bulletin board was a sophisticated computer bulletin board with
paying subscribers in 36 states and 11 foreign countries.

A computer bulletin board allows personal computer users to access a host
computer by a modem-equipped telephone to exchange information including
messages, files, and computer programs.  The system operator (or sysop) is
generally responsible for materials posted to the bulletin board.

For a fee of $49 for three months or $99 for one year, subscribers to Davy
Jones Locker were given access to a special section of the bulletin board that
contained copies of more than 200 copyrighted programs including popular
business and entertainment packages.  Subscribers could "download" or receive
these programs for use on their own computers without having to pay the
copyright owner anything for them.

The business programs offered were from a variety of well-known software
companies, including:  AutoDesk, Borland International, Broderbund, Central
Point System, Clarion Software, Fifth Generation, Fox Software, IBM, Intuit,
Lotus Development, Micrografx, Microsoft, Software Publishing Corp., Symantec,
Ventura Software, WordPerfect and X-Tree Co.  Entertainment programs included
Flight Simulator by Microsoft, and Leisure Suit Larry by Sierra.

Seized in the raid on Davy Jones Locker were computers, telecommunications
equipment, as well as financial and other records.

"The SPA applauds the FBI's action today," said Ilene Rosenthal, director of
litigation for the Software Publishers Association (SPA).  "This is one of the
first instances that we are aware of where the FBI has shut down a pirate
bulletin board for distributing copyrighted software.  It clearly demonstrates
a trend that the government is recognizing the seriousness of software
copyright violation.  It is also significant that this week the Senate passed
S.893, a bill that would make the illegal distribution of copyrighted software
a felony."

For the past four months, the Software Publishers Association has been
investigating the Davy Jones Locker bulletin board and had downloaded business
and entertainment programs from the board.  The programs obtained from Davy
Jones Locker were then cross-checked against the original copyrighted
materials.  In all cases, they were found to be identical.

Subscribers to Davy Jones Locker not only downloaded copyrighted software, but
were also encouraged to contribute additional copyrighted programs to the
bulletin board.

The system operator limited subscribers to four hours on the bulletin board
each day.  He also limited the amount of software a subscriber could download
to his or her own computer each day.  Those who "uploaded" or transmitted new
copyrighted software to the bulletin board for further illegal distribution
were rewarded with credits good for additional on-line time or for additional
software.

"Imagine a video store that charges you a membership fee and then lets you
make illegal duplicates of copyrighted movies onto blank video tapes,"
explains Ilene Rosenthal, SPA director of litigation.  "But it limits the
number of movies you can copy unless you bring in new inventory -- copies of
new movies not already on the shelves.  That was the deal at Davy Jones
Locker."

Davy Jones Locker was an international concern with paid subscribers in the
United States and 11 foreign countries including Australia, Canada, Croatia,
France, Germany, Iraq, Israel, Netherlands, Spain, Sweden and the United
Kingdom.

Whether it's copied from a program purchased at a neighborhood computer store
or downloaded from a bulletin board thousands of miles away, pirated software
adds to the cost of computing.  According to SPA, software pirates throughout
the world steal between $10 and $12 billion of copyrighted software each year.

"Many people may not realize that software prices are higher, in part, to make
up for losses to the pirates," says Ken Wasch, executive director of the SPA.
"Pirate bulletin boards not only distribute business software, but also hurt
the computer game publishers by distributing so many of their programs
illegally.  In addition they ruin the reputation of the hundreds of legitimate
bulletin boards which serve an important function to computer users."

The Software Publishers Association is the principal trade association of the
personal computer software industry.  Its 900 members represent the leading
publishers in the business, consumer and education software markets.  The SPA
has offices in Washington, D.C., and Paris La Defense, France.

CONTACT:  Software Publishers Association, Washington, D.C.
          Terri Childs or Ilene Rosenthal, 202/452-1600
_______________________________________________________________________________

 PC Bulletin Board Hit by FBI Raid                                June 14, 1992
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 By Josh Hyatt (Boston Globe)(Chicago Tribune, Section 7, Page 3)

BOSTON -- In one of the first reported crackdowns of its kind, six FBI agents
raided a computer bulletin board based in a Millbury, Massachusetts, home last
week.  Authorities said the bulletin board's operator had been illegally
distributing copyrighted software.

Executing a criminal search warrant, the agents seized several computers, six
modems and a program called PC Board, which was used to run the bulletin board.
Authorities also seized documents that listed users of the service.

No arrests were made, according to the Software Publisher's Association, a
trade group that brought the case to the FBI's attention.  The association
estimates that, as of March, the bulletin board had distributed $675,000 worth
of copyrighted software; software pirates, it says, annually steal as much as
$12 billion this way.

The FBI will not comment on the case except to confirm that a raid had taken
place and that the investigation is continuing.  The alleged operator of the
bulletin board, Richard Kenadek, could not be reached for comment.

Around the same time as the raid, the software association filed a civil
lawsuit against Kenadek, charging him with violating copyright laws.  Ilene
Rosenthal, the group's director of litigation, said that "the man had
incriminated himself" through various computerized messages.

"There's plenty of evidence to show that he was very aware of everything on his
bulletin board," she said.

Bulletin boards let personal computer users access a host computer via modems.
Typically, participants exchange information regarding everything from computer
programs to tropical fish.  They may also, for example, obtain upgrades of
computer programs.

The association said its own four-month investigation revealed that this
bulletin board, called Davy Jones Locker, contained copies of more than 200
copyrighted programs.

Rosenthal said users also were encouraged to contribute copyrighted software
programs for others to download or copy.

According to Rosenthal, subscribers paid a fee, $49 for three months or $99 for
one year. She said Davy Jones Locker had nearly 400 paying subscribers in 36
states and 11 foreign countries.
_______________________________________________________________________________

 Cracking Down On Computer Counterfeiters                             July 1992
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 By B.A. Nilsson (PC-Computing Magazine)(Page 188)

Popular bonding rituals usually aren't criminal.  Admire a friend's new car,
and you're likely to swap a few stories and a can of STP.  You may be invited
to take the car for a spin.  You can pass recipes back and forth or lend your
copy of the latest best-seller to a fellow fan.

Sharing computer programs is another common practice among friends.  It's
great to help someone who's daunted by the challenge of learning to use a new
machine, and sometimes that includes a gift of some of your favorite software.
"Here.  Why don't you get started with WordPerfect?"  And, later, inevitably,
"The Norton Utilities will get that file back for you."

Copying a set of disks is so simple and such a private action that you'd hardly
think it's also illegal.  The legality part is easy to overlook.  The copyright
notice is a complicated critter, often printed on the seal of the software
package that is torn away as you dig for those floppy disks.  You may not even
be the one who ripped the original package open (in which case, you're yet
another who's ripped the program off).

But whether or not you're aware of it, unless you either broke the shrink-wrap
or received the package with all disks, documentation, and licensing
information intact, you're breaking the law.  The good news is that if you're
an individual with pirated software on your home computer, you probably won't
get caught.  But if you're a boss with an angry employee, the Software
Publishers Association (SPA) may get tipped off.  When the SPA comes to call on
your business, it's with U.S. marshals and lots of official paperwork.  And the
association has an annoyingly good history of winning its copyright-
infringement cases.

Perspectives on Piracy

"Computers give us a kind of technical sophistication that never used to
exist," says Ken Wasch, the voluble head of the SPA.  "In the old days, if you
wanted to make your own copy of something like a pencil, you'd need a
complicated manufacturing center.  But the very fact that you can run a
computer program means that you can make a flawless copy of it.  This is the
only industry in the world that empowers every customer to be a manufacturing
subsidiary."

The regulations are spelled out again and again in the software manuals:
You're allowed to make one or two copies of the program for backup purposes.
Other rules vary slightly from company to company.  Some license agreements
demand that the software package be used only with a single machine; others,
most notably Borland's, let you use the program on as many computers as you
wish, provided no two copies of the program are run concurrently, just as a
book can be read by only one person at a time.

"If all software developers took the same approach as Borland International,
people wouldn't steal so much," says avowed pirate Ed Teach.

(Note:  The names and locations of all interviewed pirates have been changed.)

"Borland gives you that book license.  Of course, they'll drive you insane with
upgrades.  They wholesale the software, then make their money on all the
subsequent releases."

Teach is the systems administrator for a residential health-care company in
the Southeast.  "I believe in piracy," he says.  "I like to borrow something to
play with it.  If I like it, I'll buy it."

He dismisses demos and limited versions of programs as inadequate for the
testing he prefers; similarly, he considers the typical 30-day return agreement
too restrictive.  "It's not a realistic time period for an evaluation," Teach
says.  "I just got a copy of FormTool Pro, and it's a powerful program with a
very steep learning curve.  I can't devote myself to it and learn what I'd need
to know in 30 days."

Teach has spent six years recommending and configuring programs for his
company.  He does not fit the image of a lawbreaker, and he believes that what
he does is morally justified.  "I buy the software eventually.  My company
bought licenses to use WordPerfect 5.1 after starting with a pirated copy of
the program.  Everything on the company machines is legit."

Copying wasn't always so easy.  Old-timers remember the copy-protection schemes
that pervaded the computer industry, requiring key disks or special
initialization procedures.  But users unanimously demanded an end to it, and
when Lotus, the last significant holdout, gave in, that era was over.  Today
you find protection only on games and niche-market programs.

How much has the end of copy protection cost software companies?  It's
impossible to figure accurately.  In August 1991, the indefatigable Software
Publishers Association released figures on corporate-use losses that suggest
both a staggering financial loss and a possible decline in piracy.  In 1987,
1.31 DOS-based software programs were sold for every office computer.  The
expected proportion is three packages per computer, meaning that more than half
of the programs in use were probably pirated.  In 1990, the number of
legitimate packages jumped to 1.78.  But prices have gone up, too, so that the
dollar losses haven't changed much:  The 1987 liability was $2.3 billion, and
the number rose to $2.4 billion in 1990.

The numbers for private-use piracy, on the other hand, can't be calculated.  If
all the computer users who have never pirated software got together, they
wouldn't need a very large hall.  Wasch concedes that it's difficult to
actually catch and prosecute the individual pirate.  "Nobody is actually doing
time for piracy," he says, citing the exception of a retailer who was caught
running what amounted to a pirated-software storefront.

   The Software Police

Although the SPA is targeting home abuse in a current study, Wasch believes
that the greatest financial losses are due to corporate piracy.  And corporate
pirates are easier to apprehend because an angry employee is frequently willing
to turn in the boss.  "We get about 20 calls a day," says Wasch, who set up a
special number (800-388-7478) for reporting piracy.  "Ninety percent of the
calls we follow up on come from disgruntled employees."

It's the kind of visit most of us have only seen in the movies, and it's
usually an unexpected one.  A receptionist with one targeted company was so
shocked by the arrival of the SPA posse that she asked if it was a "Candid
Camera" stunt.

Founded in 1984 as an educational and promotional group, the SPA evolved into
a software police force five years ago as more and more software vendors
joined.  Now almost 800 are in the fold.  The SPA began to woo whistle-blowers
in earnest about two years ago, after a tip led to the successful bust of a
large corporation in the Midwest.

"Business is too good," Wasch says.  "We're doing far more lawsuits and far
more audits than ever before, and the numbers are continuing to grow."

If your corporation is busted by the SPA, hope that it's done by mail.  "What
happens then is that we write the CEO a letter explaining that we want to do an
audit," Wasch says.  "If we find illegal software, the company pays twice: Once
for the pirated copy, once for a new one.

"That's a lot better for the company.  The fine is much lower, and they don't
face the adverse publicity that results from a lawsuit.  Still, 60 percent of
them promise they won't destroy software before they report it, and then they
go and do it anyway."

That was the case with a recent SPA visit to a medium-size defense contractor
in Washington, DC.  "They agreed to an audit, and then they tried to wipe
pirated programs off all the hard disks," Wasch says.  "But we knew.  Why do
they think we called them in the first place?  Someone on the inside was
talking.  I couldn't believe they'd sit there and lie to us about it, we had
them over a barrel!"

The increasingly ominous specter of the SPA breaking down the door is making
more companies go legit, but some continue to spout excuses.  "I don't want to
break the law, but I also don't want to go out of business," says Howell Davis,
the CEO of an accounting firm in a New England capital.  "We can't afford to
work without computers, but I can't pay the high price of registering every
copy of every program we use.  I had to borrow a lot of money to get this
business off the ground, and I think of this as just another form of borrowing.
It's another loan I'll repay when I can afford to."

Some corporate pirates operate with a sense of entitlement.

"Nobody's going to catch us," says Charles Vane, the managing director of a
nonprofit theater company in the Northwest, "and nobody should even be trying
to.  We're on the brink of bankruptcy.  Companies should be giving us software
packages as a gesture of support for the arts."  He admits that almost all of
the software his theater uses is pirated.  "We have some nice programs,
including an accounting package developed for Ernst & Young that we swiped and
a copy of SuperCalc with a bunch of extra modules.  And WordPerfect, of
course," Vane says.

Where do the packages originate?  "Our board members get them for us," Vane
says.  "Of course, that means we can't be choosy.  We have to wait until a
particular program comes our way.  And what they like to give us the most are
games.  We have a kazillion games."

Games and piracy are natural partners.  Games themselves encourage piracy.
Unlike business-oriented programs, they engender intense, short-lived
relationships.  Or as pirate-BBS operator John Rackam puts it, "Games get
boring.  That's why you see so many of them on the pirate boards."

Online Piracy

Rackam runs a BBS straight out of "The Man from U.N.C.L.E."  It looks like any
other medium-size board in the country, with a standard collection of shareware
and message bases.  Gain special access which only takes $50 and a friend's
recommendation and you pass through the secret door into a 600MB collection of
the latest applications, including 10 zipped files of the complete dBASE IV, 11
of AutoCAD, and 6 of MS-DOS 5.0.

"Most of the people who use my board are collectors," he says.  "They have to
have the latest copy of everything."  Rackam isn't deterred by the threat of
getting caught.  "I don't think it's going to happen to me.  I'm not doing
anything that's really terrible.  I mean, I'm not hacking up bodies or
anything.  I make no money off this.  The fee is just for keeping up my
equipment.  I consider myself a librarian."

Novell takes a dim view of that attitude, as evidenced by an August 1991 raid
of two California bulletin board systems accused of distributing Novell NetWare
files.  Such systems are another target the SPA would like to hit, and Wasch is
looking for FBI cooperation.

That makes the Humble Guys Network ripe for the picking.  Study the high-
resolution GIF file of these buccaneers, and you see a collection of ordinary-
looking folks who happen to traffic in pirated game software.  The founder, a
hacker who called himself Candy Man, has since skipped the country; now The
Slave Lord, a student at a southern college, is at the helm.

"The whole point of the network is to get games before the stores have them,"
says Bill Kidd, a computer consultant in Manhattan.  "This is like proof of
manhood, how fast you can get them."  Kidd professes little personal
involvement with piracy, but he knows where the bodies are buried.

"First there are the suppliers who can get a program from a manufacturer well
before it's released," Kidd says.  "Often the supplier works for the
manufacturer.  The game goes to the head person, who delivers it to the
crackers.  They're the ones who remove the copy protection.  From there it goes
to the couriers, and each has a list of pirate BBS's.  The program then makes
it all over the country in minutes."

Speed is an obsession.  These pirates are armed with 9,600-bit-per-second
modems and a must-have-it-now mentality.  "The week before MS-DOS 5.0 hit the
stores," says Kidd, "most of the pirate boards had already deleted it because
they had been offering beta versions six months before."

As far as revenues are concerned, pirate bulletin boards may be more of a
nuisance than a threat.  "Those people are never really going to buy that
software," says John Richards, a product manager with Lotus.  "Nominally, it's
bad, but it's not as if they're buying one copy of 1-2-3 to put on the office
workstation for ten users."

Pirates at Home

While an office environment allows for regular, rigorous audits, the home
user gets away with pirating software.  Peer under the hoods of a few hard
disks, and you're liable to find something illicit.

"It can happen innocently enough," says Symantec's Rod Turner.  As general
manager of the Peter Norton Group, Turner has the distinction of overseeing one
of the most frequently pirated pieces of software:  The Norton Utilities.
"Someone puts a copy of the software on someone else's machine to test it out
and leaves it behind.  The other user assumes it's there legitimately," Turner
says.

"Often, someone gets software from a friend who got it at work," says Tony
Geer, service manager at Computer Directions, a retail outlet in Albany, New
York.  Geer looks at hundreds of user-configured hard disks every month.
"Someone buys a machine from us, then turns around and calls us to say that
he's got all this software now, could we tell him how to run it," Geer says.
"What am I supposed to do?  The customer wants me to spend hours on the phone
teaching him or he gets mad.  When I tell him he has to buy the program, too,
he gets annoyed."

Geer also receives a huge number of requests for pirated software.  "A lot of
users think that we can load up their hard disks with programs, even though
they know they ought to be paying for them and just want to duck the fee."

A few requests come from the truly naive, Geer says.  "I'll get a call for
software support and I'll ask, What did the manual say?'  I didn't get a
manual,' the person tells me.  A friend gave this to me.'  And then I have to
explain that software isn't free."

High software prices are a common user complaint.  Former WordPerfect executive
vice president W.E."Pete" Peterson thinks the $495 list price of WordPerfect's
best-selling word processing program is justified, however.  "WordPerfect sells
about 150,000 copies a month at that price, so quite a few users think the
price is justified, too," says Peterson.  "A computer costs anywhere from a few
hundred to a few thousand dollars.  Without the software, the computer is
worthless.  WordPerfect goes to a lot of work to write and support the
software."

The latter includes a costly policy of toll-free phone support, handled by
operators who would just as soon not ask for a registration number.  It's an
expensive way of showing trust, but it has paid off in excellent public
relations.

"We try to sympathize with people," says Jeff Clark, public relations director
at XyQuest, the company that publishes XyWrite, a word processing program
popular among journalists.  "We sell replacement manuals as a service to
registered users, but there's a call at least once a week from someone who's
obviously trying to get manuals to go with a pirated copy."

The challenge then is to educate the caller, who may not even know that a law
has been broken.  "All we ask of a registered user is to run the program on one
machine at a time," Clark explains.  "If you're using it at work, yes, you can
use it at home.  But don't buy one copy to use in an office of eight people."

"A lot of people seem to think copying disks is OK because it's easy to do,"
says Turner, who is also chairman of the SPA's companion organization, the
Business Software Alliance, which fights international piracy.  "Then they call
our tech line, and we're in the delicate position of telling them they're using
a product illegally."

Microsoft is even more benevolent.  "We like to know where the pirated copy
originated," says Bill Pope, associate general counsel for the company.  "It's
not always possible to learn over the phone who's pirating something, because
we don't require that registration cards be returned.  But if we do identify a
pirated copy, we'll help the user get it legally, and we may even supply a free
copy of the program if we can learn where it came from."

A highly publicized amnesty program was launched by the XTree Company in July
of 1982.  For $20, anyone with a pirated copy of an XTree program was allowed
to buy a license for the entry-level version of the program, thus getting
access to the upgrade path.  Response was enthusiastic during the 90-day
period, but the offer won't be repeated.  "You can't offer amnesty over and
over," says Michael Cahlin, who markets the XTree products.  "You lose the
respect of dealers and users who paid full price for it."

Turner is more blunt about it.  "Amnesty encourages piracy.  I don't think it's
been successful."

While the SPA will continue to make headlines with Untouchables-style raids
of corporate offices, Wasch also acknowledges that education is the key to
fighting piracy.  A 12-minute, SPA-produced videotape entitled It's Just Not
Worth the Risk spells out the message as a congenial corporate manager is made
wise to the ways of the company pirate.

"That tape has been a huge success," says Wasch.  "American Express bought 300
copies, and Kimberly-Clark just ordered 100.  We've distributed about 10,000 of
them so far."

A self-audit kit, also available from the SPA, includes a program that
determines what software is in use on your PC as well as sample corporate memos
and employee agreement forms to promote piracy awareness.

Seeing the Light

Fear of being caught keeps many people honest, but some pirates will wait until
they're forced to walk the plank before giving up.

John Rackam says his BBS users are innocent.  "They can't afford the software,
and they shouldn't have to pay," he says.  "They're downloaders.  They un-ARC it and say, This is nice!'  Then they never use it again."

Charles Vane believes that software companies should give nonprofit
organizations like his theater a break.  "If they give us packages, we'll give
them publicity.  We'll print it in the program, we'll post it in the lobby.
It's an upscale crowd that comes through here.  We just don't have the luxury
of money.  I bought one program, ReportWriter, because it was cheap and good."

For casual users, piracy may simply be a phase.  "I own 90 percent of the
programs I use," says systems administrator Ed Teach.  "That's a big reverse
from about four years ago, when 90 percent of them were bootlegs."

And there's always the problem of well-meaning friends.  Henry Every, a
journalist at a Florida newspaper, received pirated programs from friends when
he bought his first computer five years ago.

"I had all these programs and no idea how to use them," Every says.
"Fortunately, the bookstore had guides that were even better than the manuals,
and I became something of a power user.  Then I became the guy that a friend of
a friend would call for help with his machine.  Next thing I know, I'm the one
giving away pirate copies.

"But I won't do it anymore. I'm sick and tired of getting those calls all hours
of the day and night asking me how to use the damn things."


No Excuses Accepted

"When I'm sitting across the table from them and they're looking really
dog-faced, when I can see the whites of their eyes, it's hard to pull the
trigger," says Ken Wasch, the head of the Software Publishers Association.
"Nevertheless," he says, "I pull the trigger."

Wasch is not a tender man when it comes to dealing with software pirates.  He
has no patience for the typical excuses given by those who copy and use
unlicensed software, and he offers the following responses to the common
complaints he hears from the outlaws:

*    The price is too high.

"Hey I don't own a Mercedes Benz.  Why? The price is too high.  If you can't
afford it, don't use it."

*    It's better to test the real thing than a crippled or demo version.

"The demos are normally very good.  They limit the number of records, or they
don't save to the disk, or something.  It's enough."

*    I'll pay for it later.

"I doubt it."

*    I won't get caught.

Wasch laughs.  When he does so, you can't help but hope that he's laughing with
you, not at you.  "Sooner or later . . ."


How Microsoft Foiled the Pirates

Imitation is flattering only when you don't lose money over it.  Many software
packages are copied by clever pirates who duplicate disks, manuals, even
packaging.  Microsoft has been hit often enough by counterfeiters that recent
software releases, including the Windows 3.1 and MS-DOS 5.0 upgrade packages,
were specially designed to be bootleg-proof.

"Every component part was carefully designed or hand-picked for that reason,"
says Kristi Bankhead, who works with Microsoft's general counsel on piracy
issues.  "To the user, it should just look like an attractive box, but it
allows us to tell at once if it's legitimate or not."

That strategy paid off in March when FBI agents raided a quartet of Silicon
Valley companies that were pulling in up to $600,000 a month distributing bogus
copies of MS-DOS and Windows.

Key components of the official, bootleg-proof box designs are colorful artwork
and the use of holograms.  On the MS-DOS 5.0 upgrade box, a silver circle on
the side offers an iridescent image of the logo.  A second hologram, a small
rectangle on the side of the program manual shows through an expensive die-cut
hole on the other side of the box.  The interlocked letters D-O-S are printed
in a four-color process that results in complicated mixtures that defy
reproduction.  Even the way the box is folded and the flaps are glued and
tucked is unique, it's not a common style, and counterfeiters must either spend
time and money to copy it or risk quick discovery.

Even as the DOS upgrade package was being readied for market last year, police
detectives uncovered a Los Angeles based pirate ring that was already working
on full-scale knockoffs of it.  "We got them while they were in the process of
completing the DOS 5.0 artwork," said Bankhead, "but we could tell how bad it
would look.  For instance, they were using a piece of foil for the hologram,
and it had no three-dimensional image."

   Top 10 Pirate BBS Downloads

   1. Windows 3.1 (Microsoft)
   2. Excel 4.0 (Microsoft)
   3. Norton Utilities 6.0 (Symantec)
   4. WordPerfect for Windows 5.1 (WordPerfect)
   5. Stacker 2.0 (Stac Electronics)
   6. AutoMap (AutoMap)
   7. Procomm Plus 2.0 (Datastorm Technologies)
   8. PC Tools Deluxe 7.1 (Central Point Software)
   9. QEMM-386 6.0 (Quarterdeck Office Systems)
   10. WordPerfect 5.1 (WordPerfect)

It looks familiar.  It's very close to a recent Top 10 list of legitimate
programs.  That's not surprising, since popular programs are also the most-
often swiped.

The list above was compiled from a survey of pirate BBS's, with help from John
Rackam.  He explains that activity is so brisk the profile changes from week
to week, with games being the most transitory items (which is why they're
impossible to track).  Because non-disclosure doesn't exist in the pirate world
and exchanging beta copies of software is a pirate tradition, Windows 3.1 won a
strong position even before its official release.  By the way, there's only a
cursory interest in OS/2 2.0, which is ominous news for IBM if pirate interest
is any barometer of sales.
_______________________________________________________________________________

 Software Publishers Association:  Nazis or Software Police?
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 An Investigative Report by Rambone

The Software Publishers Association (SPA) is the principal trade association of
the microcomputer software industry.  Founded in 1984 by 25 firms, the SPA now
has more than 750 members, which include major businesses, consumer and
education software companies, and smaller firms with annual revenues of less
than $1 million.  The SPA is committed to promoting the industry and protecting
the interests of its membership.

The SPA has two membership categories:  Full and Associate.  Software firms
that produce, release, develop or license microcomputer software and are
principally responsible for the marketing and sales of that software are
eligible to apply for full membership status.  Firms that develop software, but
do not publish are also eligible.  Associate membership is open to firms that
do not publish software, but provide services to software companies.  These
members include vendors, consultants, market research firms, distributors and
hardware manufacturers.

Lobbying

The SPA provides industry representation before the U.S. Congress and the
executive branch of government and keeps members up-to-date on events in
Washington, D.C., that effect them.  The fight against software piracy is among
its top priorities.  The SPA is the industry's primary defense against software
copyright violators both in the United States and abroad.  Litigation and an
ongoing advertising campaign are ways in which the SPA strives to protect the
copyrights of its members.

This is the impression that the SPA wants to give the general public, and for
the most part, I have no problem with it.  During a lengthy conversation with
Terri Childs of SPA, I was informed of several things.  The association's main
source of information is from their hot-line and the calls are usually from
disgruntled employees just waiting to get back at their former bosses.  An
example of this is a company that had bought one copy of Microsoft Works, and
with over 100 employees, they all seemed to be using the same copy.  One
particular secretary had gotten fired, for what reason I do not know, so she
called the SPA police and spilled her beans.  Once that happened the SPA got
the balls rolling by instructing the Federal Marshals to get a warrant and
storm the building like they own the place.  With a nifty little program they
have that searches the machines for illegal copies of the software, they came
up with the programs not registered to that machine.  *Bam!*, caught like a
dead rat in a cage.  The SPA declined to comment on what has happened to that
company since the raid, but they did say the company would be fined "X" amount
of dollars for each illegal copy.

Ms. Childs was very helpful though, she explained the idea behind the
association, and what they stand for.  I was very impressed with what she had
to say.  However, when I brought up the case concerning the Davy Jones Locker
bust.  She told me she was not qualified to answer questions involving that
case and directed me to Elaine Rosenthat.  So a few hours later I called her,
and for a few brief moments she seemed to be quite helpful, but then decided to
put me on a speaker phone with the founder of the "Association," Ken Wasch.

>From the start I knew I would not get a straight answer out of him.   The first
thing I asked him is if someone not in SPA obtained an account to get onto DJL,
and then gave it to them with log captures from the BBS.  He would not give me
a straight answer, just that SPA was able to obtain the information.  I then
asked him what actions are being taken toward DJL and received another run
around.

Finally, I asked what type of fine would be likely to be handed down in this
case.  He refused to give me an answer.

But I did learn one very interesting little fact from all of this.  The money
obtained by this incident and others like it do not go to the software
companies who the SPA claims to be protecting.  Instead it goes right into the
coffers of the SPA itself!  I guess they like to try those Mercedes.

And here is a few more interesting little tidbits about the SPA.  Not only do
they fine the companies for having illegal software and then pocket the money,
but the annual charge for membership on the software companies can range
anywhere from $700 to $100,000!  It seems to me that it is much more profitable
to eradicate piracy than to participate in doing it.

For those of you currently operating or considering operating a pirate bulletin
board, I would suggest that you not charge your users for access.  Even if you
claim that the money is only for hardware upgrades, in the long run, if you get
busted, the money you collected will be evidence that suggests you were selling
copyrighted software for financial gain.
_______________________________________________________________________________

 Vision-X Backdoor Nightmare
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~
 By Rambone

There seems to be a fallacy in the pirate world that all BBS software is
untouchable.  However, about a month ago a few people associated with the
Oblivion team took apart .93 (a version number of Vision-X) and found
backdoors.  The unfortunate problem with this is that the V-X team put those
backdoors in so they could trace down which Beta site was giving out Beta copies.  Well, they found the backdoors and called up several boards and used
them.

1.  The story from the people who hacked the boards is this, one of the two
    involved was irate becuase he wrote a registration for .93 so anyone could
    run it, whether they paid for the software or not.  When the V-X team found
    out about it, they blacklisted him from being able to logon into any V-X
    system.  This was done hard-coded, so no sysop could let him in with that
    handle.  Anyway, the story is they got into several of the BBSes, and even
    dropped to DOS to look around, but did not have any intentions on 
    destroying data.  Basically, they wanted to expose the weaknesses of the
    software.  The problem started when they posted the backdoors on a national
    net, which means that now any lamer could use this backdoor for their own
    purpose.  According to the Oblivion guys, they did not destroy the data,
    but some of the lamers that saw the backdoors on the net did.  They regret
    posting the backdoors.  They didn't realize that there are some people who
    are malicious enough to destroy data.

2.  The Vision-X team are positive that the people who did take down the BBSes
    were the Oblivion team, some say they even admitted to doing it.  There is
    a major paradox in these stories, and at this point it doesn't look like
    anyone will ever be able to get the entire truth about what had happened.

Backdoors have never been a good idea, even if the authors are positive they
will never be found.  The recent barrage of system crashing prove that the backdoors will indeed be found eventually.  On the flip side of the coin, even
if backdoors in BBS software are found, they should be left alone to be used for their original intent.  Most authors who put the backdoors into the systems
do it to protect their investment and hardwork.  Most BBS programers these days
work on the software for the benefit of the modem community, and expect a
little money in return for their hard work.  It is wrong for sysops to use it
without permission.  You guys need to stop being cheap asses, and support a
software you want support from.  What is the point of running a cracked piece
of software since you cannot get support from the authors and not get the net
they are involved in.  The nominal amount of money involved is a good
investment in the future of your bbs.
_______________________________________________________________________________

 "BAD" Magazine Lives Up To Its Name
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 By Rambone

I had never read Bad Magazine until recently.  Everywhere discussion about it
had erupted, all I saw were comments that it was a waste of harddrive space.
However, when Bad's eighth issue surfaced, I heard that there were a few
disparaging remarks made about me and a spew of other loose information.

So I went ahead and took a look at it, and what I found was one lie after
another.  I have never seen a magazine so full of shit as BAD #8.  Apparently
they seemed to think I mentioned them in Phrack magazine, "Bad Magazine got
their first mention in the magazine Phrack."  The funny thing is, the only
mention of BAD Magazine ever to appear in Phrack before now was a remark
attributed to The Grim Reaper that I reprinted.

I could care less about a pathetically lame magazine such as BAD and I never
mentioned them and never intended on mentioning them until they raised the
issue by taking a pot shot at me.

"The Boys of Phrack however did not do their homework when mentioning this
though."  This is a quote from BAD regarding comments made about Vision-X,
which the article was not even about.  What they don't know is that I
personally called The Grim Reaper and talked to him before putting anything in
Phrack about his bust.  That's what the point of the article was about, not
about some lame magazine named BAD and what they did.  They deemed me
responsible for not backing up my facts, when in fact, I backed them all up.
Grim Reaper's comments about Vision-X was not my concern, it was his bust for
credit card abuse that I was interested in learning about.  The remarks
concerning BAD were made by TGR, so it would appear that "the boys at BAD" did
not do THEIR homework!

"Rambone obviously does not get much exposure to the pirate world."  Yet
another ridiculous and unsubstantiated remark.. You boys definitly did not do
your homework, you better start asking around a little more before making
irresponsable accusations.  The last words I will say about this is when
people put a magazine together, they should try and find writers who will
investigate facts instead of fabricating them.  If they actually read my
article, they would have known that I did not say a word about their magazine,
but rather quoted The Grim Reaper.  With writers such as those at BAD, I would
not suggest anyone waste their time reading it, unless you are into tabloids
like National Inquirer, but then at least some of their articles have a basis
in fact.
_______________________________________________________________________________

 Games
 ~~~~~
Game Of The Month : Links 386 Pro

 :     -*- Release Information -*-     :       -*- Game Information -*-       :

 : Cracker           None              : Publisher       MICROPLAY            :
 : Protection Type   None              : Graphics        SVGA Minimum         :
 : Supplier          The Witch King    : Sound           All                  :
 : Date of Release   07/13/92          : Rating [1-10]   10                   :

Sorry guys for reprinting the information file, but I got lazy <g>.

With the advent of the Super VGA Monitors, and the prices becoming more
resonable, companies are starting to come out with special games to take
advantage of SVGA mode.  Most of these games still will play in VGA mode so
don't fret.

One of the latest to date, and probably the best is Links 386 Pro, which the
title indicates, at least a 386 is required.  The installation of the game is
one of the most impressive I have ever seen, they cover every aspect of your
hardware to take full advantage of it.  One of the harder things to swallow is
that you must have at least 512k of memory on your VGA card, and it must comply
by the VESA standard.  If it does, the instalation is smart enough to try and
find one for you.

The game it's self is a major improvement over it's predecessor, Links.  The
graphics are much improved, which was a feat in itself, and many more options
and bugs had been taken care of.  The company also listened to its customers
and added many new features that were suggested.

When first loading up 386 pro, you are greated by a backview of a course
instead of the boring blank screen in the original.  From there, you can just
about set up anything under the moon, from your club selection, to fairway
conditions, and techture of the greens.  You can even select the wind
conditions.  One of the most impressive features besides  the outstanding
grahpics is the option to have multiple windows open while playing the game.

Let's say you are at the first hole, about to drive one down the fairway, if
you can make it there, you can also have another window up overlooking the
fairway waiting to see where the ball is going to drop.  This is just one of
many windows you can open, four at the most.  After playing it for quite
sometime, I would only suggest one or two though.

If you are contiplating buying a game to take advantage of your SVGA monitor,
look no further than Links 386 Pro.  It's the wave of the future, and it's here
now.
_______________________________________________________________________________

 No Longer Buy Console, Copy Them
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 Special Thanks Snow Dog

The following is an information excerpt on the GameDoctor.  Basically, you can
buy a machine called the GameDoctor hook it up to your PC and copy the rom data
over to your HD in a compresed format.  From there, you can send it over the
nets, through the modem, or bring it to a friend's house.  You hook the
GameDoctor up to your PC, hook your console game to the GameDoctor and transfer
the compressed data file onto a blank cartridge.  Wow, instant Super Mario
brothers.  There will be a more in-depth review of this machine in the next
issue, for now, here's a little taste.

Snow Dog writes:

The machines are external SCSI interface machines, about the size of a super
NES but wider, and fitted for japanese (super famicom) cartridges.  They are
made by electronics nippon, known as NEC in the States, and  friend has one
that works on both his Amiga 2000 and his 486-33 (SCSI is universal).

They include five disks of Famicom OS, which you can use on a logical harddisk
partition of around six megs since SNES games are measured in MegaBITS and will
NEVER get bigger than four meg or so, but the OS needs room.  Controllers et.
al. plug into the copier units.

If you take an SNES or Genesis cart out of their shell and put it in a SF
shell, you can copy them too.  It works like teledisk, and Altered Reality in
(303)443-1524 has console game file support. All you do is download it and use
your own console copier to put it on a cart, or at your option if it is a SNES
or Famico game, play it off your OS.  Genesis games don't work in the SF OS so
you need to copy them to cartridge.

There are Japanese copiers specifically for Mega Drive (Genesis) that will do
the same except that the OS is Sega-specific and you'll eed to copy SNES games.
There is also a NEC PC Engine (turbo graphics and super graphics) copier
because they made the bloody system, but it is proprietary and it will only
work with the turbo format.

I have never seen or worked with an internal model, but there is an internal
5.25" full height model in the NEC catalog...I ordered the catalog after I saw
an advertisement for it in the back of Electronic Gaming Monthly, and a rather
rich friend of mine went and bought the system.  He also bought the $130
Japanese Street fighter II and copied it for all of us.  How nice of him!  Of
course we had to buy the cartridges and pay him $20, but he made a $100 profit.
Good deal for him!
_______________________________________________________________________________

Okay, that is it for now.  Greets go out to Cool Hand, Ford Perfect, Lestat,
RifleMan, The CrackSmith, AfterMath, both Night Rangers, Kim Clancy, Bar
Manager, Butcher, Venom, and all the couriers who help make things happen.

Special thanks to Tempus for one kick ass ansi!

Until next time, keep playing.


--------------------------------------------------------------------------------


                                ==Phrack Inc.==

                     Volume Four, Issue Forty, File 6 of 14

  ***************************************************************************
  *                                                                         *
  *                            Cellular Telephony                           *
  *                                 Part II                                 *
  *                                                                         *
  *                                    by                                   *
  *                               Brian Oblivion                            *
  *                                                                         *
  *                                                                         *
  * Courtesy of:       Restricted-Data-Transmissions (RDT)                  *
  *                  "Truth Is Cheap, But Information Costs."               *
  *                                                                         *
  *                                                            June 1, 1992 *
  ***************************************************************************

In Phrack 38, I discussed the history of cellular telephony, monitoring
techniques, and a brief description of its predecessors.  In Part II, I'll
describe the call processing sequences for land-originated and mobile-
originated calls, as well as the signaling formats for these processes.  I
apologize for the bulk of information, but I feel it is important for anyone
who is interested in how the network communicates.  Please realize that there
was very little I could add to such a cut and dried topic, and that most is
taken verbatim from Industry standards, with comments and addendum salt and
peppered throughout.


Call-Processing Sequences


   Call-Processing Sequence for Land-Originated Calls


 MTSO                       Cell Site                     Mobile Unit
 ------------------------------------------------------------------------------
                            1 -- Transmits setup channel data on paging channel
                            2 ----------------------------Scans and locks on
                                                          paging channel
 Receives incoming call --- 3
 and performs translations

 Sends paging message ----- 4
 to cell site
                            5 -- Reformats paging
                                 message
                            6 -- Sends paging message
                                 to mobile unit via
                                 paging channel
                            7 ----------------------------Detects Page
                            8 ----------------------------Scans and locks on
                                                          access channel
                            9 ----------------------------Seizes setup channel
                           10 ----------------------------Acquires sync
                           11 ----------------------------Sends service request
                           12 -- Reformats service request
                           13 -- Performs directional locate
                           14 -- Sends service request to MTSO
 Selects voice channel --- 15
 Sends tx-on command to -- 16
 cell site
                           17 -- Reformats channel designation message
                           18 -- Sends channel designation message to mobile
                                 unit via access channel
                           19 -----------------------------Tunes to voice
                                                           channel
                           20 -----------------------------Transponds SAT
                           21 -- Detects SAT
                           22 -- Puts on-hook on trunk
 Detects off-hook -------- 23
 Sends alert order ------- 24
                           25 -- Reformats alert order
                           26 -- Sends alert order to mobile unit via blank-
                                 and-burst on voice channel
                           27 -----------------------------Alerts User
                           28 -----------------------------Sends 10-kHz tone
                           29 -- Detects 10-kHz tone
                           30 -- Puts on-hook on trunk
 Detects on-hook --------- 31
 Provides audible ring --- 32
                           33 -- Detects absence of 10-kHz tone
                           34 -- Puts off-hook on trunk
 Detects off-hook -------- 35
 Removes audible ring ---- 36
 and completes connection

                         Time


              Call-Processing Sequence for Mobile-Originated Calls

 MTSO                       Cell Site                     Mobile Unit
 ------------------------------------------------------------------------------
                            1 -- Transmits setup channel
                                 data on paging channel
                            2 --------------------------- Scans and locks-on
                                                          paging channel
                            3 --------------------------- User initiates call
                            4 --------------------------- Scans and locks-on
                                                          access channel
                            5 --------------------------- Seizes setup channel
                            6 --------------------------- Acquires sync
                            7 --------------------------- Sends service request
                            8 -- Reformats service request
                            9 -- Performs directional Locate
                           10 -- Sends service request to MTSO
Selects voice channel ---- 11
Sends tx-on command to --- 12
cell site
                           13 -- Reformats channel designation message
                           14 -- Sends channel designation message to mobile
                                 unit via access channel
                           15 --------------------------- Tunes to voice
                                                          channel
                           16 --------------------------- Transponds SAT
                           17 -- Detects SAT
                           18 -- Puts off-hook on trunk
Detects off-hook --------- 19
Completes call through --- 20
network Time

Let me review the frequency allocation for Wireline and non-Wireline systems.
Remember that the Wireline service is usually provided by the area's telephone
company, in my area that company is NYNEX.  The non-Wireline companies are
usually operated by other carriers foreign to the area, in my area we are
serviced by Cellular One (which is owned by Southwestern Bell).  Each company
has its one slice of the electro-magnetic spectrum.  The coverage is not
continuous, remember that there are also 800 MHz trunked business systems that
also operate in this bandwidth.  Voice channels are 30 KHz apart and the Data
channels are 10 KHz apart.


Frequency Range         Use
----------------------------------------------------------------------
870.000 - 879.360       Cellular One (mobile input 825.000 - 834.360)
880.650 - 890.000       NYNEX (mobile input 835.650 - 845.500)
890.000 - 891.500       Cellular One (mobile input 845.000 - 846.500)
891.500 - 894.000       NYNEX (mobile input 846.500 - 849.000)
879.390 - 879.990       Cellular One (data)
880.020 - 880.620       NYNEX (data)

The data streams are encoded NRZ (Non-return-to-zero) binary ones and zeroes
are now zero-to-one and one-to-zero transitions respectively.  This is so the
wideband data can modulate the transmitter via binary frequency shift keying,
and ones and zeroes into the modulator MUST now be equivalent to nominal peak
frequency deviations of 8 KHz above and below the carrier frequency.


   PUTTING IT ALL TOGETHER - Signaling on the Control Channels

The following information will be invaluable to the hobbyist that is monitoring
cellular telephones via a scanner and can access control channel signals.  All
information released below is EIA/TIA -- FCC standard.  There are a lot of
differences between cellular phones, but all phones must interface into the
mobile network and talk fluently between each other and cell sites.  Therefore,
the call processing and digital signaling techniques are uniform throughout the
industry.


   MOBILE CALL PROCESSING

        Calling:

Initially, the land station transmits the first part of its SID to a mobile
monitoring some control channel, followed by the number of paging channels, an
ESN request, then mobile registration, which will either be set to 0 or 1.
When registration is set to one, the mobile will transmit both MIN1 and MIN2
during system access, another 1 for discontinuous (DTX) transmissions, read
control-filler (RCF) should be set to 1, and access functions (if combined with
paging operations) require field setting to 1, otherwise CPA (combined paging
access) goes to 0.

        Receiving:

As the mobile enters the Scan Dedicated Control Channels Task, it must examine
signal strengths of each dedicated control channel assigned to System A if
enabled.  Otherwise System B control channels are checked.  The values assigned
in the NAWC (Number of Additional Words Coming) system parameter overhead
message train will determine for the mobile if all intended information has
been received.  An EDN field is used as a crosscheck, and control-filler
messages are not to be counted as part of the message.  Should a correct BCH
code be received along with a non-recognizable overhead message, it must be
part of the NAWC count train but the equivalent should not try and execute the
instructions.

Under normal circumstances, mobiles are to tune to the strongest dedicated
control channel, receive a system parameter transmission, and, within 3
seconds, set up the following:

        o  Set SID's 14 most significant bits to SID1 field value.

        o  Set SID's least significant bit to 1, if serving system status
           enables, or to zero if not.

        o  Set paging channels N to 1 plus the value of N-1 field.

        o  Set paging channel FIRSTCHP as follows:
                If SIDs = SIDp then FIRSTCHPs = FIRSTCHPp (which is an 11-bit
                paging channel).
                If SIDs = SIDp and serving system is enabled, set FIRSTCHPs to
                initial dedicated channel for system B.
                If SIDs = SIDp and serving system is disabled, set FIRSTCHPs to
                first dedicated control channel for system B.

        o  Set LASTCHPs to value of FIRSTCHPs + Ns -1.

        o  Should the mobile come equipped for autonomous registration, it
           must:

                o Set registration increment (REGINCRs) to its 450 default
                  value.

                o Set registration ID status to enabled.

I know that was a little arcane sounding but it's the best you can do with
specifications.  Data is data, there is no way to spruce it up.  From here on
out a mobile must begin the Paging Channel Selection Task.  If this cannot be
completed on the strongest dedicated channel, the second strongest dedicated
channel may be accessed and the three second interval commenced again.
Incomplete results should result in a serving system status check and an
enabled or disabled state reversed, permitting the mobile to begin the Scan.
Dedicated control Channels Task when channel signal strengths are once more
examined.

Custom local operations for mobiles may be sent and include roaming mobiles
whose home systems are group members.  A new access channel may be transmitted
with a new access field set to the initial access channel.  Autonomously
registered mobiles may increment their next registered ID by some fixed value,
but the global action message must have its REGINCR field adequately set.
Also, so that all mobiles will enter the Initialization Task and scan dedicated
control channels, a RESCAN global action message must be transmitted.

Mobile stations may be required to read a control-filler message before
accessing any system on a reverse control channel.

System access for mobiles is sent on a forward control channel in the following
manner.  Digital Color Code (DCC) identifies the land is carried with the
system parameter overhead message overload class fields are set to zero among
the restricted number, and the remainder set to 1.  Busy-to-idle status (BIS)
access parameters go to zero when mobiles are prevented from checking on the
reverse control channel and the message must be added to the overhead.  When
mobiles can't use the reverse control channel for seizure messages attempts or
busy signals, access attempt parameters must also be included in the overhead.
And when a land station receives a seizure precursor matching its digital color
code with 1 or no bit errors, busy idle bits signals on the forward control
channel must be set to busy within 1.2 milliseconds from the time of the last
bit seizure.  Busy-idle bit then must remain busy until a minimum of 30 msec
following the final bit of the last word of the message has been received, or a
total of 175 msec has elapsed.

        Channel Confirmation

Mobiles are to monitor station control messages for orders and respond to both
audio and local control orders even though land stations are not required to
reply.  MIN bits must be matched.  Thereafter, the System Access Task is
entered with a page response, as above, and an access timer started.

This time runs as follows:

        o  12 seconds for an origination
        o  6 seconds for page response
        o  6 seconds for an order response
        o  6 seconds for a registration

The last try code is then set to zero, and the equipment begins the Scan Access
Channels Task to find two channels with the strongest signals which it tunes
and enters the Retrieve Access Attempts Parameters Task.

This is where both maximum numbers of seizure attempts and busy signals are
each set to 10.  A read control-filler bit (RCF) will then be checked:  If the
RCF equals zero, the mobile then reads a control-filler message, sets DCC and
WFOM (wait for overhead message train before reverse control channel access) to
the proper fields and sets the proper fields and sets the appropriate power
level.  Should neither the DCC field nor the control-filler message be received
and access time has expired, the mobile station goes to Serving System
Determination Task.  But within the allowed access time, the mobile station
enters the Alternate Access Channel Task.  BIS is then set to 1 and the WFOM
bit is checked.  If WFOM equals 1, the station enters the Update Overhead
Information Task; if WFOM equals 0, a random delay wait is required of 0 to 200
msec, +/- 1 msec.  Then, the station enters the Seize Reverse Control Channel
Task.

Service Requesting is next.  This task requires that the mobile continue to
send is message to the land station according to the following instructions:

        o Word A is required at all times.
        o Word B has to be sent if last try access LT equals 1 or if E requires
          MIN1 and/or MIN2, and the ROAM status is disabled, or if the station
          has been paged with a 2-word control message.
        o Word C is transmitted with S (serial number) being 1
        o Word D required if the access is an origination
        o Word E transmitted when the access is an origination and between 9
          and 16 digits are dialed.  When the mobile has transmitted its
          complete message, an unmodulated carrier is required for another 25
          milliseconds before carrier turnoff.  After words A through E have
          been sent, the next mobile task depends on the type of access.

Order confirmation requires entry into the Serving System Determination Task.

     Origination means entry into the Await Message Task.
     Page response, is the same as Origination.

Registration requires Await Registration Confirmation, which must be completed
within 5 seconds or registration failure follows.  The same is true for Await
Message since an incomplete task in 5 seconds sends the mobile into the Serving
System Determination Task.  Origination or Page response requires mobile update
of parameters delivered in the message.  If R equals 1, the mobile enters the
Autonomous Registration Task, otherwise, it goes to the Initial Voice Channel
Confirmation Task.  Origination access may be either an intercept or reorder,
and in these instances, mobiles enter the Serving System Determination Task.
The same holds true for a page response access.  But if access is an
origination and the user terminates his call during this task, the call has to
be released on a voice channel and not control channel.

If a mobile station is equipped for Directed Retry and if a new message is
received before all four words of the directed retry message, it must go to the
Serving System Determination Task.  There the last try code (LT) must be set
according to the ORDQ (order qualifier) field of the message as follows:

                If 000, LT sets to 0
                If 0001, LT sets to 1

Thereafter, the mobile clears the list of control channels to be scanned in
processing Directed Retry (CCLIST) and looks at each CHANPOS (channel position)
field contained in message words three and four.  For nonzero CHANPOS field,
the mobile calculates a corresponding channel number by adding CHANPOS to
FIRSTCHA minus one.  Afterwards, the mobile has then to determine if each
channel number is within the set designated for cellular systems.  A true
answer requires adding this/these channel(s) to the CCLIST.


        Awaiting Answers

Here, an alert timer is set for 65 seconds (0 to +20 percent).  During this
period the following events may take place:

        o Should time expire, the mobile turns its transmitter off and enters
          the Serving System Determination Task.
        o An answer requires signaling tone turnoff and Conversation Task 
          entry.

        o If any of the messages listed hereafter are received within 100
          milliseconds, the mobile must compare SCC digits that identify stored
          and proper SAT frequencies for the station to the PSCC (present SAT
          color code).  If not equivalent, the order is ignored.  If correct,
          then the following actions taken for each order:

        Handoff:  Signaling extinguished for 500 msec, signal tone off,
        transmitter off, power lever adjusted, new channel tuned, new SAT, new
        SCC field, transmitter on, fade timer reset, and signaling tone on.
        Wait for an answer.

          Alert:  Reset alert timer for 65 seconds and stay in
                  Waiting for Answer Task.

     Stop Alert:  Extinguish signaling tone and enter Waiting for Order Task.

        Release:  Signaling tone off, wait 500 msec, then enter Release Task.

          Audit:  Confirm message to land station, then stay in
                  Waiting for Answer Task.

    Maintenance:  Reset alert timer for 65 seconds and remain in
                  Waiting for Answer Task.

   Change Power:  Adjust transmitter to power level required and send
                  confirmation to land station.  Remain in
                  Waiting for Answer Task.

  Local Control:  If local control is enabled and order received, examine LC
                  field and determine action.

                  Orders other than the above for this type of action are
                  ignored.

        Conversation

In this mode, a release-delay timer is set for 500 mSec.  If Termination is
enabled, the mobile sets termination status to disabled and waits 500 mSec
before entering Release Task.  The following actions may then execute:

        o  Upon call termination, the release delay timer has to be checked.
           If time has expired, the Release Task is entered; if not expired,
           the mobile must wait until expiration and then enter Release Task.

        o  Upon user requested flash, signaling tone turned on for 400 mSec.
           But should a valid order tone be received during this interval,
           the flash is immediately terminated and the order processed.  The
           flash, of course, is not then valid.

        o  Upon receipt of the following listed orders and within 100 mSec,
           the mobile must compare SCC with PSCC, and the order is ignored
           if the two are not equal.  But if they are the same, the following
           can occur:

        Handoff:  Signaling tone on for 50 mSec, then off, transmitter off,
        power level adjusted, new channel tuned, adjust new SAT, set SCC to SCC
        field message value, transmitter on, fade timer reset, remain in
        Conversation Task.

    Send Called Address:  Upon receipt within 10 seconds of last valid flash,
                  called address sent to land station.  Mobile remains in
                  Conversation Task.  Otherwise, remain in Conversation Task.

          Alert:  Turn on signaling tone, wait 500 mSec, then enter
                  Waiting for Answer Task.

        Release:  Check release delay timer.  If time expired, mobile enters
                  Release Task; but if timer has not finished, then mobile must
                  wait and then enter Release Task when time has expired.

          Audit:  Order confirmation sent to land station while remaining in
                  Conversation Task.

    Maintenance:  Signaling tone on, wait 500 mSec, then enter Waiting for
                  Answer Task.

   Change Power:  Adjust transmitter to power level required by order
                  qualification code and send confirmation to land station.
                  Remain in Conversation Task.

  Local Control:  If local control in enabled and local control order received,
                  the LC field is to be checked for subsequent action and
                  confirmation.

Orders other than the above for this type of action are ignored.


        Release

In the release mode the following steps are required:

        o  Signaling tone sent for 1.8 sec.  If flash in transmission when
           signaling tone begun, it must be continued and timing bridged so
           that action stops within 1.8 sec.
        o  Stop signaling tone.
                o  Turn off transmitter.
                o  The mobile station then enters the Serving System
                   Determination Task.

The above is the Cellular System Mobile/Land Station Compatibility
Specification.  The following shall be Signaling Formats which are also found
in the above document.  I converted all these tables by HAND into ASCII so
appreciate them.  It wasn't the easiest thing to do.  But I must say, I
definitely understand the entire cellular operation format.


   There are two types of continuous wideband data stream transmissions.  One
is the Forward Control Channel which is sent from the land station to the
mobile.  The other is the Reverse Control Channel, which is sent from the
mobile to the land station.  Each data stream runs at a rate of 10 kilobit/sec,
+/- 1 bit/sec rate.  The formats for each of the channels follow.


      - Forward Control Channel

The forward control channel consists of three discrete information streams.
They are called stream A, stream B and the busy-idle stream.  All three streams
are multiplexed together.  Messages to mobile stations with the least
significant bit of their MIN number equal to "0" are sent on stream A, and
those with a "1" are sent on stream B.

The busy-idle stream contains busy-idle bits, which are used to indicate the
status of the reverse control channel.  If the busy-idle bit = "0" the reverse
control channel is busy, if it equals "1" it is idle.  The busy-idle bit is
located at the beginning of each dotting sequence, word sync sequence, at the
beginning of the first repeat of word A and after every 10 message bits
thereafter.

Mobile stations achieve synchronization with the incoming data via a 10 bit
dotting sequence (1010101010) and an 11 bit word sync sequence (11100010010).
Each word contains 40 bits, including parity and is repeated 5 times after
which it is then referred to as a "block".  For a multiword message, the second
word block and subsequent word blocks are formed the same as the first word
block including the dotting and sync sequences.  A "word" is formed when the 28
content bits are encoded into a (40, 28; 5) BCH (Bose-Chaudhuri-Hocquenghem)
code.  The left-most bit shall be designated the most-significant bit.

        The Generator polynominal for the (40, 28;5) BCH code is:

                        12    10    8    5    4    3    0
              G (X) =  X   + X   + X  + X  + X  + X  + X
               B

Each FOCC message can consist of one or more words.  Messaging transmitted over
the forward control channel are:

                - Mobile station control message
                - Overhead message
                - Control-filler message

Control-filler messages may be inserted between messages and between word
blocks of a multiword message.

Message Formats:  Found on either stream A or B

     -  Mobile Station Control Message

The mobile station control message can consist of one, two, or four words.

        Word 1 (abbreviated address word)

   +--------+-------+---------------------------------------+-----------+
   | T   t  |       |                                       |           |
   |  1   2 |  DCC  |    Mobile Identification Number 1     |     P     |
   |        |       |                      23-0             |           |
   +--------+-------+---------------------------------------+-----------+
 bits:  2       2                      24                         12


         Word 2 (Extended Address Word)


     +------+-----+-----------+------+--------+-------+----------+-----+
     | T  T |SCC =|           | RSVD | LOCAL  | CRDQ  |   ORDER  |     |
     |  1  2| 11  |  MIN2     | = 0  |        |       |          |     |
     |   =  +-----+     3-24  +------+-----+--+-------+----------|  P  |
     |  10  |SCC =|           |    VMAC    |       CHAN          |     |
     |      | 11  |           |            |                     |     |
     +------+-----+-----------+------------+---------------------+-----+
         2     2       10           3               11              12


        Word 3 (First Directed-Retry Word)


     +------+-----+-----------+-----------+-----------+-------+--------+
     | T  T | SCC |           |           |           | RSVD  |        |
     |  1  2|  =  |  CHANPOS  |  CHANPOS  |  CHANPOS  |  =    |        |
     |   =  |     |           |           |           | 000   |    P   |
     |  10  | 11  |           |           |           |       |        |
     +------+-----+-----------+-----------+-----------+-------+--------+
        2      2        7           7           7         3       12


        Word 4 (Second Directed-Retry Word)

     +------+-----+-----------+-----------+-----------+-------+--------+
     | T  T | SCC |           |           |           | RSVD  |        |
     |  1  2|  =  |  CHANPOS  |  CHANPOS  |  CHANPOS  |  =    |        |
     |   =  |     |           |           |           | 000   |    P   |
     |  10  | 11  |           |           |           |       |        |
     +------+-----+-----------+-----------+-----------+-------+--------+
        2      2        7           7           7         3        12


The interpretation of the data fields:

        T  T   - Type field.  If only Word 1 is send, set to 00 in Word 1.
        SCC    - SAT color code (discussed previously)
        ORDER  - Order field.  Identifies the order type (see table below)
        ORDQ   - Order qualifier field.  Qualifies the order to a specific
                 action
        LOCAL  - Local control field.  This field is specific to each system.
                 The ORDER field must be set to local control for this field to
                 be interpreted.
        VMAC   - Voice Mobile Attenuation Code field.  Indicates the mobile
                 station power level associated with the designated voice
                 channel.
        CHAN   - Channel number field.  Indicates the designated voice channel.
        CHANPOS- CHANnel POSition field.  Indicates the position of a control
                 channel relative to the first access channel (FIRSTCHA).
        RSVD   - Reserved for future use, all bits must be set as indicated.
        P      - Parity field.


        Coded Digital Color Code
      +--------------------------------------------+
      | Received DCC           7-bit Coded DCC     |
      |     00                     0000000         |
      |     01                     0011111         |
      |     10                     1100011         |
      |     11                     1111100         |
      +--------------------------------------------+


        Order and Order Qualification Codes

  +-------+-------------+---------------------------------------------------+
  | Order |    Order    |                                                   |
  | Code  |Qualification|                     Function                      |
  |       |    Code     |                                                   |
  +-------+-----------------------------------------------------------------+
  | 00000      000      page (or origination)                               |
  | 00001      000      alert                                               |
  | 00011      000      release                                             |
  | 00100      000      reorder                                             |
  | 00110      000      stop alert                                          |
  | 00111      000      audit                                               |
  | 01000      000      send called-address                                 |
  | 01001      000      intercept                                           |
  | 01010      000      maintenance                                         |
  |                                                                         |
  | 01011      000      charge power to power level 0                       |
  | 01011      001      charge power to power level 1                       |
  | 01011      010      charge power to power level 2                       |
  | 01011      011      charge power to power level 3                       |
  | 01011      100      charge power to power level 4                       |
  | 01011      101      charge power to power level 5                       |
  | 01011      110      charge power to power level 6                       |
  | 01011      111      charge power to power level 7                       |
  |                                                                         |
  | 01100      000      directed retry - not last try                       |
  | 01100      001      directed retry - last try                           |
  |                                                                         |
  | 01101      000      non-autonomous registration - don't reveal location |
  | 01101      001      non-autonomous registration - make location known   |
  | 01101      010      autonomous registration - don't reveal location     |
  | 01101      011      autonomous registration - make location known       |
  |                                                                         |
  | 11110      000      local control                                       |
  |                                                                         |
  |      All other codes are reserved                                       |
  |                                                                         |
  +-------------------------------------------------------------------------+


        Forward Voice Channel

The forward voice channel (FVC) is a wideband data stream sent by the land
station to the mobile station.  This data stream must be generated at a 10
kilobit/Sec +/- .1 bit/Sec rate.  The Forward Voice Channel format follows:

  +-----------+------+--------+-----+------+--------+-----+------+------
 ||           |      | Repeat |     |      | Repeat |     |      |
 ||           | word |        |     | word |        |     | word |
 ||  Dotting  | sync |  1 of  | dot | sync |  2 of  | dot | sync |
 ||           |      |        |     |      |        |     |      |
 ||           |      |  Word  |     |      |  Word  |     |      |
  +-----------+------+--------+-----+------+--------+-----+------+------
      101        11      40      37    11      40      37    11

       -----+--------+-----+------+--------+-----+------+--------+
            | Repeat |     |      | Repeat |     |      | Repeat ||
            |        |     | word |        |     | word |        ||
            |  9 of  | dot | sync | 10 of  | dot | sync | 11 of  ||
            |        |     |      |        |     |      |        ||
            |  Word  |     |      |  Word  |     |      |  Word  ||
       -----+--------+-----+------+--------+-----+------+--------+
                40      37    11      40      37    11      40

A 37-bit dotting sequence and an 11-bit word sync sequence are sent to permit
mobile stations to achieve synchronization with the incoming data, except at
the first repeat of the word, where the 101-bit dotting sequence is used.  Each
word contains 40 bits, including parity, and is repeated eleven times together
with the 37-bit dotting and 11-bit word sync; it is then referred to as a word
block.  A word block is formed by encoded the 28 content bits into a (40, 28)
BCH code that has a distance of 5 (40, 28; 5).  The left-most bit (as always)
is designated the most-significant bit.  The 28 most significant bits of the
40-bit field shall be the content bits.  The generator polynominal is the same
as that used for the forward control channel.

The mobile station control message is the only message transmitted over the
forward voice channel.  The mobile station control message consists of one
word.


        Mobile Station Control Message:

      +-------+-------+------+-----------+-------+------+-------+------+
      | T  T  | SCC = |      |  RSVD =   | LOCAL | ORDQ | ORDER |      |
      |  1  2 |   11  |      | 000 ... 0 |       |      |       |      |
      |   =   +-------| PSCC +-----------+-------+------+-------+   P  |
      |       | SCC = |      |  RSVD =   |  VMAC |    CHANNEL   |      |
      |  10   |   11  |      | 000 ... 0 |       |              |      |
      +-------+-------+------+-----------+-------+--------------+------+
          2       2       2        8         3          11         12

      Interpretation of the data fields:

        T  T   - Type field.  Set to '10'.
         1  2

       SCC     - SAT color code for new channel (see SCC table)
       PSCC    - Present SAT color code.  Indicates the SAT color code
                 associated with the present channel.
       ORDER   - Order field.  Identifies the order type.  (see Order table)
       ORDQ    - Order qualifier field.  Qualifies the order to a specific
                 action (see Order table)
       LOCAL   - Local Control field.  This field is specific to each system.
                 The ORDER field must be set to local control (see Order table)
                 for this field to be interpreted.
       VMAC    - Voice mobile attenuation code field.  Indicates the mobile
                 station power level associated with the designated voice
                 channel.
       RSVD    - Reserved for future use;  all bits must be set as indicated.
       P       - Parity field.


        Reverse Control Channel

The Reverse Control Channel (RECC) is a wideband data stream sent from the
mobile station to the land station.  This data stream runs at a rate of 10
kilobit/sec, +/- 1 bit/sec rate.  The format of the RECC data stream follows:

     +---------+------+-------+------------+-------------+-----------+-----
     | Dotting | Word | Coded | first word | Second word | Third word|
     |         | sync |  DCC  | repeated   |   repeated  |  repeated |
     |         |      |       | 5 times    |   5 times   |  5 times  |
     +---------+------+-------+------------+-------------+-----------+-----
  bits:  30       11      7        240           240          240

                         Dotting = 01010101...010101

                       Word sync = 11100010010


All messages begin with the RECC seizure precursor with is composed of a 30 bit
dotting sequence (1010...101), and 11 bit word sync sequence (11100010010), and
the coded digital color code.

Each word contains 48 bits, including parity, and is repeated five times after
which it is referred to as a word block.  A word is formed by encoding 36
content bits into a (48, 36) BCH code that has a distance of 5, (48 36; 5).
The left most bit shall be designated the most-significant bit.  The 36 most
significant bits of the 48 bit field shall be the content bits.

The generator polynomial for the code is the same for the (40,28;5) code used
on the forward channel.

Each Reverse Control Channel message can consist of one of the five words.  The
types of messages to be transmitted over the reverse control channel are as
follows:

        o  Page Response Message
        o  Origination Message
        o  Order Confirmation Message
        o  Order Message

These messages are made up of combination of the following five words:

        Word A - Abbreviated Address Word

   +---+------+---+---+---+------+---+-----------------------------------+---+
   | F |      |   |   |   | RSVD | S |                                   |   |
   |   |      |   |   |   |      |   |                                   |   |
   | = | NAWC | T | S | E |  =   | C |          MIN 1                    | P |
   |   |      |   |   |   |      |   |                23 - 0             |   |
   | 1 |      |   |   |   |  0   | M |                                   |   |
   +---+------+---+---+---+------+---+-----------------------------------+---+
     1     3    1   1   1    1     4                   24                  12


        Word B - Extended Address Word

   +---+------+-------+------+-------+----+------+-----------------------+---+
   | F |      |       |      |       |    | RSVD |                       |   |
   |   |      |       |      |       |    |      |                       |   |
   | = | NAWC | LOCAL | ORDQ | LOCAL | LT |  =   |      MIN 2            | P |
   |   |      |       |      |       |    |      |            33-24      |   |
   | 0 |      |       |      |       |    | 00..0|                       |   |
   +---+------+-------+------+-------+----+------+-----------------------+---+
     1    3       5      3       5     1      8              10            12


        Word C - Electronic Serial Number Word

   +---+--------+--------------------------------------+---------------+
   | F |        |                                      |               |
   |   |        |                                      |               |
   | = |  NAWC  |             SERIAL (ESN)             |       P       |
   |   |        |                                      |               |
   | 1 |        |                                      |               |
   +---+--------+--------------------------------------+---------------+
     1     3                      32                           12


        Word D - First Word of the Called-Address

    +---+------+-------+-------+-----+-----+-----+-----+-------+-------+---+
    | F |      | 1st   | 2nd   |     |     |     |     | 7th   | 8th   |   |
    |   |      |       |       |     |     |     |     |       |       |   |
    | = | NAWC | DIGIT | DIGIT | ... | ... | ... | ... | DIGIT | DIGIT | P |
    |   |      |       |       |     |     |     |     |       |       |   |
    | 1 |      |       |       |     |     |     |     |       |       |   |
    +---+------+-------+-------+-----+-----+-----+-----+-------+-------+---+
      1    3       4       4      4     4     4     4      4       4     12


        Word E - Second Word of the Called-Address

    +---+------+-------+-------+-----+-----+-----+-----+-------+-------+---+
    | F | NAWC | 9th   | 10th  |     |     |     |     | 15th  | 16th  |   |
    |   |      |       |       |     |     |     |     |       |       |   |
    | = |  =   | DIGIT | DIGIT | ... | ... | ... | ... | DIGIT | DIGIT | P |
    |   |      |       |       |     |     |     |     |       |       |   |
    | 0 | 000  |       |       |     |     |     |     |       |       |   |
    +---+------+-------+-------+-----+-----+-----+-----+-------+-------+---+
      1    3       4       4      4     4     4     4      4       4     12


The interpretation of the data fields is as follows:

        F      - First word indication field.  Set to '1' in first word and '0'
                 in subsequent words.

        NAWC   - Number of additional words coming field.
        T      - T field.  Set to '1' to identify the message as an origination
                 or an order; set to '0' to identify the message as an order
                 response or page response.
        S      - Send serial number word.  If the serial number word is sent,
                 set to '1';  if the serial number word is not sent, set to
                 '0'.
        SCM    - The station class mark field
        ORDER  - Order field.  Identifies the order type.
        ORDQ   - Order qualifier field.  Qualifies the order confirmation to a
                 specific action.
        LOCAL  - Local control field.  This field is specific to each system.
                 The ORDER field must be set to locate control for this field
                 to be interpreted.
        LT     - Last-try code field.
        MIN1   - Mobile Identification number field part one.
        MIN2   - Mobile Identification number field part two.
        SERIAL - Electronic Serial Number field.  Identifies the serial number
                 of the mobile station.
        DIGIT  - Digit field (see table below)
        RSVD   - Reserved for future use; all bits must be set as indicated.
        P      - Parity field.


        Called-address Digit Codes
   +------------------------------------------------------------------------+
   |    Digit           Code            Digit           Code                |
   |                                                                        |
   |      1             0001              7             0111                |
   |      2             0010              8             1000                |
   |      3             0011              9             1001                |
   |      4             0100              0             1010                |
   |      5             0101              *             1011                |
   |      6             0110              #             1100                |
   |                                    Null            0000                |
   |                                                                        |
   |    NOTE:                                                               |
   |    1.  The digit 0 is encoded as binary 10, not binary zero.           |
   |    2.  The code 0000 is the null code, indicated no digit present      |
   |    3.  All other four-bit sequences are reserved, and must not be      |
   |        transmitted.                                                    |
   |                                                                        |
   +------------------------------------------------------------------------+

Examples of encoding called-address information into the called address words
follow:

If the number 2# is entered, the word is as follows:

   +------+------+------+------+------+------+------+------+------+---------+
   | NOTE | 0010 | 1100 | 0000 | 0000 | 0000 | 0000 | 0000 | 0000 |    P    |
   +------+------+------+------+------+------+------+------+------+---------+

If the number 13792640 is entered, the word is as follows:

   +------+------+------+------+------+------+------+------+------+---------+
   | NOTE | 0001 | 0011 | 0111 | 1001 | 0010 | 0110 | 0100 | 1010 |    P    |
   +------+------+------+------+------+------+------+------+------+---------+

As you can see the numbers are coded into four bits and inserted sequentially
into the train.  Notice that when the number is longer than 8 numbers it is
broken into two different Words.

If the number 6178680300 is entered, the words are as follows:

        Word D - First Word of the Called-Address

   +------+------+------+------+------+------+------+------+------+---------+
   | NOTE | 0110 | 0001 | 0111 | 1000 | 0110 | 1000 | 1010 | 1010 |    P    |
   +------+------+------+------+------+------+------+------+------+---------+
       4      4      4      4      4      4      4      4     4        12

        Word E - Second Word of the Called-Address

   +------+------+------+------+------+------+------+------+------+---------+
   | NOTE | 0010 | 1010 | 1010 | 0000 | 0000 | 0000 | 0000 | 0000 |    P    |
   +------+------+------+------+------+------+------+------+------+---------+
       4      4      4      4      4      4      4      4     4        12

       NOTE = four bits which depend on the type of message


        Reverse Voice Channel

The reverse voice channel (RVC) is a wideband data stream sent from the mobile
station to the land station.  This data stream must be generated at a 10
kilobit/second +/- 1 bit/sec rate.  The format is presented below.

  +-------------+------+----------+-----+------+----------+-----+------+----
 ||             |      | Repeat 1 |     |      | Repeat 2 |     |      |
 ||             | word |          |     | word |          |     | word |
 ||   Dotting   | sync |    of    | Dot | sync |    of    | Dot | sync |
 ||             |      |          |     |      |          |     |      |
 ||             |      |  Word 1  |     |      |  Word 1  |     |      |
  +-------------+------+----------+-----+------+----------+-----+------+----
      101         11       48      37     11       48       37    11

 ---+----------+-----+------+----------+-----+------+----------+-----+----
    | Repeat 3 |     |      | Repeat 4 |     |      | Repeat 5 |     |
    |          |     | word |          |     | word |          |     |
    |    of    | Dot | sync |    of    | Dot | sync |    of    | Dot |
    |          |     |      |          |     |      |          |     |
    |  Word 1  |     |      |  Word 1  |     |      |  Word 1  |     |
 ---+----------+-----+------+----------+-----+------+----------+-----+----
        48       37     11      48        37    11       48       37

        ---+------+----------+--------    -------+----------+
           |      | Repeat 1 |                   | Repeat 5 ||
           | word |          |                   |          ||
           | sync |    of    |   ...             |    of    ||
           |      |          |                   |          ||
           |      |  Word 2  |                   |  Word 2  ||
        ---+------+----------+--------    -------+----------+

A 37-bit dotting sequence and an 11-bit word sync sequence are sent to permit
land stations to achieve synchronization with the incoming data, except at the
first repeat of word 1, where a 101-bit dotting sequence is used.  Each word
contains 48 bits, including parity, and is repeated five times together with
the 37-bit dotting and 11-bit word sync sequences; it is then referred to as a
word block.  For a multi-word message, the second word block is formed the same
as the first word block including the 37-bit dotting and 11-bit word sync
sequences.  A word is formed by encoding the 36 content bits into a (48, 36)
BCH code that has a distance of 5, (48, 36; 5).  The left-most bit (earliest in
time) shall be designated the most-significant bit.  The 36 most-significant
bits of the 48-bit field shall be the content bits.  The generator polynomial
for the code is the same as for the (40, 28; 5) code used on the forward
control channel.

Each RVC message can consist of one or two words.  The types of messages to be
transmitted over the reverse voice channel are as follows:

        o Order Confirmation Message
        o Called-Address Message

The message formats are as follows:


        Order Confirmation Message:

     +---+------+---+-------+------+-------+-----------+---------+
     | F | NAWC | T |       |      |       |    RSVD   |         |
     |   |      |   |       |      |       |           |         |
     | = |  =   | = | LOCAL | ORDQ | ORDER |     =     |    P    |
     |   |      |   |       |      |       |           |         |
     | 1 |  00  | 1 |       |      |       | 000 ... 0 |         |
     +---+------+---+-------+------+-------+-----------+---------+
       1    2     1     5       3      5        19         12


        Called-Address Message

        Word 1 - First Word of the Called-Address

  +---+------+---+-------+-------+-----+-----+-----+-----+-------+-------+---+
  | F | NAWC | T |       |       |     |     |     |     |       |       |   |
  |   |      |   |  1st  |  2nd  |     |     |     |     |  7th  |  8th  |   |
  | = |  =   | = | Digit | Digit | ... | ... | ... | ... | Digit | Digit | P |
  |   |      |   |       |       |     |     |     |     |       |       |   |
  | 1 |  01  | 0 |       |       |     |     |     |     |       |       |   |
  +---+------+---+-------+-------+-----+-----+-----+-----+-------+-------+---+
    1    2     1     4       4      4     4     4     4      4       4     12

        Word 2 - Second Word of the Called-Address

  +---+------+---+-------+-------+-----+-----+-----+-----+-------+-------+---+
  | F | NAWC | T |       |       |     |     |     |     |       |       |   |
  |   |      |   |  9th  |  10th |     |     |     |     |  15th |  16th |   |
  | = |  =   | = | Digit | Digit | ... | ... | ... |  .. | Digit | Digit | P |
  |   |      |   |       |       |     |     |     |     |       |       |   |
  | 0 |  00  | 0D|       |       |     |     |     |     |       |       |   |
  +---+------+---+-------+-------+-----+-----+-----+-----+-------+-------+---+
    1    2     1     4       4      4     4     4     4      4       4     12


The fields are descriptions a the me as those for the Reverse Control channel
above.

        Overhead Message

A three-bit OHD field is used to identify the overhead message types.  Overhead
message type codes are listed in the table below.  They are grouped into the
following functional classes:

        o System parameter overhead message
        o Global action overhead message
        o Registration identification message
        o Control-filler message

Overhead messages are send in a group called an overhead message train.  The
first message of the train must be the system parameter overhead message.  The
desired global action messages and/or a registration ID message must be
appended to the end of the system parameter overhead message.  The total number
of words in an overhead message train is one more than the value of the NAWC
field contained in the first word of the system parameter overhead message.
The last word in the train must be set to '0'.  For NAWC-counting purposes,
inserted control-filler messages must not be counted as part of the overhead
message train.

The system parameter overhead message must be sent every .8 +/- .3 seconds on
each of the following control channels:

        o combined paging-access forward channel.
        o Separate paging forward control channel
        o Separated access forward control channel when the control-filler
          message is sent with the WFOM bit set to '1'.

The global action messages and the registration identification message are sent
on an as needed basis.

        o The system parameter for overhead message consists of two words.


    0  Word 1

        +-------+-----+----------+------+------+-----+------------+
        | T  T  |     |          | RSVD |      | OHD |            |
        |  1  2 |     |          |      |      |     |            |
        |   =   | DCC |   SID1   |  =   | NAWC |  =  |     P      |
        |       |     |          |      |      |     |            |
        |  11   |     |          | 000  |      | 110 |            |
        +-------+-----+----------+------+------+-----+------------+
            2      2       14        3      4     3        12


        Word 2

       +-------+-------+-----+-----+------+------+-----+------+---
       | T  T  |       |     |     |      |      |     | RSVD |
       |  1  2 |       |     |     |      |      |     |      |
       |   =   |  DCC  |  S  |  E  | REGH | REGR | DTX |  =   |
       |       |       |     |     |      |      |     |      |
       |   11  |       |     |     |      |      |     |  0   |
       +-------+-------+-----+-----+------+------+-----+------+---
           2       2      1     1     1       1     1      1

       ---+-------+-----+-----+----------+-----+-------+-----------+
          |       |     |     |          |     |  OHD  |           |
          |       |     |     |          |     |       |           |
          | N - 1 | RCF | CPA | CMAX - 1 | END |   =   |     P     |
          |       |     |     |          |     |       |           |
          |       |     |     |          |     |  111  |           |
       ---+-------+-----+-----+----------+-----+-------+-----------+
              5      1     1        7       1      3         12


                Overhead Message Types
    +----------------------------------------------------------+
    |   Code    Order                                          |
    +----------------------------------------------------------+
    |   000     Registration ID                                |
    |   001     Control-filler                                 |
    |   010     reserved                                       |
    |   011     reserved                                       |
    |   100     global action                                  |
    |   101     reserved                                       |
    |   110     Word 1 of system parameter message             |
    |   111     Word 2 of system parameter message             |
    +----------------------------------------------------------+

        The interpretation of the data fields:

        T  T    - Type field. Set to '11' indicating an overhead word.
         1  2
        OHD     - Overhead message type field.  The OHD field of Word 1 is set
                  to '110' indicating the first word of the system parameter
                  overhead message.  The OHD field of Word 2 is set to '111'
                  indicating the second word of the system parameter overhead
                  message.
        DCC     - Digital Color Code field.
        SID1    - First part of the system identification field
        NAWC    - Number of Additional Words Coming field.  In Word 1 this
                  field is set to one fewer than the total number of words in
                  the overhead message train.
        S       - Serial number field.
        E       - Extended address field.
        REGH    - Registration field for home stations.
        REGR    - Registration field for roaming stations.
        DTX     - Discontinuous transmission field.
        N-1     - N is the number of paging channels in the system.
        RCF     - Read-control-filler field.
        CPA     - Combined paging/access field
        CMAX-1  - CMAX is the number of access channels in the system.
        END     - End indication field.  Set to '1' to indicate the last word
                  and '0' if not the last word.
        RSVD    - Reserved for future use, all bit must be set as indicated.
        P       - Parity field.

Each global action overhead message consists of one word.  Any number of global
action messages can be appended to a system parameter overhead message.

Here are the global action command formats:


    Rescan Global Action Message

    +-------{-------+------+---------------+-------+-------+-------------+
    | T  T  |       |  ACT |    RSVD =     |       |  OHD  |             |
    |  1  2 |       |      |               |       |       |             |
    |   =   |  DCC  |   =  |               |  END  |   =   |      P      |
    |       |       |      |   000 ... 0   |       |       |             |
    |  11   |       | 0001 |               |       |  100  |             |
    +-------+-------+------+---------------+-------+-------+-------------+
        2       2       4          16          1       3          12

    Registration Increment Global Action Message

    +-------+-----+------+---------+--------+-------+-------+------------+
    | T  T  |     |  ACT |         |        |       |  OHD  |            |
    |  1  2 |     |      |         | RSVD = |       |       |            |
    |   =   | DCC |   =  | REGINCR |        |  END  |   =   |      P     |
    |       |     |      |         |  0000  |       |       |            |
    |  11   |     | 0010 |         |        |       |  100  |            |
    +-------+-----+------+---------+--------+-------+-------+------------+
        2      2     4       12        4        1       3         12

    New Access Channel Set Global Action Message

    +-------+-------+-------+--------+----------+-------+-------+----------+
    | T  T  |       |  ACT  |        |          |       |  OHD  |          |
    |  1  2 |       |       |        |  RSVD =  |       |       |          |
    |   =   |  DCC  |   =   | NEWACC |          |  END  |   =   |     P    |
    |       |       |       |        |  00000   |       |       |          |
    |   11  |       | 0110  |        |          |       |  100  |          |
    +-------+-------+-------+--------+----------+-------+-------+----------+
        2       2       4       11         5        1       3        12


    Overload Control Global Action Message

    +-------+-----+-------+---+---+---+--   --+---+---+---+-----+-----+------+
    | T  T  |     |  ACT  | O | O | O |       | O | O | O |     | OHD |      |
    |  1  2 |     |       | L | L | L |       | L | L | L |     |     |      |
    |   =   | DCC |   =   | C | C | C |  ...  | C | C | C | END |  =  |   P  |
    |       |     |       |   |   |   |       |   |   |   |     |     |      |
    |   11  |     |  0110 | 0 | 1 | 2 |       | 13| 14| 15|     | 100 |      |
    +-------+-----+-------+---+---+---+--   --+---+---+---+-----+-----+------+
        2      2      4     1   1   1           1   1   1    1     3     12


    Access Type Parameters Global Action Message

    +-------+-----+------+-------+-----------+-------+-------+-----------+
    | T  T  |     | ACT  |       |           |       |  OHD  |           |
    |  1  2 |     |      |       |   RSVD =  |       |       |           |
    |   =   | DCC |  =   |  BIS  |           |  END  |   =   |     P     |
    |       |     |      |       | 0 ... 000 |       |       |           |
    |  11   |     | 1001 |       |           |       |  100  |           |
    +-------+-----+------+-------+-----------+-------+-------+-----------+
        2      2      4      1        15         1       3         12


    Access Attempt Parameters Global Action Message

     +-------+-------+---------+-----------+-----------+-----------+---
     | T  T  |       |   ACT   |           |           |           |
     |  1  2 |       |         |  MAXBUSY  |  MAXSZTR  |  MAXBUSY  |
     |   =   |  DCC  |    =    |           |           |           |
     |       |       |         |   - PGR   |   - PGR   |  - OTHER  |
     |  11   |       |   1010  |           |           |           |
     +-------+-------+---------+-----------+-----------+-----------+---
         2       2        4           4           4           4

     ------+-----------+-------+-------+-----------+
           |           |       |  OHD  |           |
           |  MAXSZTR  |       |       |           |
           |           |  END  |   =   |     P     |
           |  - OTHER  |       |       |           |
           |           |       |  100  |           |
     ------+-----------+-------+-------+-----------+
                 4         1       3         12


     Local Control 1 Message

     +-------+-------+-------+-----------------+-------+-------+----------+
     | T  T  |       |  ACT  |                 |       |  OHD  |          |
     |  1  2 |       |       |                 |       |       |          |
     |   =   |  DCC  |   =   |  LOCAL CONTROL  |  END  |   =   |     P    |
     |       |       |       |                 |       |       |          |
     |   11  |       |  1110 |                 |       |  100  |          |
     +-------+-------+-------+-----------------+-------+-------+----------+
         2       2       4            16           1       3        12


     Local Control 2 Message

     +-------+-------+-------+-----------------+-------+-------+----------+
     | T  T  |       |  ACT  |                 |       |  OHD  |          |
     |  1  2 |       |       |                 |       |       |          |
     |   =   |  DCC  |   =   |  LOCAL CONTROL  |  END  |   =   |     P    |
     |       |       |       |                 |       |       |          |
     |   11  |       |  1111 |                 |       |  100  |          |
     +-------+-------+-------+-----------------+-------+-------+----------+
         2       2       4            16           1       3        12


        The interpretation of the data fields are as follows:

        T  T    - Type field.  Set to '11' indicating overhead word.
         1  2
        ACT     - Global action field (see table below).
        BIS     - Busy-idle status field.
        DCC     - Digital Color Code.
        OHD     - Overhead Message type field.  Set to '100' indicating the
                  global action message.
        REGINCR - Registration increment field.
        NEWACC  - News access channel starting point field.
        MAXBUSY - Maximum busy occurrences field (page response).
        - PGR
        MAXBUSY - Maximum busy occurrences field (other accesses).
        - OTHER
        MAXSZTR - Maximum seizure tries field (page response).
        - PRG
        MAXSZTR - Maximum seizure tries field (other accesses).
        - OTHER
        OLCN    - Overload class field (N = 0 to 15)
        END     - End indication field.  Set to '1' to indicate the last word
                  of the overhead message train; set to '0' if not last word.
        RSVD    - Reserved for future use, all bits must be set as indicated.
        LOCAL   - May be set to any bit pattern.
        CONTROL
        P       - Parity field.

The registration ID message consists of one word.  When sent, the message must
be appended to a system parameter overhead message in addition to any global
action messages.

        +-------+-------+-------------+-------+-------+-----------+
        | T  T  |       |             |       |  OHD  |           |
        |  1  2 |       |             |       |       |           |
        |   =   |  DCC  |    REGID    |  END  |   =   |     P     |
        |       |       |             |       |       |           |
        |   11  |       |             |       |  000  |           |
        +-------+-------+-------------+-------+-------+-----------+
            2       2          20         1       3         12

        The interpretation of the data fields:

        T  T    - Type field.  Set to '11' indicating overhead word.
        DCC     - Digital color code field.
        OHD     - Overhead message type field.  Set to '000' indicating the
                  registration ID message.
        REGID   - Registration ID field.
        END     - End indication field.  Set to '1' to indicate last word of
                  the overhead message train;  set to '0' if not.
        P       - Parity field.


The control-filler message consists of one word.  It is sent whenever there is
no other message to be sent on the forward control channel.  It may be inserted
between messages as well as between word blocks of a multiword message.  The
control-filler message is chosen so that when it is sent, the 11-bit word
sequence will not appear in the message stream, independent of the busy-idle
bit status.

The control-filler message is also used to specify a control mobile
attenuation code (CMAC) for use by mobile stations accessing the system on the
reverse control channel, and a wait-for-overhead-message bit (WFOM) indicating
whether or not mobile stations must read an overhead message train before
accessing the system.

  +-------+-----+------+------+------+--+------+---+------+----+-----+-----+
  | T  T  |     |      |      | RVSD |  | RVSD |   |      |    | OHD |     |
  |  1  2 |     |      |      |      |  |      |   |      |    |     |     |
  |   =   | DCC |010111| CMAC |  =   |11|  =   | 1 | WFOM |1111|  =  |  P  |
  |       |     |      |      |      |  |      |   |      |    |     |     |
  |   11  |     |      |      |  00  |  |  00  |   |      |    | 001 |     |
  +-------+-----+------+------+------+--+------+---+------+----+-----+-----+
      2      2      6      3     2     2    2    1     1     4    3     16

        Interpretation of the data fields:

        T  T    - Type field.  Set to '11' indicating overhead word.
         1  2
        DCC     - Digital color code field.
        CMAC    - Control mobile attenuation field.  Indicates the mobile
                  station power level associated with the reverse control
                  channel.
        RVSD    - Reserved for future use; all bits must be set as indicated.
        WFOM    - Wait-for-overhead-message field.
        OHD     - Overhead message type field.  Set to '001' indicating the
                  control-filler word.
        P       - Parity field.


        Data Restrictions

The 11-bit sequence (11100010010) is shorter than the length of a word, and
therefore can be embedded in a word.  Normally, embedded word-sync will not
cause a problem because the next word sent will not have the word-sync sequence
embedded in it.  There are, however, three cases in which the word-sync
sequence may appear periodically in the FOCC stream.  They are as follows:

        o the overhead message
        o the control-filler message
        o Mobile station control messages with pages to mobile stations with
          certain central office codes.

These three cases are handled by:

        1. Restricting the overhead message transmission rate to about once per
           second
        2. designing the control-filler message to exclude the word-sync
           sequence, taking into account the various busy-idle bits
        3. Restricting the use of certain office codes


If the mobile station control message is examined with the MIN1 separated into
NXX-X-XXX as described earlier (where NXX is the central office code, N
represents a number from 2 - 9, and X represents a number from 0-9) the order
and order qualifications table can be used to deduce when the word-sync word
would be sent.  If a number of mobile stations are paged consecutively with the
same central office code, mobile stations that are attempting to synchronize to
the data stream may not be able to do so because of the presence of the false
word sync sequence.  Therefore, the combinations of central office codes and
groups of line numbers appearing in the following table must not be used for
mobile stations.


        RESTRICTED CENTRAL OFFICE CODES
  +-------------------------------------------------------------------------+
  |                                                   Central               |
  |  T  T       DCC        NXX         X     XXX      Office      Thousands |
  |   1  2                                             Code         Digit   |
  +-------------------------------------------------------------------------+
  |  01         11    000100(1)0000   ...    ...       175         0 to 9   |
  |  01         11    000100(1)0001   ...    ...       176         0 to 9   |
  |  01         11    000100(1)0010   ...    ...       177         0 to 9   |
  |  01         11    000100(1)0011   ...    ...       178         0 to 9   |
  |  01         11    000100(1)0100   ...    ...       179         0 to 9   |
  |  01         11    000100(1)0101   ...    ...       170         0 to 9   |
  |  01         11    000100(1)0110   ...    ...       181         0 to 9   |
  |  01         11    000100(1)0111   ...    ...       182         0 to 9   |
  |  0Z         11    100010(0)1000   ...    ...       663         0 to 9   |
  |  0Z         11    100010(0)1001   ...    ...       664         0 to 9   |
  |  0Z         11    100010(0)1010   ...    ...       665         0 to 9   |
  |  0Z         11    100010(0)1011   ...    ...       666         0 to 9   |
  |  0Z         Z1    110001(0)0100   ...    ...       899         0 to 9   |
  |  0Z         Z1    110001(0)0101   ...    ...       800         0 to 9   |
  |  0Z         ZZ    111000(1)0010   ...    ...       909         0 to 9   |
  |  00         ZZ    011100(0)1001   0ZZZ   ...       568         1 to 7   |
  |  00         ZZ    111100(0)1001   0ZZZ   ...       070         1 to 7   |
  |  00         ZZ    001110(0)0100   10ZZ   ...       339          8,9,0   |
  |  00         ZZ    011110(0)0100   10ZZ   ...       595          8,9,0   |
  |  00         ZZ    101110(0)0100   10ZZ   ...       851          8,9,0   |
  |  00         ZZ    111110(0)0100   10ZZ   ...       007          8,9,0   |
  |  0Z         ZZ    000011(1)0100   0010   ...       150            2     |
  |  0Z         ZZ    000111(1)0001   0010   ...       224            2     |
  |  0Z         ZZ    001011(1)0001   0010   ...       288            2     |
  |  0Z         ZZ    001111(1)0001   0010   ...       352            2     |
  |  0Z         ZZ    010011(1)0001   0010   ...       416            2     |
  |  0Z         ZZ    010111(1)0001   0010   ...       470            2     |
  |  0Z         ZZ    011011(1)0001   0010   ...       544            2     |
  |  0Z         ZZ    011111(1)0001   0010   ...       508            2     |
  |  0Z         ZZ    100011(1)0001   0010   ...       672            2     |
  |  0Z         ZZ    100111(1)0001   0010   ...       736            2     |
  |  0Z         ZZ    101011(1)0001   0010   ...       790            2     |
  |  0Z         ZZ    101111(1)0001   0010   ...       864            2     |
  |  0Z         ZZ    110011(1)0001   0010   ...       928            2     |
  |  0Z         ZZ    110111(1)0001   0010   ...       992            2     |
  |  0Z         ZZ    111011(1)0001   0010   ...       056            2     |
  |  0Z         ZZ    111111(1)0001   0010   ...       ...            2     |
  +-------------------------------------------------------------------------+


1. In each case, Z represents a bit that may be 1 or 0.
2. Some codes are not used as central office codes in the US at this time.
   They are included for completeness.
3. The bit in parentheses is the busy-idle bit.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Well there is your signaling in a nutshell.  Please note I hardly have the most
up-to-date signalling data.  Basically what was presented here was a skeleton,
the bare bones without all the additions.  There are some additions that are
system specific.  As I get updates I'll be sure to share them with the rest of
you.  I would be interested in any feedback, so, if you have something to say,
send it to:

                        oblivion@atdt.org


In the last article I said that there would be a listing of SID codes
accompanying the article.  Well, I forgot to edit that line out, but if you
would like a copy of it, just mail me at the above address an you shall receive
one.

In the next article I will be going in-depth on the actual hardware behind the
Mobile telephone, the chip sets, and its operation.  I will also publish any
updates to the previous material I find, as well as information on the
transitory NAMPS system that will be used to bridge the existing AMPS cellular
network over to the ISDN compatible fully digital network.
_______________________________________________________________________________


--------------------------------------------------------------------------------


                                ==Phrack Inc.==

                     Volume Four, Issue Forty, File 7 of 14

                        =/=/=/=/=/=/=/=^========
                        =                             =
                        =  The Fine Art of Telephony  =
                        =                             =
                        =       by Crimson Flash      =
                        =                             =
                        ========!=/=/=/=/=/=/=/=


Bell!  Bell!  Bell!  Your reign of tyranny is threatened, your secrets will
be exposed.  The hackers have come to stake their claim and punch holes in your
monopolistic control.  The 1990s began with an attack on us, but will end with
our victory of exposing the secret government and corruption that lies behind
your walls and screens.  Oppose us with all your might, with all your lies,
with all your accountants and bogus security "professionals."  You can stop the
one, but you'll never stop the many.

A. Introduction
B. Basic Switching
C. RCMAC
  1. Office Equipment
  2. How Does All This Fit Into RCMAC
  3. Function of RCMAC
    a. Coordination of Recent Change Source Documentation
    b. Processing of Recent Change Requests
    c. Administrative Responsibilities and Interface Groups
D. The FACS Environment
E. Getting Ready For Recent Change Message
  1. When MARCH Receives A Translation Packet (TP)
  2. When MARCH Receives A Service Order Image
F. MARCH Background Processing
G. User Transaction in MARCH
H. Service Order Forms
I. COSMOS Service Order From The SOI Command
J. MSR - MARCH Status Report (MARCH)
K. Other Notes
L. Recommended Reading

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 A. Introduction
 ~~~~~~~~~~~~~~~
     Bell.  Bell Bell Bell!  What is it about Bell?  I am not sure what my
fascination is with them, but it never ceases nor does it ever diminish.  Maybe
its because they are so private.  Maybe its because they find it possible to
rip millions of people off daily and they do it with such great ease.  Or
perhaps its just that they do not want anyone to know what they are doing.

     Around my area down here in Texas (512), the Central Office buildings have
large brick walls, cameras at each door, bright lights, and every piece of
paper says in big block letters: "PROPRIETARY INFORMATION -- NOT FOR USE OR
DISCLOSURE OUTSIDE OF SOUTHWESTERN BELL."  This message can be found on
everything, but their phone books!  Why?

     This files are about RCMAC and FACS/MARCH.  The information presented here
is largely from memory.  If you think the information is wrong, then get the
information yourself!  One thing to keep in mind is that nothing is in stone!
Different BOCs (Bell Operating Companies) use different systems and have
different ways of doing the same thing.  Like in some areas RCMAC is the CIC,
the MLAC may not exist, so on and so forth.  So nothing is ever fully true with
Bell, but then why should things like their systems differ from their policies
and promises.  There is a Bellcore standard and then there is the real way it
is done by your local BOC.


 B. Basic Switching
 ~~~~~~~~~~~~~~~~~~
     A switching system (a switch) allows connect between two (or more) phone
lines, or two trunks.  A basic T1 trunk is 24 lines on a 22 gauge, 4-wire
twisted pair.  Not only does it allow connect, it also controls connection,
where you call, and when someone calls you.  In short it controls everything
about your phone!  From a large AT&T 5ESS switching 150,000+ line to a small 24
line PABX (Private Automatic Branch Exchange, a switch), they control your
phone service.

     What's the big deal about telephone switches?  Telephony is the largest
form of communications for just about everyone in the world!  Just try life
without a phone line to your house.  I have four phone lines and sometimes that
is still not enough.

     Today's switches are digital.  This means that when you talk on the phone,
your voice is converted to 1s and 0s (on or off, true or false).  This works in
several steps:

   [0] You call someone.
   [1] Sampling -- The analog signal (your voice) is sampled at certain parts.
       The output is called Pulse Amplitude Modulation (PAM) signal.
   [2] Quantize -- The PAM signal is now measured for wave length high (or
       amplitude) where numbers are given to the signal.
   [3] Encoding -- In this step, the Quantized signal (with the numbers for the
       height of the wavelength (amplitude)) is converted to an 8-bit binary
       number.  The output of the 8-bit "word" may be either a "1" (a pulse) or
       a "0" (no pulse).
   [4] Encoding -- Produces a signal called a Pulse-Code Modulation (PCM)
       signal.  PCM just means that the signal is modulating pulses (digital).
       From this point, the signal is switched to where it needs to go.
   [5] The PCM signal is where it needs to go.  The signal is now converted
       back to analog.
   [6] Decoding -- The 8-bit PCM signal is sent to the decoder to get the
       number that measured the amplitude of the wave.
   [7] Filtering -- This takes the PAM signal (the decoding produced) and it
       reproduces the analog signal just as it was.

                                           ___
    [1]           [2]       [3]     [4]   | S |  [5]       [6]      [7]
     ________   _________  ______         | w |         ________   ______
    |        | |        | |      |   __   | i |   __   |        | |      |
//|Sampling|-|Quantize|-|Encode|__|  |__| t |__|  |__|Decoding|-|Filter|//
    |________| |________| |______|        | c |        |________| |______|
 |            |                       |   |_h_|    |
 |           PAM                     PCM          PCM                       |
Analog Signal (You Talking)             /                   Analog Signal__|
                                   /               \n                              /                        \n                         /                                 \n                    /                                          \n      Blow Up /   of the Switch                                     \n        /                                                               \n  /                                                                        \n                        ___________________________
           _____       |                           |       _____
   1    T |     | T  1 |                           | 1  T |     |    1
   -------|  T  |------|                           |------|  T  |-----
          |_____|      |                           |      |_____|
           _____       |                           |       _____
   2    T |     | T  2 |            S              | 2  T |     |    2
   -------|  T  |------|           mxn             |------|  T  |-----
          |_____|   o  |                           |  o   |_____|
           _____    o  |                           |  o    _____
   m    T |     | T  m |                           | n  T |     |    n
   -------|  T  |------|                           |------|  T  |-----
          |_____|      |                           |      |_____|
                       |___________________________|

     The basic design of most of the switches today is a Time-Space-Time (TST)
topology.  In the Time-Space-Time in the arrangement shown, time slot
interchangers will interchange information between external channels and
internal (space array) channels.

     This is just a quick run through to gives you a general idea about
switches without going into math and more technical ideas.  For a better
understanding, get "Fundamentals of Digital Switching" by John C. McDonald.
This book is well written and describes ideas that I cannot get into.


 C. RCMAC
 ~~~~~~~~
     The Recent Change Memory Administration Center's (RCMAC) purpose is to
make changes to the software in various Electronic Switching Systems (ESS).  An
ESS uses a Stored Program Control (SPC) to provide telephone service.  Since
people with phones and their services change often, the ESS uses a memory
called Recent Change.  This Recent Change area of memory is used on a standby
basis until the information can be updated into the semipermanent memory area
of the ESS.  It is in the templar area that changes (or Recent Change Messages)
are typed and held for updating into the semipermanent memory area (Recent
Change Memory).

     The following Switching Systems (switches for short) that have Recent
Change:
         -  1/1AESS
         -  2/2BESS
         -  3ESS
         -  5ESS
         -  Remote Switching System (RSS)
         -  #5ETS
         -  DMS100/200/250/300

     Here is a typical hookup.  As you follow the diagram below, you will see:

[1] Telephone subscriber connected to the Central Office by cables.
[2] At the Central Office, each subscriber is connected to the Main
    Distributing Frame.
[3] The Cable and Pair is now connected to the Office Equipment (OE) at
    another location on the MDF.
                                           _______________
    (Home Phone Lines)   M.D.F.           |               |
      |--(Home Phone)    ___________      |               |
      |--(Home Phone)   /__/|  /__ /|     |     D.S.S.    |
      |--(Home Phone)   | ||__|/ | |-----|               |
      |                 | _|_/_|__| |-----|   Equipment   |
      |                 | /|/ |  | |-----|               |
      |                 | /||__| | |-----|               |
      |_________________|/_|/  |__|/      |_______________|

      /                      |
    Cables             Cross-Connects

           [1]           [2]      [3]


   1. Office Equipment
   ~~~~~~~~~~~~~~~~~~~
     The Office Equipment (OE) is identified by a unique numbering plan.  The
equipment numbers identify the equipment location within the system.  The
Equipment Numbers also vary from one type of equipment to another.

     You also may find the OE (Office Equipment) referred to as the LEN (Line
Equipment Number).  It is called a REN (Remote Equipment Number) in a case of
RSS (Remote Switching System).

     Each telephone number is assigned to a specific equipment location where
they bid for dial tone.

Here is an example of different types of Office Equipment:

 1/1AESS                                   #2ESS
 ~~~~~~~                                   ~~~~~
 OE 0 0 4  - 1 0 1 - 3 1 2                 OE 0 1 1 - 2 1 4 0
    | |/     | | |   | |/                     | |/    | | |/
    | |      | | |   | |                      | |     | | |
    | |      | | |   | Level                  | |     | | Switch and Level
    | |      | | |   Switch                   | |     | Concentrator
    | |      | | Concentrator                 | |     Concentrator Group
    | |      | Bay                            | Link Trunk Network
    | |  Line Switch Frame                    Control Group
    | Line Link
    Control Group


 #3ESS                                      Others
 ~~~~~                                      ~~~~~~
 OE 0 0 1 - 2 1 4 0                          1XB        =   XXXX-XXX-XX
    | |/    | | | |                          1XB        =   XXXX-XXXX-XX
    | |     | | | Level                      5XB        =   XXX-XX-XX
    | |     | | Switch                       SXS        =   XXXX-XXX
    | |     | Switch Group                   DMS-10     =   XXX-X-XX-X
    | |     Concentrator                     5ESS       =   XXXX-XXX-XX
    | Concentrator Group                     5ESS       =   XXXX-XX-XX
    Control Group                            RSS        =   XXXX-X-XXXX
                                             DMS-1/200  =   XXX-X-XX-XX

   2. How Does All This Fit Into RCMAC?
   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
RCMAC (Recent Change Memory Administration Center) is responsible for updating
any Service Order activity.  This action will change a customer line or service
in the Recent Change memory of the SPC switches.

   3. Function of RCMAC
   ~~~~~~~~~~~~~~~~~~~~
The three basic functions performed in RCMAC are:

  a. Coordination of Recent Change Source Documentation
  b. Processing of Recent Change Requests
  c. Administrative Responsibilities and Interface Groups


In more detail:

- Coordination of Recent Change Source Documentation

     The first function is the coordination of Source Documents.  The main
source of RC (Recent Change) is the Service Orders.  Service Orders are changes
in a subscriber's service.  RCMAC, in addition to the input of the service
order in the switches, is responsible for other activities such as:

     - Simulated Facilities (SFG)
     - Route Indexes
     - Traffic Registers  (TR)
     - Subscriber Line Usages (SLU)
     - Service Observing Assignment (SOB)
     - MARCH (MIZAR) RPM Updates

     Terminal Communications to the switches and/or MARCH (MIZAR) typically use
the AT&T Datakit.  RCMAC also is responsible for "HOT" requests from the I.C.
(Installation Center) and other transmissions from the I.C.

- Processing of Recent Change Requests

     The second function of RCMAC is processing of RC messages.  This involves
inputting and editing RC messages in the switches.  When RCMAC inputs messages,
they are making a change to their customer's service.  The customers service is
dependent on the prompt, accurate processing of RC source documents (Service
Orders).

     The due date (sometimes referred to as the Frame Due Date) remarks and
time interval assigned to the order will govern the release of RC input to ESS.
Due date is important because this is the date that the Service Order has to be
completed (going through the FACS system, frame work done, and RC message
inputted into the switch).

Recent Change Requests

    The RCMAC receives documentation for changes to the temporary memory areas
of the various types of ESS equipment.  These changes may come in many forms
and from many different sources.
                                _________            _____
                               |         |          |     |
Service Orders---------------->|    R    |--------->| ESS |       _____
Line Station Transfer--------->|    C    |          |_____|      |     |
Service Observing------------->|    M    |---------------------->| ESS |
Special Studies--------------->|    A    |           ______      |_____|
Trouble Reports--------------->|    C    |          |     |
Verifications----------------->|         |--------->| ESS |
                               |_________|          |_____|

     Some Recent Changes requests are Service Orders, Line Equipment Transfers
(LET), Service Observing Requests (SOB), Special Studies (SLU), Trouble Reports
and Verification (follow local procedure).  In short, it is taking this
information and making the correct changes into the SPC switches.

- Administrative Responsibilities and Interface Groups

     - Control of errors.
     - Monitor activity.
     - Prepare administrative reports.
     - Coordination of RCMAC operations and interface with other departments.
     - Restore RC area of the switches in the event that RC memory is damaged
       due to machine failure.

Operational Interface

     RCMAC must coordinate activities with many work groups to achieve accurate
and quick RC for the ESSes.

                       BSC/RSC & MKTG
                             |
                             |
                   SCC       |       RSB
                            |     /
                            |   /
                            | /
            NAC ---------- RCMAC ---------- IC
                           /   \n                         /       \n                       /           \n                 Frame               MLAC

     To help understand this better, here is a short description of each group
that interfaces with RCMAC:

SCC (Switching Control Center)

     - Technical assistance to RCMAC
     - Provide emergency coverage (off hours) for RCMAC.  This includes
       service affecting problems.  They also coordinate any updates in
       the ESS programs with RCMAC.

NAC (Network Administration Center) provides RCMAC with:

     - Line Class Codes (LCC) like 1FR (1-party Flat Rate).
     - List of numbers that must be changed (in ESS memory) from one intercept
       route index to another, prior to reassignment.
     - Translation Assignments; Example:  Simulated Facilities Group (SFG).
     - Area Transfer/Dial for Dial Assignment.
     - Service Observing assignment.
     - Subscriber Line Usages (SLU) study assignment.
     - Customer Line Overflow study assignment.
     - RPM updates for DMS 100 change in COSMOS tables USOC/NXX/Ltg.

Frame (Frame Jeopardy Reports) Central Office (FCC) will interface with RCMAC
for Line Equipment transfers.

     - Problems encountered by the frame group when completing Service Orders
       may be coordinated with the MLAC (Loop Assignment Center), or when
       appropriate will be called directly to RCMAC (i.e. No Dial Tone on a new
       connect).

Business/Residence Service Center (BSC/RSC) and Marketing (MKTG)

     - The BSC/RSC and MKTG determine what kind of service the customer wants,
       generates Service Orders, and coordinates with RCMAC regarding special
       services to customers.

Repair Service Bureau (RSB) or Single Point of Contact (SPOC)

     - Customer trouble reports may involve RC inputs; the RCMAC would work
       closely with RSB or SPOC to clear such troubles.
     - RCMAC is responsible for analyzing, investigating and resolving customer
       trouble caused by RC input.

Installation Center (IC) and/or Maintenance Center (MC)

     - The IC/MC group is responsible for the administration function
       associated with the completion and control of Service Order load.  This
       invokes all orders whether they require field work or no field work.
     - This Group is responsible for ensuring all service orders are taken care
       of on the proper due date.

Mechanized Loop Assignment Center (MLAC) or LAC

     - Assigns Service Orders for RCMAC.
     - Assigns customers loops (this group is not in all BOCs).


 D. The FACS Environment
 ~~~~~~~~~~~~~~~~~~~~~~~
     To better understand RCMAC, Source Document flow, and a typical BOC as a
whole, the FACS (Facility Administration Control System) is an important part
of this.

Systems in a FACS environment

PREMIS - PREMises Information System
         This system is divided into three parts:  the main PREMIS database,
         PREMLAC (Loop Assignment) and PREMLAS (Loop Assignment Special
         circuit).  This contains customer and address inventory and assigns
         numbers.

SOAC   - Service Order Analysis and Control
         This system receives Service Orders from SORD and interprets and
         determines facility requirements.  The system requests and receives
         assignments from LFACS and COSMOS and forwards orders to MARCH,
         forwards assignments to SORD, and also maintains Service Order history
         and manages changes.

LFACS  - Loop FACS contains all loop facilities inventory and responds to
         requests for assignment.

COSMOS - COmputer System for Mainframe OperationS contains all the OE inventory
         and responds for OE request.

SORD   - Service ORder and Distribution distributes Service Orders throughout
         the system.

MARCH -  MARCH is the Mizar upgrade which will come into play when the
         Stromberg-Carlson (SxS and XBAR) is upgraded to Generic 17.1 (the
         software interface is called NAC).  Though there is a problem with the
         interface between MARCH and COSMOS (because the Generic Interface is
         not supported by COSMOS), templates are used for MAN, AGE, LETS, etc.
         Anyway, MARCH plays a big part in this system.  MARCH, aside from what
         was talked about above, has a basic function of keeping RCMAC up to
         date on the switches (MSR user transaction).  It is an RC message
         manager which will allow one to modify messages (ORE), show usages
         (MAR) and logs all transmissions.

                           BASIC ORDER FLOW
                           ~~~~~~~~~~~~~~~~
                        PHASE I - COSMOS/MIZAR
 __________
|          |
| Customer |
| Request  |
|__________|
      |
      V
  _________
 |         |
 |  SORD   |
 |_________|
      |
      V                      _________
  __________                |         |
 |          |               |  Work   |
 |  SOAC    |  ---------->  | Manager |
 |__________|               |  (WM)   |
                            |_________|
                                 |
                                 |
                                 V
                            * * * * * *              _________
                            *         *             |         |
                            * COSMOS  *  ------->   |  MIZAR  |
                            *         *             |_________|
                            * * * * * *                  |
                                                         |
                                                         V
                                                     _________
                                                    |         |
                                                    |  SPCS/  |
                                                    | DIGITAL |
                                                    | SWITCH  |
                                                    |_________|

===============================================================================

                         PHASE II - SOAC/MARCH

 __________
|          |
| CUSTOMER |
| REQUEST  |
|__________|
     |
     |
     V
 __________
|          |
|   SORD   |
|__________|
     |
     |
     V                  ___________                            _________
 __________            |           |          _________       |         |
|          |           |   WORK    |         |         |      |  SPCS/  |
|   SOAC   |  ------>  |  MANAGER  | ------> |  MARCH  | ---> | DIGITAL |
|__________|           |    (WM)   |         |_________|      |  SWITCH |
                       |___________|                          |_________|

===============================================================================

... Then There Was MLAC

     With conversion to FACS, a shift in the service order provisioning process
was made from manual input by the LAC and NAC to mechanized data flow from SOAC
to COSMOS (via Work Manager).  Tables used for Recent Change (CFINIT, USL, and
CXM) and spare OE assignments reside in COSMOS, along with the Recent Change
Message Generator (RCMG).  The LAC and NAC are now involved only on an
exception basis (This will be explained in more detail later on).
 ________
|        |
|  SORD  |
|________|
     |
     |
     V                  ____________
 _________             |            |
|         | ---------> |    FACS    |---
|  SOAC   |            | COMPONENTS |   |
|_________| <--------- | FOR ASGNS. |---
     |                 |____________|
     |
     V          * * * * * * * * * * * * * * * * * *
 _________      *  ___________                    *
|         |     * |           |       ________    *        _______
|   WM    |---> * | o SP OE   |      |        |   * RC    |       |
|_________|     * | o CFINIT  |----> |  RCMG  |   * ----->| MARCH |
                * | o USL     |      |________|   * MSG   |_______|
                * | o CMX     |                   *           |
                * |___________|                   *           |
                *                                 *           V
                *          C O S M O S            *        _________
                * * * * * * * * * * * * * * * * * *       |         |
                                                          |  SPCS/  |
                                                          | DIGITAL |
                                                          | SWITCH  |
                                                          |_________|

. . . NOW THERE IS SOAC/MARCH

     With the SOAC/MARCH application (FACS/MARCH configuration), the primary
source of service order data continues to be SOAC.  COSMOS is taken out of the
Recent Change business with this application (except, like the LAC and NAC, on
an exception basis) and becomes just another FACS Component.  The tables that
resided in COSMOS or Recent Change are now duplicated in MARCH.

     Instead of retrieving, storing, and passing on already-formatted Recent
Change messages, MARCH now generates the Recent Change from the data passed
from SOAC, as did COSMOS previously.
 ________
|        |
|  SORD  |
|________|
     |
     |
     V                  ____________
 _________             |            |
|         | ---------> |    FACS    |---
|  SOAC   |            | COMPONENTS |   |
|_________| <--------- | FOR ASGNS. |---
     |                 |____________|
     |
     V          * * * * * * * * * * * * * * * * * *
 _________      *  ___________                    *
|         |     * |           |       ________    *         _________
|   WM    |---> * | o RPM     |      |        |   * RC     |         |
|_________|     * | o CFINIT  |----> |  RCMG  |   * -----> |  SPCS/  |
                * | o USL     |      |________|   * MSG    | DIGITAL |
                * |___________|                   *        | SWITCH  |
                *                                 *        |_________|
                *            M A R C H            *
                * * * * * * * * * * * * * * * * * *


 E. Getting Ready For Recent Change Message
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
STARTING WITH SORD

     Service Orders (SORD) contain FIDs and USOCs (Universal Service Order
Codes [these codes tell the type of service the customer may have or get])
followed by data specific to a customer's service request (SORD accesses PREMIS
for telephone number and address data; other entries are made by the Service
Representative).  The order is then passed to SOAC.

THEN TO SOAC

     SOAC uses internal tables to read the FIDs and USOCs passed by SORD to
determine what information is required from the various components of FACS.
SOAC then accesses the appropriate FACS components (LFACS for Cable Pair
assignment; COSMOS for OE assignment) and gathers the required data.

     Once all the data has been collected, SOAC passes the information to the
Work Manager.  Data is either passed as is or translated by SOAC (again using
internal tables) into language acceptable to the receiving systems (i.e.,
COSMOS and MARCH).

     SOAC passes information intended for MARCH in one of two ways:

     TP-Flow-Through Translation Packets

          Translation Packets (TPs) contain fully translatable data from which
          MARCH can generate a Recent Change message. Determination is made by
          SOAC based on the interface capabilities and its ability to read,
          translate as required, and pass data.

     Service Order Image

          Service Order Images are sent to MARCH if SOAC is not able to pass
          all required data.  Images require additional information, either
          input manually or retrieved from COSMOS before Recent Change messages
          are generated.

WORK MANAGER - THE TRAFFIC COP

     The primary function of Work Manager is to read the service order and
determine where the data must be sent.  Decisions include:

          COSMOS System                 MARCH System
          COSMOS Wire Center            MARCH Switch
          COSMOS Control Group          Serving RCMA

     Work Manager passes the service order data to MARCH on a real time basis
(orders that were previously held in COSMOS until requested by Frame Due Date
[FDD] are now held in MARCH), either as a TP or an Image.


  1. When MARCH Receives A Translation Packet (TP)
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
(1)  A Translation Packet, passed from SOAC via Work Manager is received in
     MARCH by the CIP, Communication Interface Program.

(2)  When data is received by the CIP, it calls up the CTI or Job Control
     Module.  The Job Control Module or CTI writes the data that is received to
     a temporary file and informs TP Trans (Translation Translator) that an
     order has been received.  It also controls the number of simultaneous jobs
     submitted to TPTrans.

(3)  TPTrans analyzes the order in the temporary file, does appropriate FID
     conversion (such as stripping out dashes), reformats the order, and passes
     it to the Recent Change Message Generator (RCMG).

(4)  RCMG performs all Recent Change message generation and, upon completion,
     writes the order into a MARCH pending file (Pending Header or Review
     file).

     In addition to the data passed from SOAC, RCMG uses the following data in
     MARCH to translate into switch-acceptable messages:

          NXX                 Switch Specific Parameters (RPM)
          USOC (RPM)          CCF Keywords (CFINIT)
          USOC/NXX (RPM)      Review Triggers (RVT)
                              Release Times (SRM)

                      ________
                     |        |
                     |  SOAC  |
                     |________|
                          |
                          |
                          V
                       ______
                      |      |
                      |  WM  |
                      |______|
                          |
                          |
*  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *
*                              M  A  R  C  H                         *
*   _______          _______          _________          ______      *
*  |       |        |       |        |         |        |      |     *
*  |  CIP  | -----> |  CTI  | -----> | TP TRANS| -----> | RCMG |     *
*  |_______|        |_______|        |_________|        |______|     *
*                       |                /                          *
*                       |                /                           *
*                 ______|______         /                            *
*                |             |       /                             *
*                |    /TMP     |------/                              *
*                |_____________|                                     *
*                                                                    *
*  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *

  2. When MARCH Receives A Service Order Image
     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
(1)  A Service Order Image, passed from SOAC via Work Manager is received in
     MARCH by the CIP, Communication Interface Program.

(2)  When the image is received by the CIP, it calls up the CTI or Job Control
     Module.  The Job Control Module or CTI writes the data that is received to
     a temporary file and informs TP TRANS (Translation Translator) that an
     order has been received.  It also controls the number of simultaneous jobs
     submitted to TPTrans.

(3)  TP TRANS analyzes the order in the temporary file, sees that it is a
     service order image, and creates a SOI (Service Order Image) file using
     the order number and file name.  The entire image is written to the SOI
     file.  TP TRANS signals the Service Order Image Processor (SOIP) program
     for the remaining processing.

(4)  If SOIP can determine the switch for which the image is intended, it
     passes a request to the Call COSMOS file and stores the image data in the
     IH file (Image Header).  If SOIP cannot determine the switch, the image is
     placed in the PAC (Unknown Switch Advisory) for manual processing.

(5)  For images where the switch has been determined, MARCH calls COSMOS at its
     next scheduled call time and runs RCP by Order Number (if the last call
     time is past, it will defer the request to the first call time for the
     next day).

(6)  If the order is received from COSMOS, it is placed in the PH or RV file
     appropriately and the Image Header is purged.  A flag is set indicating
     that a Service Order Image text exists in the system.  If the order is not
     received from COSMOS, the image is placed in the PAC for manual
     processing.

*  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *
*                              M  A  R  C  H                         *
*   _______          _______          _________          ______      *
*  |       |        |       |        |         |        |      |     *
*  |  CIP  | -----> |  CTI  | -----> | TP TRANS| -----> | RCMG |     *
*  |_______|        |_______|        |_________|        |______|     *
*                       |                /   |                      *
*                       |                /    |                      *
*                 ______|______         /    _V___________           *
*                |             |       /    |             |          *
*                |    /TMP     |------/-----|    /SOI     |          *
*                |_____________|            |_____________|          *
*                                                                    *
*  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *  *

     It is not necessary for you to know all the programs MARCH uses to process
Service Orders in a SOAC/MARCH environment.  That gets trivial and all stuck in
various commands that do not mean anything unless, of course, one is on the
system at hand.
                        _________                             _________
 ___________   TP      |         |  TP       _______   TP    |         |
|           |------->  |   Work  | -------> |       | -----> |  SPCS/  |
|    SOAC   | Image    | Manager |  Image   | MARCH | Image  | Digital |
|___________|=======>  |   (WM)  | =======> |_______| =====> | Switch  |
                       |_________|                           |_________|
                         | |  ^ ^
                         | |  | |
                         | |  | |
                         V V  | |
                      * * * * * * * *
                      *             *
                      *   COSMOS    *
                      *             *
                      * * * * * * * *
                         | |  | |
                         | |__| |
                         |______|

     Though it is trivial to understand just how all these system work, here is
a rough overview of MARCH.  To Cover MARCH, this will first cover the
background processing.

 F. MARCH Background Processing
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
RECENT CHANGE PARAMETER (RPM)

  In conjunction with ORI Patterns and Recent Change Templates, the RPM
  determines how information from SOAC is changed and/or manipulated to create
  acceptable switch Recent Change messages.

  RCMA Supervisor has overall responsibility for the RPM.  Although specific
  categories may be maintained by Staff Manager, it is overviewed by RCMAC as a
  whole.

  This includes Line Class Code (LCC) conversion data previously under the sole
  responsibility of the NAC in COSMOS.  It requires a change of procedures for
  the RCMA to ensure proper LCC information is passed on the RPM and updated
  appropriately.

  Initial USOC is LCC conversion data and will be copied into MARCH from the
  COSMOS USOC Table.

SWITCH RELEASE MANAGER  (SDR)

  With SOAC/MARCH, it no longer determines the types of orders to be pulled
  from COSMOS, and thus establishes the date and time orders are to be released
  to the switch, coming both from SOAC and from COSMOS.

  It is based on Package Type (PKT) and Package Category (PKC)

SWINIT TRANSACTION

  Contains switch-specific data for MARCH to communicate with SOAC (via Work
  Manager), COSMOS, and the switch.

  Establishes the call times for COSMOS.

   - RCP by Order Number for Service Order Images.
   - Suspends, Restores, and Nonpayment Disconnects.
   - Automated AGE Requests (as applicable).
   - Automated MAN Report.

SDR - SWITCH DATA REPORT

  SDR is a report transaction intended for use by the RCMA Associate.

  The Switch Data Report provides a printout of the SWINIT information that was
  populated from the Perpetrations Questionnaire submitted by the RCMA
  Supervisor (see Order Description part of this file).

MOI of an Order in History

  Orders in the History Header (HH) file will reflect the history source.  The
  history source indicated how the order was written to the history file.

 G. User Transaction in MARCH
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                       Most Commonly Used MARCH Commands

.-------------------------------------------------------------------------.
| Transaction |   Name       |  Function     | Search keys     | Prompts  |
| ------------|--------------|---------------|-----------------|----------|
| MSR <CR>    | MARCH Status |office status  |    . <CR>       |   ----   |
|             |   Report     |               |   sw address    |          |
| ------------|--------------|---------------|-----------------|----------|
| MOI <CR>    | MARCH Order  | status of     |     fn rv       |   ----   |
|             |  Inquiry     | order, tn,    |     fn rj       |          |
|             |              | file          | fn hh/adt xx-xx |          |
|             |              |               |  so n12345678   |          |
|             |              |               |  tn xxxxxxx     |          |
| ------------|--------------|---------------|-----------------|----------|
| ONC <CR>    |   On Line    | Access COSMOS |      ------     | login    |
|             |   COSMOS     |               |                 | password |
| ------------|--------------|---------------|-----------------|----------|
| ONS <CR>    |   On Line    | Access Switch |      ------     | Switch   |
|             |    Switch    |               |                 | logon    |
| ------------|--------------|---------------|-----------------|----------|
| ORE <CR>    | Order Edit   | Edit Header or|      fn rv      |   ----   |
|             |              |  message text |      fn rj      |          |
|             |              |  of MARCH file|   so n12345678  |          |
|             |              |               |   tn xxxxxxx    |          |
| ------------|--------------|---------------|-----------------|----------|
| ORE -G <CR> | Order Edit   | edit multiple | 2 Search keys   |   ----   |
|             |  Global      |     files     |    Required     |          |
| ------------|--------------|---------------|-----------------|----------|
| ORI <CR>    | Order Input  |  Build MARCH  |      ------     | Patterns |
|             |              |   file        |                 |          |
| ------------|--------------|---------------|-----------------|----------|
| ORS <CR>    |  Order Send  | Send to Switch|  so n12345678   |   ----   |
|             |              |  immediately  |  tn xxxxxxx     |          |
| ------------|--------------|---------------|-----------------|----------|
| TLC <CR>    | Tail COSMOS  | watch MARCH   |      ------     |   ----   |
|             |              | pull orders   |                 |          |
| ------------|--------------|---------------|-----------------|----------|
| TLS <CR>    | Tail Switch  | Watch orders  |      ______     |   ____   |
|             |              | sent to switch|                 |          |
| ------------|--------------|---------------|-----------------|----------|
| VFY <CR>    | Verify       | Request Verify|      ------     | rltm,type|
|             |              |               |                 | tn,oe,hml|
| ------------|--------------|---------------|-----------------|----------|
| VFD <CR>    | Verify       | Show Completed|      ------     |   ----   |
|             | Display      | verifies      |                 |          |
| ------------|--------------|---------------|-----------------|----------|
| VFS <CR>    | Verify Status| Show pending  |      ------     |          |
|             |              | verities      |                 |          |
` ------------------------------------------------------------------------'

Here is a detailed explanation of some of the commands:

MOI - MARCH ORDER INQUIRY

  MOI is a conversational inquiry transaction intended for use by the RCMAC
  Clerk.

  MOI is used to inquire on Recent Change messages in a pending file(s):
  Pending Header, Review, Reject, and/or History Header.  It may be used to
  inquire on one message, an entire order, several messages in more than one
  file, or all orders in a file, determined by the search keys entered.

ONS - ON line Switch

  Each switch has its own login sequence.

      DMS-100
         Login
         1) Give a Hard Break
         2) At the "?" prompt type "login"
         3) There will be an "Enter User Name" prompt.  Enter the user name.
         4) Then "Enter Password" with a row of @, *, & and # covering the
            password.
         5) Once on, type "SERVORD" and you are on the RC channel of the
            switch.

         Logout
         1) Type "LOGOUT" and CONTROL-P

      1AESS
         Login
         1) Set Echo on, Line Feeds on and Caps Lock on.
         2) End each VFY message with " . CONTROL-D" and each RC message with
            "! CONTROL-D".

         Logout
         1) Hit CONTROL-P

      5ESS
         Login
         1) Type "rcv:menu:apprc" at the "<" prompt.

         Logout
         1) Type "Q" and hit CONTROL-P

ONC - On Line COSMOS

  1) You will see "login:" so type in username and then there will be a
     "Password:" prompt to enter password.

ORE - Order Edit

  ORE Commands are used to move between windows and to previous and subsequent
  headers and text within an editing session.  Commands may be input at any
  point in the ORE session regardless of the cursor location.  They are capital
  letters requiring use of the shift key or control commands.  Here are the
  movement commands:

  Commands             Description
  ~~~~~~~~             ~~~~~~~~~~~
  N (ext header)       Replaces the data on the screen with the next header and
                       associated text that matches the search keys entered.
  M (ore text)         Replaces the data in the message text window with the
                       next message associated with the existing header (for
                       multiple text message).
  P (revious header)   Replaces data in the header windows with the header you
                       looked at previously (in the same editing session).
  B (ackup text)       Replaces data in the message text window with the text
                       you looked at previously (in the same editing session).
  S (earch window)     Moves the cursor to the search window permitting
                       additional search keys to be entered.
  Control-D            Next Page
  Control-U            Previous Page
  <                    Move cursor from text window to header.
  >                    Moves to text window from header.
  Q (uit)              Quit

ORE -G

  ORE -G is a conversational transaction intended for use by the RCMA
  associate.

  ORE -G is used to globally edit Recent Change messages existing in a MARCH
  pending file:  Pending Header, Review, and Reject.  Editing capabilities
  include adding information on an order.

  ORE -G is also used to change header information and to remove messages.

ORI - ORder Input

  ORder Input enables one to input an order and change orders.  The changes
  that can be made are in the telephone number, OE, so on.  This command is too
  complex to really get into here.

VFY  - Verify

  This is used to manually input verify messages into MARCH, thus to the
  switches.

MSR - MARCH Status Report

  This used to count the amount of service orders stored in SOAC.  It also
  shows the amount of change messages that have been sent to the switch.


 H. Service Order Forms
 ~~~~~~~~~~~~~~~~~~~~~~
   In my time, I have come across a lot of printouts that have made no sense to
me.  After several months, I could start to understand some of the codes.  Here
are what some of the common service orders are and what they are for.

SORD Service Order:
 _________________________________________________________________
|                                                                 |
|                                                                 |
|TN           CUS TD     DD     APT MAC ACC AO    CS  SLS     HU  |
|415-343-8765 529 T      DUE    W           AS OF 1FR ABCDE4W     |
|ORD       SU   EX     STA APP CD     IOP CT TX RA SP CON AC      |
|C14327658      SMIUX      R              R                       |
|ACNA  R                                                          |
|WA    343# EXETER,SMT                                            |
|WN    IDOL, BILLY                                                |
|---S&E                                                           |
|I1    ESL                                                        |
|O1    1FR/TN 343-8321/ADL                                        |
|      /PIC 10288                                                 |
|O1    ESL/FN 3438321                                             |
|---BILL                                                          |
|MSN   IDOL, BILLY                                                |
|MSTN  555-1212                                                   |
|---RMKS                                                          |
|RMK   BLAH                                                       |
|                                                                 |
|      /**** END                                                  |
|                                                                 |
|_________________________________________________________________|
 _________________________________________________________________
|                                                                 |
|[1]          [2]       [3]                      [9]              |
| |            |         |                        |               |
|TN           CUS TD     DD     APT MAC ACC AO    CS  SLS     HU  |
|407-343-8765 529 T      DUE    W           AS OF 1FR ABCDE4W     |
|                                                                 |
| [8]                                                             |
|  |                                                              |
| ORD       SU   EX     STA APP CD     IOP CT TX RA SP CON AC     |
|C14327658      SMIUX      R              R                       |
|ACNA  R                                                          |
|                                                                 |
|[4]                                                              |
| |                                                               |
|WA    343# EXETER,SMT                                            |
|                                                                 |
|[6]                                                              |
| |                                                               |
|WN    AT&T                                                       |
|---S&E                                                          |
|I1    ESL                   |                                    |
|O1    1FR/TN 343-8321/ADL   | [5]                                |
|      /PIC 10288            |                                    |
|O1    ESL/FN 3438321        /                                    |
|---BILL                                                          |
|                                                                 |
|  [6]                                                            |
|   |                                                             |
|  MSN   IDOL, BILLY                                              |
|                                                                 |
|  [7]                                                            |
|   |                                                             |
|  MSTN  555-1212                                                 |
|---RMKS                                                          |
|RMK   BLAH                                                       |
|                                                                 |
|      /**** END                                                  |
|                                                                 |
|_________________________________________________________________|

[1]  Telephone Number.  Format is XXX-XXX-XXXX.
[2]  Customer number.
[3]  Due Date.
[4]  Work Address.
[5]  The S&E field:

ACTION CODE -- This is the code at the far left-most side of the page.  These
               codes end with a 1 or a 0.  The 1 says to add this feature and
               the 0 says to not do the feature.  There are several different
               action codes.  Here is a list:

     Action Code     Used to
     ~~~~~~~~~~~     ~~~~~~~
     I               Add features
     O               Remove features
     C-T             Change designated number of rings, "forward to" number, or
                     both on Busy/Delay call forwarding features.
     E-D             Enter or Delete a feature for record purposes only.
     R               Recap CCS USOC to advise


Here is a list of some common USOCs (features):

     ESC        Three Way Calling
     ESF        Speed Calling
     ESL        Speed Calling 8 Code
     ESM        Call Forwarding
     ESX        Call Waiting
     EVB        Busy Call Forward
     EVC        Bust Call Forward Extended
     EVD        Delayed Call Forwarding
     HM1        Intercom Plus
     HMP        Intercom Plus
     MVCCW      Commstar II Call Waiting

[6] Billing name
[7] Billing number
[8] Service Order Number
[9] Class of Service or LCC (See appendix 1)


SDR File Header Information Order (MARCH)

1.  Switchname                  7. Package Type
2.  Header File Name            8. Package Category
3.  Current Date & Time         9. Reject Reason
4.  Service Order Number       10. Release Date & Time
5.  Service Order Type         11. Accept Date & Time
6.  Telephone Number               Reject Date & Time
                               12. Input Source


History Header File

      [1]                    [2]                    [3]
       |                      |                      |
      sw: swad0             history header file     fri may 31 07:50:12 1992

[4]-  so=janet3                   tn=         pkt-in     pkc=other
[11]- act=05-30 0750   src=ori     |           |          |
      history text=      |        [6]         [7]        [8]
      rc:sclist:        [12]
      ord 31235
      cx =031235
      adn 2
      ! ~

Reject File

[1]-  sw:swad2       [2]- reject file   [3]- fri may 30 11:22:01 1992

 [4]- so=c238          [5]- ver=7  tn=5551212  -[6]
 [9]- rj reason=ot    rldt=05-30 1059   rjdt=05-30 :106 src=cosmos
      message test=    |                 |               |
      rc:line:chg:    [10]              [11]            [12]
      ord 87102
      "=238-7102'
      "ord c231"
      "restoration from ssv-db"
      tn 555 1212
      lcc 1mr
      ! ~
      ve data=
        , er

      m 07 rc18 0 87102 0 4 valar
           new 00001605 err 00000307
           05/30/92 11:07:16


  I. COSMOS Service Order From The SOI Command
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ________________________________________________________________________
|WC%                                                                     |
|WC% SOI                                                                 |
|H ORD N73322444                                                         |
|                                                                        |
|             DEC 19, 1992   10:12:21 AM                                 |
|           SERVICE ORDER ASSIGNMENT INQUIRY                             |
|                                                                        |
|ORD N733224444-A             OT(NC)      ST(AC- )      FACS(YES)        |
|   DD(12-20-92) FDD(12-20-92) EST(11-16:14) SG(G)  DT(XX   ) OC(COR)    |
|   MDF WORK REQ(YES) MDF COMPL(NO) LAC COMPL(NO) RCP(NO)                |
|   WPN 9446 WLST 1= P  2=     3=     4=    5=    6=     7=    8=        |
|   COORDINATION REQUIRED                                                |
|   RMK   FAT TBCC,RO D77901070                                          |
|   RMK   FAT TBCC,RO D77901070                                          |
|CP  48-0942                                                             |
|     ST SF   PC     FS WK   DATE 11-28-89   RZ 13                       |
|     LOC PF01008                                                        |
|OE 012-25-006                                                           |
|     ST SF PC       FS WK   DATE 11-12-91   CZ 1MB    US 1MS    FEA TNNL|
|     PIC 10288                                                          |
|     LCC BB1                                                            |
|     CCF   ESX                                                          |
|     LOC PF01007                                                        |
|TN   571-5425                                                           |
|     ST WK  PD FS WK  DATE 12-03-91    TYPE X                           |
|   **ORD D77901070-C       OT CD  ST AC-     DD 12-20-92  FDD 12-20-92  |
|                                                                        |
|** SOI COMPLEATED                                                       |
|WC%                                                                     |
|________________________________________________________________________|

 ________________________________________________________________________
|                                                                        |
| WC%                                                                    |
| WC% SOI                                                                |
|                                                                        |
|                                                                        |
| H ORD N73322444                                                        |
|                                                                        |
|            [1]-  DEC 19, 1992   10:12:21 AM                            |
|           [2]- SERVICE ORDER ASSIGNMNET INQUIRY                        |
|                                                                        |
| [3]                         [4]         [5]                            |
|  |                           |           |                             |
| ORD N733224444-A             OT(NC)      ST(AC- )      FACS(YES)       |
|                                                                        |
|    [7]          [8]           [6]           [9]                        |
|     |            |             |             |                         |
|    DD(12-20-92) FDD(12-20-92) EST(11-16:14) SG(G)  DT(XX   ) OC(COR)   |
|                                                                        |
|    [10]              [11]          [12]           [13]                 |
|     |                 |             |              |                   |
|    MDF WORK REQ(YES) MDF COMPL(NO) LAC COMPL(NO) RCP(NO)               |
|                                                                        |
|                                                                        |
|    WPN 9446 WLST 1= P  2=     3=     4=    5=    6=     7=    8=       |
|    COORDINATION REQUIRED                                               |
|    RMK   FAT TBCC,RO D77901070                                         |
|    RMK   FAT TBCC,RO D77901070                                         |
|                                                                        |
|[35]                                                                    |
| |                                                                      |
| CP  48-0942                                                            |
|                                                                        |
|     [34]           [35]     [36]           [37]                        |
|      |              |        |              |                          |
|      ST SF   PC     FS WK   DATE 11-28-89   RZ 13                      |
|                                                                        |
|      LOC PF01008  -[39]                                                |
|                                                                        |
| OE 012-25-006 -[19]                                                    |
|                                                                        |
|     [20]           [21]     [22]           [23]      [24]       [25]   |
|      |              |        |              |         |          |     |
|      ST SF PC       FS WK   DATE 11-12-91   CS 1MB    US 1MS   FEA TNNL|
|                                                                        |
|      PIC 10288                                                         |
|                                                                        |
|      LCC BB1 -[27]                                                     |
|                                                                        |
|      CCF   ESX -[26]                                                   |
|                                                                        |
|      LOC PF01007 -[32]                                                 |
|                                                                        |
| TN   571-5425  -[14]                                                   |
|                                                                        |
|     [15]      [16]     [17]            [18]                            |
|      |         |        |               |                              |
|      ST WK  PD FS WK  DATE 12-03-91    TYPE X                          |
|                                                                        |
|      [38]                 [28]   [29]        [30]         [31]         |
|       |                    |      |           |            |           |
|    **ORD D77901070-C       OT CD  ST AC-     DD 12-20-92  FDD 12-20-92 |
|                                                                        |
| ** SOI COMPLETED -[40]                                                 |
|                                                                        |
| WC%  -[41]                                                             |
|________________________________________________________________________|

[1] Date and Time the SOI was Requested in COSMOS
[2] Title of Output Message
[3] Order Number
[4] Order Type
[5] Status of Order
[6] EST (11-16:14) When Service Order was Established into COSMOS
[7] Due Date
[8] Frame Due Date
[9] Segment Group
[10] Main Distributing Frame Work Required
[11] Main Distributing Frame Work Complete
[12] Loop Assignment Center Completed
[13] FACS Y

            >-- The order has downloaded from SOAC to MARCH(MARCH)
     RCP N

[14] Telephone Number
[15] Present State of Telephone Number
[16] Future Status of Telephone Number
[17] Date of Last Activity on Telephone Number
[18] Type of Telephone Number
[19] Line Equipment
[20] Present Status of Line Equipment
[21] Future Status of Phone Line
[22] Date of Last Activity on Line Equipment
[23] Class of Service
[24] USOC
[25] Features
[26] Custom Calling Feature
[27] Line Class Code
[28] Order Type that is Clearing Telephone Number
[29] Status of Order that is Clearing Telephone Number
[30] Due Date
[31] Frame Due Date
[32] Location of Line Equipment on Frame
[33] Cable and Pair
[34] Present Status of Cable and Pair
[35] Future Status of Cable and Pair
[36] Date of Last Activity on Cable and Pair
[37] Resistance Zone
[38] Order Number Clearing Cable
[39] Location of Cable and Pair on Frame
[40] SOI Complete Message
[41] Wire Center and Prompt Symbol to Indicate Computer is Ready for Another
     Transaction
[42] Primary Independent Carrier is 10288 (AT&T's Ten Triple X Code)


 J. MSR - MARCH Status Report (MARCH)
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 _______________________________________________________________________
|                                                                       |
|  switch name                                                          |
|                                                                       |
|  ==================================================================== |
|                         march status report                           |
|      sw:switch name                    tue oct 30 11:14:48 1992       |
|                       pending work functions                          |
|  ==================================================================== |
|                         past due         due today       future due   |
|  ____________________________________________________________________ |
|  use moi for:             0                0                  0       |
|  reject file              0                1                270       |
|  review file              0                0                  0       |
|  held release status     28               14                 44       |
|  normal release status    0                7                184       |
|  ____________________________________________________________________ |
|  use pac for:             0               15                          |
|  change notices           0                3                          |
|  unknown switch notices   0                0                          |
|  =====================================================================|
|                                                                       |
|  ** msr completed                                                     |
|_______________________________________________________________________|

 _______________________________________________________________________
|                                                                       |
|  switch name                                                          |
|                                                                       |
|                                                                       |
|  ==================================================================== |
|         [1]                                                           |
|          |              march status report                           |
|      sw:switch name             [2]-   tue oct 30 11:14:48 1992       |
|                       pending work functions                          |
|  ==================================================================== |
|                           [3]              [5]             [12]       |
|                            |                |                |        |
|                         past due         due today       future due   |
|  ____________________________________________________________________ |
|                                                                       |
|  use moi for:             0                2 -[6]             0       |
|                                                                       |
|  reject file              0                1 -[7]             0       |
|                                                                       |
|  held release status      5 -[4]           6 -[8]             0       |
|                                                                       |
|  normal release status    0                3 -[9]             3 -[13] |
|  ____________________________________________________________________ |
|                                                                       |
|  use pac for:             0               15  -[10]                   |
|                                                                       |
|  change notices           0                3 -[11]                    |
|                                                                       |
|  unknown switch notices   0                0                          |
|  =====================================================================|
|                                                                       |
|  ** msr completed                                                     |
|_______________________________________________________________________|

[1] Office MSR request in (switch name/address)
[2] Date and time of request
[3] Past due service order column
[4] Past due service order on hold
[5] Due today service order column
[6] Order due today in the reject file
[7] Orders due today in review file
[8] Orders due today on hold
[9] Orders due today with a normal release status
[10] PAC service orders which have been changed
[11] PAC switch advisory notices encountered today
[12] Future due service order column
[13] Order due in the future with a normal release status


 K. Other Notes
 ~~~~~~~~~~~~~~
     LCC or Line Class Code is, in short, what kind of line the Bell customer
may have.  They are the phone line type ID.  These IDs are used by the SCC
(Switching Control Center) and the switches as an ID to what type of billing
you have.  Here is a list of some common LCCs that a standard BOC uses.
Note:  This is not in stone.  These may change from area to area.

1FR  - One Flat Rate
1MR  - One Measured Rate
1PC  - One Pay Phone
CDF  - DTF Coin
PBX  - Private Branch Exchange (Direct Inward Dialing ext.)
CFD  - Coinless ANI7 Charge-a-Call
INW  - InWATS
OWT  - OutWATS
PBM  - 0 HO/MO MSG REG (No ANI)
PMB  - LTG = 1 HO/MO Regular ANI6


 L. Recommended Reading
 ~~~~~~~~~~~~~~~~~~~~~~
Agent Steal's file in LODTJ #4
Acronyms 1988 [from Metal Shop Private BBS] (Phrack 20, File 11)
Lifting Ma Bell's Cloak Of Secrecy by VaxCat (Phrack 24, File 9)


--------------------------------------------------------------------------------


                                ==Phrack Inc.==

                     Volume Four, Issue Forty, File 8 of 14

                       _________________________________
                     ||                                 ||
                     ||            BT Tymnet            ||
                     ||         British Telecom         ||
                     ||                                 ||
                     ||           Part 1 of 3           ||
                     ||                                 ||
                     ||    Presented by Toucan Jones    ||
                     ||                                 ||
                     ||          August 1, 1992         ||
                     ||_________________________________||


  "We played an instrumental role in first recognizing that they were there."

                 "If you mess with our network and we catch you
                 -- which we always do -- you will go down."

        -- John Guinasso, director of global network security for Tymnet parent
           BT North America in Information Week (July 13, 1992, Page 15).

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

                               Welcome to Tymnet!


PART 1
 A. BT Tymnet Access Location Index
 B. BT-GNS Access Within Regional Bell Operating Companies
  1. Bell Atlantic
  2. BellSouth
  3. Pacific Bell
  4. Southwestern Bell
  5. Southern New England Telephone
 C. Database or Timesharing Companies on Tymnet
 D. Service Classifications For Database or Timesharing Companies Using Tymnet
 E. Summary of Global Network Services By Country
 F. Terminal Identifiers
 G. Login Options

PART 2
 H. BT-GNS Worldwide Asynchronus Outdial Service

PART 3
 I. BT-GNS Worldwide Access Sorted By Node

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 A. BT Tymnet Access Location Index
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Country               Abbrev.      Country               Abbrev.
     ---------------       -------      ---------------       -------
      ANTIGUA                ATG         HONG KONG              HKG 
      ARGENTINA              ARG         ISREAL                 ISR 
      AUSTRALIA              AUS         ITALY                  ITA 
      AUSTRIA                AUT         JAMAICA                JAM 
      BAHAMAS                BHS         JAPAN                  JPN 
      BAHRAIN                BHR         KOREA                  KOR 
      BARBADOS               BRB         NETHERLANDS            NLD 
      BELGIUM                BEL         NORTHERN MARIANAS      SAP 
      BERMUDA                BMU         PANAMA                 PAN 
      CANADA                 CAN         PERU                   PER 
      CAYMAN ISLANDS         CAY         PHILIPPINES            PHL 
      COLUMBIA               COL         PURERTO RICO           PRI 
      DENMARK                DNK         SWEDEN                 SWE 
      DOMINICAN RPUBLIC      DOM         SWITZERLAND            CHE 
      EGYPT                  EGY         TRINIDAD AND TOBAGO    TTO 
      FRANCE                 FRA         UNITED KINGDOM         GBR 
      GREECE                 CRC         URUGUAY                URY 
      GUAM                   GUM         USA                    USA 
      GUATEMALA              GTM         VIRGIN ISLANDS         VIR 
      HONDURAS               HND         WEST GERMANY           DDR 

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 B. BT-GNS Access Within Regional Bell Operating Companies
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
TYMNET has gateways into many of the Regional Bell Operating Companies' packet
networks.  For specifics on how to access these networks, please refer to the
information listed at the end of this listing.

                                         DIALUP ACCESS            M
                          PROV             100's bps              N
NODE  CITY                 ST CNTRY DENS  3 12 24 96 ACCESS NO.   P COMMENTS
----- -------------------- -- ----- ----  ---------- ------------ - --------
02275 Birmingham           AL  USA  MED   B B  C     205/822-8629 N @PLSK
03306 Berkeley             CA  USA  MED   B B        510/548-2121 N @PPS
03306 Berkeley             CA  USA  MED        C     510/548-5743 N @PPS
06272 El Segundo           CA  USA  MED   B B        310/640-8548 N @PPS
06272 El Segundo           CA  USA  MED        C     310/640-0350 N @PPS
06272 Fullerton            CA  USA  MED   B B        714-441-2777 N @PPS
06272 Fullerton            CA  USA  MED        C     714/441-1839 N @PPS
06272 Inglewood            CA  USA  MED   B B        310/216-7667 N @PPS
06272 Inglewood            CA  USA  MED        C     310/216-4469 N @PPS
06272 Los Angeles          CA  USA  MED   B B        213/480-1677 N @PPS
06272 Los Angeles-Downtn.  CA  USA  MED   B B        213/687-3727 N @PPS
03306 Mountain View        CA  USA  MED   B B        415/960-3363 N @PPS
03306 Mountain View        CA  USA  MED        C     415/961-2102 N @PPS
03306 Oakland              CA  USA  MED   B B  C     510/893-9889 N @PPS
03306 Palo Alto            CA  USA  MED   B B        415/325-4666 N @PPS
03306 Palo Alto            CA  USA  MED        C     415/323-2019 N @PPS
06272 Pasadena             CA  USA  MED   B B        818-356-0780 N @PPS
06272 Pasadena             CA  USA  MED        C     818/356-0487 N @PPS
03306 San Francisco        CA  USA  MED   B B        415/362-2280 N @PPS
03306 San Francisco        CA  USA  MED   B B  C     415/543-8275 N @PPS
03306 San Francisco        CA  USA  MED   B B        415/626-5380 N @PPS
03306 San Francisco        CA  USA  MED   B B  C     415/626-7477 N @PPS
03306 San Francisco        CA  USA  MED        C     415/362-7579 N @PPS
03306 San Jose             CA  USA  MED   B B        408-920-0888 N @PPS
03306 San Jose             CA  USA  MED        C     408/298-0584 N @PPS
06272 Santa Ana            CA  USA  MED   B B        714-972-9844 N @PPS
06272 Santa Ana            CA  USA  MED        C     714/972-2314 N @PPS
06272 Van Nuys             CA  USA  MED   B B        818-780-1066 N @PPS
06272 Van Nuys             CA  USA  MED        C     818/780-5468 N @PPS
02727 Bridgeport           CT  USA  MED   B B  C     203/366-6972 N @CONNNET
02727 Bristol              CT  USA  MED   B B  C     203/589-5100 N @CONNNET
02727 Canaan               CT  USA  MED   B B  C     203/824-5103 N @CONNNET
02727 Clinton              CT  USA  MED   B B  C     203/669-4243 N @CONNNET
02727 Danbury              CT  USA  MED   B B  C     203/743-2906 N @CONNNET
02727 Danielson            CT  USA  MED   B B  C     203/779-1880 N @CONNNET
02727 Hartford/Middletown  CT  USA  MED   B B  C     203/724-6219 N @CONNNET
02727 Meriden              CT  USA  MED   B B  C     203/237-3460 N @CONNNET
02727 New Haven            CT  USA  MED   B B  C     203/776-1142 N @CONNNET
02727 New London           CT  USA  MED   B B  C     203/443-0884 N @CONNNET
02727 New Milford          CT  USA  MED   B B  C     203/355-0764 N @CONNNET
02727 Norwalk              CT  USA  MED   B B  C     203/866-5305 N @CONNNET
02727 Norwich/New London   CT  USA  MED   B B  C     203/443-0884 N @CONNNET
02727 Old Greddwich        CT  USA  MED   B B  C     203/637-8872 N @CONNNET
02727 Old Saybrook         CT  USA  MED   B B  C     203/388-0778 N @CONNNET
02727 Seymour              CT  USA  MED   B B  C     203/881-1455 N @CONNNET
02727 Stamford             CT  USA  MED   B B  C     203/324-9701 N @CONNNET
02727 Storrs               CT  USA  MED   B B  C     203/429-4243 N @CONNNET
02727 Stratford/Bridgeport CT  USA  MED   B B  C     203/366-6972 N @CONNNET
02727 Torrington           CT  USA  MED   B B  C     203/482-9849 N @CONNNET
02727 Waterbury            CT  USA  MED   B B  C     203/597-0064 N @CONNNET
02727 Willimantic          CT  USA  MED   B B  C     203/456-4552 N @CONNNET
02727 Windsor              CT  USA  MED   B B  C     203/688-9330 N @CONNNET
02727 Windsor Lcks/Enfield CT  USA  MED   B B  C     203/623-9804 N @CONNNET
06254 Washington           DC  USA  MED   B B        202/328-0619 N @PDN
06254 Washington           DC  USA  MED   B B        202/479-7214 N @PDN
06254 Washington           DC  USA  MED   B B        202/546-5549 N @PDN
06254 Washington (Downtown DC  USA  MED   B B        202/393-6003 N @PDN
06254 Washington (Midtown) DC  USA  MED   B B        202/293-4641 N @PDN
03526 Dover                DE  USA  MED   B B  C     410/734-9465 N @PDN
03526 Georgetown           DE  USA  MED   B B  C     302/856-7055 N @PDN
03526 Newark               DE  USA  MED   B B  C     302/366-0800 N @PDN
03526 Wilmington           DE  USA  MED        C     302/655-1144 N @PDN
03526 Wilmington           DE  USA  MED   B B        302/428-0030 N @PDN
04125 Boca Raton           FL  USA  MED   B B        407/392-4801 N @PLSK
04125 Ft. Pierce           FL  USA  MED   B B        407/461-0996 N @PLSK
07064 Jacksonville         FL  USA  MED   B B  C     904/354-1032 N @PLSK
04125 Miami                FL  USA  MED   B B  C     305/661-0437 N @PLSK
04125 Plantation           FL  USA  MED   B B  C     305/791-5663 N @PLSK
07064 St. Augustine        FL  USA  MED   B B        904/825-1101 N @PLSK
04125 Stuart               FL  USA  MED   B B        407/288-0185 N @PLSK
04125 W. Hollywood         FL  USA  MED   B B        305/962-8226 N @PLSK
04125 W. Palm Beach        FL  USA  MED   B B  C     407/842-8990 N @PLSK
10200 Athens               GA  USA  MED   B B  C     404/613-1289 N @PLSK
10200 Atlanta              GA  USA  MED   B B        404/261-4633 N @PLSK
10200 Atlanta              GA  USA  MED   B B  C     404/266-9403 N @PLSK
10200 Columbus             GA  USA  MED   B B        404/324-5771 N @PLSK
10200 Rome                 GA  USA  MED   B B        404/234/6542 N @PLSK
05443 Hays                 KS  USA  MED   B B        913/625-8100 N @MRLK
05443 Hutchinson           KS  USA  MED   B B        316/669-1052 N @MRLK
05443 Kansas City          KS  USA  MED   B B        316/225-9951 N @MRLK
05443 Lawrence             KS  USA  MED   B B        913/841-5580 N @MRLK
05443 Manhattan            KS  USA  MED   B B        913/539-9291 N @MRLK
05443 Parsons              KS  USA  MED   B B        316/421-0620 N @MRLK
05443 Salina               KS  USA  MED   B B        913/825-4547 N @MRLK
05443 Topeka               KS  USA  MED   B B        913/235-1909 N @MRLK
05443 Wichita              KS  USA  MED   B B        316/269-1996 N @MRLK
06254 Bethesda             MD  USA  MED   B B        301/986-9942 N @PDN
06254 Colesville           MD  USA  MED   B B  C     301/989-9324 N @PDN
06254 Hyattsville          MD  USA  MED   B B        301/779-9935 N @PDN
06254 Laurel               MD  USA  MED   B B  C     301/490-9971 N @PDN
06254 Rockville            MD  USA  MED   B B        301/340-9903 N @PDN
06254 Silver Spring        MD  USA  MED   B B        301/495-9911 N @PDN
04766 Bridgeton/St. Louis  MO  USA  MED   B B        314/622-0900 N @MRLK
04766 St. Louis            MO  USA  MED   B B        314/622-0900 N @MRLK
11060 Chapel Hill          NC  USA  MED   B B        919/933-2580 N @PLSK
11060 Durham               NC  USA  MED   B B        919/687-0181 N @PLSK
11060 Raleigh              NC  USA  MED   B B  C     919/664-8077 N @PLSK
07771 Bernardsville        NJ  USA  MED   B B  C     908/766-7138 N @PDN
07771 Clinton              NJ  USA  MED   B B        908/730-8693 N @PDN
07771 Dover                NJ  USA  MED   B B  C     201/361-9211 N @PDN
07771 Eatontown/Red Bank   NJ  USA  MED   B B  C     908/758-8000 N @PDN
07771 Elizabeth            NJ  USA  MED   B B  C     908/289-5100 N @PDN
07771 Englewood            NJ  USA  MED   B B  C     201/871-3000 N @PDN
07771 Freehold             NJ  USA  MED   B B  C     908/780-8890 N @PDN
07771 Hackensack           NJ  USA  MED   B B  C     201/343-9200 N @PDN
07771 Jersey City          NJ  USA  MED   B B  C     201/659-3800 N @PDN
07771 Livingston           NJ  USA  MED   B B  C     201/533-0561 N @PDN
07771 Long Branch/Red Bank NJ  USA  MED   B B  C     908/758-8000 N @PDN
07771 Madison              NJ  USA  MED   B B  C     201/593-0004 N @PDN
07771 Metuchen             NJ  USA  MED   B B  C     908/906-9500 N @PDN
07771 Middletown           NJ  USA  MED   B B  C     908/957-9000 N @PDN
07771 Morristown           NJ  USA  MED   B B  C     201/455-0437 N @PDN
07771 New Boundland        NJ  USA  MED   B B  C     201/697-9380 N @PDN
07771 New Brunswick        NJ  USA  MED   B B  C     908/247-2700 N @PDN
07771 Newark               NJ  USA  MED   B B  C     201/623-0083 N @PDN
07771 Passaic              NJ  USA  MED   B B  C     201/473-6200 N @PDN
07771 Paterson             NJ  USA  MED   B B  C     201/345-7700 N @PDN
07771 Phillipsburg         NJ  USA  MED   B B  C     908/454-9270 N @PDN
07771 Pompton Lakes        NJ  USA  MED   B B  C     201/835-8400 N @PDN
07771 Red Bank             NJ  USA  MED   B B  C     908/758-8000 N @PDN
07771 Ridgewood            NJ  USA  MED   B B  C     201/445-4800 N @PDN
07771 Somerville           NJ  USA  MED   B B  C     908/218-1200 N @PDN
07771 South River          NJ  USA  MED   B B  C     908/390-9100 N @PDN
07771 Spring Lake          NJ  USA  MED   B B  C     908/974-0850 N @PDN
07771 Toms River           NJ  USA  MED   B B  C     908/286-3800 N @PDN
07771 Washington           NJ  USA  MED   B B  C     908/689-6894 N @PDN
07771 Wayne/Paterson       NJ  USA  MED   B B  C     201/345-7700 N @PDN
06510 Ada                  OK  USA  MED   B B        405/436-0252 N @MRLK
06510 Altus                OK  USA  MED   B B        405/477-0321 N @MRLK
06510 Alva                 OK  USA  MED   B B        405/327-1441 N @MRLK
06510 Ardmore              OK  USA  MED   B B        405/223-8086 N @MRLK
      Bartlesville         OK  USA  MED   B B        918/336-6901 N @MRLK
06510 Clinton              OK  USA  MED   B B        405/323-8102 N @MRLK
06510 Durant               OK  USA  MED   B B        405/924-2680 N @MRLK
06510 Enid                 OK  USA  MED   B B        405/242-8221 N @MRLK
06510 Lawton               OK  USA  MED   B B        405/248-8772 N @MRLK
      Mcalester            OK  USA  MED   B B        918/426-0900 N @MRLK
      Miami                OK  USA  MED   B B        918/540-1551 N @MRLK
      Muskogee             OK  USA  MED   B B        918/683-1114 N @MRLK
06510 Oklahoma City        OK  USA  MED   B B        405/236-0660 N @MRLK
06510 Ponca City           OK  USA  MED   B B        405/762-9926 N @MRLK
      Sallisaw             OK  USA  MED   B B        918/775-7713 N @MRLK
06510 Shawnee              OK  USA  MED   B B        405/273-0053 N @MRLK
06510 Stillwater           OK  USA  MED   B B        405/377-5500 N @MRLK
      Tulsa                OK  USA  MED   B B        918/583-6606 N @MRLK
06510 Woodward             OK  USA  MED   B B        405/256-9947 N @MRLK
03526 Allentown            PA  USA  MED   B B        215/435-0266 N @PDN
      Altoona              PA  USA  MED        C     814/949-0505 N @PDN
      Altoona              PA  USA  MED   B B        814/946-8639 N @PDN
03526 Ambler               PA  USA  MED   B B        215/283-2170 N @PDN
10672 Ambridge             PA  USA  MED   B B        412/266-9610 N @PDN
10672 Carnegie             PA  USA  MED   B B        412/276-1882 N @PDN
10672 Charleroi            PA  USA  MED   B B        412/483-9100 N @PDN
03526 Chester Heights      PA  USA  MED   B B        215/358-0820 N @PDN
03526 Coatesville          PA  USA  MED   B B        215/383-7212 N @PDN
10672 Connellsville        PA  USA  MED   B B        412/628-7560 N @PDN
03526 Downington/Coates.   PA  USA  MED   B B        215/383-7212 N @PDN
03562 Doylestown           PA  USA  MED   B B        215/340-0052 N @PDN
03562 Germantown           PA  USA  MED   B B        215-843-4075 N @PDN
10672 Glenshaw             PA  USA  MED   B B        412/487-6868 N @PDN
10672 Greensburg           PA  USA  MED   B B        412/836-7840 N @PDN
      Harrisburg           PA  USA  MED        C     717/238-0450 N @PDN
      Harrisburg           PA  USA  MED   B B        717/236-3274 N @PDN
10672 Indiana              PA  USA  MED   B B        412/465-7210 N @PDN
03526 King of Prussia      PA  USA  MED   B B        215/270-2970 N @PDN
03526 Kirklyn              PA  USA  MED   B B        215/789-5650 N @PDN
03526 Lansdowne            PA  USA  MED   B B        215/626-9001 N @PDN
10672 Latrobe              PA  USA  MED   B B        412/537-0340 N @PDN
      Lemoyne/Harrisburg   PA  USA  MED   B B        717/236-3274 N @PDN
10672 McKeesport           PA  USA  MED   B B        412/673-6200 N @PDN
10672 New Castle           PA  USA  MED   B B        412/658-5982 N @PDN
10672 New Kensington       PA  USA  MED   B B        412/337-0510 N @PDN
03526 Norristown           PA  USA  MED   B B        215/270-2970 N @PDN
03526 Paoli                PA  USA  MED   B B        215/648-0010 N @PDN
      Philadelphia         PA  USA  MED        C     215/625-0770 N @PDN
      Philadelphia         PA  USA  MED   B B        215/923-7792 N @PDN
10672 Pittsburgh           PA  USA  MED        C     412/261-9732 N @PDN
10672 Pittsburgh           PA  USA  MED   B B        412-687-4131 N @PDN
10672 Pittsburgh           PA  USA  MED   B B        412/281-8950 N @PDN
10672 Pottstown            PA  USA  MED   B B        215/327-8032 N @PDN
03526 Quakertown           PA  USA  MED   B B        215/538-7032 N @PDN
03526 Reading              PA  USA  MED   B B        215/375-7570 N @PDN
10672 Rochester            PA  USA  MED   B B        412/728-9770 N @PDN
03526 Scranton             PA  USA  MED        C     717/341-1860 N @PDN
03526 Scranton             PA  USA  MED   B B        717/348-1123 N @PDN
10672 Sharon               PA  USA  MED   B B        412/342-1681 N @PDN
03526 Tullytown            PA  USA  MED   B B        215/547-3300 N @PDN
10672 Uniontown            PA  USA  MED   B B        412/437-5640 N @PDN
03562 Valley Forge         PA  USA  MED   B B        215/270-2970 N @PDN
10672 Washington           PA  USA  MED   B B        412/223-9090 N @PDN
03526 Wayne                PA  USA  MED   B B        215/341-9605 N @PDN
10672 Wilkinsburg          PA  USA  MED   B B        412/241-1006 N @PDN
06254 Alexandria           VA  USA  MED   B B        703/683-6710 N @PDN
06254 Arlington            VA  USA  MED   B B        703/524-8961 N @PDN
06254 Mclean               VA  USA  MED   B B        703/848-2941 N @PDN

B=BELL 103/113 (300 bps) or BELL 212A (1200 bps) compatible modems
C=CCITT V.21(300 bps) or CCITT V.22 bis(2400 bps) or CCITT V.32 compatible
  modems.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 B1. Bell Atlantic
     ~~~~~~~~~~~~~
@PDN BELL ATLANTIC - NETWORK NAME IS PUBLIC DATA NETWORK (PDN)

       (CONNECT MESSAGE)
       ...<CR>            (SYNCHRONIZES DATA SPEEDS)

       WELCOME TO THE BPA/DST PDN

       *.T <CR>           (TYMNET ADDRESS)


       131069             (ADDRESS CONFIRMATION - TYMNET DNIC)
       COM                (CONFIRMATION OF CALL SET-UP)

       -GWY 0XXXX- TYMNET: PLEASE LOG IN:  (HOST # WITHIN DASHES)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 B2. BellSouth
     ~~~~~~~~~
@PLSK  BELLSOUTH - NETWORK NAME IS PULSELINK

       (CONNECT MESSAGE)

       ... <CR>           (SYNCHRONIZES DATA SPEEDS)
                          (DOES NOT ECHO TO THE TERMINAL)
       CONNECTED
       PULSELINK

       13106              (TYMNET ADDRESS)
                          (DOES NOT ECHO TO THE TERMINAL)

       PULSELINK: CALL CONNECTED TO 1 3106

       -GWY 0XXXX- TYMNET: PLEASE LOG IN:  (HOST # WITHIN DASHES)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 B3. Pacific Bell
     ~~~~~~~~~~~~
@PPS   PACIFIC BELL - NETWORK NAME IS PUBLIC PACKET SWITCHING (PPS)

       (CONNECT MESSAGE)

       ...<CR             (SYNCHRONIZES DATA SPEEDS)>
                          (DOES NOT ECHO TO THE TERMINAL)

       ONLINE 1200
       WELCOME TO PPS:  415-XXX-XXXX
       131069             (TYMNET ADDRESS)
                          (DOES NOT ECHO UNTIL TYMNET RESPONDS)

       -GWY 0XXXX- TYMNET: PLEASE LOG IN:  (HOST # WITHIN DASHES)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 B4. Southwestern Bell
     ~~~~~~~~~~~~~~~~~
@MRLK - SOUTHWESTERN BELL TELEPHONE- NETWORK NAME IS MICROLINK II(R)

       (CONNECT MESSAGE)
       (PLEASE TYPE YOUR TERMINAL IDENTIFIER)

       A                  (YOUR TERMINAL IDENTIFIER)

       WELCOME TO MICROLINK II
       -XXXX:01-030-
       PLEASE LOG IN:
       .T <CR>            (USERNAME TO ACCESS TYMNET)


       HOST: CALL CONNECTED

       -GWY 0XXXX- TYMNET: PLEASE LOG IN:

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 B5. Southern New England Telephone
     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@CONNNET - SOUTHERN NEW ENGLAND TELEPHONE - NETWORK NAME IN CONNNET

       (CONNECT MESSAGE)

       HH<CR>                 (SYNCHRONIZES DATA SPEEDS)
                              (DOES NOT ECHO TO THE TERMINAL)
       CONNNET

       .T<CR>                 (MUST BE CAPITAL LETTERS)

       26-SEP-88   18:33      (DATA)
       031069                 (ADDRESS CONFIRMATION)
       COM                    (CONFIRMATION OF CALL SET-UP)

       -GWY OXXXX-TYMNET: PLEASE LOG IN:

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 C. Database or Timesharing Companies on Tymnet
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
APCUG "GLOBALNET" BBS
Bloodstock Research Information
BRS Information Technologies
BT, North America (Dialcom)
Cartermill, Inc.
Charles Schwab and Company, Inc.
Chemical Abstracts Services (CAS)
Commercial SABRE
Commodity Systems, Inc.
CompuServe, Inc.
Compusource
Computer Intelligence
Connect, Inc.
Creative Automation Co.
Delphi
Dialog Information Services, Inc.
Digital Equipment Corp.
Diversified Network Applications, Inc.
Dow Jones & Company, Inc.
Dun and Bradstreet
Electronic Data Systems Corp.
Export Network, Inc.
Gibson Information Systems (GIS)
Global Interconnect Communications, Inc.
Idioma Translation
Interactive Data Corp.
Jeppesen DataPlan
Mead Data Central
Metro On-Line Services, Ltd.
National Library of Medicine (NLM)
NewsNet, Inc.
Nikkei Telecom Japan
Nuclear Power Experience
OCR Services, Inc.
Official Airline Guide (OAG)
ORBIT Search Service
Power Computing Company
Rand McNally - TDM, Inc.
Real Estate Investment Network
SeniorNet
Southeast Regional Data Center (SERDAC)
SPEED>S Corporation
The Jockey Club Information Systems
TRW Business Credit Division
TRW Information Services
USA TODAY Sports Center
West Publishing Company (WEST)
Xerox Computer Services (XCS)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 D. Service Classifications For Database or Timesharing Companies Using Tymnet
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
MAJOR CATEGORIES:

           Business                          Investments
           Communications                    Legal
           Computers                         Livestock
           Economics                         Marketing
           Education                         Medicine
           Electronic Mail                   Natural Resources
           Environment                       Real Estate
           Finance                           Safety
           Games                             Science
           General Interest                  Sports
           Government                        Trade
           Health Care                       Transportation
           Insurance                         Travel
           International


OTHER CATEGORIES

           Accounting                        Law
           Airlines                          Management
           Asia                              Manufacturing
           Aviation                          Market Analysis
           Batch (Processing)                Mines
           Car                               Network
           Chats                             News
           Chemistry                         Nuclear Power
           Commodities                       Outsourcing
           Computing                         Patents
           Conferences                       PC
           Corporate                         Racing
           Credit (Business or Consumer)     Records
           Data (Processing)                 Registration
           Direct Marketing                  Research
           Disaster Recovery                 Reservations
           DMV                               RJE
           Electric Power                    Route Planning
           Engineering                       Schedules
           Export                            SEC
           Fax Services                      Securities
           Fictitious Names                  Software
           Flight Plans                      Tax
           Hotel                             Timesharing
           Horses                            Translation
           Information                       UCC
           Instruction                       User Group
           IRS (Internal Revenue Service)    Vendors
           Japan                             Weather
           Languages


BT TYMNET's Global Network Service (GNS) combines three level of international
services:

    1.  BT TYMNET GLOBAL NETWORK CONNECTION SERVICE
    2.  ENHANCED GLOBAL CONNECTION SERVICE
    3.  BASIC GLOBAL CONNECTION SERVICE

BT TYMNET GLOBAL NETWORK CONNECTION SERVICE (TGN) is currently offered in the
following countries:

        Australia       Netherlands
        Belgium         New Zealand
        Canada          Spain
        Denmark         Sweden
        France          Switzerland
        Germany         United Kingdom
        Italy           United States
        Japan  

BT TYMNET GLOBAL NETWORK CONNECTION SERVICE are BT TYMNET owned and operated
sites and equipment.  Global, Regional and local support is provided end-to-end
by BT TYMNET's trained and experienced technical staff, in place worldwide
since 1977.  Round the clock coverage for trouble reporting and response on
critical problems is provided.  BT TYMNET Global Network Service enhanced
pricing, local currency billing and end-user billing is available.


ENHANCED GLOBAL CONNECTION SERVICE (EGC) complement the service described above
and is currently available from the following locations:

        Alaska (USA)*               Israel
        Antigua                     Italy
        Argentina                   Jamaica
        Australia                   Korea
        Austria                     Netherland Antilles
        Bahama                      Panama
        Bahrain                     Peru
        Barbados                    Philippines
        Belgium                     Puerto Rico*
        Bermuda                     Saudi Arabia
        Cayman Islands              Sweden
        Denmark                     Switzerland
        Dominican Republic          Tortola
        France                      Trinidad and Tobago
        Germany                     United Kingdom
        Guam*                       US Virgin Islands
        Guatemala
        Honduras
        Hong Kong

    *  USA Domestic services and rates apply


ENHANCED GLOBAL CONNECTION SERVICE is offered by a local Telecommunication
Administration equipped with BT TYMNET technology.  In many instances the
administration is using BT TYMNET's Network Supervisors to operate the packet
service in their area.

All ENHANCED GLOBAL CONNECTION SERVICE locations offer direct TYM2 (TYMNET's
proprietary) protocol connection to the BT TYMNET Public Network and thus may
offer BT TYMNET's comprehensive array of enhanced protocol services.  Most
currently offer BT TYMNET asynchronous access and X.25 service.  Naturally, a
close affinity exists between BT TYMNET and ENHANCED GLOBAL CONNECTION SERVICE
providers so a very high degree of service and support exists in these
locations.  TYMUSA, a universal dial-up service which is billed back to the
customer's home office, is offered from all the above locations.

BASIC GLOBAL CONNECTION SERVICE (BGC) completes the full range of international
connectivity and is currently available from the following locations:

    Antigua             Greenland*          Panama
    Argentina           Gudaelope*          Peru
    Australia           Guam & Saipan       Philippines
    Austria             Guatemala           Portugal
    Bahamas             Honduras            Puerto Rico
    Bahrain             Hong Kong           Qatar
    Barbados            Hungary             Reunion Island
    Belgium             Iceland             Saudi Arabia
    Bermuda             India               San Marino*
    Brazil              Indonesia           Senegal*
    Canada              Ireland             Singapore
    Cayman Islands      Israel              South Africa
    Chile               Italy               South Korea
    China               Ivory Coast         Spain
    Colombia            Jamaica             Sweden
    CostaRica           Japan               Switzerland
    Curacao             Kuwait              Taiwan
    Cyprus*             Luxembourg          Thailand
    Denmark             Macau*              Tortola (BVI)*
    Djibouti*           Malaysia            Trinidad & Tobago
    Dominican Republic  Malta*              Tunisia*
    Egypt               Mauritius*          Turkey
    Faroe Islands*      Mexico              UAE
    Finland             Mozambique*         US Virgin Islands
    France              Nth. Antilles*      USSR
    French Antilles     Netherlands         United Kingdom
    French Guiana       New Caledonia*      United States
    French Polynesia*   New Zealand         Uruguay
    Gabon               Northern Marianas   Vanuatu*
    Gambia              Norway              Yugoslavia*
    Germany                                 Zimbabwe
    Greece

    * Information will be available on the next update

BASIC GLOBAL CONNECTION SERVICE providers connect their networks to BT TYMNET
exclusively via X.75 protocol gateways.  The CCITT recommendation X.75 is
closely related to the better known CCITT X.25 recommendation and provides a
reliable communication channel for interworking between Public Data Networks.

As a supplier of network technology to US IRC's and foreign carriers for more
than 10 years, BT TYMNET has a wealth of experience with the X.75 standard and
actively participates in its development.  BT TYMNET X.75 software has evolved
into a sophisticated product providing numerous advanced features not found in
other X.75 implementations.  BT TYMNET maintains and supports more X.75 gateway
links than any other network in the world.

All of BT TYMNET's X.75 gateways are supported by BT TYMNET's International
Network Services (INS) group which ensures that all the gateways are configured
to provide a uniform  interface to BT TYMNET regardless of the origination
network.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 E. Summary of Global Network Services By Country
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Note:  TYMNET GLOBAL NETWORK (TGN) use BT TYMNET's assigned DNIC of 3106.  The
       other DNICs listed in the table below are the DNICs of the ENHANCED
       GLOBAL CONNECTION (EGC) and BASIC GLOBAL CONNECTION (BGC) service
       providers.

COUNTRY        |   TGN  || DNIC/Network    >>    EGC   |   BGC  |
---------------|--------||----------------->>----------|--------|
Alaska         |        || 3135/Alascom    >>     X    |        |
---------------|--------||----------------->>----------|--------|
Antigua        |        || 3443/Aganet     >>     X    |        |
---------------|--------||----------------->>----------|--------|
Argentina      |        || 7220/ARPAC      >>     X    |        |
---------------|--------||----------------->>----------|--------|
Argentina      |        || 7222/ARPAC      >>          |   X    |
---------------|--------||----------------->>----------|--------|
Australia      |   X    || BT TYMNET       >>          |        |
---------------|--------||----------------->>----------|--------|
Australia      |        || 5052/AUSPAC     >>          |   X    |
---------------|--------||----------------->>----------|--------|
Australia      |        || 5053/MIDAS      >>          |   X    |
---------------|--------||----------------->>----------|--------|
Austria        |        || 2322/DATEX-P    >>          |   X    |
---------------|--------||----------------->>----------|--------|
Austria        |        || 2329/RADIO AUST >>     X    |        |
---------------|--------||----------------->>----------|--------|
Bahamas        |        || 3640/BaTelCo    >>     X    |        |
---------------|--------||----------------->>----------|--------|
Bahrain        |        || 4263/BAHNET     >>     X    |        |
---------------|--------||----------------->>----------|--------|
Barbados       |        || 3423/IDAS       >>     X    |        |
---------------|--------||----------------->>----------|--------|
Belgium        |   X    || BT TYMNET       >>          |        |
---------------|--------||----------------->>----------|--------|
Belgium        |        || 2062/DCS        >>          |   X    |
---------------|--------||----------------->>----------|--------|
Belgium        |        || 206/DCS         >>          |   X    |
---------------|--------||----------------->>----------|--------|
Belgium        |        || 2069/DCS        >>          |   X    |
---------------|--------||----------------->>----------|--------|
Bermuda        |        || 3503/Bermudanet >>     X    |        |
---------------|--------||----------------->>----------|--------|
Brazil         |        || 7240/Interdata  >>          |   X    |
---------------|--------||----------------->>----------|--------|
Brazil         |        || 7241/Renpac     >>          |   X    |
---------------|--------||----------------->>----------|--------|
Cameroun       |        || 6261/Campac     >>          |   X    |
---------------|--------||----------------->>----------|--------|
Canada         |   X    || BT TYMNET       >>          |        |
---------------|--------||----------------->>----------|--------|
Canada         |        || 3020/Datapac    >>          |   X    |
---------------|--------||----------------->>----------|--------|
Canada         |        || 3025/Globedat   >>          |   X    |
---------------|--------||----------------->>----------|--------|
Canada         |        || 3028/CNCP-PACKET>>          |        |
               |        ||      Network    >>          |   X    |
---------------|--------||----------------->>----------|--------|
Canada         |        || 3029/CNCP-INFO  >>          |        |
               |        ||      SWITCH     >>          |   X    |
---------------|--------||----------------->>----------|--------|
Cayman Islands |        || 3463/IDAS       >>     X    |        |
---------------|--------||----------------->>----------|--------|
Chile          |        || 3104/Entel      >>          |   X    |
---------------|--------||----------------->>----------|--------|
Chile          |        || 7302/Entel      >>          |   X    |
---------------|--------||----------------->>----------|--------|
Chile          |        || 7303/Chile-PAC  >>          |   X    |
---------------|--------||----------------->>----------|--------|
Chile          |        || 7305/VTR        >>          |   X    |
---------------|--------||----------------->>----------|--------|
China          |        || 4600/PTELCOM    >>          |   X    |
---------------|--------||----------------->>----------|--------|
China          |        || 4602/CHINAPAK   >>          |   X    |
---------------|--------||----------------->>----------|--------|
Columbia       |        || 7320/DAPAQ      >>          |   X    |
---------------|--------||----------------->>----------|--------|
Columbia       |        || 7322/COLDAPAQ   >>          |   X    |
---------------|--------||----------------->>----------|--------|
Costa Rica     |        || 7122/RACSAPAC   >>          |   X    |
---------------|--------||----------------->>----------|--------|
Costa Rica     |        || 7129/RACSAPAC   >>          |   X    |
---------------|--------||----------------->>----------|--------|
Cyprus         |        || 2802/Cytapac    >>          |   X    |
---------------|--------||----------------->>----------|--------|
Cyprus         |        || 2803/Cytapac    >>          |   X    |
---------------|--------||----------------->>----------|--------|
Cyprus         |        || 2808/Cytapac    >>          |   X    |
---------------|--------||----------------->>----------|--------|
Cyprus         |        || 2809/Cytapac    >>          |   X    |
---------------|--------||----------------->>----------|--------|
Denmark        |   X    || BT TYMNET       >>          |        |
---------------|--------||----------------->>----------|--------|
Denmark        |        || 2382/Datapak    >>          |   X    |
---------------|--------||----------------->>----------|--------|
Denmark        |        || 2383/Datapak    >>          |   X    |
---------------|--------||----------------->>----------|--------|
Djibouti       |        || 6328/Djipac     >>          |   X    |
---------------|--------||----------------->>----------|--------|
Dominican Rep  |        || 3700/UDTS-I     >>     X    |        |
---------------|--------||----------------->>----------|--------|
Egypt          |        || 6020/ARENTO     >>          |   X    |
---------------|--------||----------------->>----------|--------|
Egypt          |        || 6023/EGYPTNET   >>          |   X    |
---------------|--------||----------------->>----------|--------|
Faroe Islands  |        || 2881/Faroepac   >>          |   X    |
---------------|--------||----------------->>----------|--------|
Finland        |        || 2442/Datapak    >>          |   X    |
---------------|--------||----------------->>----------|--------|
France         |   X    || BT TYMNET       >>          |        |
---------------|--------||----------------->>----------|--------|
France         |        || 2080/Transpac   >>          |   X    |
---------------|--------||----------------->>----------|--------|
France         |        || 2081/NTI        >>          |   X    |
---------------|--------||----------------->>----------|--------|
Fr Antillies   |        || 3400/Dompac     >>          |   X    |
---------------|--------||----------------->>----------|--------|
Fr Guiana      |        || 7420/Dompac     >>          |   X    |
---------------|--------||----------------->>----------|--------|
Fr. Polynesia  |        || 5470/Tompac     >>          |        |
---------------|--------||----------------->>----------|--------|
Gabon          |        || 6282/Gabonpac   >>          |   X    |
---------------|--------||----------------->>----------|--------|
Germany F.R    |   X    || BT TYMNET       >>          |        |
---------------|--------||----------------->>----------|--------|
Germany F.R    |        || 2624/DATEX-P    >>          |   X    |
---------------|--------||----------------->>----------|--------|
Greece         |        || 2022/Helpak     >>          |   X    |
---------------|--------||----------------->>----------|--------|
Greece         |        || 2023/Hellaspac  >>          |   X    |
---------------|--------||----------------->>----------|--------|
Greenland      |        || 2901/KANUPAX    >>          |   X    |
---------------|--------||----------------->>----------|--------|
Guadeloupe     |        || 3441/           >>          |   X    |
---------------|--------||----------------->>----------|--------|
Guam           |        || 5351/PCINET     >>     X    |        |
---------------|--------||----------------->>----------|--------|
Guatemala      |        || 7043/GAUTEL     >>     X    |        |
---------------|--------||----------------->>----------|--------|
Honduras       |        || 7080/HONDUTEL   >>     X    |        |
---------------|--------||----------------->>----------|--------|
Hong Kong      |        || 4542/INTELPAK   >>     X    |        |
---------------|--------||----------------->>----------|--------|
Hong Kong      |        || 4545/DATAPAK    >>          |   X    |
---------------|--------||----------------->>----------|--------|
Hong Kong      |        || 4546/DATAPAC    >>          |   X    |
---------------|--------||----------------->>----------|--------|
Hungary        |        || 2160/NEDEX      >>          |   X    |
---------------|--------||----------------->>----------|--------|
Hungary        |        || 2161/DATEX      >>          |   X    |
---------------|--------||----------------->>----------|--------|
Iceland        |        || 2740/Icepak     >>          |   X    |
---------------|--------||----------------->>----------|--------|
India          |        || 4042/GPSS       >>          |   X    |
---------------|--------||----------------->>----------|--------|
Indonesia      |        || 5101/SKDP       >>          |   X    |
---------------|--------||----------------->>----------|--------|
Ireland        |        || 2724/Eirpac     >>          |   X    |
---------------|--------||----------------->>----------|--------|
Israel         |        || 4251/Isranet    >>          |   X    |
---------------|--------||----------------->>----------|--------|
Italy          |   X    || BT TYMNET       >>          |        |
---------------|--------||----------------->>----------|--------|
Italy          |        || 2222/Darbo-Ital >>          |   X    |
---------------|--------||----------------->>----------|--------|
Italy          |        || 2227/Italcable  >>          |   X    |
---------------|--------||----------------->>----------|--------|
Ivory Coast    |        || 6122/SYTRANPAC  >>          |   X    |
---------------|--------||----------------->>----------|--------|
Jamaica        |        || 3380/Jamintel   >>     X    |        |
---------------|--------||----------------->>----------|--------|
Japan          |        || 4400/Global VAN >>          |   X    |
---------------|--------||----------------->>----------|--------|
Japan          |        || 4404/JAIS       >>          |   X    |
---------------|--------||----------------->>----------|--------|
Japan          |   X    || 4406/NIS-       >>          |        |
               |        || BT TYMNET       >>          |        |
---------------|--------||----------------->>----------|--------|
Japan          |        || 4407/           >>          |   X    |
---------------|--------||----------------->>----------|--------|
Japan          |        || 4401/NTT DDX    >>          |   X    |
---------------|--------||----------------->>----------|--------|
Japan          |        || 4408/Venus-P    >>          |   X    |
---------------|--------||----------------->>----------|--------|
Japan          |        || 4410/NI+CI      >>          |   X    |
---------------|--------||----------------->>----------|--------|
Japan          |        || 4411/K-NET      >>          |   X    |
---------------|--------||----------------->>----------|--------|
Korea Rep      |        || 4501/DACOM-NET  >>          |   X    |
---------------|--------||----------------->>----------|--------|
Kuwait         |        || 4190/           >>          |   X    |
---------------|--------||----------------->>----------|--------|
Kuwait         |        || 4263/KUPAC      >>          |   X    |
---------------|--------||----------------->>----------|--------|
Lebanon        |        || 4155/RADUS      >>          |   X    |
---------------|--------||----------------->>----------|--------|
Luxembourg     |        || 2704/Luxpac-X.25>>          |   X    |
---------------|--------||----------------->>----------|--------|
Luxembourg     |        || 2709/Luxpac-Pad >>          |   X    |
---------------|--------||----------------->>----------|--------|
Macau          |        || 4550/Macoupac   >>          |   X    |
---------------|--------||----------------->>----------|--------|
Madagascar     |        || 6360/           >>          |   X    |
---------------|--------||----------------->>----------|--------|
Malaysia       |        || 5021/Maynet     >>          |   X    |
---------------|--------||----------------->>----------|--------|
Malta          |        || 2782/Maltapac   >>          |   X    |
---------------|--------||----------------->>----------|--------|
Mauritius      |        || 6170/MauriData  >>          |   X    |
---------------|--------||----------------->>----------|--------|
Mauritius      |        || 6171/MauriData  >>          |   X    |
---------------|--------||----------------->>----------|--------|
Mexico         |        || 3340/TELEPAC    >>          |   X    |
---------------|--------||----------------->>----------|--------|
Morocco        |        ||                 >>          |   X    |
---------------|--------||----------------->>----------|--------|
Mozambique     |        || 6435/           >>          |   X    |
---------------|--------||----------------->>----------|--------|
Namibia        |        || 6490/Swanet     >>          |        |
---------------|--------||----------------->>----------|--------|
Niger          |        || 6142/           >>          |        |
---------------|--------||----------------->>----------|--------|
Netherlands    |   X    || BT TYMNET       >>          |        |
---------------|--------||----------------->>----------|--------|
Netherlands    |        || 2041/Datanet-1  >>          |   X    |
---------------|--------||----------------->>----------|--------|
Netherlands    |        || 2044/DABAS      >>          |   X    |
---------------|--------||----------------->>----------|--------|
Netherlands    |        || 2049/Datanet-1  >>          |        |
               |        ||      Memocom    >>          |   X    |
---------------|--------||----------------->>----------|--------|
N. Antilles    |        || 3620/LANDSRAIDO >>     X    |        |
---------------|--------||----------------->>----------|--------|
N. Marianas    |        || 5351/PCInet     >>     X    |        |
---------------|--------||----------------->>----------|--------|
New Caledonia  |        || 5460/Tompac     >>          |   X    |
---------------|--------||----------------->>----------|--------|
New Zealand    |    X   || 3106/BT TYMNET  >>          |        |
---------------|--------||----------------->>----------|--------|
New Zealand    |        || 5301/Pacnet     >>          |   X    |
---------------|--------||----------------->>----------|--------|
Norway         |        || 2422/Datapak    >>          |   X    |
---------------|--------||----------------->>----------|--------|
Panama         |        || 7141/INTEL      >>     X    |        |
---------------|--------||----------------->>----------|--------|
Panama         |        || 7142/INTELPAQ   >>          |   X    |
---------------|--------||----------------->>----------|--------|
Peru           |        || 3104/IMPACS     >>     X    |        |
---------------|--------||----------------->>----------|--------|
Peru           |        || 7160/ENTEL      >>          |   X    |
---------------|--------||----------------->>----------|--------|
Philippines    |        || 5152/Philcom    >>     X    |        |
---------------|--------||----------------->>----------|--------|
Philippines    |        || 5154/GMCR       >>     X    |        |
---------------|--------||----------------->>----------|--------|
Philippines    |        || 5156/ETPI       >>     X    |        |
---------------|--------||----------------->>----------|--------|
Philippines    |        || 5151/CAPWIRE    >>          |   X    |
---------------|--------||----------------->>----------|--------|
Polynesia      |        || 5470/Tompac     >>          |   X    |
---------------|--------||----------------->>----------|--------|
Portugal       |        || 2680/Telepac    >>          |   X    |
---------------|--------||----------------->>----------|--------|
Portugal       |        || 2682/CPRM       >>          |   X    |
---------------|--------||----------------->>----------|--------|
Puerto Rico    |        || 3300/WorldCom   >>     X    |        |
---------------|--------||----------------->>----------|--------|
Puerto Rico    |        || 3301/PRTC       >>     X    |        |
---------------|--------||----------------->>----------|--------|
Qatar          |        || 4271/DOHPAC     >>          |   X    |
---------------|--------||----------------->>----------|--------|
Reunion        |        || 6470/Dompac     >>          |   X    |
---------------|--------||----------------->>----------|--------|
San Marino     |        || 2922/X NET SMR  >>          |   X    |
---------------|--------||----------------->>----------|--------|
Saudi Arabia   |        || 4201/Alwaseet   >>          |        |
---------------|--------||----------------->>----------|--------|
Saudi Arabia   |        || 4263/Bahnet     >>     X    |        |
---------------|--------||----------------->>----------|--------|
Senegal        |        || 6081/Serpac     >>          |        |
---------------|--------||----------------->>----------|--------|
Singapore      |        || 5250/           >>          |   X    |
---------------|--------||----------------->>----------|--------|
Singapore      |        || 5252/Telepac    >>          |   X    |
---------------|--------||----------------->>----------|--------|
South Africa   |        || 6550/Saponet    >>          |   X    |
---------------|--------||----------------->>----------|--------|
South Africa   |        || 6559/Saponet    >>          |   X    |
---------------|--------||----------------->>----------|--------|
Spain          |   X    || BT TYMNET       >>          |        |
---------------|--------||----------------->>----------|--------|
Spain          |        || 2141/TIDA       >>          |   X    |
---------------|--------||----------------->>----------|--------|
Spain          |        || 2145/Iberpac    >>          |   X    |
---------------|--------||----------------->>----------|--------|
Sweden         |   X    || BT TYMNET       >>          |        |
---------------|--------||----------------->>----------|--------|
Sweden         |        || 2401/Datapak    >>          |   X    |
---------------|--------||----------------->>----------|--------|
Sweden         |        || 2402/Datapak    >>          |   X    |
---------------|--------||----------------->>----------|--------|
Sweden         |        || 2403/Datapak    >>          |   X    |
---------------|--------||----------------->>----------|--------|
Switzerland    |   X    || BT TYMNET       >>          |        |
---------------|--------||----------------->>----------|--------|
Switzerland    |        || 2284/Telepac    >>          |   X    |
---------------|--------||----------------->>----------|--------|
Taiwan         |        || 4877/ITA        >>          |   X    |
---------------|--------||----------------->>----------|--------|
Taiwan         |        || 4872/PACNET     >>          |   X    |
---------------|--------||----------------->>----------|--------|
Taiwan         |        || 4873/DCI Telepac>>          |   X    |
---------------|--------||----------------->>----------|--------|
Thailand       |        || 5200/IDAR       >>          |   X    |
---------------|--------||----------------->>----------|--------|
Thailand       |        || 5201/Cateng     >>          |        |
---------------|--------||----------------->>----------|--------|
Tortola, BVI   |        || 3483/           >>     X    |        |
---------------|--------||----------------->>----------|--------|
Trinidad       |        || 3740/Textel     >>     X    |        |
---------------|--------||----------------->>----------|--------|
Trinidad       |        || 3745/Datanett   >>          |   X    |
---------------|--------||----------------->>----------|--------|
Tunisia        |        || 6050/RED25      >>          |   X    |
---------------|--------||----------------->>----------|--------|
Turkey         |        || 2860/           >>          |   X    |
---------------|--------||----------------->>----------|--------|
Turkey         |        || 2862/IGX        >>          |   X    |
---------------|--------||----------------->>----------|--------|
Turkey         |        || 2863/Turpac     >>          |   X    |
---------------|--------||----------------->>----------|--------|
Turks BWI      |        || 3763/           >>     X    |        |
---------------|--------||----------------->>----------|--------|
UAE            |        || 4241/           >>          |   X    |
---------------|--------||----------------->>----------|--------|
UAE            |        || 3104/IMPACS     >>          |   X    |
---------------|--------||----------------->>----------|--------|
UAE            |        || 4243/EMDAN      >>          |   X    |
---------------|--------||----------------->>----------|--------|
U. Kingdom     |   X    || BT TYMNET       >>          |        |
---------------|--------||----------------->>----------|--------|
U. Kingdom     |        || 2350/Mercury    >>          |   X    |
---------------|--------||----------------->>----------|--------|
U. Kingdom     |        || 2351/Mercury    >>          |   X    |
---------------|--------||----------------->>----------|--------|
U. Kingdom     |        || 2341/BTI IPSS   >>          |   X    |
---------------|--------||----------------->>----------|--------|
U. Kingdom     |        || 2355/JAIS-Japan >>          |   X    |
---------------|--------||----------------->>----------|--------|
U. Kingdom     |        || 2342/BT PSS     >>          |   X    |
---------------|--------||----------------->>----------|--------|
U. Kingdom     |        || 2352/Hull       >>          |   X    |
---------------|--------||----------------->>----------|--------|
United States  |   X    || 3106/BT TYMNET  >>          |        |
---------------|--------||----------------->>----------|--------|
Uruguay        |        || 7482/Antel      >>          |   X    |
---------------|--------||----------------->>----------|--------|
USSR           |        || 2502/Iasnet     >>          |   X    |
---------------|--------||----------------->>----------|--------|
U.S. Virgin I  |        || 3320/UDTS-I     >>     X    |        |
---------------|--------||----------------->>----------|--------|
Vanuatu        |        || 5410/Viapac     >>          |   X    |
---------------|--------||----------------->>----------|--------|
Yugoslavia     |        || 2201/Yupac      >>          |   X    |
---------------|--------||----------------->>----------|--------|
Zimbabwe       |        || 6482/Zimnet     >>          |   X    |
-----------------------------------------------------------------

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 F. Terminal Identifiers
    ~~~~~~~~~~~~~~~~~~~~
A terminal identifier indicates to the network the characteristics of your
terminal.  Most terminals can use the "A" terminal identifier.  However, if
your terminal requires a carriage return delay, for example, then the "I"
or the "E" identifier should be used.

At 'please type your terminal identifier' please enter:


  A  for PC's and CRT terminals (SAVE parity)
  C  for 300 baud Impact Printer Terminals
  E  for Thermal Printer Terminals like the SILENT 700 series
  F  for BETA transaction terminals
  G  for the GE Terminet at 1200 baud
  I  for 300 baud Thermal Printer Terminals
  K  for EVEN/ODD parity terminals  (future implementation)
  O  for MARK/SPACE parity terminals (BBS access)
  Y  for 300 baud Transaction terminals

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 G. Login Options
    ~~~~~~~~~~~~~
At the 'please log in:' prompt the user can specify control characters to set
the network to the needs of the user.  For example when you are connected to a
database and the data is coming in to fast you can backpressure the data by
typing ^S.  The network however will only react on this command if you
specified ^R at the logon step.

^E    - control E - Enter Full Duplex mode (future implementation)
^H    - control H - Enter Half Duplex mode - disable echo!!
^I    - control I - Build optimal circuit for Interactive traffic
^P    - control P - Force EVEN Parity
^R    - control R - Enable host backpressure X-on X-off
^U    - control U - Force terminal data to uppercase
^V    - control V - Build optimal circuit for Volume traffic
^W    - control W - Erase login up to last terminator
^X    - control X - Enable terminal backpressure X-on X-off
^Z    - control Z - Disconnect/Logoff
ESC   - escape    - Discard login and get NEW please log in prompt
BREAK - break     - Switch to CCITT X.3 X.28 X.29 PAD (selected nodes)


--------------------------------------------------------------------------------


                                ==Phrack Inc.==

                     Volume Four, Issue Forty, File 9 of 14

                       _________________________________
                     ||                                 ||
                     ||            BT Tymnet            ||
                     ||         British Telecom         ||
                     ||                                 ||
                     ||           Part 2 of 3           ||
                     ||                                 ||
                     ||    Presented by Toucan Jones    ||
                     ||                                 ||
                     ||          August 1, 1992         ||
                     ||_________________________________||


                            Welcome Back to Tymnet!


PART 1
 A. BT Tymnet Access Location Index
 B. BT-GNS Access Within Regional Bell Operating Companies
  1. Bell Atlantic
  2. BellSouth
  3. Pacific Bell
  4. Southwestern Bell
  5. Southern New England Telephone
 C. Database or Timesharing Companies on Tymnet
 D. Service Classifications For Database or Timesharing Companies Using Tymnet
 E. Summary of Global Network Services By Country
 F. Terminal Identifiers
 G. Login Options

PART 2
 H. BT-GNS Worldwide Asynchronus Outdial Service

PART 3
 I. BT-GNS Worldwide Access Sorted By Node

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 H. BT-GNS Worldwide Asynchronus Outdial Service
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                                          DIALUP ACCESS           M
- OUTDIAL -               PROV             100's bps              N
HOST  CITY                 ST CNTRY DENS  3 12 24 96  AREA CODE   P COMMENTS
----- -------------------- -- ----- ----  ---------- ------------ - --------
7651  Anniston             AL  USA  LOW   B B  C         205      Y
4101  Birmingham           AL  USA  HIGH  B B  C         205      Y
2517  Dothan               AL  USA  LOW   B B  C         205      Y
5641  Florence             AL  USA  LOW   B B  C         205      Y
8287  Gadsden              AL  USA  LOW   B B  C         205      Y
737   Huntsville           AL  USA  MED   B B  C         205      Y
8829  Mobile               AL  USA  MED   B B  C         205      Y
3245  Montgomery           AL  USA  LOW   B B  C         205      Y
2439  Northport            AL  USA  LOW   B B  C         205      Y
1751  Opelika              AL  USA  LOW   B B  C         205      Y
2439  Tuscaloosa/Northport AL  USA  LOW   B B  C         205      Y
15360 Fayetteville         AR  USA  LOW   B B  C         501      Y
1297  Ft. Smith            AR  USA  LOW   B B  C         501      Y
2725  Hot Springs          AR  USA  LOW   B B  C         501      Y
2794  Jonesboro            AR  USA  LOW   B B  C         501      Y
10690 Little Rock          AR  USA  MED   B B  C         501      Y
10690 Little Rock          AR  USA  MED   B B  C         501      Y
7380  Pine bluff           AR  USA  LOW   B B  C         501      Y
15360 Springdale/Fayettevl AR  USA  LOW   B B  C         501      Y
6112  Flagstaff            AZ  USA  LOW   B B  C         602      Y
9532  Mesa/Phoenix         AZ  USA  HIGH  B B  C         602      Y
9532  Mesa/Phoenix         AZ  USA  HIGH  B B  C         602      Y
9532  Phoenix              AZ  USA  HIGH  B B  C         602      Y
9532  Phoenix              AZ  USA  HIGH  B B  C         602      Y
3232  Tucson               AZ  USA  MED   B B  C         602      Y
3232  Tucson               AZ  USA  MED   B B  C         602      Y
3530  Yuma                 AZ  USA  LOW   B B  C         602      Y
8963  Alameda/Oakland      CA  USA  HIGH  B B  C         510      Y
2940  Alhambra             CA  USA  MED   B B  C         818      Y
2940  Alhambra             CA  USA  MED   B B  C         818      Y
9184  Anaheim/Newprt Beach CA  USA  HIGH  B B  C         714      Y
9184  Anaheim/Newprt Beach CA  USA  HIGH  B B  C         714      Y
4457  Antioch              CA  USA  LOW   B B  C         510      Y
2940  Arcadia/Alhambra     CA  USA  MED   B B  C         818      Y
2940  Arcadia/Alhambra     CA  USA  MED   B B  C         818      Y
3664  Bakersfield          CA  USA  LOW   B B  C         805      Y
9182  Belmont/Redwood City CA  USA  HIGH  B B  C         415      Y
8963  Berkeley/Oakland     CA  USA  HIGH  B B  C         510      Y
9206  Beverly Hills/Shr Ok CA  USA  MED   B B  C         818      Y
2841  Burbank              CA  USA  LOW   B B  C         818      Y
3486  Burlingame/So. S.F.  CA  USA  LOW   B B  C         415      Y
9206  Canoga Park/Shrm Oak CA  USA  MED   B B  C         818      Y
7859  Cathedral City       CA  USA  LOW   B B  C         619      Y
7801  Chico                CA  USA  LOW   B B  C         916      Y
6294  Colton               CA  USA  MED   B B  C         714      Y
9202  Concord/Walnut Creek CA  USA  LOW   B B  C         510      Y
9202  Concord/Walnut Creek CA  USA  LOW   B B  C         510      Y
5415  Corona               CA  USA  LOW   B B  C         714      Y
4309  Covina/Diamond Bar   CA  USA  MED   B B  C         714      Y
7276  Davis                CA  USA  LOW   B B  C         916      Y
4309  Diamond Bar          CA  USA  MED   B B  C         714      Y
06824 El Centro            CA  USA  LOW   B B  C         619      Y
2940  El Monte/Alhambra    CA  USA  MED   B B  C         818      Y
2940  El Monte/Alhambra    CA  USA  MED   B B  C         818      Y
9203  El Segundo           CA  USA  MED   B B  C         310      Y
09203 El Segundo           CA  USA  MED   B B  C         310      Y
4304  Escondido/Vista      CA  USA  MED   B B  C         619      Y
981   Eureka               CA  USA  LOW   B B  C         707      Y
03513 Fairfield            CA  USA  LOW   B B  C         707      Y
3513  Fairfield            CA  USA  LOW   B B  C         707      Y
7399  Fremont              CA  USA  MED   B B  C         510      Y
3996  Fresno               CA  USA  LOW   B B  C         209      Y
3996  Fresno               CA  USA  LOW   B B  C         209      Y
2841  Glendale/Burbank     CA  USA  LOW   B B  C         818      Y
8963  Hayward/Oakland      CA  USA  HIGH  B B  C         510      Y
3173  Inglewood/Vernon     CA  USA  HIGH  B B  C         213      Y
3173  Inglewood/Vernon     CA  USA  HIGH  B B  C         213      Y
3173  Inglewood/Vernon     CA  USA  HIGH  B B  C         213      Y
3173  Inglewood/Vernon     CA  USA  HIGH  B B  C         213      Y
9184  Irvine/Newport Beach CA  USA  HIGH  B B  C         714      Y
9184  Irvine/Newport Beach CA  USA  HIGH  B B  C         714      Y
5991  Lancaster            CA  USA  LOW   B B  C         805      Y
9205  Long Beach           CA  USA  MED   B B  C         310      Y
6616  Los Alamos/St. Maria CA  USA  LOW   B B  C         805      Y
6450  Los Altos/San Jose   CA  USA  HIGH  B B  C         408      Y
6450  Los Altos/San Jose   CA  USA  HIGH  B B  C         408      Y
6450  Los Altos/San Jose   CA  USA  HIGH  B B  C         408      Y
3173  Los Angeles/Vernon   CA  USA  HIGH  B B  C         213      Y
3173  Los Angeles/Vernon   CA  USA  HIGH  B B  C         213      Y
3173  Los Angeles/Vernon   CA  USA  HIGH  B B  C         213      Y
3173  Los Angeles/Vernon   CA  USA  HIGH  B B  C         213      Y
9203  Mar Vista/El Segundo CA  USA  MED   B B  C         310      Y
9203  Mar Vista/El Segundo CA  USA  MED   B B  C         310      Y
9203  MarinaDelRey/El Sgnd CA  USA  MED   B B  C         310      Y
03501 Marysville           CA  USA  LOW   B B  C         916      Y
14085 Merced               CA  USA  LOW   B B  C         209      Y
2120  Modesto              CA  USA  LOW   B B  C         209      Y
10401 Monterey             CA  USA  LOW   B B  C         408      Y
10401 Monterey             CA  USA  LOW   B B  C         408      Y
5134  Moorpark             CA  USA  LOW   B B  C         805      Y
13891 Napa                 CA  USA  LOW   B B  C         707      Y
9184  Newport Beach        CA  USA  HIGH  B B  C         714      Y
9184  Newport Beach        CA  USA  HIGH  B B  C         714      Y
9205  Norwalk/Long Beach   CA  USA  MED   B B  C         310      Y
8963  Oakland              CA  USA  HIGH  B B  C         510      Y
4309  Ontario/Diamond Bar  CA  USA  MED   B B  C         714      Y
4112  Oxnard/Port Hueneme  CA  USA  MED   B B  C         805      Y
9202  Pacheco/Walnut Creek CA  USA  LOW   B B  C         510      Y
9202  Pacheco/Walnut Creek CA  USA  LOW   B B  C         510      Y
7859  Palm Sprngs/Cath Cty CA  USA  LOW   B B  C         619      Y
9182  Palo Alto/Redwd City CA  USA  HIGH  B B  C         415      Y
2940  Pasadena/Alhambra    CA  USA  MED   B B  C         818      Y
2940  Pasadena/Alhambra    CA  USA  MED   B B  C         818      Y
9202  Pleasnthill/Walnt Ck CA  USA  LOW   B B  C         510      Y
9202  Pleasnthill/Walnt Ck CA  USA  LOW   B B  C         510      Y
4309  Pomona/Diamond Bar   CA  USA  MED   B B  C         714      Y
4112  Port Hueneme         CA  USA  MED   B B  C         805      Y
5416  Poway                CA  USA  LOW   B B  C         619      Y
4972  Redding              CA  USA  LOW   B B  C         916      Y
9182  Redwood City         CA  USA  HIGH  B B  C         415      Y
6294  Riverside/Colton     CA  USA  MED   B B  C         714      Y
9179  Sacramento           CA  USA  HIGH  B B  C         916      Y
3655  Salinas              CA  USA  LOW   B B  C         408      Y
6294  San Bernadino/Colton CA  USA  MED   B B  C         714      Y
4447  San Clemente         CA  USA  LOW   B B  C         714      Y
9183  San Diego            CA  USA  HIGH  B B  C         619      Y
9183  San Diego            CA  USA  HIGH  B B  C         619      Y
9206  San Fernando/Shr Oak CA  USA  MED   B B  C         818      Y
9533  San Francisco        CA  USA  HIGH  B B  C         415      Y
9533  San Francisco        CA  USA  HIGH  B B  C         415      Y
9533  San Francisco        CA  USA  HIGH  B B  C         415      Y
6450  San Jose             CA  USA  HIGH  B B  C         408      Y
6450  San Jose             CA  USA  HIGH  B B  C         408      Y
6450  San Jose             CA  USA  HIGH  B B  C         408      Y
2979  San Luis Obispo      CA  USA  LOW   B B  C         805      Y
3486  San Mateo/So. S.F.   CA  USA  LOW   B B  C         415      Y
9205  San Pedro/Long Beach CA  USA  MED   B B  C         310      Y
8094  San Rafael           CA  USA  LOW   B B  C         415      Y
9184  Santa Ana/Newprt Bch CA  USA  HIGH  B B  C         714      Y
9184  Santa Ana/Newprt Bch CA  USA  HIGH  B B  C         714      Y
6295  Santa Barbara        CA  USA  MED   B B  C         805      Y
6450  Santa Clara/San Jose CA  USA  HIGH  B B  C         408      Y
6450  Santa Clara/San Jose CA  USA  HIGH  B B  C         408      Y
6450  Santa Clara/San Jose CA  USA  HIGH  B B  C         408      Y
3182  Santa Cruz           CA  USA  MED   B B  C         408      Y
6116  Santa Maria          CA  USA  LOW   B B  C         805      Y
9203  Santa Monica/El Sgnd CA  USA  MED   B B  C         310      Y
4111  Santa Rosa           CA  USA  LOW   B B  C         707      Y
9206  Sherman Oaks         CA  USA  MED   B B  C         818      Y
3486  So. San Francisco    CA  USA  LOW   B B  C         415      Y
3208  Stockton             CA  USA  LOW   B B  C         209      Y
6450  Sunnyvale/San Jose   CA  USA  HIGH  B B  C         408      Y
6450  Sunnyvale/San Jose   CA  USA  HIGH  B B  C         408      Y
6450  Sunnyvale/San Jose   CA  USA  HIGH  B B  C         408      Y
14338 Upland               CA  USA  LOW   B B  C         714      Y
3830  Vallejo              CA  USA  LOW   B B  C         707      Y
9206  Van Nuys/Sherman Oak CA  USA  MED   B B  C         818      Y
4112  Ventura/Port Hueneme CA  USA  MED   B B  C         805      Y
3173  Vernon               CA  USA  HIGH  B B  C         213      Y
3173  Vernon               CA  USA  HIGH  B B  C         213      Y
3173  Vernon               CA  USA  HIGH  B B  C         213      Y
3173  Vernon               CA  USA  HIGH  B B  C         213      Y
3598  Visalia              CA  USA  LOW   B B  C         209      Y
4304  Vista                CA  USA  MED   B B  C         619      Y
4309  W.Covina/Diamond Bar CA  USA  MED   B B  C         714      Y
9202  Walnut Creek         CA  USA  LOW   B B  C         510      Y
9202  Walnut Creek         CA  USA  LOW   B B  C         510      Y
9206  West L.A./Shrmn Oaks CA  USA  MED   B B  C         818      Y
7276  Woodland/Davis       CA  USA  LOW   B B  C         916      Y
2584  Aurora/Denver        CO  USA  HIGH  B B  C         303      Y
2584  Aurora/Denver        CO  USA  HIGH  B B  C         303      Y
2584  Boulder/Denver       CO  USA  HIGH  B B  C         303      Y
2584  Boulder/Denver       CO  USA  HIGH  B B  C         303      Y
2660  Colorado Springs     CO  USA  MED   B B  C         719      Y
2660  Colorado Springs     CO  USA  MED   B B  C         719      Y
2584  Denver               CO  USA  HIGH  B B  C         303      Y
2584  Denver               CO  USA  HIGH  B B  C         303      Y
8737  Fort Collins         CO  USA  LOW   B B  C         303      Y
6115  Grand Junction       CO  USA  LOW   B B  C         303      Y
7743  Greeley              CO  USA  LOW   B B  C         303      Y
14753 Pueblo               CO  USA  LOW   B B  C         719      Y
9128  Bloomfield           CT  USA  HIGH  B B  C         203      Y
9128  Bloomfield           CT  USA  HIGH  B B  C         203      Y
6472  Bridgeport           CT  USA  MED   B B  C         203      Y
7962  Fairfield/Westport   CT  USA  MED   B B  C         203      Y
9128  Hartford/Bloomfield  CT  USA  HIGH  B B  C         203      Y
3165  Meriden              CT  USA  LOW   B B  C         203      Y
3165  Middletown/Meriden   CT  USA  LOW   B B  C         203      Y
11036 New Haven            CT  USA  MED   B B  C         203      Y
7955  New London           CT  USA  LOW   B B  C         203      Y
7962  Norwalk/Westport     CT  USA  MED   B B  C         203      Y
7955  Norwich/New London   CT  USA  LOW   B B  C         203      Y
8071  Somers               CT  USA  LOW   B B  C         203      Y
9129  Stamford             CT  USA  HIGH  B B  C         203      Y
6472  Stratford/Bridgeport CT  USA  MED   B B  C         203      Y
3073  Waterbury            CT  USA  LOW   B B  C         203      Y
7962  Westport             CT  USA  MED   B B  C         203      Y
2262  Washington/Fairfax   DC  USA  HIGH  B B  C         703      Y
2262  Washington/Fairfax   DC  USA  HIGH  B B  C         703      Y
2262  Washington/Fairfax   DC  USA  HIGH  B B  C         703      Y
2262  Washington/Fairfax   DC  USA  HIGH  B B  C         703      Y
2262  Washington/Fairfax   DC  USA  HIGH  B B  C         703      Y
12900 Dover                DE  USA  LOW   B B  C         302      Y
10800 Georgetown           DE  USA  LOW   B B  C         302      Y
1784  Newark/Wilmington    DE  USA  MED   B B  C         302      Y
1784  Wilmington           DE  USA  MED   B B  C         302      Y
5656  Boca Raton/Delray    FL  USA  LOW   B B  C         407      Y
3326  Boyntn Bch/WPalm Bch FL  USA  MED   B B  C         407      Y
4637  Clearwater           FL  USA  MED   B B  C         813      Y
3720  Cocoa                FL  USA  LOW   B B  C         407      Y
3720  Cocoa                FL  USA  LOW   B B  C         407      Y
5656  Delray               FL  USA  LOW   B B  C         407      Y
9453  Fort Meyers          FL  USA  LOW   B B  C         813      Y
4701  Fort Pierce          FL  USA  LOW   B B  C         407      Y
7123  Ft. Lauderdale       FL  USA  MED   B B  C         305      Y
10351 Gainesville          FL  USA  LOW   B B  C         904      Y
7123  Hollywd/Ft. Laudrdle FL  USA  MED   B B  C         305      Y
5797  Jacksonville         FL  USA  MED   B B  C         904      Y
5797  Jacksonville         FL  USA  MED   B B  C         904      Y
09914 Key West             FL  USA  LOW   B B  C         305      Y
9900  Kissimmee            FL  USA  LOW   B B  C         407      Y
820   Lakeland             FL  USA  LOW   B B  C         813      Y
7096  Longwood/Orlando     FL  USA  MED   B B  C         407      Y
3720  Melbourne/Cocoa      FL  USA  LOW   B B  C         407      Y
3720  Melbourne/Cocoa      FL  USA  LOW   B B  C         407      Y
3720  Merrit Isle/Cocoa    FL  USA  LOW   B B  C         407      Y
3720  Merrit Isle/Cocoa    FL  USA  LOW   B B  C         407      Y
6582  Miami                FL  USA  HIGH  B B  C         305      Y
6582  Miami                FL  USA  HIGH  B B  C         305      Y
11124 Naples               FL  USA  LOW   B B  C         813      Y
7220  Ocala                FL  USA  LOW   B B  C         904      Y
7096  Orlando              FL  USA  MED   B B  C         407      Y
10699 Ormond Beach         FL  USA  LOW   B B  C         904      Y
3407  Panama City          FL  USA  LOW   B B  C         904      Y
3193  Pensacola            FL  USA  LOW   B B  C         904      Y
7123  Pompno Bch/Fr. Ldrdl FL  USA  MED   B B  C         305      Y
9902  Port St. Lucie       FL  USA  LOW   B B  C         407      Y
3112  Sarasota             FL  USA  LOW   B B  C         813      Y
3112  Sarasota             FL  USA  LOW   B B  C         813      Y
4637  St. Petersbrg/Clrwtr FL  USA  MED   B B  C         813      Y
12790 Tallahassee          FL  USA  MED   B B  C         904      Y
5518  Tampa                FL  USA  HIGH  B B  C         813      Y
6181  Vero Beach           FL  USA  LOW   B B  C         407      Y
3326  West Palm Beach      FL  USA  MED   B B  C         407      Y
820   Winterhaven/Lakeland FL  USA  LOW   B B  C         813      Y
5774  Albany               GA  USA  LOW   B B  C         912      Y
8795  Atlanta/Doraville    GA  USA  HIGH  B B  C         404      Y
8795  Atlanta/Doraville    GA  USA  HIGH  B B  C         404      Y
8795  Atlanta/Doraville    GA  USA  HIGH  B B  C         404      Y
433   Augusta/Martinez     GA  USA  LOW   B B  C         404      Y
433   Augusta/Martinez     GA  USA  LOW   B B  C         404      Y
14525 Columbus             GA  USA  LOW   B B  C         404      Y
8795  Doraville            GA  USA  HIGH  B B  C         404      Y
8795  Doraville            GA  USA  HIGH  B B  C         404      Y
8795  Doraville            GA  USA  HIGH  B B  C         404      Y
3711  Macon/Warner Robins  GA  USA  LOW   B B  C         912      Y
8795  Marietta/Doraville   GA  USA  HIGH  B B  C         404      Y
8795  Marietta/Doraville   GA  USA  HIGH  B B  C         404      Y
8795  Marietta/Doraville   GA  USA  HIGH  B B  C         404      Y
433   Martinez             GA  USA  LOW   B B  C         404      Y
8795  Norcross/Doraville   GA  USA  HIGH  B B  C         404      Y
8795  Norcross/Doraville   GA  USA  HIGH  B B  C         404      Y
8795  Norcross/Doraville   GA  USA  HIGH  B B  C         404      Y
1386  Rome                 GA  USA  LOW   B B  C         404      Y
3327  Savannah             GA  USA  LOW   B B  C         912      Y
3711  Warner Robins        GA  USA  LOW   B B  C         912      Y
1745  Ames                 IA  USA  LOW   B B  C         515      Y
5964  Cedar Falls/Waterloo IA  USA  LOW   B B  C         319      Y
8755  Cedar Rapids         IA  USA  LOW   B B  C         319      Y
5296  Davenport/RockIsland IA  USA  MED   B B  C         309      Y
9854  Des Moines           IA  USA  MED   B B  C         515      Y
3275  Dubuque              IA  USA  LOW   B B  C         319      Y
5290  Iowa City            IA  USA  LOW   B B  C         319      Y
5374  Marshalltown         IA  USA  LOW   B B  C         515      Y
08985 Ottomwa              IA  USA  LOW   B B  C         515      Y
14315 Sioux City           IA  USA  LOW   B B  C         712      Y
5964  Waterloo             IA  USA  LOW   B B  C         319      Y
200   Boise                ID  USA  MED   B B  C         208      Y
10239 Coeur D'Alene        ID  USA  LOW   B B  C         208      Y
3660  Idaho Falls          ID  USA  LOW   B B  C         208      Y
3207  Pocatello            ID  USA  LOW   B B  C         208      Y
1436  Twin Falls           ID  USA  LOW   B B  C         208      Y
11496 Bloomington          IL  USA  LOW   B B  C         309      Y
13595 Bradley              IL  USA  LOW   B B  C         815      Y
9753  Champaign/Urbana     IL  USA  LOW   B B  C         217      Y
8257  Chicago              IL  USA  HIGH  B B  C         312      Y
8257  Chicago              IL  USA  HIGH  B B  C         312      Y
4630  Cicero/Maywood       IL  USA  LOW   B B  C         708      Y
1119  Danville             IL  USA  LOW   B B  C         217      Y
8900  Decatur              IL  USA  LOW   B B  C         217      Y
8944  Downrs Grove/Gln Eln IL  USA  MED   B B  C         708      Y
8944  Downrs Grove/Gln Eln IL  USA  MED   B B  C         708      Y
3905  Elgin                IL  USA  LOW   B B  C         708      Y
4630  Forest Park/Maywood  IL  USA  LOW   B B  C         708      Y
2514  Freeport             IL  USA  LOW   B B  C         815      Y
8944  Glen Ellyn           IL  USA  MED   B B  C         708      Y
8944  Glen Ellyn           IL  USA  MED   B B  C         708      Y
14576 Joliet               IL  USA  LOW   B B  C         815      Y
13595 Kankakee/Bradley     IL  USA  LOW   B B  C         815      Y
780   Lake Bluff           IL  USA  LOW   B B  C         708      Y
7005  Lake Zurich/Palatine IL  USA  LOW   B B  C         708      Y
13640 Lansing              IL  USA  LOW   B B  C         708      Y
780   Librtyvle/Lake Bluff IL  USA  LOW   B B  C         708      Y
4630  Maywood              IL  USA  LOW   B B  C         708      Y
10945 Northfield           IL  USA  LOW   B B  C         708      Y
3001  O'Fallon             IL  USA  LOW   B B  C         618      Y
7005  Palatine             IL  USA  LOW   B B  C         708      Y
3614  Peoria               IL  USA  LOW   B B  C         309      Y
14553 Quincy               IL  USA  LOW   B B  C         217      Y
5296  Rock Island          IL  USA  MED   B B  C         309      Y
6048  Rockford             IL  USA  MED   B B  C         815      Y
5403  Springfield          IL  USA  MED   B B  C         217      Y
9753  Urbana               IL  USA  LOW   B B  C         217      Y
8944  Wheaton/Glen Ellyn   IL  USA  MED   B B  C         708      Y
8944  Wheaton/Glen Ellyn   IL  USA  MED   B B  C         708      Y
9323  Bloomington          IN  USA  LOW   B B  C         812      Y
2444  Elkhart              IN  USA  LOW   B B  C         219      Y
3426  Evansville           IN  USA  LOW   B B  C         812      Y
3423  Ft. Wayne            IN  USA  LOW   B B  C         219      Y
14286 Gary                 IN  USA  LOW   B B  C         219      Y
14286 Gary                 IN  USA  LOW   B B  C         219      Y
14286 Hammond/Gary         IN  USA  LOW   B B  C         219      Y
14286 Hammond/Gary         IN  USA  LOW   B B  C         219      Y
14286 Highland/Gary        IN  USA  LOW   B B  C         219      Y
14286 Highland/Gary        IN  USA  LOW   B B  C         219      Y
9349  Indianapolis         IN  USA  HIGH  B B  C         317      Y
2646  Kokomo               IN  USA  LOW   B B  C         317      Y
3157  Lafayette            IN  USA  LOW   B B  C         317      Y
4632  Marion               IN  USA  LOW   B B  C         317      Y
5129  Mishawaka/South Bend IN  USA  MED   B B  C         219      Y
5129  South Bend           IN  USA  MED   B B  C         219      Y
2893  Terre Haute          IN  USA  LOW   B B  C         812      Y
8615  Kansas City/Mission  KS  USA  HIGH  B B  C         913      Y
8615  Kansas City/Mission  KS  USA  HIGH  B B  C         913      Y
14347 Lawrence             KS  USA  LOW   B B  C         913      Y
3408  Leavenworth          KS  USA  LOW   B B  C         913      Y
2799  Manhattan            KS  USA  LOW   B B  C         913      Y
8615  Mission              KS  USA  HIGH  B B  C         913      Y
8615  Mission              KS  USA  HIGH  B B  C         913      Y
3416  Salina               KS  USA  LOW   B B  C         913      Y
8615  Shawnee/Mission      KS  USA  HIGH  B B  C         913      Y
8615  Shawnee/Mission      KS  USA  HIGH  B B  C         913      Y
1672  Topeka               KS  USA  LOW   B B  C         913      Y
8013  Wichita              KS  USA  MED   B B  C         316      Y
16213 Bowling Green        KY  USA  LOW   B B  C         502      Y
3718  Frankfort            KY  USA  LOW   B B  C         502      Y
9987  Lexington            KY  USA  MED   B B  C         606      Y
8678  Louisville           KY  USA  MED   B B  C         502      Y
1087  Owensboro            KY  USA  LOW   B B  C         502      Y
02291 Paducah              KY  USA  LOW   B B  C         502      Y
14288 Alexandria           LA  USA  LOW   B B  C         318      Y
6999  Baton Rouge          LA  USA  MED   B B  C         504      Y
6999  Baton Rouge          LA  USA  MED   B B  C         504      Y
8525  Lafayette            LA  USA  LOW   B B  C         318      Y
15174 Lake Charles         LA  USA  LOW   B B  C         318      Y
2480  Monroe               LA  USA  LOW   B B  C         318      Y
3654  New Orleans          LA  USA  HIGH  B B  C         504      Y
03654 New Orleans          LA  USA  HIGH  B B  C         504      Y
03654 New Orleans          LA  USA  HIGH  B B  C         504      Y
3539  Shreveport           LA  USA  LOW   B B  C         318      Y
10404 Slidell              LA  USA  LOW   B B  C         504      Y
7044  Bedford              MA  USA  LOW   B B  C         617      Y
8796  Boston               MA  USA  HIGH  B B  C         617      Y
8796  Boston               MA  USA  HIGH  B B  C         617      Y
753   Brockton/Randolph    MA  USA  LOW   B B  C         617      Y
8796  Cambridge/Boston     MA  USA  HIGH  B B  C         617      Y
8796  Cambridge/Boston     MA  USA  HIGH  B B  C         617      Y
3003  Fall River/Somerset  MA  USA  LOW   B B  C         508      Y
10677 Fitchburg/Leominster MA  USA  LOW   B B  C         508      Y
10148 Groton               MA  USA  LOW   B B  C         508      Y
3948  Holyoke/Springfield  MA  USA  MED   B B  C         413      Y
3948  Holyoke/Springfield  MA  USA  MED   B B  C         413      Y
3948  Holyoke/Springfield  MA  USA  MED   B B  C         413      Y
11063 Kingston             MA  USA  LOW   B B  C         617      Y
10020 Lawrence             MA  USA  LOW   B B  C         508      Y
10677 Leominster           MA  USA  LOW   B B  C         508      Y
531   Lowell               MA  USA  LOW   B B  C         508      Y
07745 Lynn                 MA  USA  LOW   B B  C         617      Y
4001  Manchester           MA  USA  LOW   B B  C         508      Y
432   Marlborough          MA  USA  LOW   B B  C         508      Y
4216  New Bedford          MA  USA  LOW   B B  C         508      Y
2478  Pittsfield           MA  USA  LOW   B B  C         413      Y
753   Randolph             MA  USA  LOW   B B  C         617      Y
3003  Somerset             MA  USA  LOW   B B  C         508      Y
3948  Springfield          MA  USA  MED   B B  C         413      Y
3948  Springfield          MA  USA  MED   B B  C         413      Y
3948  Springfield          MA  USA  MED   B B  C         413      Y
11108 Taunton              MA  USA  LOW   B B  C         508      Y
7044  Woburn/Bedford       MA  USA  LOW   B B  C         617      Y
3456  Worcester            MA  USA  LOW   B B  C         508      Y
14437 Aberdeen             MD  USA  LOW   B B  C         410      Y
10587 Annapolis            MD  USA  LOW   B B  C         410      Y
4600  Baltimore            MD  USA  HIGH  B B  C         410      Y
4600  Baltimore            MD  USA  HIGH  B B  C         410      Y
2262  Bethesda/Fairfax     MD  USA  HIGH  B B  C         703      Y
2262  Bethesda/Fairfax     MD  USA  HIGH  B B  C         703      Y
2262  Bethesda/Fairfax     MD  USA  HIGH  B B  C         703      Y
2262  Bethesda/Fairfax     MD  USA  HIGH  B B  C         703      Y
2262  Bethesda/Fairfax     MD  USA  HIGH  B B  C         703      Y
999   Cumberland           MD  USA  LOW   B B  C         301      Y
10832 Frederick/Myersville MD  USA  LOW   B B  C         301      Y
10832 Hagerstown/Myersvill MD  USA  LOW   B B  C         301      Y
10832 Myersville           MD  USA  LOW   B B  C         301      Y
1758  Rockville            MD  USA  LOW   B B  C         301      Y
10209 Salisbury            MD  USA  LOW   B B  C         410      Y
9686  Auburn               ME  USA  LOW   B B  C         207      Y
7486  Augusta              ME  USA  LOW   B B  C         207      Y
10860 Bangor               ME  USA  LOW   B B  C         207      Y
9686  Lewiston/Auburn      ME  USA  LOW   B B  C         207      Y
4217  Portland             ME  USA  LOW   B B  C         207      Y
07252 Presque Isle         ME  USA  LOW   B B  C         207      Y
6438  Ann Arbor            MI  USA  MED   B B  C         313      Y
10147 Battle Creek         MI  USA  LOW   B B  C         616      Y
4231  Benton Harbor        MI  USA  LOW   B B  C         616      Y
894   Burton               MI  USA  LOW   B B  C         313      Y
4316  Cadillac             MI  USA  LOW   B B  C         616      Y
8794  Detroit              MI  USA  HIGH  B B  C         313      Y
8794  Detroit              MI  USA  HIGH  B B  C         313      Y
894   Flint/Burton         MI  USA  LOW   B B  C         313      Y
4766  Freeland             MI  USA  LOW   B B  C         517      Y
4017  Grand Rapids         MI  USA  MED   B B  C         616      Y
5747  Jackson              MI  USA  LOW   B B  C         517      Y
3195  Kalamazoo            MI  USA  MED   B B  C         616      Y
9992  Lansing              MI  USA  MED   B B  C         517      Y
7225  Marquette            MI  USA  LOW   B B  C         906      Y
4766  Midland/Freeland     MI  USA  LOW   B B  C         517      Y
4357  Muskegon             MI  USA  LOW   B B  C         616      Y
4847  Plymouth             MI  USA  MED   B B  C         313      Y
10342 Pontiac              MI  USA  LOW   B B  C         313      Y
4620  Port Huron           MI  USA  LOW   B B  C         313      Y
10754 Roseville            MI  USA  LOW   B B  C         313      Y
4766  Saginaw/Freeland     MI  USA  LOW   B B  C         517      Y
3424  Southfield           MI  USA  MED   B B  C         313      Y
4231  St. Joe/Benton Hrbr  MI  USA  LOW   B B  C         616      Y
6066  Traverse City        MI  USA  LOW   B B  C         616      Y
10933 Duluth               MN  USA  LOW   B B  C         218      Y
13488 Hibbing              MN  USA  LOW   B B  C         218      Y
1648  Mankato              MN  USA  LOW   B B  C         507      Y
3494  Minneapolis          MN  USA  HIGH  B B  C         612      Y
3494  Minneapolis          MN  USA  HIGH  B B  C         612      Y
10597 Rochester            MN  USA  LOW   B B  C         507      Y
10597 Rochester            MN  USA  LOW   B B  C         507      Y
14283 St. Cloud            MN  USA  LOW   B B  C         612      Y
3494  St. Paul/Minneapolis MN  USA  HIGH  B B  C         612      Y
3494  St. Paul/Minneapolis MN  USA  HIGH  B B  C         612      Y
8978  Bridgeton/St. Louis  MO  USA  HIGH  B B  C         314      Y
8978  Bridgeton/St. Louis  MO  USA  HIGH  B B  C         314      Y
8856  Cape Girardeau       MO  USA  LOW   B B  C         314      Y
6017  Columbia             MO  USA  LOW   B B  C         314      Y
8978  Hazelwood            MO  USA  HIGH  B B  C         314      Y
8615  Independence/Mission MO  USA  HIGH  B B  C         913      Y
8615  Independence/Mission MO  USA  HIGH  B B  C         913      Y
2564  Jefferson City       MO  USA  LOW   B B  C         314      Y
1928  Joplin               MO  USA  LOW   B B  C         417      Y
8615  Kansas City/Mission  MO  USA  HIGH  B B  C         913      Y
8615  Kansas City/Mission  MO  USA  HIGH  B B  C         913      Y
6182  Rolla                MO  USA  LOW   B B  C         314      Y
5681  Springfield          MO  USA  LOW   B B  C         417      Y
6192  St. Joseph           MO  USA  LOW   B B  C         816      Y
8978  St. Louis            MO  USA  HIGH  B B  C         314      Y
8978  St. Louis            MO  USA  HIGH  B B  C         314      Y
14342 Gulfport             MS  USA  LOW   B B  C         601      Y
1164  Hattiesburg          MS  USA  LOW   B B  C         601      Y
6301  Jackson              MS  USA  LOW   B B  C         601      Y
6301  Jackson              MS  USA  LOW   B B  C         601      Y
6491  Meridian             MS  USA  LOW   B B  C         601      Y
14882 Pascagoula           MS  USA  LOW   B B  C         601      Y
9901  Tupelo               MS  USA  LOW   B B  C         601      Y
10874 Vicksburg            MS  USA  LOW   B B  C         601      Y
3504  Billings             MT  USA  LOW   B B  C         406      Y
7946  Bozeman              MT  USA  LOW   B B  C         406      Y
7862  Butte                MT  USA  LOW   B B  C         406      Y
04506 Great Falls          MT  USA  LOW   B B  C         406      Y
5136  Helena               MT  USA  LOW   B B  C         406      Y
274   Asheville            NC  USA  LOW   B B  C         704      Y
9986  Chapel Hill/Durham   NC  USA  HIGH  B B  C         919      Y
9986  Chapel Hill/Durham   NC  USA  HIGH  B B  C         919      Y
6793  Charlotte            NC  USA  HIGH  B B  C         704      Y
6793  Charlotte            NC  USA  HIGH  B B  C         704      Y
9986  Durham               NC  USA  HIGH  B B  C         919      Y
9986  Durham               NC  USA  HIGH  B B  C         919      Y
10985 Fayetteville         NC  USA  LOW   B B  C         919      Y
3703  Gastonia             NC  USA  LOW   B B  C         704      Y
2964  Greensboro           NC  USA  MED   B B  C         919      Y
2004  Greenville           NC  USA  LOW   B B  C         919      Y
1737  High Point           NC  USA  LOW   B B  C         919      Y
7821  Kannapolis           NC  USA  LOW   B B  C         704      Y
9324  Rocky Mount          NC  USA  LOW   B B  C         919      Y
14364 Wilmington           NC  USA  LOW   B B  C         919      Y
7068  Winston-Salem        NC  USA  MED   B B  C         919      Y
7068  Winston-Salem        NC  USA  MED   B B  C         919      Y
14444 Bismark              ND  USA  LOW   B B  C         701      Y
5251  Fargo                ND  USA  LOW   B B  C         701      Y
7233  Grand Forks          ND  USA  LOW   B B  C         701      Y
4281  Minot                ND  USA  LOW   B B  C         701      Y
14994 Minot                ND  USA  LOW   B B  C         701      Y
6997  Grand Island         NE  USA  LOW   B B  C         308      Y
9856  Lincoln              NE  USA  LOW   B B  C         402      Y
2521  Omaha                NE  USA  MED   B B  C         402      Y
7212  Concord              NH  USA  LOW   B B  C         603      Y
6651  Durham               NH  USA  LOW   B B  C         603      Y
3627  Hanover              NH  USA  LOW   B B  C         603      Y
4027  Manchester           NH  USA  LOW   B B  C         603      Y
1347  Nashua               NH  USA  MED   B B  C         603      Y
1696  North Hampton        NH  USA  LOW   B B  C         603      Y
1554  Peterborough         NH  USA  LOW   B B  C         603      Y
1347  Salem/Nashua         NH  USA  MED   B B  C         603      Y
883   Atlantic City        NJ  USA  LOW   B B  C         609      Y
8693  Camden/Pennsauken    NJ  USA  MED   B B  C         609      Y
8693  Cherry hill/Pennskn  NJ  USA  MED   B B  C         609      Y
6334  Eatontown/Red Bank   NJ  USA  LOW   B B  C         908      Y
6334  Eatontown/Red Bank   NJ  USA  LOW   B B  C         908      Y
7618  Elizabeth/Newark     NJ  USA  HIGH  B B  C         201      Y
7618  Elizabeth/Newark     NJ  USA  HIGH  B B  C         201      Y
6319  Englewood Cliffs     NJ  USA  MED   B B  C         201      Y
7618  Jersey City/Newark   NJ  USA  HIGH  B B  C         201      Y
7618  Jersey City/Newark   NJ  USA  HIGH  B B  C         201      Y
6334  Long Branch/Red Bank NJ  USA  LOW   B B  C         908      Y
6334  Long Branch/Red Bank NJ  USA  LOW   B B  C         908      Y
4378  Lyndhurst/Union City NJ  USA  HIGH  B B  C         201      Y
3820  Morristown           NJ  USA  LOW   B B  C         201      Y
7618  Newark               NJ  USA  HIGH  B B  C         201      Y
7618  Newark               NJ  USA  HIGH  B B  C         201      Y
2312  Paterson             NJ  USA  MED   B B  C         201      Y
8693  Pennsauken           NJ  USA  MED   B B  C         609      Y
3319  Piscataway           NJ  USA  HIGH  B B  C         908      Y
6334  Red Bank             NJ  USA  LOW   B B  C         908      Y
2312  Ridgewood/Paterson   NJ  USA  MED   B B  C         201      Y
8920  South Brunswick      NJ  USA  HIGH  B B  C         609      Y
730   Trenton              NJ  USA  LOW   B B  C         609      Y
4378  Union City           NJ  USA  HIGH  B B  C         201      Y
7618  Union/Newark         NJ  USA  HIGH  B B  C         201      Y
7618  Union/Newark         NJ  USA  HIGH  B B  C         201      Y
14708 Vineland             NJ  USA  LOW   B B  C         609      Y
2312  Wayne/Paterson       NJ  USA  MED   B B  C         201      Y
661   Albuquerque          NM  USA  MED   B B  C         505      Y
6630  Las Cruces           NM  USA  LOW   B B  C         505      Y
14541 Rosewell             NM  USA  LOW   B B  C         505      Y
4604  Santa Fe             NM  USA  LOW   B B  C         505      Y
2140  Carson City          NV  USA  MED   B B  C         702      Y
2140  Carson City          NV  USA  MED   B B  C         702      Y
13943 Las Vegas            NV  USA  MED   B B  C         702      Y
13943 Las Vegas            NV  USA  MED   B B  C         702      Y
2140  Reno/Carson City     NV  USA  MED   B B  C         702      Y
2140  Reno/Carson City     NV  USA  MED   B B  C         702      Y
9192  Albany               NY  USA  MED   B B  C         518      Y
5312  Binghampton          NY  USA  LOW   B B  C         607      Y
9194  Buffalo              NY  USA  MED   B B  C         716      Y
582   Centereach/Lk Grove  NY  USA  MED   B B  C         516      Y
6612  Corning              NY  USA  LOW   B B  C         607      Y
15117 Elmira               NY  USA  LOW   B B  C         607      Y
09193 Hempstead            NY  USA  MED   B B  C         516      Y
9193  Hempstead            NY  USA  MED   B B  C         516      Y
8811  Huntington/Melville  NY  USA  MED   B B  C         516      Y
11191 Ithaca               NY  USA  LOW   B B  C         607      Y
8861  Kingston             NY  USA  LOW   B B  C         914      Y
582   Lake Grove           NY  USA  MED   B B  C         516      Y
8811  Melville             NY  USA  MED   B B  C         516      Y
9193  Mineola/Hempstead    NY  USA  MED   B B  C         516      Y
9193  Mineola/Hempstead    NY  USA  MED   B B  C         516      Y
10615 New City             NY  USA  LOW   B B  C         914      Y
1059  New York             NY  USA  HIGH  B B  C         212      Y
1059  New York             NY  USA  HIGH  B B  C         212      Y
1059  New York             NY  USA  HIGH  B B  C         212      Y
1059  New York             NY  USA  HIGH  B B  C         212      Y
3480  Niagara Falls        NY  USA  LOW   B B  C         716      Y
6019  Perinton/Pittsford   NY  USA  HIGH  B B  C         716      Y
6019  Pittsford            NY  USA  HIGH  B B  C         716      Y
2930  Poughkeepsie         NY  USA  LOW   B B  C         914      Y
6019  Rochester/Pittsford  NY  USA  HIGH  B B  C         716      Y
582   Ronkonkoma/Lake Grve NY  USA  MED   B B  C         516      Y
9192  Schenectady/Albany   NY  USA  MED   B B  C         518      Y
4710  Syracuse             NY  USA  MED   B B  C         315      Y
1101  Utica                NY  USA  LOW   B B  C         315      Y
08109 Watertown            NY  USA  LOW   B B  C         315      Y
8571  White Plains         NY  USA  HIGH  B B  C         914      Y
8571  White Plains         NY  USA  HIGH  B B  C         914      Y
8740  Akron                OH  USA  MED   B B  C         216      Y
8740  Akron                OH  USA  MED   B B  C         216      Y
8160  Canton               OH  USA  LOW   B B  C         216      Y
1785  Cincinnati           OH  USA  HIGH  B B  C         513      Y
1785  Cincinnati           OH  USA  HIGH  B B  C         513      Y
4222  Cleveland            OH  USA  HIGH  B B  C         216      Y
4222  Cleveland            OH  USA  HIGH  B B  C         216      Y
9347  Columbus             OH  USA  HIGH  B B  C         614      Y
9511  Dayton               OH  USA  MED   B B  C         513      Y
8859  Elyria               OH  USA  LOW   B B  C         216      Y
1427  Findly               OH  USA  LOW   B B  C         419      Y
4622  Lima                 OH  USA  LOW   B B  C         419      Y
6022  Mansfield            OH  USA  LOW   B B  C         419      Y
13471 Springfield          OH  USA  LOW   B B  C         513      Y
7313  Steubenville/Wntsvl  OH  USA  LOW   B B  C         614      Y
1190  Toledo               OH  USA  MED   B B  C         419      Y
1190  Toledo               OH  USA  MED   B B  C         419      Y
11131 Warren               OH  USA  LOW   B B  C         216      Y
7313  Wintersville         OH  USA  LOW   B B  C         614      Y
4909  Youngstown           OH  USA  LOW   B B  C         216      Y
7231  Ardmore              OK  USA  LOW   B B  C         405      Y
10816 Enid                 OK  USA  LOW   B B  C         405      Y
16218 Lawton               OK  USA  LOW   B B  C         405      Y
9165  Oklahoma City        OK  USA  HIGH  B B  C         405      Y
6605  Tulsa                OK  USA  HIGH  B B  C         918      Y
06605 Tulsa                OK  USA  HIGH  B B  C         918      Y
2820  Bend                 OR  USA  LOW   B B  C         503      Y
8603  Corvallis            OR  USA  LOW   B B  C         503      Y
9857  Eugene               OR  USA  LOW   B B  C         503      Y
7883  Medford              OR  USA  LOW   B B  C         503      Y
9164  Portland             OR  USA  HIGH  B B  C         503      Y
9164  Portland             OR  USA  HIGH  B B  C         503      Y
3174  Salem                OR  USA  LOW   B B  C         503      Y
9857  Springfield/Eugene   OR  USA  LOW   B B  C         503      Y
3432  Allentown/Bethlehem  PA  USA  MED   B B  C         215      Y
7025  Altoona              PA  USA  LOW   B B  C         814      Y
3432  Bethlehem            PA  USA  MED   B B  C         215      Y
3896  Butler               PA  USA  LOW   B B  C         412      Y
182   Coatesville          PA  USA  LOW   B B  C         215      Y
182   Downington/Coatsvlle PA  USA  LOW   B B  C         215      Y
3338  Erie                 PA  USA  LOW   B B  C         814      Y
13069 Greensburg           PA  USA  LOW   B B  C         412      Y
1707  Harrisburg/Lemoyne   PA  USA  MED   B B  C         717      Y
8376  Johnstown            PA  USA  LOW   B B  C         814      Y
508   KingofPrussa/Norstwn PA  USA  MED   B B  C         215      Y
7853  Lancaster            PA  USA  LOW   B B  C         717      Y
13069 Latrobe/Greensburg   PA  USA  LOW   B B  C         412      Y
1707  Lemoyne              PA  USA  MED   B B  C         717      Y
14610 Mt. Penn             PA  USA  LOW   B B  C         215      Y
7851  New Castle           PA  USA  LOW   B B  C         412      Y
508   Norristown           PA  USA  MED   B B  C         215      Y
9581  Philadelphia         PA  USA  HIGH  B B  C         215      Y
9581  Philadelphia         PA  USA  HIGH  B B  C         215      Y
9581  Philadelphia         PA  USA  HIGH  B B  C         215      Y
7408  Pittsburgh           PA  USA  HIGH  B B  C         412      Y
1572  Scranton             PA  USA  LOW   B B  C         717      Y
8907  Secane               PA  USA  LOW   B B  C         215      Y
3765  State College        PA  USA  LOW   B B  C         814      Y
508   Valley Forge/Norstwn PA  USA  MED   B B  C         215      Y
7941  Wilkes Barre         PA  USA  LOW   B B  C         717      Y
11157 Williamsport         PA  USA  LOW   B B  C         717      Y
4382  York                 PA  USA  LOW   B B  C         717      Y
6425  Middletown           RI  USA  LOW   B B  C         401      Y
6425  Newport/Middletown   RI  USA  LOW   B B  C         401      Y
9130  Pawtucket/Providence RI  USA  HIGH  B B  C         401      Y
9130  Pawtucket/Providence RI  USA  HIGH  B B  C         401      Y
9130  Providence           RI  USA  HIGH  B B  C         401      Y
9130  Providence           RI  USA  HIGH  B B  C         401      Y
9130  Warwick/Providence   RI  USA  HIGH  B B  C         401      Y
9130  Warwick/Providence   RI  USA  HIGH  B B  C         401      Y
11293 Woonsocket           RI  USA  LOW   B B  C         401      Y
2917  Aiken                SC  USA  LOW   B B  C         803      Y
9907  Charleston           SC  USA  LOW   B B  C         803      Y
9993  Columbia             SC  USA  MED   B B  C         803      Y
9993  Columbia             SC  USA  MED   B B  C         803      Y
9993  Columbia             SC  USA  MED   B B  C         803      Y
8860  Florence             SC  USA  LOW   B B  C         803      Y
3380  Greenville           SC  USA  MED   B B  C         803      Y
3380  Greenville           SC  USA  MED   B B  C         803      Y
935   Myrtle Beach         SC  USA  LOW   B B  C         803      Y
14407 Spartanburg          SC  USA  LOW   B B  C         803      Y
8872  Pierre               SD  USA  LOW   B B  C         605      Y
2171  Rapid City           SD  USA  LOW   B B  C         605      Y
8819  Sioux Falls          SD  USA  LOW   B B  C         605      Y
1836  Blountville          TN  USA  LOW   B B  C         615      Y
2937  Chattanooga          TN  USA  MED   B B  C         615      Y
5720  Clarkesville         TN  USA  LOW   B B  C         615      Y
3175  Jackson              TN  USA  LOW   B B  C         901      Y
8502  Johnson City         TN  USA  LOW   B B  C         615      Y
8328  Kingsport            TN  USA  LOW   B B  C         615      Y
13895 Knoxville            TN  USA  MED   B B  C         615      Y
13895 Knoxville            TN  USA  MED   B B  C         615      Y
1551  Memphis              TN  USA  MED   B B  C         901      Y
1551  Memphis              TN  USA  MED   B B  C         901      Y
9141  Nashville            TN  USA  HIGH  B B  C         615      Y
9141  Nashville            TN  USA  HIGH  B B  C         615      Y
9141  Nashville            TN  USA  HIGH  B B  C         615      Y
9683  Oakridge             TN  USA  LOW   B B  C         615      Y
9114  Sevierville          TN  USA  LOW   B B  C         615      Y
6980  Abilene              TX  USA  LOW   B B  C         915      Y
8736  Amarillo             TX  USA  LOW   B B  C         806      Y
9337  Arlington/Fort Worth TX  USA  MED   B B  C         817      Y
1306  Austin               TX  USA  HIGH  B B  C         512      Y
1306  Austin               TX  USA  HIGH  B B  C         512      Y
1306  Austin               TX  USA  HIGH  B B  C         512      Y
7758  Baytown              TX  USA  LOW   B B  C         713      Y
5115  Brownsville          TX  USA  LOW   B B  C         512      Y
14871 Bryan                TX  USA  LOW   B B  C         409      Y
4497  College Statn/Bryan  TX  USA  LOW   B B  C         409      Y
11966 Corpus Christi       TX  USA  MED   B B  C         512      Y
2948  Dallas               TX  USA  HIGH  B B  C         214      Y
2948  Dallas               TX  USA  HIGH  B B  C         214      Y
2948  Dallas               TX  USA  HIGH  B B  C         214      Y
5990  Denton               TX  USA  LOW   B B  C         817      Y
210   El Paso              TX  USA  MED   B B  C         915      Y
210   El Paso              TX  USA  MED   B B  C         915      Y
9337  Fort Worth           TX  USA  MED   B B  C         817      Y
3615  Galveston            TX  USA  LOW   B B  C         409      Y
13481 Harlingen            TX  USA  LOW   B B  C         512      Y
4562  Houston              TX  USA  HIGH  B B  C         713      Y
4562  Houston              TX  USA  HIGH  B B  C         713      Y
4562  Houston              TX  USA  HIGH  B B  C         713      Y
4562  Houston              TX  USA  HIGH  B B  C         713      Y
4562  Houston              TX  USA  HIGH  B B  C         713      Y
9861  Killeen              TX  USA  LOW   B B  C         817      Y
3715  Laredo               TX  USA  LOW   B B  C         512      Y
948   Longview             TX  USA  LOW   B B  C         903      Y
4435  Lubbock              TX  USA  LOW   B B  C         806      Y
12022 Mcallen              TX  USA  LOW   B B  C         512      Y
8254  McKinney             TX  USA  LOW   B B  C         214      Y
04905 Midland              TX  USA  LOW   B B  C         915      Y
9322  Nederland/Pt. Arthur TX  USA  LOW   B B  C         409      Y
2326  Odessa/Midland       TX  USA  LOW   B B  C         915      Y
9322  Port Arthur          TX  USA  LOW   B B  C         409      Y
8511  San Angelo           TX  USA  LOW   B B  C         915      Y
9169  San Antonio          TX  USA  HIGH  B B  C         512      Y
09169 San Antonio          TX  USA  HIGH  B B  C         512      Y
9169  San Antonio          TX  USA  HIGH  B B  C         512      Y
6248  Sherman              TX  USA  LOW   B B  C         903      Y
14777 Temple               TX  USA  LOW   B B  C         817      Y
8871  Texarkana            TX  USA  LOW   B B  C         903      Y
3615  Texas City/Galveston TX  USA  LOW   B B  C         409      Y
3826  Tyler                TX  USA  LOW   B B  C         903      Y
10996 Victoria             TX  USA  LOW   B B  C         512      Y
9859  Waco                 TX  USA  LOW   B B  C         817      Y
6862  Wichita Falls        TX  USA  LOW   B B  C         817      Y
07936 Ogden                UT  USA  LOW   B B  C         801      Y
534   Salt Lake City       UT  USA  HIGH  B B  C         801      Y
534   Salt Lake City       UT  USA  HIGH  B B  C         801      Y
2262  Alexandria/Fairfax   VA  USA  HIGH  B B  C         703      Y
2262  Alexandria/Fairfax   VA  USA  HIGH  B B  C         703      Y
2262  Alexandria/Fairfax   VA  USA  HIGH  B B  C         703      Y
2262  Alexandria/Fairfax   VA  USA  HIGH  B B  C         703      Y
2262  Alexandria/Fairfax   VA  USA  HIGH  B B  C         703      Y
2262  Arlington/Fairfax    VA  USA  HIGH  B B  C         703      Y
2262  Arlington/Fairfax    VA  USA  HIGH  B B  C         703      Y
2262  Arlington/Fairfax    VA  USA  HIGH  B B  C         703      Y
2262  Arlington/Fairfax    VA  USA  HIGH  B B  C         703      Y
2262  Arlington/Fairfax    VA  USA  HIGH  B B  C         703      Y
8531  Charlottesville      VA  USA  LOW   B B  C         804      Y
2262  Fairfax              VA  USA  HIGH  B B  C         703      Y
2262  Fairfax              VA  USA  HIGH  B B  C         703      Y
2262  Fairfax              VA  USA  HIGH  B B  C         703      Y
2262  Fairfax              VA  USA  HIGH  B B  C         703      Y
2262  Fairfax              VA  USA  HIGH  B B  C         703      Y
8215  Hampton              VA  USA  MED   B B  C         804      Y
10149 Harrisonburg         VA  USA  LOW   B B  C         703      Y
2839  Lynchburg            VA  USA  LOW   B B  C         804      Y
4975  Manassas             VA  USA  LOW   B B  C         703      Y
413   Midlothian/Richmond  VA  USA  MED   B B  C         804      Y
413   Midlothian/Richmond  VA  USA  MED   B B  C         804      Y
8459  Newport News         VA  USA  MED   B B  C         804      Y
6986  Norfolk              VA  USA  MED   B B  C         804      Y
14706 Petersburg           VA  USA  LOW   B B  C         804      Y
6986  Portsmouth/Norfolk   VA  USA  MED   B B  C         804      Y
6986  Portsmouth/Norfolk   VA  USA  MED   B B  C         804      Y
413   Richmond             VA  USA  MED   B B  C         804      Y
413   Richmond             VA  USA  MED   B B  C         804      Y
4026  Roanoke              VA  USA  LOW   B B  C         703      Y
6986  Virginia Bch/Norfolk VA  USA  MED   B B  C         804      Y
6986  Virginia Bch/Norfolk VA  USA  MED   B B  C         804      Y
4557  Williamsburg         VA  USA  LOW   B B  C         804      Y
3435  Burlington           VT  USA  LOW   B B  C         802      Y
1827  Auburn               WA  USA  LOW   B B  C         206      Y
9170  Bellevue/Seattle     WA  USA  HIGH  B B  C         206      Y
9170  Bellevue/Seattle     WA  USA  HIGH  B B  C         206      Y
9170  Bellevue/Seattle     WA  USA  HIGH  B B  C         206      Y
8373  Bellingham           WA  USA  LOW   B B  C         206      Y
773   Bremerton            WA  USA  LOW   B B  C         206      Y
1827  Enumclaw/Auburn      WA  USA  LOW   B B  C         206      Y
5133  Everett              WA  USA  LOW   B B  C         206      Y
2944  Longview             WA  USA  LOW   B B  C         206      Y
2508  Olympia              WA  USA  LOW   B B  C         206      Y
6113  Port Angeles         WA  USA  LOW   B B  C         206      Y
5298  Pullman              WA  USA  LOW   B B  C         509      Y
2116  Richland             WA  USA  MED   B B  C         509      Y
2116  Richland             WA  USA  MED   B B  C         509      Y
9170  Seattle              WA  USA  HIGH  B B  C         206      Y
9170  Seattle              WA  USA  HIGH  B B  C         206      Y
9170  Seattle              WA  USA  HIGH  B B  C         206      Y
159   Spokane              WA  USA  MED   B B  C         509      Y
906   Tacoma               WA  USA  LOW   B B  C         206      Y
5447  Vancouver            WA  USA  LOW   B B  C         206      Y
8931  Yakima               WA  USA  LOW   B B  C         509      Y
8868  Appleton             WI  USA  LOW   B B  C         414      Y
5314  Beloit               WI  USA  LOW   B B  C         608      Y
9167  Brookfield           WI  USA  HIGH  B B  C         414      Y
9786  Eau Claire           WI  USA  LOW   B B  C         715      Y
3421  Green Bay            WI  USA  LOW   B B  C         414      Y
5314  Janesville/Beloit    WI  USA  LOW   B B  C         608      Y
6966  Kenosha              WI  USA  LOW   B B  C         414      Y
4633  La Crosse            WI  USA  LOW   B B  C         608      Y
2635  Madison              WI  USA  LOW   B B  C         608      Y
9167  Milwaukee/Brookfield WI  USA  HIGH  B B  C         414      Y
5966  Oshkosh              WI  USA  LOW   B B  C         414      Y
6966  Racine/Kenosha       WI  USA  LOW   B B  C         414      Y
1792  Sheboygan            WI  USA  LOW   B B  C         414      Y
5144  Wausau               WI  USA  LOW   B B  C         715      Y
5465  West Bend            WI  USA  LOW   B B  C         414      Y
3431  Charleston           WV  USA  LOW   B B  C         304      Y
6594  Huntington           WV  USA  LOW   B B  C         304      Y
890   Morgantown           WV  USA  LOW   B B  C         304      Y
12924 Parkersburg          WV  USA  LOW   B B  C         304      Y
890   Westover/Morgantown  WV  USA  LOW   B B  C         304      Y
6681  Wheeling             WV  USA  LOW   B B  C         304      Y
10537 Casper               WY  USA  LOW   B B  C         307      Y
4213  Cheyenne             WY  USA  LOW   B B  C         307      Y
1752  Laramie              WY  USA  LOW   B B  C         307      Y

B=BELL 103/113 (300 bps) or BELL 212A (1200 bps) compatable modems.

C=CCITT V.21(300 bps) or CCITT V.22 bis(2400 bps) or CCITT V.32 compatible
  modems.


--------------------------------------------------------------------------------


                                ==Phrack Inc.==

                    Volume Four, Issue Forty, File 10 of 14

                       _________________________________
                     ||                                 ||
                     ||            BT Tymnet            ||
                     ||         British Telecom         ||
                     ||                                 ||
                     ||           Part 3 of 3           ||
                     ||                                 ||
                     ||    Presented by Toucan Jones    ||
                     ||                                 ||
                     ||          August 1, 1992         ||
                     ||_________________________________||


                         Welcome Back to Tymnet Again!


PART 1
 A. BT Tymnet Access Location Index
 B. BT-GNS Access Within Regional Bell Operating Companies
  1. Bell Atlantic
  2. BellSouth
  3. Pacific Bell
  4. Southwestern Bell
  5. Southern New England Telephone
 C. Database or Timesharing Companies on Tymnet
 D. Service Classifications For Database or Timesharing Companies Using Tymnet
 E. Summary of Global Network Services By Country
 F. Terminal Identifiers
 G. Login Options

PART 2
 H. BT-GNS Worldwide Asynchronus Outdial Service

PART 3
 I. BT-GNS Worldwide Access Sorted By Node

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 I. BT-GNS Worldwide Access Sorted By Node
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                                         DIALUP ACCESS            M
                          PROV             100'S BPS              N
NODE  CITY                 ST CNTRY DENS  3 12 24 96 ACCESS NO.   P COMMENTS
----- -------------------- -- ----- ----  ---------- ------------ - --------
      Porto Alegre             BRA  BGC     C        (011) 15331  N BGC Access
      Porto Alegro             BRA  BGC   C          (011) 15311  N BGC Access
      Cartago                  CRI  BGC   C C        51-2000      N BGC Access
      C. Quesada               CRI  BGC   C C        46-2000      N BGC Access
      Heredia                  CRI  BGC   C C        38-2000      N BGC Access
      Kuwait City              KUW  BGC   C          143          N BGC Access
      Rio                      BRA  BGC     C        (021)2538153 N BGC Access
      Cairo                    EGY  BGC   C          (2)3907102   N BGC Access
      Sao Paolo                BRA  BGC   C          (011) 1531   N BGC Access
      Antofaganta              CHI  BGC   C C        (083)251634  Y BGC Access
      Iguigue                  CHI  BGC   C C        (051)27907   Y BGC Access
      La Serena                CHI  BGC   C C        (051)215751  Y BGC Access
      Punta Arenas             CHI  BGC   C C        (061)28018   Y BGC Access
      Santiago                 CHI  BGC   C C        (02)6987788  Y BGC Access
      Talca                    CHI  BGC   C C        (041)234814  Y BGC Access
      Temuco                   CHI  BGC   C C        (045)231476  Y BGC Access
      Valdivia                 CHI  BGC   C C        (061)28018   Y BGC Access
      Valparaiso               CHI  BGC   C C        (032)258052  Y BGC Access
      Beijing                  CNA  BGC     C        3014443      N BGC Access
      Alajvela                 CRI  BGC   C C        41-2000      N BGC Access
      Liberia                  CRI  BGC   C C        66-2000      N BGC Access
      Cairo                    EGY  BGC     C        (2) 390-9111 N BGC Access
      Orste                    CRI  BGC   C C        20-2000      N BGC Access
      Limon                    CRI  BGC   C C        58-2000      N BGC Access
      Puntapbnas               CRI  BGC   C C        61-2000      N BGC Access
      San Jose                 CRI  BGC   C C        57-2000      N BGC Access
      S.Isidro                 CRI  BGC   C C        71-2000      N BGC Access
      Cairo                    EGY  BGC     C        (2) 390-7203 N BGC Access
      Bombay                   IND  BGC     C        (22) 275-916 N BGC Access
      Bombay                   IND  BGC        C     (22) 275-847 N BGC Access
      Adak                 AK  USA  ALAS  B B  C     907/592-2557 N
      Anchorage            AK  USA  ALAS       C     907/258-6607 Y
      Anchorage            AK  USA  ALAS  B B        907/258-7222 N
      Barrow               AK  USA  ALAS  B B        907/852-2425 N Stat Mux
      Bethel               AK  USA  ALAS  B B        907/543-2411 N Stat Mux
      Cantwell             AK  USA  ALAS  B B  C     907/768-2700 N
      Cordova              AK  USA  ALAS  B B        907/424-3744 N
      Craig                AK  USA  ALAS  B B  C     907/826-2948 N
      Dead horse           AK  USA  ALAS  B B        907/659-2777 N
      Delta Junction       AK  USA  ALAS  B B        907/895-5070 N
      Dillingham           AK  USA  ALAS  B B        907/842-2688 N Stat Mux
      Dutch Harbor         AK  USA  ALAS  B B  C     907/581-1820 N
      Fairbanks            AK  USA  ALAS       C     907/452-5848 Y
      Fairbanks            AK  USA  ALAS  B B        907/456-3282 N
      Glennallen           AK  USA  ALAS  B B        907/822-5231 N
      Haines               AK  USA  ALAS  B          907/766-2171 N
      Healy                AK  USA  ALAS  B B  C     907/683-1350 N
      Homer                AK  USA  ALAS  B B        907/235-5239 N
      Juneau               AK  USA  ALAS       C     907/789-1976 Y
      Juneau               AK  USA  ALAS  B B        907/789-7009 N
      Kenai                AK  USA  ALAS  B B        907/262-1990 N
      Ketchikan            AK  USA  ALAS  B B        907/225-1871 N Stat Mux
      King Salmon          AK  USA  ALAS  B B        907/246-3049 N
      Kodiak               AK  USA  ALAS  B B        907/486-4061 N Stat Mux
      Kotzebue             AK  USA  ALAS  B B        907/442-2602 N
      Mcgrath              AK  USA  ALAS  B B        907/524-3256 N Stat Mux
      Menana               AK  USA  ALAS  B          907/832-5214 N
      Nome                 AK  USA  ALAS  B B        907/443-2256 N Stat Mux
      Northway             AK  USA  ALAS  B B        907/778-2301 N Stat Mux
      Palmer/Wasilla       AK  USA  ALAS  B B        907/745-0200 N
      Petersburg           AK  USA  ALAS  B          907/772-3878 N
      Prudhoe Bay          AK  USA  ALAS  B B        907/659-2777 N
      Seward               AK  USA  ALAS  B B        907/224-3126 N Stat Mux
      Sitka                AK  USA  ALAS  B B        907/747-5887 N Stat Mux
      Skagway              AK  USA  ALAS  B          907/983-2170 N
      Soldotna/Kenai       AK  USA  ALAS  B B        907/262-1990 N
      St. Paul             AK  USA  ALAS  B B        907/546-2320 N Stat Mux
      Tanana               AK  USA  ALAS  B B        907/366-7167 N Stat Mux
      Tok                  AK  USA  ALAS  B          907/883-4747 N
      Unalaska/Dutch Hbr.  AK  USA  ALAS  B B  C     907/581-1820 N
      Valdez               AK  USA  ALAS  B B        907/835-4987 N Stat Mux
      Wasilla              AK  USA  ALAS  B B        907/745-0200 N
      Whittier             AK  USA  ALAS  B B        907/472-2467 N Stat Mux
      Wrangell             AK  USA  ALAS  B          907/874-2394 N
      Yakutat              AK  USA  ALAS  B B        907/784-3453 N Stat Mux
      Kuwait City              KUW  BGC     C        142          N BGC Access
      Kuwait City              KUW  BGC        C     141          N BGC Access
      Kuala Lumpur             MAL  BGC   C          (30) 2328800 N BGC Access
      Kuala Lumpur             MAL  BGC     C        (30) 2328855 N BGC Access
      Penang                   MAL  BGC   C          (04) 375588  N BGC Access
      Penang                   MAL  BGC     C        (04) 360088  N BGC Access
      Kota Kinabalu            MAL  BGC   C          (088) 218800 N BGC Access
      Kota Kinabalu            MAL  BGC     C        (088) 218855 N BGC Access
      Petaling                 MAL  BGC   C C        (03) 7926600 N BGC Access
      Ipoh                     MAL  BGC   C          (05) 548533  N BGC Access
      Abu Dhabi                UAE  BGC        C     (4) 400-2763 N BGC Access
      Surabaya                 IND  BGC   C          21242        N BGC Access
      Jakarta                  IND  BGC   C          3805476      N BGC Access
      Abu Dhabi                UAE  BGC           C  (4) 4002764  N BGC Access
      Izmir                    TUR  BGC     C        145-20       N BGC Access
      Abu Dhabi                UAE  BGC   C          (4) 400-2760 N BGC Access
      Jakarta                  IND  BGC     C        3805445      N BGC Access
      Jakarta                  IND  BGC   C          3805477      N BGC Access
      Bandung                  IND  BGC   C          57441        N BGC Access
      Abidjan                  IVC  BGC   C C        612211       N BGC Access
      Lisbon                   POR  BGC        C     (06) 7174    N BGC Access
      Kuantan                  MAL  BGC   C          (09) 508800  N BGC Access
      Istanbul                 TUR  BGC     C        511 4083     N BGC Access
      Coimbra                  POR  BGC     C        (03) 7173    N BGC Access
      Khon Kaen                THA  BGC     C        (2) 245-581  N BGC Access
      Abu Dhabi                UAE  BGC     C        (4) 400-2761 N BGC Access
      Abidjan                  IVC  BGC        C     612210       N BGC Access
      Coimbra                  POR  BGC   C          (03) 7172    N BGC Access
      Bangkok                  THA  BGC   C          (2) 233-9905 N BGC Access
      Jakarta                  IND  BGC     C        370208       N BGC Access
      Jakarta                  IND  BGC     C        370195       N BGC Access
      Medan                    IND  BGC   C          510977       N BGC Access
      Semarang                 IND  BGC   C C        20008        N BGC Access
      Porto                    POR  BGC        C     (05) 7173    N BGC Access
      Porto                    POR  BGC   C          (05) 7172    N BGC Access
      Porto                    POR  BGC     C        (05) 7173    N BGC Access
      Medan                    IND  BGC   C          511977       N BGC Access
      Medan                    IND  BGC     C        512977       N BGC Access
      Medan                    IND  BGC     C        513977       N BGC Access
      Ipoh                     MAL  BGC     C        (05) 548444  N BGC Access
      Lisbon                   POR  BGC   C          (06) 7172    N BGC Access
      Pattaya                  THA  BGC     C        (2) 425-313  N BGC Access
      Coimbra                  POR  BGC        C     (03) 7173    N BGC Access
      Ankara                   TUR  BGC     C        310 4805     N BGC Access
      Lisbon                   POR  BGC     C        (06) 7173    N BGC Access
      St. Thomas               VIR  3       B        809/776-7084 N TYMUSA
      St. Thomas               VIR  3     B          809/774-7099 N TYMUSA
      Bangkok                  THA  BGC     C        (2) 233-2312 N BGC Access
      Rio                      BRA  BGC   C          (021)2538151 N BGC Access
      San Pedro                CRI  BGC   C C        53-2000      N BGC Access
      Chiengmai                THA  BGC     C        (2) 248-719  N BGC Access
      Athens                   GRC  BGC   C          (1) 884-8428 N BGC Access
      Kuantan                  MAL  BGC     C        (09) 508855  N BGC Access
      Reykjavik                ICE  BGC        C     006          N BGC Access
      Hong Kong                HKG  PAC        C     05-877-2553  N BISYNC
1663  Annapolis            MD  USA  LOW   B B  C     410/224-0520 Y
02026 Marshalltown         IA  USA  LOW   B B  C     515/753-0670 Y
02027 Milan                    ITA  E2    B C  C     (2)66983004  N
02040 Geneva                   CHE  E1    C C  C     (22)782-9329 Y
02045 Albany               NY  USA  MED   B B  C     518/458-9724 Y
02045 Schenectady/Albany   NY  USA  MED   B B  C     518/458-9724 Y
02050 Casper               WY  USA  LOW   B B  C     307/234-4211 Y
02051 Cincinnati           OH  USA  HIGH          C  513/489-2435 N TYM-X25
02051 Cincinnati           OH  USA  HIGH       C     513/489-2664 N TYM-X25
02057 Sevierville          TN  USA  LOW   B B  C     615/453-0401 Y
02066 Indianapolis         IN  USA  HIGH  B B        317/631-1002 N
02071 Las Cruces           NM  USA  LOW   B B  C     505/525-3401 Y
02074 Eugene               OR  USA  LOW   B B  C     503/343-0044 Y
02076 Oakland              CA  USA  HIGH          C  510/635-1662 N TYM-X25
02076 Alameda/Oakland      CA  USA  HIGH          C  510/635-1662 N TYM-X25
02076 Berkeley/Oakland     CA  USA  HIGH          C  510/635-1662 N TYM-X25
02076 Hayward/Oakland      CA  USA  HIGH          C  510/635-1662 N TYM-X25
02124 Yakima               WA  USA  LOW   B B  C     509/248-1462 Y
02145 Norristown           PA  USA  MED           C  215/666-1984 N
02155 Bloomington          IN  USA  LOW   B B  C     812/332-0544 Y
02156 Dallas               TX  USA  HIGH  B B  C     214/630-5516 Y
02163 Cheyenne             WY  USA  LOW   B B  C     307/638-0403 Y
02235 Seattle              WA  USA  HIGH  B B  C     206/281-7141 Y
02235 Bellevue/Seattle     WA  USA  HIGH  B B  C     206/281-7141 Y
02246 Birmingham           AL  USA  HIGH  B B        205/942-4141 N
02253 Boston               MA  USA  HIGH          C  617/439-7628 N TYM-X25
02253 Cambridge/Boston     MA  USA  HIGH          C  617/439-7628 N TYM-X25
02256 Elgin                IL  USA  LOW   B B  C     708/888-8113 Y
02261 Burlington           VT  USA  LOW   B B  C     802/862-1000 Y
02265 Albuquerque          NM  USA  MED   B B  C     505/242-8931 Y
02301 Eau Claire           WI  USA  LOW   B B  C     715/833-0121 Y
02304 New York             NY  USA  HIGH          C  212/269-4640 Y
02326 Ormond Beach         FL  USA  LOW   B B  C     904/673-0034 Y
02331 Seattle              WA  USA  HIGH  B B  C     206/281-7141 Y
02331 Bellevue/Seattle     WA  USA  HIGH  B B  C     206/281-7141 Y
02340 Newark               NJ  USA  HIGH          C  201/824-4201 Y
02340 Elizabeth/Newark     NJ  USA  HIGH          C  201/824-4201 Y
02340 Jersey City/Newark   NJ  USA  HIGH          C  201/824-4201 Y
02340 Union/Newark         NJ  USA  HIGH          C  201/824-4201 Y
02344 Knoxville            TN  USA  MED   B B  C     615/694-0156 Y
02346 Norristown           PA  USA  WATS  B B  C     800/###-#### Y
02347 Grand Junction       CO  USA  LOW   B B  C     303/241-1643 Y
02354 Baltimore            MD  USA  HIGH  B B        410/547-8100 N
02357 Bloomfield           CT  USA  HIGH  B B        203/242-7140 N
02357 Hartford/Bloomfield  CT  USA  HIGH  B B        203/242-7140 N
02364 Mesa/Phoenix         AZ  USA  HIGH  B B        602/254-5811 N
02364 Phoenix              AZ  USA  HIGH  B B        602/254-5811 N
02367 Champaign/Urbana     IL  USA  LOW   B B  C     217/344-3400 Y
02367 Urbana               IL  USA  LOW   B B  C     217/344-3400 Y
02376 Lima                 OH  USA  LOW   B B  C     419/228-6343 Y
02377 Minneapolis          MN  USA  HIGH          C  612/338-0845 Y
02377 St. Paul/Minneapolis MN  USA  HIGH          C  612/338-0845 Y
02402 Hattiesburg          MS  USA  LOW   B B  C     601/582-0286 Y
02413 Birmingham               GBR  E1    C C  C     (21632)6636  Y
02414 Aurora/Denver        CO  USA  HIGH  B B        303/830-9210 N
02414 Boulder/Denver       CO  USA  HIGH  B B        303/830-9210 N
02414 Denver               CO  USA  HIGH  B B        303/830-9210 N
02423 All Cities               CAY  3     B B        809/949-7100 N TYMUSA
02432 Chattanooga          TN  USA  MED   B B  C     615/265-1020 Y
02435 Williamsburg         VA  USA  LOW   B B  C     804/229-6786 Y
02440 Brookfield           WI  USA  HIGH  B B        414/785-1614 N
02440 Milwaukee/Brookfield WI  USA  HIGH  B B        414/785-1614 N
02443 Burbank              CA  USA  LOW   B B  C     818/841-4795 Y
02443 Glendale/Burbank     CA  USA  LOW   B B  C     818/841-4795 Y
02446 Texarkana            TX  USA  LOW   B B  C     903/792-4521 Y
02450 KingofPrussa/Norstwn PA  USA  MED   B B  C     215/666-9190 Y
02450 Valley Forge/Norstwn PA  USA  MED   B B  C     215/666-9190 Y
02453 Dallas               TX  USA  HIGH  B B        214/638-8888 N
02465 Downrs Grove/Gln Eln IL  USA  MED   B B        708/790-4400 N
02465 Glen Ellyn           IL  USA  MED   B B        708/790-4400 N
02465 Wheaton/Glen Ellyn   IL  USA  MED   B B        708/790-4400 N
02472 Paris                    FRA  E1    C C  C     (1)47728080  Y
02475 White Plains         NY  USA  HIGH  B B  C     914/761-9590 Y
02477 Alkmaar                  NLD  E1    C C  C  C  (72) 155190  Y
02503 Bellevue/Seattle     WA  USA  HIGH  B B        206/285-0109 N
02503 Seattle              WA  USA  HIGH  B B        206/285-0109 N
02517 Nashville            TN  USA  HIGH  B B  C     615/889-5790 Y
02521 Jacksonville         FL  USA  MED           C  904/724-5994 Y
02544 Washington/Fairfax   DC  USA  HIGH  B B        703/691-8200 N
02544 Bethesda/Fairfax     MD  USA  HIGH  B B        703/691-8200 N
02544 Alexandria/Fairfax   VA  USA  HIGH  B B        703/691-8200 N
02544 Arlington/Fairfax    VA  USA  HIGH  B B        703/691-8200 N
02544 Fairfax              VA  USA  HIGH  B B        703/691-8200 N
02545 Washington/Fairfax   DC  USA  HIGH  B B        703/691-8200 N
02545 Bethesda/Fairfax     MD  USA  HIGH  B B        703/691-8200 N
02545 Alexandria/Fairfax   VA  USA  HIGH  B B        703/691-8200 N
02545 Arlington/Fairfax    VA  USA  HIGH  B B        703/691-8200 N
02545 Fairfax              VA  USA  HIGH  B B        703/691-8200 N
02557 Tyler                TX  USA  LOW   B B  C     903/581-8652 Y
02560 Neuchatel                CHE  E1    C C  C     (38) 338606  Y
02565 Boise                ID  USA  MED   B B        208/343-0404 N
02566 Pierre               SD  USA  LOW   B B  C     605/224-7700 Y
02570 Dayton               OH  USA  MED   B B        513/898-0124 N
02571 Aurora/Denver        CO  USA  HIGH          C  303/830-9032 N TYM-X25
02571 Boulder/Denver       CO  USA  HIGH          C  303/830-9032 N TYM-X25
02606 Elizabeth/Newark     NJ  USA  HIGH  B B        201/824-1212 N
02606 Jersey City/Newark   NJ  USA  HIGH  B B        201/824-1212 N
02606 Newark               NJ  USA  HIGH  B B        201/824-1212 N
02606 Union/Newark         NJ  USA  HIGH  B B        201/824-1212 N
02610 Fairfield            CA  USA  LOW   B B  C     707/421-0106 Y
02613 Chapel Hill/Durham   NC  USA  HIGH  B B        919/549-8952 N
02613 Durham               NC  USA  HIGH  B B        919/549-8952 N
02614 Lancaster            CA  USA  LOW   B B  C     805/945-4962 Y
02616 Manchester           MA  USA  LOW   B B  C     508/526-1506 Y
02630 Sherman              TX  USA  LOW   B B  C     903/868-0089 Y
02631 Anaheim/Newprt Beach CA  USA  HIGH  B B        714/756-8341 N
02631 Irvine/Newport Beach CA  USA  HIGH  B B        714/756-8341 N
02631 Newport Beach        CA  USA  HIGH  B B        714/756-8341 N
02631 Santa Ana/Newprt Bch CA  USA  HIGH  B B        714/756-8341 N
02635 Richland             WA  USA  MED   B B  C     509/375-3367 Y
02640 Peterborough         NH  USA  LOW   B B  C     603/924-7090 Y
02644 Anaheim/Newprt Beach CA  USA  HIGH          C  714/752-1493 Y
02644 Irvine/Newport Beach CA  USA  HIGH          C  714/752-1493 Y
02644 Newport Beach        CA  USA  HIGH          C  714/752-1493 Y
02644 Santa Ana/Newprt Bch CA  USA  HIGH          C  714/752-1493 Y
02653 Stamford             CT  USA  HIGH  B B        203/965-0000 N
02655 Colton               CA  USA  MED   B B        714/370-1200 N
02655 Riverside/Colton     CA  USA  MED   B B        714/370-1200 N
02655 San Bernadino/Colton CA  USA  MED   B B        714/370-1200 N
02657 Pawtucket/Providence RI  USA  HIGH          C  401/751-8030 Y
02657 Pawtucket/Providence RI  USA  HIGH  B B  C     401/273-0200 Y
02657 Providence           RI  USA  HIGH          C  401/751-8030 Y
02657 Providence           RI  USA  HIGH  B B  C     401/273-0200 Y
02657 Warwick/Providence   RI  USA  HIGH          C  401/751-8030 Y
02657 Warwick/Providence   RI  USA  HIGH  B B  C     401/273-0200 Y
02665 San Diego            CA  USA  HIGH  B B  C     619/296-8747 Y
02666 Jackson              MI  USA  LOW   B B  C     517/788-9191 Y
02674 Tupelo               MS  USA  LOW   B B  C     601/841-0090 Y
02703 St. Laurent          QU  CAN  CANH  C C  C     514/747-2996 Y
02703 Montreal/St. Laurent QU  CAN  CANH  C C  C     514/747-2996 Y
02704 San Francisco        CA  USA  WATS  B B  C     800/###-#### Y
02704 San Jose             CA  USA  WATS  B B  C     800/###-#### Y
02711 Kingsport            TN  USA  LOW   B B  C     615/378-5746 Y
02712 Houston              TX  USA  HIGH  B B  C     713/496-1332 Y
02720 La Crosse            WI  USA  LOW   B B  C     608/784-9099 Y
02723 Baton Rouge          LA  USA  MED   B B        504/924-5102 N
02737 Salt Lake City       UT  USA  HIGH  B B        801/364-0780 N
02743 Jackson              MS  USA  LOW   B B  C     601/355-9741 Y
02752 Stamford             CT  USA  HIGH          C  203/324-2297 Y
02753 San Antonio          TX  USA  HIGH  B B        512/225-8002 N
02770 Tucson               AZ  USA  MED   B B  C     602/297-2239 Y
02771 Wheeling             WV  USA  LOW   B B  C     304/233-7676 Y
03001 Dallas               TX  USA  HIGH  B B        214/638-8888 N
03031 Aurora               IL  USA  LOW   B B        708/844-0700 N
03031 St. Charles/Aurora   IL  USA  LOW   B B        708/844-0700 N
03035 San Francisco        CA  USA  WATS  B B  C     800/###-#### Y
03611 Nashville            TN  USA  HIGH          C  615/889-4044 Y
03611 Nashville            TN  USA  HIGH  B B  C     615/889-5790 Y
03614 Mankato              MN  USA  LOW   B B  C     507/387-7313 Y
03623 Erie                 PA  USA  LOW   B B  C     814/456-8501 Y
03624 Raleigh              NC  USA  LOW   B B  C     919/829-0536 Y
03627 Belfast                  GBR  E1         C     (232) 234467 Y
03630 Idaho Falls          ID  USA  LOW   B B  C     208/522-3624 Y
03635 Lafayette            LA  USA  LOW   B B  C     318/234-8255 Y
03643 Harrisburg/Lemoyne   PA  USA  MED   B B        717/763-6481 N
03643 Lemoyne              PA  USA  MED   B B        717/763-6481 N
03650 Chicago              IL  USA  HIGH  B B  C     312/922-6571 Y
03651 Green Bay            WI  USA  LOW   B B  C     414/432-3064 Y
03652 Trenton              NJ  USA  LOW   B B  C     609/394-1900 Y
03653 Ft. Wayne            IN  USA  LOW   B B  C     219/422-2581 Y
03654 Southfield           MI  USA  MED   B B  C     313/424-8024 Y
03656 Evansville           IN  USA  LOW   B B  C     812/464-8181 Y
03661 Charleston           WV  USA  LOW   B B  C     304/345-9575 Y
03662 Allentown/Bethlehem  PA  USA  MED   B B  C     215/865-6978 Y
03662 Bethlehem            PA  USA  MED   B B  C     215/865-6978 Y
03663 Mesa/Phoenix         AZ  USA  HIGH          C  602/258-4528 Y
03663 Phoenix              AZ  USA  HIGH          C  602/258-4528 Y
03664 Phoenix              AZ  USA  HIGH          C  602/257-0629 N TYM-X25
03664 Phoenix              AZ  USA  HIGH       C     602/257-0736 N TYM-X25
03666 Lansing              MI  USA  MED   B B        517/482-5721 N
03673 Carson City          NV  USA  MED   B B  C     702/885-8411 Y
03673 Reno/Carson City     NV  USA  MED   B B  C     702/885-8411 Y
03675 Worcester            MA  USA  LOW   B B  C     508/791-9000 Y
03677 Joplin               MO  USA  LOW   B B  C     417/781-8718 Y
03704 Niagara Falls        NY  USA  LOW   B B  C     716/285-2561 Y
03705 Albany               NY  USA  MED   B B        518/458-8300 N
03705 Schenectady/Albany   NY  USA  MED   B B        518/458-8300 N
03706 San Francisco        CA  USA  HIGH  B B        415/974-1300 N
03707 Philadelphia         PA  USA  HIGH          C  215/629-0567 Y
03712 Ottomwa              IA  USA  LOW   B B  C     515/682-0857 Y
03720 Winston-Salem        NC  USA  MED   B B  C     919/765-1221 Y
03725 Los Altos/San Jose   CA  USA  HIGH          C  408/432-0804 Y
03725 San Jose             CA  USA  HIGH          C  408/432-0804 Y
03725 Santa Clara/San Jose CA  USA  HIGH          C  408/432-0804 Y
03725 Sunnyvale/San Jose   CA  USA  HIGH          C  408/432-0804 Y
03726 Billings             MT  USA  LOW   B B  C     406/252-4880 Y
03731 Shreveport           LA  USA  LOW   B B  C     318/688-5840 Y
03733 Brussels                 BEL  E1    C C  C     (2) 725-5060 Y
03733 Brussels                 BEL  E1         C     02-7255015   N HSA
03737 Clearwater           FL  USA  MED           C  813/443-4515 Y
03752 Rosemont             IL  USA  HIGH  B B  C     708/698-9800 Y
03774 Port Angeles         WA  USA  LOW   B B  C     206/452-6800 Y
03775 Newark               OH  USA  LOW   B B  C     614/345-8953 Y
04000 Longwood/Orlando     FL  USA  MED   B B        407/841-0020 N
04000 Orlando              FL  USA  MED   B B        407/841-0020 N
04003 Agana Heights            GUM  *     C C        671/477-2222 N
04003 Guatemala City           GTM  2       B        (2) 345-999  N TYMUSA
04003 Guatemala City           GTM  2     B          (2) 345-599  N TYMUSA
04003 All Cities               HND  2     B B        320-544      N TYMUSA
04003 Afula                    ISR  3     B B  C     (6) 596658   N TYMUSA
04003 Ashdod                   ISR  3     B B  C     (8) 542999   N TYMUSA
04003 Bezeq                    ISR  3     B B  C     (57) 36029   N TYMUSA
04003 Eilat                    ISR  3     B B  C     (59) 75147   N TYMUSA
04003 Hadera                   ISR  3     B B  C     (6) 332409   N TYMUSA
04003 Haifa                    ISR  3     B B  C     (4) 525421   N TYMUSA
04003 Haifa                    ISR  3     B B  C     (4) 673235   N TYMUSA
04003 Haifa                    ISR  3     B B  C     (4) 674203   N TYMUSA
04003 Haifa                    ISR  3     B B  C     (4) 674230   N TYMUSA
04003 Herzeliya                ISR  3     B B  C     (52) 545251  N TYMUSA
04003 Jerusalem                ISR  3     B B  C     (2) 242675   N TYMUSA
04003 Jerusalem                ISR  3     B B  C     (2) 246363   N TYMUSA
04003 Jerusalem                ISR  3     B B  C     (2) 248551   N TYMUSA
04003 Jerusalem                ISR  3     B B  C     (2) 814396   N TYMUSA
04003 Nahariya                 ISR  3     B B  C     (4) 825393   N TYMUSA
04003 Netanya                  ISR  3     B B  C     (53) 348588  N TYMUSA
04003 Rechovot                 ISR  3     B B  C     (8) 469799   N TYMUSA
04003 Tel Aviv                 ISR  3     B B  C     (3) 203435   N TYMUSA
04003 Tel Aviv                 ISR  3     B B  C     (3) 546-3837 N TYMUSA
04003 Tel Aviv                 ISR  3     B B  C     (3) 751-2504 N TYMUSA
04003 Tel Aviv                 ISR  3     B B  C     (3) 751-3799 N TYMUSA
04003 Tel Aviv                 ISR  3     B B  C     (3)752-0110  N TYMUSA
04003 Tiberias                 ISR  3     B B  C     (6) 790274   N TYMUSA
04003 Tzfat                    ISR  3     B B  C     (6) 973282   N TYMUSA
04003 All Cities               JAM  2     B B        809/924-9915 N TYMUSA
04003 Curacao                  NDA  3     C C        (9) 239251   N TYMUSA
04003 Curacao & St. Martin     NDA  3     C C        0251         N TYMUSA
04003 All Cities               PAN  3          C     636-727      N TYMUSA
04003 All Cities               PAN  3     B B        639-055      N TYMUSA
04003 Manila                   PHL  2     B B        (2) 815-1553 N TYMUSA
04003 Manila                   PHL  2     B B        (2) 815-1555 N TYMUSA
04003 Manila                   PHL  2     B B        (2) 817-1581 N TYMUSA
04003 Manila                   PHL  2     B B        (2) 817-1791 N TYMUSA
04003 Manila                   PHL  2     B B        (2) 817-1796 N TYMUSA
04003 Manila                   PHL  2     C          (2) 521-7901 N TYMUSA
04003 Manila                   PHL  2     C          (2) 817-8811 N TYMUSA
04003 Manila                   PHL  2     C          (2) 819-1009 N TYMUSA
04003 Manila                   PHL  2     C          (2) 819-1011 N TYMUSA
04003 Manila                   PHL  2     C          (2) 819-1550 N TYMUSA
04003 Mayaquez/Ponce           PRI  *     B B        809/462-4213 N
04003 San Juan                 PRI  *          C     809/724-6070 N
04003 San Juan                 PRI  *     B B        809/725-1882 N
04003 San Juan                 PRI  *     B B        809/725-4343 N
04003 San Juan                 PRI  *     C C        809/725-3501 N
04003 San Juan                 PRI  *     C C        809/725-4702 N
04003 Alkobar                  SAU  5       C        (3) 8981025  N TYMUSA
04003 Jeddah                   SAU  5          C     (2) 6691377  N TYMUSA
04003 Jeddah                   SAU  5       C        (2) 6690708  N TYMUSA
04003 Riyadh                   SAU  5          C     (1) 4631038  N TYMUSA
04003 Riyadh                   SAU  5       C        (1) 4658803  N TYMUSA
04003 All Cities               TTO  2     C C        809/627-0854 N TYMUSA
04003 All Cities               TTO  2     C C        809/627-0855 N TYMUSA
04003 Aberdeen                 GBR  1     C C  C     (224) 210701 Y TYMUSA
04003 Birmingham               GBR  1     C C  C     (21)633-3474 Y TYMUSA
04003 Bristol                  GBR  1     C C  C     (272) 211545 Y TYMUSA
04003 Cambridge                GBR  1     C C  C     (223) 460127 Y TYMUSA
04003 Cardiff                  GBR  1     C C  C     (222) 344184 Y TYMUSA
04003 Chelmsford               GBR  1     C C  C     (245) 491323 Y TYMUSA
04003 Edinburgh                GBR  1     C C  C     (31)313-2137 Y TYMUSA
04003 Exeter                   GBR  1     C C  C     (392) 421565 Y TYMUSA
04003 Glasgow                  GBR  1     C C  C     (41)204-1722 Y TYMUSA
04003 Hastings                 GBR  1     C C  C     (424) 722788 Y TYMUSA
04003 Ipswich                  GBR  1     C C  C     (473) 210212 Y TYMUSA
04003 Kings Lynn               GBR  1     C C  C     (553) 691090 Y TYMUSA
04003 Leamington               GBR  1     C C  C     (926) 451419 Y TYMUSA
04003 Leeds                    GBR  1     C C  C     (532) 440024 Y TYMUSA
04003 Liverpool                GBR  1     C C  C     (51)255-0230 Y TYMUSA
04003 London (Clerkenwell)     GBR  1     C C  C     (71)490-2200 Y TYMUSA
04003 Luton                    GBR  1     C C  C     (582) 481818 Y TYMUSA
04003 Manchester               GBR  1     C C  C     (61)834-5533 Y TYMUSA
04003 Newcastle                GBR  1     C C  C     (91)261-6858 Y TYMUSA
04003 Nottingham               GBR  1     C C  C     (???) 506005 Y TYMUSA
04003 Oxford                   GBR  1     C C  C     (865) 798949 Y TYMUSA
04003 Plymouth                 GBR  1     C C  C     (752) 603302 Y TYMUSA
04003 Reading                  GBR  1     C C  C     (734) 500722 Y TYMUSA
04003 Ayr                      GBR  1     C C  C     (292) 611822 Y TYMUSA
04003 Belfast                  GBR  1     C C  C     (232) 331284 Y TYMUSA
04003 Benbecula                GBR  1     C C  C     (870) 2657   Y TYMUSA
04003 Brechin                  GBR  1     C C  C     (356) 25782  Y TYMUSA
04003 Brecon                   GBR  1     C C  C     (874) 3151   Y TYMUSA
04003 Brighton                 GBR  1     C C  C     (273) 550046 Y TYMUSA
04003 Campbeltown              GBR  1     C C  C     (586) 52298  Y TYMUSA
04003 Canterbury               GBR  1     C C  C     (227) 762950 Y TYMUSA
04003 Carlisle                                       612/333-2799 N
04325 Hempstead            NY  USA  MED   B B  C     516/485-7422 Y
04325 Mineola/Hempstead    NY  USA  MED   B B  C     516/485-7422 Y
04327 Salem                OR  USA  LOW   B B  C     503/370-4314 Y
04330 Lubbock              TX  USA  LOW   B B  C     806/797-0765 Y
04340 Brownsville          TX  USA  LOW   B B  C     512/548-1331 Y
04343 Dallas               TX  USA  HIGH  B B  C     214/630-5516 Y
04353 Beverly Hills/Shr Ok CA  USA  MED   B B  C     818/789-9557 Y
04353 Canoga Park/Shrm Oak CA  USA  MED   B B  C     818/789-9557 Y
04353 San Fernando/Shr Oak CA  USA  MED   B B  C     818/789-9557 Y
04353 Sherman Oaks         CA  USA  MED   B B  C     818/789-9557 Y
04353 Van Nuys/Sherman Oak CA  USA  MED   B B  C     818/789-9557 Y
04353 West L.A./Shrmn Oaks CA  USA  MED   B B  C     818/789-9557 Y
04355 Detroit              MI  USA  HIGH       C  C  313/965-4982 N TYM-X25
04360 San Diego            CA  USA  HIGH  B B        619/296-3370 N
04372 Norristown           PA  USA  WATS  B B  C     800/###-#### Y
04375 Concord              NH  USA  LOW   B B  C     603/228-4732 Y
04376 Merced               CA  USA  LOW   B B  C     209/383-7593 Y
04403 Oklahoma City        OK  USA  HIGH  B B  C     405/495-9201 Y
04411 Belmont/Redwood City CA  USA  HIGH  B B  C     415/361-8701 Y
04411 Palo Alto/Redwd City CA  USA  HIGH  B B  C     415/361-8701 Y
04411 Redwood City         CA  USA  HIGH  B B  C     415/361-8701 Y
04430 Newark/Wilmington    DE  USA  MED   B B        302/652-2060 N
04430 Wilmington           DE  USA  MED   B B        302/652-2060 N
05177 Huntsville           AL  USA  MED   B B  C     205/882-1519 Y
05201 Greenville           SC  USA  MED   B B  C     803/271-9213 Y
05205 Eindhoven                NLD  E1    C C  C  C  (4902) 45530 Y
05206 White Plains         NY  USA  HIGH  B B        914/328-7730 N
05211 Eatontown/Red Bank   NJ  USA  LOW   B B  C     908/758-0337 Y
05211 Long Branch/Red Bank NJ  USA  LOW   B B  C     908/758-0337 Y
05211 Red Bank             NJ  USA  LOW   B B  C     908/758-0337 Y
05215 Hibbing              MN  USA  LOW   B B  C     218/262-3824 Y
05221 Florence             AL  USA  LOW   B B  C     205/760-0030 Y
05241 Inglewood/Vernon     CA  USA  HIGH  B B        213/587-0030 N
05241 Los Angeles/Vernon   CA  USA  HIGH  B B        213/587-0030 N
05241 Vernon               CA  USA  HIGH  B B        213/587-0030 N
05242 Inglewood/Vernon     CA  USA  HIGH  B B        213/587-0030 N
05242 Los Angeles/Vernon   CA  USA  HIGH  B B        213/587-0030 N
05242 Vernon               CA  USA  HIGH  B B        213/587-0030 N
05250 Quincy               IL  USA  LOW   B B  C     217/223-9531 Y
05253 Clarkesville         TN  USA  LOW   B B  C     615/645-8877 Y
05256 Durham               NH  USA  LOW   B B  C     603/868-1502 Y
05260 Spokane              WA  USA  MED   B B        509/624-1549 N
05264 Rocky Mount          NC  USA  LOW   B B  C     919/937-4828 Y
05277 Philadelphia         PA  USA  HIGH  B B  C     215/592-8750 Y
05304 Fort Pierce          FL  USA  LOW   B B  C     407/466-5661 Y
05307 Peoria               IL  USA  LOW   B B  C     309/637-5961 Y
05325 Colton               CA  USA  MED   B B  C     714/422-0222 Y
05325 Riverside/Colton     CA  USA  MED   B B  C     714/422-0222 Y
05325 San Bernadino/Colton CA  USA  MED   B B  C     714/422-0222 Y
05333 Bloomfield           CT  USA  HIGH          C  203/286-0712 N TYM-X25
05333 Hartford/Bloomfield  CT  USA  HIGH          C  203/286-0712 N TYM-X25
05341 Alameda/Oakland      CA  USA  HIGH  B B  C     510/633-1896 Y
05341 Berkeley/Oakland     CA  USA  HIGH  B B  C     510/633-1896 Y
05341 Hayward/Oakland      CA  USA  HIGH  B B  C     510/633-1896 Y
05341 Oakland              CA  USA  HIGH  B B  C     510/633-1896 Y
05350 Antioch              CA  USA  LOW   B B  C     510/754-8222 Y
05363 Brussels                 BEL  E1               206/221-0450 N DCS GATEWAY
05365 Wausau               WI  USA  LOW   B B  C     715/848-6171 Y
05366 Pontiac              MI  USA  LOW   B B  C     313/338-8384 Y
05402 Dallas               TX  USA  HIGH          C  214/634-0833 N TYM-X25
05402 Dallas               TX  USA  HIGH       C     214/634-0834 N TYM-X25
05402 Dallas               TX  USA  HIGH       C     214/634-0834 N TYM-X25
05410 Minneapolis          MN  USA  HIGH          C  612/332-2580 N TYM-X25
05410 St. Paul/Minneapolis MN  USA  HIGH          C  612/332-2580 N TYM-X25
05410 Minneapolis          MN  USA  HIGH       C     612/332-2680 N TYM-X25
05410 St. Paul/Minneapolis MN  USA  HIGH       C     612/332-2680 N TYM-X25
05415 Wichita Falls        TX  USA  LOW   B B  C     817/723-2386 Y
05417 Marseille                FRA  E1    C C  C     (91) 259933  Y
05431 Opelika              AL  USA  LOW   B B  C     205/742-9040 Y
06515 Charlotte            NC  USA  HIGH          C  704/329-0104 Y
06522 Pawtucket/Providence RI  USA  HIGH  B B  C     401/273-0200 Y
06522 Providence           RI  USA  HIGH  B B  C     401/273-0200 Y
06522 Warwick/Providence   RI  USA  HIGH  B B  C     401/273-0200 Y
06525 New Orleans          LA  USA  HIGH  B B  C     504/525-2014 Y
06532 New Orleans          LA  USA  HIGH  B B        504/522-1370 N
06544 Piscataway           NJ  USA  HIGH  B B  C     908/562-8550 Y
06560 Rostock                  FRG  E1    C C  C     (81)36622404 Y
06562 Dublin                   IRL  E2    C C  C     (1)67 98 924 Y
06564 Everett              WA  USA  LOW   B B  C     206/258-1018 Y
06567 Vicksburg            MS  USA  LOW   B B  C     601/638-1551 Y
06570 Pittsburgh           PA  USA  HIGH          C  412/642-2271 N
06574 Miami                FL  USA  HIGH  B B  C     305/599-2900 Y
06577 Boston               MA  USA  HIGH  B B  C     617/439-3531 Y
06577 Cambridge/Boston     MA  USA  HIGH  B B  C     617/439-3531 Y
06605 San Jose             CA  USA  HIGH  B B  C     408/432-8618 Y
06605 Santa Clara/San Jose CA  USA  HIGH  B B  C     408/432-8618 Y
06605 Sunnyvale/San Jose   CA  USA  HIGH  B B  C     408/432-8618 Y
06614 Akron                OH  USA  MED   B B  C     216/376-8330 Y
06626 Lexington            KY  USA  MED   B B        606/266-0019 N
06641 Kingston             MA  USA  LOW   B B  C     617/582-1200 Y
06651 Aurora/Denver        CO  USA  HIGH          C  303/830-8530 Y
06651 Boulder/Denver       CO  USA  HIGH          C  303/830-8530 Y
06651 Denver               CO  USA  HIGH          C  303/830-8530 Y
06667 Reading/Mt. Penn     PA  USA  MED   B B  C     215/796-9000 Y
06667 Mt. Penn             PA  USA  LOW   B B  C     215/796-9000 Y
06670 Barcelona                ESP  E2    C C  C     (3) 4155082  Y
06673 Aberdeen             MD  USA  LOW   B B  C     410/273-0872 Y
06674 Houston              TX  USA  HIGH  B B        713/556-6700 N
06675 State College        PA  USA  LOW   B B  C     814/234-3853 Y
06704 Houston              TX  USA  HIGH  B B        713/556-6700 N
06715 Midlothian/Richmond  VA  USA  MED   B B        804/330-2465 N
06715 Richmond             VA  USA  MED   B B        804/330-2465 N
06733 Los Angeles/Vernon   CA  USA  HIGH          C  213/588-4712 N TYM-X25
06733 Inglewood/Vernon     CA  USA  HIGH          C  213/588-4712 N TYM-X25
06733 Vernon               CA  USA  HIGH          C  213/588-4712 N TYM-X25
06733 Los Angeles/Vernon   CA  USA  HIGH       C     213/588-4639 N TYM-X25
06733 Inglewood/Vernon     CA  USA  HIGH       C     213/588-4639 N TYM-X25
06733 Vernon               CA  USA  HIGH       C     213/588-4639 N TYM-X25
06754 Kitchener            ON  CAN  CANL  C C  C     519/742-7613 Y
06755 Coatesville          PA  USA  LOW   B B  C     215/383-0440 Y
06755 Downington/Coatsvlle PA  USA  LOW   B B  C     215/383-0440 Y
06762 Marquette            MI  USA  LOW   B B  C     906/228-3780 Y
06771 Ft. Smith            AR  USA  LOW   B B  C     501/782-2486 Y
06774 Topeka               KS  USA  LOW   B B  C     913/234-3070 Y
07001 Boston               MA  USA  HIGH  B B        617/439-3400 N
07001 Cambridge/Boston     MA  USA  HIGH  B B        617/439-3400 N
07005 Detroit              MI  USA  HIGH          C  313/964-1225 Y
07024 Longview             TX  USA  LOW   B B  C     903/236-7475 Y
07025 Madison              WI  USA  LOW   B B  C     608/242-0227 Y
07026 Madison              WI  USA  LOW   B B  C     608/242-0227 Y
07031 Albany               GA  USA  LOW   B B  C     912/888-9282 Y
07042 Nashua               NH  USA  MED   B B  C     603/882-0435 Y
07042 Salem/Nashua         NH  USA  MED   B B  C     603/882-0435 Y
07043 Sarasota             FL  USA  LOW   B B  C     813/952-9000 Y
07057 New York             NY  USA  HIGH          C  212/797-2792 N TYM-X25
07057 New York             NY  USA  HIGH       C     212/797-2790 N TYM-X25
07075 Cincinnati           OH  USA  HIGH  B B        513/530-9019 N
07100 Los Altos/San Jose   CA  USA  HIGH  B B  C     408/432-8618 Y
07100 San Jose             CA  USA  HIGH  B B  C     408/432-8618 Y
07100 Santa Clara/San Jose CA  USA  HIGH  B B  C     408/432-8618 Y
07100 Sunnyvale/San Jose   CA  USA  HIGH  B B  C     408/432-8618 Y
07102 Hutchinson           KS  USA  LOW   B B  C     316/663-2192 Y
07107 Barre/Montpelier     VT  USA  LOW   B B        802/229-4508 N
07107 Montpelier           VT  USA  LOW   B B        802/229-4508 N
7117  Fremont              CA  USA  MED   B B  C     510/490-7366 Y
07126 Rolla                MO  USA  LOW   B B  C     314/364-2084 Y
07140 Cincinnati           OH  USA  HIGH          C  513/489-1032 Y
07143 Portland             OR  USA  HIGH          C  503/225-1918 Y
07144 Portland             OR  USA  HIGH  B B  C     503/222/2151 Y
07145 Portland             OR  USA  HIGH          C  503/225-1918 Y
07145 Portland             OR  USA  HIGH  B B  C     503/222-2151 Y
07147 Portland             OR  USA  HIGH  B B        503/222-0900 N
07150 Boca Raton/Delray    FL  USA  LOW   B B  C     407/272-7900 Y
07150 Delray               FL  USA  LOW   B B  C     407/272-7900 Y
07157 Rosewell             NM  USA  LOW   B B  C     505/623-3591 Y
07162 Perinton/Pittsford   NY  USA  HIGH          C  716/586-4100 Y
07162 Perinton/Pittsford   NY  USA  HIGH          C  716/586-4858 N TYM-X25
07162 Rochester/Pittsford  NY  USA  HIGH          C  716/586-4100 Y
07162 Pittsford            NY  USA  HIGH          C  716/586-4100 Y
07162 Pittsford            NY  USA  HIGH          C  716/586-4858 N TYM-X25
07162 Rochester/Pittsford  NY  USA  HIGH          C  716/586-4858 N TYM-X25
07162 Perinton/Pittsford   NY  USA  HIGH       C     716/586-4829 N TYM-X25
07162 Pittsford            NY  USA  HIGH       C     716/586-4829 N TYM-X25
07162 Rochester/Pittsford  NY  USA  HIGH       C     716/586-4829 N TYM-X25
07175 Myrtle Beach         SC  USA  LOW   B B  C     803/448-1619 Y
07177 Copenhagen               DNK  E2    C C  C     31-18-63-33  Y
07205 Los Altos/San Jose   CA  USA  HIGH  B B        408/432-3430 N
07205 San Jose             CA  USA  HIGH  B B        408/432-3430 N
07205 Santa Clara/San Jose CA  USA  HIGH  B B        408/432-3430 N
07205 Sunnyvale/San Jose   CA  USA  HIGH  B B        408/432-3430 N
07210 Fall River/Somerset  MA  USA  LOW   B B  C     508/676-3087 Y
07210 Somerset             MA  USA  LOW   B B  C     508/676-3087 Y
07214 Middletown           RI  USA  LOW   B B  C     401/849-1660 Y
07214 Newport/Middletown   RI  USA  LOW   B B  C     401/849-1660 Y
07220 Bridgeport           CT  USA  MED   B B        203/579-1479 N
07220 Stratford/Bridgeprt  CT  USA  MED   B B        203/579-1479 N
07221 Atlantic City        NJ  USA  LOW   B B  C     609/345-4050 Y
07223 Dayton               OH  USA  MED   B B  C     513/898-0696 Y
07226 Ogden                UT  USA  LOW   B B  C     801/393-5280 Y
07227 Mexico C(Xochimilco)     MEX  MX    B B  B     (5)6754911   N
07227 Mexico C(Xochimilco)     MEX  MX    B B  B     (5)6754072   N
07227 Mexico C(Xochimilco)     MEX  MX    B B  B     (5)6754635   N
07227 Mexico C(Xochimilco)     MEX  MX    B B  B     (5)6753173   N
07227 Mexico C(Xochimilco)     MEX  MX    B B  B     (5)6753372   N
07227 Mexico C(Xochimilco)     MEX  MX    B B  B     (5)6753629   N
07236 White Plains         NY  USA  HIGH  B B  C     914/761-9590 Y
07240 White Plains         NY  USA  HIGH          C  914/761-5377 Y
07241 Greenville           NC  USA  LOW   B B  C     919/758-0102 Y
07242 High Point           NC  USA  LOW   B B  C     919/883-6121 Y
07246 San Francisco        CA  USA  HIGH          C  415/896-5578 N TYM-X25
07247 San Antonio          TX  USA  HIGH  B B  C     512/222-9877 Y
07250 Curacao                  NDA  3     C C        (9)239251    N TYMUSA
07250 Curacao                  NDA  3     C C        0251 (LOCAL)   TYMUSA
07270 Gibraltar                GIB  E2    C C  C     (350) 41000  Y
07272 Greenville           SC  USA  MED           C  803/370-9014 Y
07301 Rome                 GA  USA  LOW   B B  C     404/234-0102 Y
07302 San Francisco        CA  USA  HIGH  B B  C     415/543-0691 Y
07303 Danville             IL  USA  LOW   B B  C     217/442-1452 Y
07306 Davenport/RockIsland IA  USA  MED   B B  C     309/788-3713 Y
07306 Rock Island          IL  USA  MED   B B  C     309/788-3713 Y
07313 Melbourne                AUS  PAC   C C  C     (3)416-2146  Y
07320 San Francisco        CA  USA  HIGH  B B  C     415/543-0691 Y
07322 Greeley              CO  USA  LOW   B B  C     303/352-0960 Y
07331 Levittown            PA  USA  LOW   B B        215/943-3700 N
07332 Pittsfield           MA  USA  LOW   B B  C     413/499-0971 Y
07336 Ardmore              OK  USA  LOW   B B  C     405/226-1260 Y
07340 Grand Forks          ND  USA  LOW   B B  C     701/746-0344 Y
07344 Lynn                 MA  USA  LOW   B B  C     617/592-0207 Y
07346 San Francisco        CA  USA  HIGH  B B  C     415/543-0691 Y
07364 Corning              NY  USA  LOW   B B  C     607/962-4481 Y
07370 Spartanburg          SC  USA  LOW   B B  C     803/579-7088 Y
07375 Hanover              NH  USA  LOW   B B  C     603/643-4011 Y
07404 Long Beach           CA  USA  MED   B B  C     310/436-6033 Y
07404 Norwalk/Long Beach   CA  USA  MED   B B  C     310/436-6033 Y
07404 San Pedro/Long Beach CA  USA  MED   B B  C     310/436-6033 Y
07406 Akita                    JPN  PAC     C  C     0188-65-5733 N
07406 Akita                    JPN  PAC   C          0188-65-5735 N
07406 Atsugi                   JPN  PAC     C  C     0462-21-0404 N
07406 Atsugi                   JPN  PAC   C          0462-21-5331 N
07406 Atsugi                   JPN  PAC   C C  C     0462-22-7154 Y
07406 Chiba                    JPN  PAC     C  C     0472-96-3581 N
07406 Chiba                    JPN  PAC   C C  C     0472-96-0279 Y
07406 Fukui                    JPN  PAC     C  C     0776-35-8840 N
07406 Fukui                    JPN  PAC   C          0776-34-3308 N
07406 Fukuoka                  JPN  PAC     C  C     092-474-7196 N
07406 Fukuoka                  JPN  PAC   C          092-474-7076 N
07406 Fukuoka                  JPN  PAC   C C  C     092-461-2769 Y
07406 Hamamatsu                JPN  PAC   C          0534-56-7355 N
07406 Hamamatsu                JPN  PAC     C  C     0534-56-7231 N
07406 Hiroshima                JPN  PAC     C  C     082-243-9270 N
07406 Hiroshima                JPN  PAC   C C  C     082-241-6857 Y
07406 Kagoshima                JPN  PAC     C  C     0992-22-8954 N
07406 Kanazawa                 JPN  PAC     C  C     0762-24-2341 N
07406 Kanazawa                 JPN  PAC   C C  C     0762-24-7792 Y
07406 Kobe                     JPN  PAC     C  C     078-333-0552 N
07406 Kobe                     JPN  PAC   C          078-333-0587 N
07406 Kouriyama                JPN  PAC     C  C     0249-38-5396 N
07406 Kumamoto                 JPN  PAC     C  C     096-354-3065 N
07406 Kumamoto                 JPN  PAC   C          096-355-5233 N
07406 Kyoto                    JPN  PAC     C  C     075-431-6203 N
07406 Kyoto                    JPN  PAC   C          075-431-6205 N
07406 Matsuyama                JPN  PAC     C  C     0899-32-4207 N
07406 Matsuyama                JPN  PAC   C          0899-32-2975 N
07406 Matsuyama                JPN  PAC   C C  C     0899-32-2865 Y
07406 Mito                     JPN  PAC     C  C     0292-24-4213 N
07406 Morioka                  JPN  PAC     C  C     0196-54-7315 N
07406 Morioka                  JPN  PAC   C C  C     0196-22-3885 Y
07406 Nagasaki                 JPN  PAC     C  C     0958-28-6077 N
07406 Nagoya                   JPN  PAC     C  C     052-981-3221 N
07406 Nagoya                   JPN  PAC   C          052-911-1621 N
07406 Nagoya                   JPN  PAC   C C  C     052-991-4521 Y
07406 Naha                     JPN  PAC     C  C     0988-61-3414 N
07406 Naha                     JPN  PAC   C          0988-61-4002 N
07406 Niigata                  JPN  PAC     C  C     025-241-5410 N
07406 Niigata                  JPN  PAC   C C  C     025-241-5409 Y
07406 Ohita                    JPN  PAC     C  C     0975-38-2160 N
07406 Okayama                  JPN  PAC     C  C     0862-31-4993 N
07406 Okayama                  JPN  PAC   C          0862-32-6760 N
07406 Osaka                    JPN  PAC     C        06-271-9029  N
07406 Osaka                    JPN  PAC     C  C     06-271-6876  N
07406 Osaka                    JPN  PAC   C          06-271-9028  N
07406 Osaka                    JPN  PAC   C C  C     06-264-9951  Y
07406 Sapporo                  JPN  PAC     C  C     011-281-4421 N
07406 Sapporo                  JPN  PAC   C          011-281-4343 N
07406 Sapporo                  JPN  PAC   C C  C     011-210-5962 Y
07406 Sendai                   JPN  PAC     C  C     022-231-5355 N
07406 Sendai                   JPN  PAC   C C  C     022-231-5741 Y
07406 Shizuoka                 JPN  PAC     C  C     0542-84-3398 N
07406 Shizuoka                 JPN  PAC   C C  C     0542-84-3393 Y
07406 Takamatsu                JPN  PAC     C  C     0878-23-0501 N
07406 Takamatsu                JPN  PAC   C          0878-23-0502 N
07406 Takasaki                 JPN  PAC     C  C     0273-23-9739 N
07406 Tokuyama                 JPN  PAC     C  C     0834-32-0991 N
07406 Tokyo                    JPN  PAC     C        03-3555-9526 N
07406 Tokyo                    JPN  PAC     C  C     03-3555-9696 N N
07406 Tokyo                    JPN  PAC   C          03-3555-9525 N
07406 Tokyo                    JPN  PAC   C C  C     03-3288-6461 Y
07406 Toyama                   JPN  PAC     C  C     0764-41-7769 N
07406 Toyama                   JPN  PAC   C          0764-41-7578 N
07406 Tsuchiura                JPN  PAC     C  C     0298-55-6121 N
07406 Urawa                    JPN  PAC     C  C     048-833-9341 N
07406 Utsunomiya               JPN  PAC     C  C     0286-34-8251 N
07406 Utsunomiya               JPN  PAC   C C  C     0286-37-4378 Y
07406 Yokohama                 JPN  PAC     C  C     045-453-7637 N
07406 Yokohama                 JPN  PAC   C          045-453-7757 N
07406 Yokohama                 JPN  PAC   C C  C     045-453-7758 Y
07406 Yonago                   JPN  PAC     C  C     0859-32-3201 N
07406 Nagasaki                 JPN  PAC   C          0958-28-6088 N
07406 Nagano                   JPN  PAC     C  C     0262-34-3900 N
07406 Tokyo                    JAP  PAC        C  C  03-3262-7517 N TYM-X25
07406 Tokyo                    JAP  PAC           C  03-5275-3829 Y NEW NUMBER
07407 Buenos Aires             ARG  2     C          (1) 40-01-91 N TYMUSA
07407 Buenos Aires             ARG  2     C          (1) 40-01-92 N TYMUSA
07407 Buenos Aires             ARG  2     C          (1) 40-01-93 N TYMUSA
07407 Buenos Aires             ARG  2     C          (1) 40-01-94 N TYMUSA
07407 Buenos Aires             ARG  2     C          (1) 40-01-95 N TYMUSA
07407 Buenos Aires             ARG  2     C          (1) 40-01-96 N TYMUSA
07407 Buenos Aires             ARG  2     C          (1) 40-01-97 N TYMUSA
07407 Buenos Aires             ARG  2     C          (1) 40-01-98 N TYMUSA
07407 Buenos Aires             ARG  2     C          (1) 40-01-99 N TYMUSA
07414 Warren               OH  USA  LOW   B B  C     216/392-2555 Y
07417 San Francisco        CA  USA  HIGH          C  415/495-7220 Y
07432 Lyndhurst/Union City NJ  USA  HIGH  B B  C     201/864-8468 Y
07432 Union City           NJ  USA  HIGH  B B  C     201/864-8468 Y
07434 Davis                CA  USA  LOW   B B  C     916/758-3551 Y
07434 Woodland/Davis       CA  USA  LOW   B B  C     916/758-3551 Y
07437 Austin               TX  USA  HIGH  B B  C     512/448-1096 Y
07447 Butte                MT  USA  LOW   B B  C     406/494-6682 Y
07450 Dallas               TX  USA  HIGH          C  214/637-3012 Y
07454 Terre Haute          IN  USA  LOW   B B  C     812/232-0112 Y
07455 Lafayette            IN  USA  LOW   B B  C     317/423-4616 Y
07456 Dubuque              IA  USA  LOW   B B  C     319/582-3599 Y
07457 Minot                ND  USA  LOW   B B  C     701/838-2140 Y
07460 Beloit               WI  USA  LOW   B B  C     608/362-4655 Y
07460 Janesville/Beloit    WI  USA  LOW   B B  C     608/362-4655 Y
07463 Hot Springs          AR  USA  LOW   B B  C     501/623-3576 Y
07464 Jonesboro            AR  USA  LOW   B B  C     501/935-7957 Y
07465 Cadillac             MI  USA  LOW   B B  C     616/775-9242 Y
07466 Muskegon             MI  USA  LOW   B B  C     616/739-3453 Y
07467 Port Huron           MI  USA  LOW   B B  C     313/982-0301 Y
07472 Mansfield            OH  USA  LOW   B B  C     419/529-3303 Y
07520 Atlanta/Doraville    GA  USA  HIGH  B B  C     404/451-3362 Y
07520 Doraville            GA  USA  HIGH  B B  C     404/451-3362 Y
07520 Marietta/Doraville   GA  USA  HIGH  B B  C     404/451-3362 Y
07520 Norcross/Doraville   GA  USA  HIGH  B B  C     404/451-3362 Y
07522 San Angelo           TX  USA  LOW   B B  C     915/658-4590 Y
07524 San Antonio          TX  USA  HIGH  B B  C     512/222-9877 Y
07525 Boston               MA  USA  HIGH  B B        617/439-3400 N
07525 Cambridge/Boston     MA  USA  HIGH  B B        617/439-3400 N
07533 Inglewood/Vernon     CA  USA  HIGH          C  213/588-8128 Y
07533 Los Angeles/Vernon   CA  USA  HIGH          C  213/588-8128 Y
07533 Vernon               CA  USA  HIGH          C  213/588-8128 Y
07540 Calgary              AB  CAN  CANH  C C  C     403/232-6653 Y
07542 Sacramento           CA  USA  HIGH          C  916/442-0992 N
07543 Sacramento           CA  USA  HIGH          C  916/442-0851 N TYM-X25
07547 Taunton              MA  USA  LOW   B B  C     508/824-3816 Y
07571 Salisbury            MD  USA  LOW   B B  C     410/860-0480 Y
07600 Bowling Green        KY  USA  LOW   B B  C     502/781-5711 Y
07602 All Cities               ATG  3     B B        809/462-0210 N TYMUSA
07603 All Cities               ATG  3     B B        809/462-0210 N TYMUSA
07607 Gastonia             NC  USA  LOW   B B  C     704/867-2203 Y
07617 Corpus Christi       TX  USA  MED   B B  C     512/289-7305 Y
07622 Manassas             VA  USA  LOW   B B  C     703/330-9070 Y
07625 Lowell               MA  USA  LOW   B B  C     508/452-5112 Y
07631 Auburn               WA  USA  LOW   B B  C     206/735-3975 Y
07631 Enumclaw/Auburn      WA  USA  LOW   B B  C     206/735-3975 Y
07636 Santa Fe             NM  USA  LOW   B B  C     505/471-0606 Y
07646 Monroe               LA  USA  LOW   B B  C     318/388-8810 Y
07650 Kokomo               IN  USA  LOW   B B  C     317/453-7818 Y
07651 Appleton             WI  USA  LOW   B B  C     414/730-8029 Y
07652 Corona               CA  USA  LOW   B B  C     714/737-5510 Y
07653 Poway                CA  USA  LOW   B B  C     619/679-0200 Y
07655 Norristown           PA  USA  WATS  B B  C     800/###-#### Y
07656 Norristown           PA  USA  WATS  B B  C     800/###-#### Y
07663 Birmingham               GBR  E1    C C  C     (21)632-6636 Y
07675 Dundas               ON  CAN  CANH  C C  C     416/628-5908 Y
07676 Newport News         VA  USA  MED   B B  C     804/596-0898 Y
07677 Fitchburg/Leominster MA  USA  LOW   B B  C     508/537-6451 Y
07677 Leominster           MA  USA  LOW   B B  C     508/537-6451 Y
07703 Inglewood/Vernon     CA  USA  HIGH  B B  C     213/587-7514 Y
07703 Los Angeles/Vernon   CA  USA  HIGH  B B  C     213/587-7514 Y
07703 Vernon               CA  USA  HIGH  B B  C     213/587-7514 Y
07712 Vero Beach           FL  USA  LOW   B B  C     407/569-8207 Y
07714 Meridian             MS  USA  LOW   B B  C     601/482-4335 Y
07717 Baytown              TX  USA  LOW   B B  C     713/420-3389 Y
07720 Miami                FL  USA  HIGH          C  305/599-9996 N TYM-X25
07720 Miami                FL  USA  HIGH       C     305/599-9997 N TYM-X25
07721 Freeport             IL  USA  LOW   B B  C     815/232-7111 Y
07723 Dothan               AL  USA  LOW   B B  C     205/794-7954 Y
07724 Miami                FL  USA  HIGH          C  305/592-2357 Y
07725 Panama City          FL  USA  LOW   B B  C     904/769-0709 Y
07726 Leavenworth          KS  USA  LOW   B B  C     913/651-8094 Y
07730 Salina               KS  USA  LOW   B B  C     913/825-4845 Y
07731 Cicero/Maywood       IL  USA  LOW   B B  C     708/345-9100 Y
07731 Forest Park/Maywood  IL  USA  LOW   B B  C     708/345-9100 Y
07731 Maywood              IL  USA  LOW   B B  C     708/345-9100 Y
07733 Marion               IN  USA  LOW   B B  C     317/662-1928 Y
07735 Attleboro            MA  USA  LOW   B B        508/226-6441 N
07737 Lynchburg            VA  USA  LOW   B B  C     804/846-0213 Y
07743 Holyoke/Springfield  MA  USA  MED   B B  C     413/787-0048 Y
07743 Springfield          MA  USA  MED   B B  C     413/787-0048 Y
10021 Houston              TX  USA  HIGH  B B  C     713/496-1332 Y
10021 Houston              TX  USA  HIGH          C  713/589-7593 N TYM-X25
10021 Houston              TX  USA  HIGH       C     713/589-7591 N TYM-X25
10027 Kannapolis           NC  USA  LOW   B B  C     704/932-4131 Y
10031 Bedford              MA  USA  LOW   B B  C     617/271-0420 Y
10031 Woburn/Bedford       MA  USA  LOW   B B  C     617/271-0420 Y
10033 Bend                 OR  USA  LOW   B B  C     503/389-0146 Y
10034 Baltimore            MD  USA  HIGH          C  410/659-7460 Y
10040 Columbus             OH  USA  HIGH          C  614/224-0436 N TYM-X25
10040 Columbus             OH  USA  HIGH       C     614/224-0427 N TYM-X25
10052 Napa                 CA  USA  LOW   B B  C     707/257-6810 Y
10061 Buffalo              NY  USA  MED   B B        716/893-1306 N
10066 Williamsport         PA  USA  LOW   B B  C     717/321-8520 Y
10070 New York             NY  USA  HIGH          C  212/269-4640 Y
10071 York                 PA  USA  LOW   B B  C     717/852-8186 Y
10075 Blountville          TN  USA  LOW   B B  C     615/323-1962 Y
10100 Corvallis            OR  USA  LOW   B B  C     503/757-6341 Y
10103 Ann Arbor            MI  USA  MED           C  313/973-0166 Y
10105 Camden/Pennsauken    NJ  USA  MED   B B  C     609/665-5902 Y
10105 Cherry hill/Pennskn  NJ  USA  MED   B B  C     609/665-5902 Y
10105 Pennsauken           NJ  USA  MED   B B  C     609/665-5902 Y
10110 Newark               NJ  USA  HIGH          C  201/824-4130 N TYM-X25
10110 Elizabeth/Newark     NJ  USA  HIGH          C  201/824-4130 N TYM-X25
10110 Jersey City/Newark   NJ  USA  HIGH          C  201/824-4130 N TYM-X25
10110 Union/Newark         NJ  USA  HIGH          C  201/824-4130 N TYM-X25
10110 Elizabeth/Newark     NJ  USA  HIGH       C     201/824-4128 N TYM-X25
10110 Jersey City/Newark   NJ  USA  HIGH       C     201/824-4128 N TYM-X25
10110 Newark               NJ  USA  HIGH       C     201/824-4128 N TYM-X25
10110 Union/Newark         NJ  USA  HIGH       C     201/824-4128 N TYM-X25
10113 Fairfield/Westport   CT  USA  MED   B B  C     203/454-2129 Y
10113 Norwalk/Westport     CT  USA  MED   B B  C     203/454-2129 Y
10113 Westport             CT  USA  MED   B B  C     203/454-2129 Y
10122 Hull/Ottawa          ON  CAN  CANH  C C  C     613/563-2910 N
10122 Ottawa               ON  CAN  CANH  C C  C     613/563-2910 N
10124 Cologne                  FRG  E1    C C  C     (221)210196  N
10130 Sacramento           CA  USA  HIGH  B B  C     916/447-7434 Y
10151 Portland             OR  USA  HIGH          C  503/225-1233 N TYM-X25
10153 South Brunswick      NJ  USA  HIGH          C  609/452-8011 N TYM-X25
10153 South Brunswick      NJ  USA  HIGH          C  609/452-8388 Y
10153 Princeton/So. Brnswk NJ  USA  HIGH          C  609/452-8011 N TYM-X25
10153 Princeton/So. Brnswk NJ  USA  HIGH          C  609/452-8388 Y
10170 Johnstown            PA  USA  LOW   B B  C     814/539-5059 Y
10171 Jamestown            NY  USA  LOW   B B        716/488-0794 N
10172 Somers               CT  USA  LOW   B B  C     203/763-3521 Y
10204 Austin               TX  USA  HIGH  B B  C     512/448-1096 Y
10211 Atlanta/Doraville    GA  USA  HIGH          C  404/455-9285 N TYM-X25
10211 Marietta/Doraville   GA  USA  HIGH          C  404/455-9285 N TYM-X25
10211 Norcross/Doraville   GA  USA  HIGH          C  404/455-9285 N TYM-X25
10211 Doraville            GA  USA  HIGH          C  404/455-9285 N TYM-X25
10211 Atlanta/Doraville    GA  USA  HIGH       C     404/455-7540 N TYM-X25
10211 Doraville            GA  USA  HIGH       C     404/455-7540 N TYM-X25
10211 Marietta/Doraville   GA  USA  HIGH       C     404/455-7540 N TYM-X25
10211 Norcross/Doraville   GA  USA  HIGH       C     404/455-7540 N TYM-X25
10212 Hamilton             OH  USA  LOW   B B        513/874-1744 N
10213 Ocala                FL  USA  LOW   B B  C     904/732-3707 Y
10217 Atlanta/Doraville    GA  USA  HIGH  B B  C     404/451-3362 Y
10217 Doraville            GA  USA  HIGH  B B  C     404/451-3362 Y
10217 Marietta/Doraville   GA  USA  HIGH  B B  C     404/451-3362 Y
10217 Norcross/Doraville   GA  USA  HIGH  B B  C     404/451-3362 Y
10233 Cleveland            OH  USA  HIGH  B B  C     216/861-6709 Y
10234 Cleveland            OH  USA  HIGH       C  C  216/696-0363 N TYM-X25
10242 San Jose             CA  USA  HIGH          C  408/954-8481 N TYM-X25
10242 Los Altos/San Jose   CA  USA  HIGH          C  408/954-8481 N TYM-X25
10242 Santa Clara/San Jose CA  USA  HIGH          C  408/954-8481 N TYM-X25
10242 Sunnyvale/San Jose   CA  USA  HIGH          C  408/954-8481 N TYM-X25
10242 San Jose             CA  USA  HIGH       C     408/954-8476 N TYM-X25
10242 Los Altos/San Jose   CA  USA  HIGH       C     408/954-8476 N TYM-X25
10242 Santa Clara/San Jose CA  USA  HIGH       C     408/954-8476 N TYM-X25
10242 Sunnyvale/San Jose   CA  USA  HIGH       C     408/954-8476 N TYM-X25
10243 Huntington           WV  USA  LOW   B B  C     304/529-2091 Y
10250 Inglewood/Vernon     CA  USA  HIGH  B B  C     213/587-7514 Y
10250 Los Angeles/Vernon   CA  USA  HIGH  B B  C     213/587-7514 Y
10250 Vernon               CA  USA  HIGH  B B  C     213/587-7514 Y
10254 Atlanta/Doraville    GA  USA  HIGH          C  404/451-1546 Y
10254 Doraville            GA  USA  HIGH          C  404/451-1546 Y
10254 Marietta/Doraville   GA  USA  HIGH          C  404/451-1546 Y
10254 Norcross/Doraville   GA  USA  HIGH          C  404/451-1546 Y
10255 Laredo               TX  USA  LOW   B B  C     512/727-8308 Y
10256 Hampton              VA  USA  MED   B B  C     804/727-0572 Y
10261 Sheboygan            WI  USA  LOW   B B  C     414/457-6128 Y
10264 Pittsburgh           PA  USA  HIGH          C  412/642-7703 N TYM-X25
10264 Pittsburgh           PA  USA  HIGH       C     412/642-2386 N TYM-X25
10267 Springfield          MA  USA  MED   B B  C     413/787-0048 Y
10267 Holyoke/Springfield  MA  USA  MED   B B  C     413/787-0048 Y
10274 Tucson               AZ  USA  MED   B B  C     602/297-2239 Y
10301 Abilene              TX  USA  LOW   B B  C     915/676-0091 Y
10305 Gadsden              AL  USA  LOW   B B  C     205/543-3550 Y
10307 Ann Arbor            MI  USA  MED   B B  C     313/973-7935 Y
10317 Kenosha              WI  USA  LOW   B B  C     414/553-9044 Y
10317 Racine/Kenosha       WI  USA  LOW   B B  C     414/553-9044 Y
10320 Iowa City            IA  USA  LOW   B B  C     319/354-3633 Y
10325 Inglewood/Vernon     CA  USA  HIGH  B B  C     213/587-7514 Y
10325 Los Angeles/Vernon   CA  USA  HIGH  B B  C     213/587-7514 Y
10325 Vernon               CA  USA  HIGH  B B  C     213/587-7514 Y
10334 Monterey             CA  USA  LOW   B B  C     408/375-2644 Y
10337 Louisville           KY  USA  MED   B B        502/499-7110 N
10346 Portsmouth/Norfolk   VA  USA  MED   B B  C     804/857-0148 Y
10346 Virginia Bch/Norfolk VA  USA  MED   B B  C     804/857-0148 Y
10346 Norfolk              VA  USA  MED   B B  C     804/857-0148 Y
10355 Longwood/Orlando     FL  USA  MED           C  407/839-0555 Y
10355 Orlando              FL  USA  MED           C  407/839-0555 Y
10361 Alexandria/Fairfax   VA  USA  HIGH  B B  C     703/352-3136 Y
10361 Arlington/Fairfax    VA  USA  HIGH  B B  C     703/352-3136 Y
10361 Fairfax              VA  USA  HIGH  B B  C     703/352-3136 Y
10361 Washington/Fairfax   DC  USA  HIGH  B B  C     703/352-3136 Y
10361 Bethesda/Fairfax     MD  USA  HIGH  B B  C     703/352-3136 Y
10363 El Segundo           CA  USA  MED   B B  C     310/643-4228 Y
10363 Mar Vista/El Segundo CA  USA  MED   B B  C     310/643-4228 Y
10363 MarinaDelRey/El Sgnd CA  USA  MED   B B  C     310/643-4228 Y
10363 Santa Monica/El Sgnd CA  USA  MED   B B  C     310/643-4228 Y
10402 Rockville            MD  USA  LOW   B B  C     301/294-4522 Y
10404 Lyon                     FRA  E1    C C  C     (7) 8478144  Y
10430 Inglewood/Vernon     CA  USA  HIGH  B B  C     213/587-7514 Y
10430 Los Angeles/Vernon   CA  USA  HIGH  B B  C     213/587-7514 Y
10430 Vernon               CA  USA  HIGH  B B  C     213/587-7514 Y
10436 Concord/Walnut Creek CA  USA  LOW   B B  C     510/935-1507 Y
10436 Pacheco/Walnut Creek CA  USA  LOW   B B  C     510/935-1507 Y
10436 Pleasnthill/Walnt Ck CA  USA  LOW   B B  C     510/935-1507 Y
10436 Walnut Creek         CA  USA  LOW   B B  C     510/935-1507 Y
10464 Quebec City          QU  CAN  CANH  C C  C     418/647-1116 Y
10467 Colorado Springs     CO  USA  MED   B B  C     719/590-1003 Y
10470 Arlington/Fort Worth TX  USA  MED   B B  C     817/332-9397 Y
10470 Fort Worth           TX  USA  MED   B B  C     817/332-9397 Y
10472 Windsor              NY  USA  LOW   B B        914/561-9103 N
10506 Johnson City         TN  USA  LOW   B B  C     615/928-9544 Y
10516 Charlottesville      VA  USA  LOW   B B  C     804/977-5661 Y
10526 Houston              TX  USA  HIGH  B B  C     713/496-1332 Y
10542 McKinney             TX  USA  LOW   B B  C     214/542-2641 Y
10543 Akron                OH  USA  MED   B B        216/376-6227 N
10552 Salem                OR  USA  LOW   B B  C     503/370-4314 Y
10560 Muncie               IN  USA  LOW   B B  C     317/281-9021 Y
10567 Durham               NC  USA  HIGH  B B  C     919/549-9025 Y
10567 Chapel Hill/Durham   NC  USA  HIGH  B B  C     919/549-9025 Y
10570 Bozeman              MT  USA  LOW   B B  C     406/585-9719 Y
10574 Hilo                 HI  USA  MED   B B  C     808/935-5717 N
10601 Augusta              ME  USA  LOW   B B  C     207/622-3083 Y
10602 Cape Girardeau       MO  USA  LOW   B B  C     314/335-1518 Y
10603 Elyria               OH  USA  LOW   B B  C     216/324-7156 Y
10604 Florence             SC  USA  LOW   B B  C     803/664-0550 Y
10605 Kingston             NY  USA  LOW   B B  C     914/336-2790 Y
10612 Montreal/St. Laurent QU  CAN  CANH  C C  C     514/747-2996 Y
10612 St. Laurent          QU  CAN  CANH  C C  C     514/747-2996 Y
10615 Secane               PA  USA  LOW   B B  C     215/543-3045 Y
10621 Princeton/So. Brnswk NJ  USA  HIGH  B B        609/452-1018 N
10621 South Brunswick      NJ  USA  HIGH  B B        609/452-1018 N
10622 South Brunswick      NJ  USA  HIGH  B B  C     609/452-9529 Y
10622 Princeton/So. Brnswk NJ  USA  HIGH  B B  C     609/452-9529 Y
10631 Honolulu             HI  USA  MED   B B        808/545-7610 N
10632 Honolulu             HI  USA  MED        C     808/528-5300 Y
10665 Tulsa                OK  USA  HIGH  B B  C     918/585-2706 Y
10666 Tulsa                OK  USA  HIGH  B B  C     918/585-2706 Y
10673 Springfield          MO  USA  LOW   B B  C     417/881-6225 Y
10703 Tortola                  VGB  3     C C  C     809/494-3993 N TYMUSA
10705 Atlanta/Doraville    GA  USA  HIGH  B B        404/451-2208 N
10705 Doraville            GA  USA  HIGH  B B        404/451-2208 N
10705 Marietta/Doraville   GA  USA  HIGH  B B        404/451-2208 N
10705 Norcross/Doraville   GA  USA  HIGH  B B        404/451-2208 N
10710 New York             NY  USA  HIGH  B B        212/943-4700 N
10713 Houston              TX  USA  HIGH          C  713/870-8381 Y
10726 Winnipeg             MB  CAN  CANH                          N
10727 Lawton               OK  USA  LOW   B B  C     405/353-6987 Y
10730 Grand Island         NE  USA  LOW   B B  C     308/382-3176 Y
10750 Steubenville/Wntsvl  OH  USA  LOW   B B  C     614/284-0020 Y
10750 Wintersville         OH  USA  LOW   B B  C     614/284-0020 Y
10753 El Segundo           CA  USA  MED   B B  C     310/643-4228 Y
10753 Mar Vista/El Segundo CA  USA  MED   B B  C     310/643-4228 Y
10753 MarinaDelRey/El Sgnd CA  USA  MED   B B  C     310/643-4228 Y
10753 Santa Monica/El Sgnd CA  USA  MED   B B  C     310/643-4228 Y
11003 Bangor               ME  USA  LOW   B B  C     207/990-0529 Y
11010 Southfield           MI  USA  MED           C  313/557-2106 Y
11012 Lincoln              NE  USA  LOW   B B  C     402/464-6235 Y
11013 Eugene               OR  USA  LOW   B B  C     503/343-0044 Y
11013 Springfield/Eugene   OR  USA  LOW   B B  C     503/343-0044 Y
11014 Waco                 TX  USA  LOW   B B  C     817/776-0880 Y
11015 Killeen              TX  USA  LOW   B B  C     817/526-8118 Y
11026 Slidell              LA  USA  LOW   B B  C     504/646-2900 Y
11030 Atlanta/Doraville    GA  USA  HIGH  B B        404/451-2208 N
11030 Doraville            GA  USA  HIGH  B B        404/451-2208 N
11030 Marietta/Doraville   GA  USA  HIGH  B B        404/451-2208 N
11030 Norcross/Doraville   GA  USA  HIGH  B B        404/451-2208 N
11035 Clearwater           FL  USA  MED   B B  C     813/441-1621 Y
11035 St. Petersbrg/Clrwtr FL  USA  MED   B B  C     813/441-1621 Y
11052 Eureka               CA  USA  LOW   B B  C     707/445-3021 Y
11053 Provo                UT  USA  LOW   B B        801/373-2192 N
11054 Corpus Christi       TX  USA  MED           C  512/289-1981 Y
11061 Hong Kong                HKG  HK    C C  C     877-2602     N
11063 Cumberland           MD  USA  LOW   B B  C     301/777-9320 Y
11067 Auburn               ME  USA  LOW   B B  C     207/795-6013 Y
11067 Lewiston/Auburn      ME  USA  LOW   B B  C     207/795-6013 Y
11074 London                   GBR  E1    C C  C     (81)566-7260 Y
11100 Naples               FL  USA  LOW   B B  C     813/434-8080 Y
11105 Memphis              TN  USA  MED   B B  C     901/527-8122 Y
11107 Vancouver            BC  CAN  HIG           C  604/682-6054 N TYM-X25
11110 Dusseldorf               FRG  E1    C C  C     (211)596871  Y
11114 Calgary              AB  CAN  CANH          C  403/264-5472 Y
11120 El Paso              TX  USA  MED   B B  C     915/533-1453 Y
11121 El Paso              TX  USA  MED   B B  C     915/533-1453 Y
11123 Buffalo              NY  USA  MED   B B  C     716/893-1014 Y
11130 Houston              TX  USA  HIGH  B B  C     713/496-1332 Y
11141 Amsterdam                NLD  E1               2041290546   N DN-1
11144 Grand Rapids         MI  USA  MED           C  616/458-9252 N
11150 Chicago              IL  USA  WATS  B B  C     800/###-#### Y
11151 Chicago              IL  USA  WATS  B B  C     800/###-#### Y
11152 Chicago              IL  USA  WATS  B B  C     800/###-#### Y
11156 Alexandria/Fairfax   VA  USA  HIGH  B B  C     703/352-3136 Y
11156 Arlington/Fairfax    VA  USA  HIGH  B B  C     703/352-3136 Y
11156 Fairfax              VA  USA  HIGH  B B  C     703/352-3136 Y
11156 Washington/Fairfax   DC  USA  HIGH  B B  C     703/352-3136 Y
11156 Bethesda/Fairfax     MD  USA  HIGH  B B  C     703/352-3136 Y
11160 Chicago              IL  USA  WATS          C  800/###-#### Y
11161 Winston-Salem        NC  USA  MED   B B  C     919/765-1221 Y
11162 Charleston           SC  USA  LOW   B B  C     803/553-0860 Y
11207 O'Fallon             IL  USA  LOW   B B  C     618/632-3993 Y
11223 London                   GBR  E1    C C  C     (71)489-8571 N
11224 Monterey             CA  USA  LOW   B B  C     408/375-2644 Y
11225 London                   GBR  E1    C C  C     (71)489-8571 N
11231 Lancaster            PA  USA  LOW   B B  C     717/569-1081 Y
11236 Lansing              MI  USA  MED   B B  C     517/484-5344 Y
11237 Columbia             SC  USA  MED   B B  C     803/254-7563 Y
11240 Greenville           SC  USA  MED   B B  C     803/271-9213 Y
11241 Mobile               AL  USA  MED   B B  C     205/460-2515 Y
11242 Lake Zurich/Palatine IL  USA  LOW   B B  C     708/991-7171 Y
11242 Palatine             IL  USA  LOW   B B  C     708/991-7171 Y
11251 Denton               TX  USA  LOW   B B  C     817/565-0552 Y
11252 Vancouver            WA  USA  LOW   B B  C     206/574-0427 Y
11257 Little Rock          AR  USA  MED   B B  C     501/666-6886 Y
11266 Fort Collins         CO  USA  LOW   B B  C     303/224-9819 Y
11267 Amarillo             TX  USA  LOW   B B  C     806/355-7088 Y
11270 San Rafael           CA  USA  LOW   B B  C     415/453-2087 Y
11271 Cathedral City       CA  USA  LOW   B B  C     619/324-0920 Y
11271 Palm Sprngs/Cath Cty CA  USA  LOW   B B  C     619/324-0920 Y
11272 Moorpark             CA  USA  LOW   B B  C     805/523-0203 Y
11273 San Clemente         CA  USA  LOW   B B  C     714/240-9424 Y
11274 Mishawaka/South Bend IN  USA  MED   B B  C     219/234-6410 Y
11274 South Bend           IN  USA  MED   B B  C     219/234-6410 Y
11275 Bridgeport           CT  USA  MED   B B  C     203/332-7256 Y
11275 Stratford/Bridgeport CT  USA  MED   B B  C     203/332-7256 Y
11276 Syracuse             NY  USA  MED   B B  C     315/433-1593 Y
11277 Alexandria/Fairfax   VA  USA  HIGH  B B  C     703/352-3136 Y
11277 Arlington/Fairfax    VA  USA  HIGH  B B  C     703/352-3136 Y
11277 Fairfax              VA  USA  HIGH  B B  C     703/352-3136 Y
11277 Washington/Fairfax   DC  USA  HIGH  B B  C     703/352-3136 Y
11277 Bethesda/Fairfax     MD  USA  HIGH  B B  C     703/352-3136 Y
11300 Toledo               OH  USA  MED   B B  C     419/255-7705 Y
11301 Harrisburg/Lemoyne   PA  USA  MED   B B  C     717/975-9881 Y
11301 Lemoyne              PA  USA  MED   B B  C     717/975-9881 Y
11304 Newark/Wilmington    DE  USA  MED   B B  C     302/652-2036 Y
11304 Wilmington           DE  USA  MED   B B  C     302/652-2036 Y
11305 Lyndhurst/Union City NJ  USA  HIGH          C  201/617-9069 Y
11305 Union City           NJ  USA  HIGH          C  201/617/9069 Y
11305 Union City           NJ  USA  HIGH          C  201/617-9110 N TYM-X25
11305 Lyndhurst/Union City NJ  USA  HIGH          C  201/617-9110 N TYM-X25
11305 Lyndhurst/Union City NJ  USA  HIGH       C     201/617-9103 N TYM-X25
11305 Union City           NJ  USA  HIGH       C     201/617-9103 N TYM-X25
11306 Holyoke/Springfield  MA  USA  MED   B B  C     413/787-0048 Y
11306 Springfield          MA  USA  MED   B B  C     413/787-0048 Y
11307 Rockford             IL  USA  MED   B B  C     815/633-2080 Y
11313 Little Rock          AR  USA  MED           C  501/666-1224 Y
11314 Alameda/Oakland      CA  USA  HIGH          C  510/638-7904 Y
11314 Berkeley/Oakland     CA  USA  HIGH          C  510/638-7904 Y
11314 Hayward/Oakland      CA  USA  HIGH          C  510/638-7904 Y
11314 Oakland              CA  USA  HIGH          C  510/638-7904 Y
11315 Oakridge             TN  USA  LOW   B B  C     615/482-1466 Y
11321 Northport            AL  USA  LOW   B B  C     205/758-1116 Y
11321 Tuscaloosa/Northport AL  USA  LOW   B B  C     205/758-1116 Y
11322 Augusta/Martinez     GA  USA  LOW   B B  C     404/855-0442 Y
11322 Martinez             GA  USA  LOW   B B  C     404/855-0442 Y
11323 Owensboro            KY  USA  LOW   B B  C     502/685-0959 Y
11326 Toronto              ON  CAN  CANH          C  416/361-3028 Y
11326 Toronto              ON  CAN  CANH       C  C  416/361-3383 N TYM-X25
11331 Midlothian/Richmond  VA  USA  MED   B B  C     804/330-2673 Y
11331 Richmond             VA  USA  MED   B B  C     804/330-2673 Y
11346 Ft. Lauderdale       FL  USA  MED           C  305/779-3445 Y
11346 Ft. Lauderdale       FL  USA  MED   B B  C     305/467-1870 Y
11346 Hollywd/Ft. Laudrdle FL  USA  MED           C  305/779-3445 Y
11346 Hollywd/Ft. Laudrdle FL  USA  MED   B B  C     305/467-1870 Y
11346 Pompno Bch/Fr. Ldrdl FL  USA  MED   B B  C     305/467-1870 Y
11346 Pompno Bch/Ft. Ldrdl FL  USA  MED           C  305/779-3445 Y
11356 Asheville            NC  USA  LOW   B B  C     704/253-8945 Y
11361 London                   GBR  E1    C C  C     (81)566-7260 Y
11362 Stamford             CT  USA  HIGH  B B  C     203/327-2974 Y
11371 Santa Barbara        CA  USA  MED   B B        805/564-2354 N
11372 Santa Barbara        CA  USA  MED   B B  C     805/965-1612 Y
11376 New Orleans          LA  USA  HIGH          C  504/524-1738 Y
11402 Modesto              CA  USA  LOW   B B  C     209/527-0150 Y
11405 Marlborough          MA  USA  LOW   B B  C     508/481-0026 Y
11447 Seattle              WA  USA  HIGH  B B  C     206/281-7141 Y
11447 Bellevue/Seattle     WA  USA  HIGH  B B  C     206/281-7141 Y
11451 Battle Creek         MI  USA  LOW   B B  C     616/964-9303 Y
11452 Harrisonburg         VA  USA  LOW   B B  C     703/433-6333 Y
11453 Groton               MA  USA  LOW   B B  C     508/448-9361 Y
11460 Chicago              IL  USA  HIGH          C  312/427-1506 N TYM-X25
11460 Chicago              IL  USA  HIGH       C     312/427-1453 N TYM-X25
11465 Munich                   FRG  E1    C C  C     (89)129-6081 Y
11471 Clarksburg           WV  USA  LOW   B B  C     304/624-1451 Y
11500 Salt Lake City       UT  USA  HIGH          C  801/364-7605 Y
11500 Salt Lake City       UT  USA  HIGH          C  801/364-7439 N TYM-X25
11500 Salt Lake City       UT  USA  HIGH       C     801/364-7451 N TYM-X25
11646 Hazelwood            MO  USA  HIGH  B B  C     314/731-8283 Y
11646 St. Louis            MO  USA  HIGH  B B  C     314/731-8283 Y
11646 Bridgeton/St. Louis  MO  USA  HIGH  B B  C     314/731-8283 Y
11652 Tampa                FL  USA  HIGH          C  813/933-7095 N TYM-X25
11652 Tampa                FL  USA  HIGH       C     813/933-7303 N TYM-X25
11671 Rochester            MN  USA  LOW   B B  C     507/282-0830 Y
11702 Georgetown           DE  USA  LOW   B B  C     302/856-1788 Y
11716 Greensburg           PA  USA  LOW   B B  C     412/838-1920 Y
11716 Latrobe/Greensburg   PA  USA  LOW   B B  C     412/838-1920 Y
11727 Huntsville           AL  USA  MED           Y  205/882-9199 Y
11730 Alhambra             CA  USA  MED   B B  C     818/308-1800 Y
11730 Arcadia/Alhambra     CA  USA  MED   B B  C     818/308-1800 Y
11730 El Monte/Alhambra    CA  USA  MED   B B  C     818/308-1800 Y
11730 Pasadena/Alhambra    CA  USA  MED   B B  C     818/308-1800 Y
11732 Zurich                   CHE  E1    C C  C     (1) 837-0301 Y
11736 Leeds                    GBR  E1         C     (532) 341838 Y
11741 Duluth               MN  USA  LOW   B B  C     218/722-0655 Y
11743 Northfield           IL  USA  LOW   B B  C     708/501-4536 Y
11744 Bristol                  GBR  E1         C     (272) 255392 Y
11745 Hamburg                  FRG  E1    C C  C     (40)251-4037 Y
11752 West Bend            WI  USA  LOW   B B  C     414/334-1755 Y
11753 St. Cloud            MN  USA  LOW   B B  C     612/656-1280 Y
11754 Victoria             TX  USA  LOW   B B  C     512/576-9200 Y
11764 Portsmouth/Norfolk   VA  USA  MED   B B  C     804/857-0148 Y
11764 Virginia Bch/Norfolk VA  USA  MED   B B  C     804/857-0148 Y
11764 Norfolk              VA  USA  MED   B B  C     804/857-0148 Y
12026 Columbia             MO  USA  LOW   B B  C     314/875-5570 Y
12031 Presque Isle         ME  USA  LOW   B B  C     207/764-4167 Y
12044 New Haven            CT  USA  MED           C  203/789-1848 Y
12045 Memphis              TN  USA  MED           C  901/521-1303 Y
12054 Fayetteville         NC  USA  LOW   B B  C     919/424-9610 Y
12063 St. Louis            MO  USA  HIGH  B B  C     314/731-8283 Y
12063 Bridgeton/St. Louis  MO  USA  HIGH  B B  C     314/731-8283 Y
12066 Nashville            TN  USA  HIGH  B B  C     615/889-5790 Y
12101 Belleville/O'Fallon  IL  USA  LOW   B B  C     618/632-3993 Y
12150 Gary                 IN  USA  LOW   B B  C     219/884-7450 Y
12150 Hammond/Gary         IN  USA  LOW   B B  C     219/884-7450 Y
12150 Highland/Gary        IN  USA  LOW   B B  C     219/884-7450 Y
12151 Gary                 IN  USA  LOW   B B  C     219/884-7450 Y
12151 Hammond/Gary         IN  USA  LOW   B B  C     219/884-7450 Y
12151 Highland/Gary        IN  USA  LOW   B B  C     219/884-7450 Y
12161 Rotterdam                NLD  E1    C C  C  C  (10) 4530099 Y
12161 Rotterdam                NLD  E1         C     (10) 4524923 N HSA
12161 Rotterdam                NLD  E1    C C  C  C  (10) 4532002 Y
12201 Washington/Fairfax   DC  USA  HIGH  B B        703/691-8200 N
12201 Bethesda/Fairfax     VA  USA  HIGH  B B        703/691-8200 N
12201 Alexandria/Fairfax   VA  USA  HIGH  B B        703/691-8200
12201 Arlington/Fairfax    VA  USA  HIGH  B B        703/691-8200
12201 Fairfax              VA  USA  HIGH  B B        703/691-8200
12263 Lakeland             FL  USA  LOW   B B  C     813/858-6970 Y
12263 Winterhaven/Lakeland FL  USA  LOW   B B  C     813/858-6970 Y
12314 Freeland             MI  USA  LOW   B B  C     517/695-6751 Y
12314 Midland/Freeland     MI  USA  LOW   B B  C     517/695-6751 Y
12314 Saginaw/Freeland     MI  USA  LOW   B B  C     517/695-6751 Y
12361 Aurora/Denver        CO  USA  HIGH  B B  C     303/832-3447 Y
12361 Boulder/Denver       CO  USA  HIGH  B B  C     303/832-3447 Y
12361 Denver               CO  USA  HIGH  B B  C     303/832-3447 Y
12371 Bremen                   FRG  E1    C C  C     (421) 170997 Y
12425 El Centro            CA  USA  LOW   B B  C     619/352-5823 Y
12456 Fairfield            CA  USA  LOW   B B  C     707/421-0106 Y
12460 Victorville          CA  USA  LOW   B B  C     619/955-7050 Y
12513 Tallahassee          FL  USA  MED           C  904/422-0016 Y
12513 Tallahassee          FL  USA  MED   B B  C     904/422-0149 Y
12514 Jacksonville         FL  USA  MED   B B  C     904/721-8559 Y
12516 Watertown            NY  USA  LOW   B B  C     315/788-1816 Y
12533 Lancaster            CA  USA  LOW   B B  C     805/945-4962 Y
12534 Maui                 HI  USA  LOW   B B  C     808/661-7688 Y
12600 Meriden              CT  USA  LOW   B B  C     203/686-1238 Y
12600 Middletown/Meriden   CT  USA  LOW   B B  C     203/686-1238 Y
12601 Aiken                SC  USA  LOW   B B  C     803/648-0237 Y
12611 London               ON  CAN  CANL  C C  C     519/641-8362 Y
12620 Honolulu             HI  USA  MED        C     808/528-5300 Y
12621 Paducah              KY  USA  LOW   B B  C     502/443-1086 Y
12622 Dover                DE  USA  LOW   B B  C     302/678-3569 Y
12624 Marysville           CA  USA  LOW   B B  C     916/749-8015 Y
12626 Great Falls          MT  USA  LOW   B B  C     406/727-9510 Y
12642 Los Gatos            CA  USA  LOW   B B  C     408/356-1818 Y
12650 Paris                    FRA  E1    C C  C     (1)47728080  Y
12720 Birmingham           AL  USA  HIGH  B B  C     205/942-7898 Y
12732 Midland              TX  USA  LOW   B B  C     915/561-8401 Y
12732 Odessa/Midland       TX  USA  LOW   B B  C     915/561-8401 Y
12742 Zanesville           FL  USA  LOW   B B  C     614/454-2893 Y new svc
12755 Bismark              ND  USA  LOW   B B  C     701/223-5165 Y
13010 Houston              TX  USA  HIGH  B B  C     713/496-1332 Y
13026 Spokane              WA  USA  MED   B B  C     509/747-3011 Y
13103 Sarasota             FL  USA  LOW   B B  C     813/952-9000 Y
13104 Goteborg                 SWE  E2    C C  C     (31)450630   Y
13110 Rochester            MN  USA  LOW   B B  C     507/282-0830 Y
13120 Dallas               TX  USA  HIGH  B B  C     214/630-5516 Y
13121 Downrs Grove/Gln Eln IL  USA  MED   B B  C     708/790-4955 Y
13121 Glen Ellyn           IL  USA  MED   B B  C     708/790-4955 Y
13121 Wheaton/Glen Ellyn   IL  USA  MED   B B  C     708/790-4955 Y
13123 Knoxville            TN  USA  MED   B B  C     615/694-0156 Y
13132 Alexandria/Fairfax   VA  USA  HIGH  B B  C     703/352-3136 Y
13132 Arlington/Fairfax    VA  USA  HIGH  B B  C     703/352-3136 Y
13132 Fairfax              VA  USA  HIGH  B B  C     703/352-3136 Y
13132 Washington/Fairfax   DC  USA  HIGH  B B  C     703/352-3136 Y
13132 Bethesda/Fairfax     MD  USA  HIGH  B B  C     703/352-3136 Y
13133 Alexandria/Fairfax   VA  USA  HIGH  B B  C     703/352-3136 Y
13133 Arlington/Fairfax    VA  USA  HIGH  B B  C     703/352-3136 Y
13133 Fairfax              VA  USA  HIGH  B B  C     703/352-3136 Y
13133 Washington/Fairfax   DC  USA  HIGH  B B  C     703/352-3136 Y
13133 Bethesda/Fairfax     MD  USA  HIGH  B B  C     703/352-3136 Y
13134 Baton Rouge          LA  USA  MED   B B  C     504/291-0967 Y
13154 Brookfield           WI  USA  HIGH  B B  C     414/785-0630 Y
13154 Milwaukee/Brookfield WI  USA  HIGH  B B  C     414/785-0630 Y
13156 Alexandria           LA  USA  LOW   B B  C     318/445-1800 Y
13164 Sioux City           IA  USA  LOW   B B  C     712/255-3834 Y
13171 Upland               CA  USA  LOW   B B  C     714/985-1153 Y
13172 Gulfport             MS  USA  LOW   B B  C     601/864-9441 Y
13173 Lawrence             KS  USA  LOW   B B  C     913/843-4870 Y
13177 Wilmington           NC  USA  LOW   B B  C     919/392-7913 Y
13213 Edmunton             AB  CAN        C C  C     403/484-4404 Y
13214 Indianapolis         IN  USA  HIGH  B B  C     317/632-6408 Y
13215 Petersburg           VA  USA  LOW   B B  C     804/861-1788 Y
13216 Vineland             NJ  USA  LOW   B B  C     609/692-8943 Y
13224 Frankfurt                FRG  E1    C C  C     (69)507-6736 Y
13226 Newark               NJ  USA  HIGH  B B  C     201/824-3044 Y
13226 Elizabeth/Newark     NJ  USA  HIGH  B B  C     201/824-3044 Y
13226 Jersey City/Newark   NJ  USA  HIGH  B B  C     201/824-3044 Y
13226 Union/Newark         NJ  USA  HIGH  B B  C     201/824-3044 Y
13227 Newark               NJ  USA  HIGH  B B  C     201/824-3044 Y
13227 Elizabeth/Newark     NJ  USA  HIGH  B B  C     201/824-3044 Y
13227 Jersey City/Newark   NJ  USA  HIGH  B B  C     201/824-3044 Y
13227 Union/Newark         NJ  USA  HIGH  B B  C     201/824-3044 Y
13230 Miami                FL  USA  HIGH  B B  C     305/599-2900 Y
13231 Hempstead            NY  USA  MED   B B  C     516/485-7422 Y
13231 Mineola/Hempstead    NY  USA  MED   B B  C     516/485-7422 Y
13233 New York             NY  USA  HIGH  B B  C     212/809-9660 Y
13234 New York             NY  USA  HIGH  B B  C     212/809-9660 Y
13235 New York             NY  USA  HIGH  B B  C     212/809-9660 Y
13236 New York             NY  USA  HIGH  B B  C     212/809-9660 Y
13240 Tampa                FL  USA  HIGH  B B  C     813/933-6210 Y
13242 Morristown           NJ  USA  LOW   B B  C     201/539-1222 Y
13244 Pueblo               CO  USA  LOW   B B  C     719/543-9712 Y
13245 Norristown           PA  USA  MED   B B  C     215/666-9190 Y
13246 Salt Lake City       UT  USA  HIGH  B B  C     801/533-8152 Y
13247 Baton Rouge          LA  USA  MED   B B  C     504/291-0967 Y
13251 Newport Beach        CA  USA  HIGH  B B  C     714/852-8141 Y
13251 Anaheim/Newprt Beach CA  USA  HIGH  B B  C     714/852-8141 Y
13251 Irvine/Newport Beach CA  USA  HIGH  B B  C     714/852-8141 Y
13251 Santa Ana/Newprt Bch CA  USA  HIGH  B B  C     714/852-8141 Y
13252 Newport Beach        CA  USA  HIGH  B B  C     714/852-8141 Y
13252 Anaheim/Newprt Beach CA  USA  HIGH  B B  C     714/852-8141 Y
13252 Irvine/Newport Beach CA  USA  HIGH  B B  C     714/852-8141 Y
13252 Santa Ana/Newprt Bch CA  USA  HIGH  B B  C     714/852-8141 Y
13253 Longwood/Orlando     FL  USA  MED   B B  C     407/841-0217 Y
13253 Orlando              FL  USA  MED   B B  C     407/841-0217 Y
13256 Temple               TX  USA  LOW   B B  C     817/773-2545 Y
13273 Downrs Grove/Gln Eln IL  USA  MED   B B  C     708/790-4955 Y
13273 Glen Ellyn           IL  USA  MED   B B  C     708/790-4955 Y
13273 Wheaton/Glen Ellyn   IL  USA  MED   B B  C     708/790-4955 Y
13300 New Orleans          LA  USA  HIGH  B B  C     504/525-2014 Y
13301 New Orleans          LA  USA  HIGH  B B  C     504/525-2014 Y
13314 Frederick/Myersville MD  USA  LOW   B B  C     301/293-9504 Y
13314 Hagerstown/Myersvill MD  USA  LOW   B B  C     301/293-9504 Y
13314 Myersville           MD  USA  LOW   B B  C     301/293-9504 Y
13334 Toulouse                 FRA  E1    C C  C     (61) 300291  Y
13341 Hull/Ottawa          ON  CAN  CANH  C C  C     613/563-2910 N
13341 Ottawa               ON  CAN  CANH  C C  C     613/563-2910 N
13344 Bellingham           WA  USA  LOW   B B  C     206/671-7750 Y
13345 Springfield          OH  USA  LOW   B B  C     513/322-8855 Y
13346 Kankakee/Bradley     IL  USA  LOW   B B  C     815/935-2352 Y
13346 Bradley              IL  USA  LOW   B B  C     815/935-2352 Y
13354 Chico                CA  USA  LOW   B B  C     916/343-4401 Y
13357 Bryan                TX  USA  LOW   B B  C     409/823-1090 Y
13364 Missoula             MT  USA  LOW   B B  C     406/542-0472 Y
13365 Pascagoula           MS  USA  LOW   B B  C     601/769-0121 Y
13430 Minot                ND  USA  LOW   B B  C     701/838-2140 Y
13446 Red Bank             NJ  USA  LOW   B B  C     908/758-0337 Y
13446 Eatontown/Red Bank   NJ  USA  LOW   B B  C     908/758-0337 Y
13446 Long Branch/Red Bank NJ  USA  LOW   B B  C     908/758-0337 Y
13450 Elmira               NY  USA  LOW   B B  C     607/737-9065 Y
13451 Rome                     ITA  E2    B C  C     (6)8550340   Y
13452 Turin                    ITA  E2    B C  C     (11)2480125  Y
13524 Fayetteville         AR  USA  LOW   B B  C     501/442-0234 Y
13524 Springdale/Fayettevl AR  USA  LOW   B B  C     501/442-0234 Y
13535 Honolulu             HI  USA  MED        C     808/528-5300 Y
13541 Colorado Springs     CO  USA  MED   B B  C     719/590-1003 Y
13552 Bakersfield          CA  USA  LOW   B B  C     805/325-0371 Y
13553 Harrisburg/Lemoyne   PA  USA  MED   B B  C     717/975-9881 Y
13553 Lemoyne              PA  USA  MED   B B  C     717/975-9881 Y
13554 Richland             WA  USA  MED   B B  C     509/375-3367 Y
13557 Port Arthur          TX  USA  LOW   B B  C     409/721-3400 Y
13557 Nederland/Pt. Arthur TX  USA  LOW   B B  C     409/721-3400 Y
13572 Springfield          MO  USA  LOW   B B  C     417/881-6225 Y
13573 Austin               TX  USA  HIGH  B B  C     512/448-1096 Y
13576 Fresno               CA  USA  LOW   B B  C     209/442-4328 Y
13577 Shreveport           LA  USA  LOW   B B  C     318/688-5840 Y
13601 Birmingham           AL  USA  HIGH  B B  C     205/942-7898 Y
13602 Birmingham           AL  USA  HIGH  B B  C     205/942-7898 Y
13603 Louisville           KY  USA  MED   B B  C     502/499-9825 Y
13614 Long Beach           CA  USA  MED   B B  C     310/436-6033 Y
13614 Norwalk/Long Beach   CA  USA  MED   B B  C     310/436-6033 Y
13614 San Pedro/Long Beach CA  USA  MED   B B  C     310/436-6033 Y
13616 Little Rock          AR  USA  MED   B B  C     501/666-6886 Y
13617 Philadelphia         PA  USA  HIGH  B B  C     215/592-8750 Y
13620 Mobile               AL  USA  MED   B B  C     205/460-2515 Y
13623 Akron                OH  USA  MED   B B  C     216/376-8330 Y
13624 Toledo               OH  USA  MED   B B  C     419/255-7705 Y
13626 Memphis              TN  USA  MED   B B  C     901/527-8122 Y
13641 Burton               MI  USA  LOW   B B  C     313/743-8350 Y
13643 Madrid                   ESP  E2    C C  C     (1) 7661900  Y
13645 Lansing              MI  USA  MED   B B  C     517/484-5344 Y
13646 Fort Worth           TX  USA  MED   B B  C     817/332-9397 Y
13646 Alington/Fort Worth  TX  USA  MED   B B  C     817/332-9397 Y
13650 Columbia             SC  USA  MED   B B  C     803/254-7563 Y
13651 Columbia             SC  USA  MED   B B  C     803/254-7563 Y
13653 Ft. Wayne            IN  USA  LOW   B B  C     219/422-2581 Y
13655 Huntsville           AL  USA  MED   B B  C     205/882-1519 Y

* Node 4003 is listed for many different countries.  It represents the
  Enhanced Global Connection Service which includes nodes:
  2576, 3512, 3513, and 4003.

B=BELL 103/113 (300 bps) or BELL 212A (1200 bps) compatable modems

C=CCITT V.21(300 bps) or CCITT V.22 bis(2400 bps) or CCITT V.32 compatible
  modems


--------------------------------------------------------------------------------


                                ==Phrack Inc.==

                    Volume Four, Issue Forty, File 11 of 14

    _______                                        ________
      ___                                       /  _____              /|
        |                         _____        | /     |/  _____     | |
          |   /| |\_  _/||\_  _/|| _ _/ |\___  | |        /  _   | | |
   |\__   | |_| | |  /  ||  /  || _|_  |  __ | \_____| | |_| | |   |
   \______ |_____| |_|/|_||_|/|_||____ |_|    \________/ \_____/ |_|\_|

                           1       9       9       2
_______________________________________________________________________________
   _________________________________________________________________________

                   "Told ya...Should a killed me last year!"

                          by Knight Lightning & Dispater

       Special Thanks: Dr. Williams, Holistic Hacker, Nihil, and The Pope
    _ _ _ _ _ _ _ _ _ _ _ __ ___ ____________ ___ __ _ _ _ _ _ _ _ _ _ _ _ _


                                 SummerCon '92
                                June 26-28, 1992
                         Executive International Hotel

    "SummerCon... What is it?  In many ways, SummerCon is much more than
     just a convention that attracts America's greatest phreaking and
     hacking personalities.  SummerCon is a state of mind.

     Hackers by nature are urged on by a hidden sense of adventure to
     explore the unknown, to challenge the unchallenged, to reach out and
     experiment with anything and everything.  The realization that we are
     not alone in our quest sometimes comes as a great gift and the
     opportunity to meet one's heroes, partners, and idols can be the most
     awe-inspiring aspect of the hacker community -- this is what SummerCon
     is all about.

     On the surface, SummerCon looks like a handful of youths hanging out at
     a hotel in St. Louis, Missouri.  To me, it is more like one of those
     madcap movies you see on late night Home Box Office or something.  No
     real point or direction, rebels without cause, all in the name of
     frantic fun and games.  The atmosphere surrounding SummerCon is that of
     a dream world where once a year you can escape to a fantasy where
     ingenuity is king and you have friends around you at every moment.
     SummerCon itself may only last a weekend, but the friendships last a
     lifetime."

          -- Knight Lightning, Phrack 28, File 8 (PWN Special on SummerCon '89)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

SummerCon!  At last, a return to the original idea behind the event.  It was
great!  It was crazy!  It was a party!  It was everything it should have been
and more.

When Taran King, Forest Ranger, and Knight Lightning first conceived the idea
of SummerCon in late 1986, they probably never imagined that they would all
three still be involved six years later or just how popular their high-school
dream would become.

It seemed as though nothing could top SummerCon '89.  It was a great turnout
of 23 people, there was a serious conference, there was also sorts of mischief
and mayhem, and all in all, everyone had a great time.  In 1990, SummerCon
coincidentally took place on the same weekend on which the United States
government dropped charges on Knight Lightning.  The turnout was less than ten
people and the conference was anything, but a success.

In 1991, SummerCon tried something new.  The theme that year was CyberView and
it had a special focus on civil liberties issues.  The turnout was average,
but something was missing.  Finally, in 1992, the spirit of SummerCon was
reborn anew.


 Setting Up For SummerCon '92
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Setting up SummerCon this year was a tricky situation.  Knight Lightning had
moved to Washington, D.C., Dispater didn't live in St. Louis, Taran King was
working full time, and Forest Ranger was nowhere to be found.  Luckily, there
was Rambone.  With help from Taran King, Rambone set forth to make sure that
the hotel accommodations and the conference room arrangements were taken care
of and without his help, SummerCon might possibly not have happened.

All sorts of other arrangements had to be made as well.  We wanted this year's
conference to be very special and so for the first time ever, we decided to
embark on the risky enterprise of designing and selling Phrack/SummerCon
t-shirts.  Knight Lightning and Dispater worked together on the design work
and Dispater took care of the art and manufacturing.  For those who haven't
seen or heard about these shirts before, a brief description is in order.
_______________________________________________________________________________

 Phrack/SummerCon '92 T-Shirts
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
There were only a very limited number of shirts made for the conference and
they were sold out.  A re-order was issued, mostly for people who attended the
conference (but didn't get a shirt because of the small supply).  A few shirts
were reserved for people that were unable to attend.  Unlike the Legion of
Doom, Internet World Tour shirts, Phrack has no plans at this time to sell
shirts to the general public.  If there is a change in policy, we will let the
readers know immediately.

The shirts are standard white, short-sleeved t-shirts with no pockets.

Front:  On the left breast there is a picture resembling Oliver Wendall Jones
        (the computer hacker from the comic strip Bloom County).  He is
        swinging his sword while standing at ground zero inside the cross hairs
        of a rifle.  Circling above him are the words, "SummerCon '92" and
        below him, "June 26-28 St. Louis, MO."

Back:                                PHRACK
                                M a g a z i n e
                                 _____________
                              ___________________
                                 _____________

                              When You Care Enough
                            To Indict The Very Best

                        PHRACK: 1     Secret Service: 0

                                 911's A JOKE!

                           The information contained
                         herein should not be disclosed
                        to unauthorized persons.  It is
                       meant solely for use by authorized
                     employees of the BELLSOUTH Corporation
                          or any of its subsidiaries.
_______________________________________________________________________________

 Executive International Hotel... Not A Best Western Anymore?
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
All parties concerned decided that we should return to the site where our best
conferences had been held, the Executive International Best Western Hotel, but
we had a surprise waiting for us when we arrived for the conference.  It turned
out that the Executive International was no longer a Best Western, in fact
they had gone bankrupt.  To make matters worse, the bank that foreclosed on the
property failed as well -- in other words, the Executive International was now
owned by the United States Government!

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 SummerCon Begins
 ~~~~~~~~~~~~~~~~
There was so much going on and there were so many people at the conference,
that there is no possible way to give a play-by-play of events at SummerCon.

Knight Lightning arrived the Thursday before and Dispater flew in in the wee
hours of the morning on Friday.  When KL arrived with TK at the hotel around
1 PM, the conference was already in full swing with groups of guys from Texas
and Boston congregated outside the hotel wearing Phrack t-shirts and already
trading war stories.  Perhaps the biggest surprise was the arrival of Doc
Holiday, who no one had been able to contact to invite -- of course the
surprise was more on Erik Bloodaxe than anyone else.

More and more people arrived during the day, and as they did, a strange
sensation was shared among the alumni from SummerCon's past.  True, Tuc and
Lex Luthor weren't here, but outside of that, this was already looking like a
reunion of all the people from all the SummerCons that had been before.

Lucifer 666 was running around with Control C, The Disk Jockey was seen
cruising the downtown bar scene with Forest Ranger and Tom Brokaw, Erik
Bloodaxe and Doc Holiday called some of the girls they had met from the
previous year's convention.  Everything was happening so fast, it was hard to
keep track of, so we didn't try.  We just had fun.

About 1/3 of the people at SummerCon went to see "Batman Returns."  In light of
the trip at the SummerCon of 1989, it seemed like a good idea.  Others hung out
poolside, roaming the hotel and its adjoining office complex, and still others
raided the free buffet at the Radison Hotel down the street.

The Washington, D.C. contingent of SummerCon guests were content to sit in
their room most the evening and explore Internet sites in the St. Louis area.
Some went trashing, some hit the bars looking for women, and some sat in the
room occupied by Restricted Data Transmissions (RDT) for some good information
exchange.

Meanwhile, an underage hacker named Pyro (gee that's an original name) was the
first to meet the pride and joy of Springfield, Illinois.  Both of these young
women claimed to be age 16 and Pyro was the first to experience some of their
womanhood.  One of "girls" was named Dena and she was in the mood for some
action as well.  Clawing at almost every guy at the hotel, she refused to
leave.  She finally disappeared into a room and was not heard from again until
the next morning.
_______________________________________________________________________________

 SummerCon: The Conference
 ~~~~~~~~~~~~~~~~~~~~~~~~~
The previous evening's activates had taken their toll.  When 12 noon came
around, most of the hackers weren't even awake yet, let alone prepared for the
conference session.  The meeting was re-scheduled to 1 PM, but in the meantime
Knight Lightning passed out copies of Security Insider Report (from Interpact),
information about InterTek, a ComputerWorld article by Chris 'Erik Bloodaxe'
Goggans (this article also appears in PWN 40/1), while Mr. Icom did the same
with back issues of Cybertek.  Emmanuel Goldstein was busy selling the new
black 2600 t-shirts and passing out back issues of 2600 Magazine.  Copies of a
recent article about hackers doing computer security from the Boston Business
Journal were also to be found compliments of RDT.  RDT was also responsible for
making this year's SummerCon buttons.  Holistic Hacker made some as well.
Thanks to all parties concerned for your great work and efforts.

Although it wasn't exactly made available for everyone to take a close look at,
Knight Lightning proudly showed off his pre-release copy of THE HACKER
CRACKDOWN by Bruce Sterling.  This book, which will be available in hardback to
the public on October 15, 1992, looks to be one of the most popular literary
works on the world of hackers ever.  It focuses on the raids in the Atlanta-LOD
/Phrack/E911 case and Operation Sun Devil.  It is believed that Knight
Lightning himself appears on the cover of the book.

With the gavel-like banging of a lineman test set, Knight Lightning formally
called the meeting to order at about 1:15 PM.  He expressed his appreciation
for the massive attendance (there were at least 60 people actually at the
SummerCon meeting).  Rambone made a quick note about the activities of the
previous night as laughter and jokes about the "cyber-nymphs" erupted from all
around the room.

Dispater took the floor for a moment to welcome everyone as well and then
expressed his gratitude to the members of RDT for all of their help in
producing Phrack issues during the past year.  A discussion about who owned the
hotel began briefly and then the first conference speaker was called to the
floor.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

1. The Gatsby

"I'm sure you're all familiar by now with the media stories of the '1000-member
ring of hackers' that supposedly have been invading the credit bureaus of CBI/
Equifax, but the story isn't true and there is a lot more going on."

Gatsby explained that a hacker named The Prisoner (aka Multiplexor) from
Indianapolis (and apparently also to some extent from Long Island) flew to San
Diego to see a girl, supposedly on a carded ticket.

While in San Diego, he allegedly broke into computers at Zale's Jewlery store
and pulled credit card info from their point-of-sales system.  After he vacated
the rented room he had been staying in, he foolishly left behind the credit
card printouts and his former landlord (whom he owed money to) discovered them
and called the San Diego Police Department.

Sometime later, Multiplexor was met at his new accommodations at the Sleepy
Time Motel in San Diego by the police.  The FBI was brought into the case and
he was kept at the Marriott Hotel for two weeks, all expenses paid!  While
under government supervision, Multiplexor logged into several systems,
including Scantronics BBS.

During the course of the investigation, a hacker known as The Crypt Keeper came
forward to tell what he knew about the hacker underground.  He eventually
would give the police access to Scantronics BBS logs he had in his possession
after using The Gatsby's password to login to the system.

These logs were used by the police to gain search warrants for Scantronics BBS
and its now unhappy former sysop, Kludge.

[The full details, police reports, warrants, and an interview with The Crypt
keeper appears in Phrack World News 40/1.]


2. Agent Steal

Agent Steal gave a very informative talk about his dealings with Kevin Poulson,
know to some as Dark Dante.  AS related some of the experiences and adventures
that the two of them had been through several years ago and talked about how
Kevin used to break into central offices on a daily bases.  Poulsen even had
special equipment set up in his apartment to prevent him from being traced.
Poulsen of course was the subject of a federal indictment and appeared on an
episode of Unsolved Mysteries.  He has since been taken into custody and is
awaiting trial.

Agent Steal himself had spent a short time in prison on some bogus charges that
were brought against him to elicit his help in prosecuting Poulsen.  He refused
to assist, but he eventually was released anyway.  He said that he was looking
forward to something different now, but he may have been referring to the Ozzy
Osbourne concert later that night in St. Louis.  Agent Steal is working on a
book about his adventures with Poulsen called "Data Thief" and he expects it to
be published in the near future.


3. Emmanuel Goldstein, 2600 Magazine, Editor

"Many people mistrust the government and big business, and they want to know
how to fight back."

Emmanuel Goldstein spoke about the First Amendment and why 2600 Magazine has
been able to exist and grow over the years despite the events that haunted
Phrack in 1990.  During 2600's eight years in existence, the magazine has never
once been directly harassed by the government.  The main reason he believes
that Phrack was hit and 2600 left alone is because 2600 is a printed (hardcopy)
publication.

However, 2600 is in need of good writers and will print anything, leaked or
sent to them, it doesn't matter.  2600 has never been sued, although they are
often threatened with legal action [See PWN 40/3 for the latest threats against
2600 from Bellcore].  2600 has a subscription list of 1500 and a newstand
of 3000.

He also spoke about some of their press releases that were issued in order to
alert people about insecure systems, but that the information is never acted
upon until something happens.  People always like to blame the magazine for
giving the details on how to do something (such as opening Fed Ex drop boxes),
but never take action to correct the problems the magazine exposes.

A few people had questions for Emmanuel.  For example, he was asked, "How do
you morally justify hacking and the type of information published in 2600?"  He
responded by pointing out that 2600 only prints information about security
flaws which need to be addressed and fixed.

Emmanuel was also asked if there was any fallout from the Simplex lock hacking
article which described how to hack Simplex locks with out any tools and in
less than 20 minutes (often less than 3 minutes).  Given that Simplex locks are
widely used at universities and Federal Express drop boxes, one would expect
some sort of action.  Emmanuel replied that he was surprised that there hadn't
been much of a response or any action taken against 2600 because of the
article.  However, based on what many readers have told him, it seems that
nobody has even changed the default combinations!

4. Control C [Legion of Doom]

Control C has been a hacker surrounded by a lot of controversy over the years,
from his days with the Legion of Doom through his employment and termination
from Michigan Bell security.

He addressed the circumstances that led to his finding work with Michigan Bell.
In 1987, Control C had started to log into Michigan Bell computers almost on a
daily basis for the purpose of becoming better acquainted with C programming.
During one 4 hour session, Michigan Bell Security traced his call back to
Chicago (where he had been in school at the time).  The next day, ^C had moved
back to Detroit and he received a call from some gentlemen who wanted to invite
him to lunch.

When he showed up, he was greeted by Michigan Bell Security personnel and the
country sheriff's department.  The result was a job where his main
responsibility was to find flaws in their computer security by any means
necessary.  Over the years, Control C found well over 100 different holes and
other weaknesses in their systems.

As time went on and key people left and were replaced by staff with more
conservative attitudes, a new vice president (and former police officer) came
in and decided it was no longer fashionable to employ a hacker.  Control C was
informed that he must leave despite the need for his services.

Shortly after Control C agreed to depart, the Secret Service became involved.
They wanted to bring charges on ^C for the original break-ins at Michigan Bell
that led to his employment.  It didn't matter that Michigan Bell had signed
documents that they would not bring charges.  It didn't prevent the Secret
Service from coming after him in 1990 (right during the same time as the E911
Phrack case and LOD-Atlanta cases began).

Control C was requested to take a polygraph.  However, the timing was not good
and ^C's lawyer request a new time.  Now more than a year and a half since the
request was made, ^C has not heard back from the Secret Service.  Today ^C has
moved on to a new vocation.


5. Signal Surfer

Signal Surfer voiced his concerns about the bad reputation hackers have in the
computer industry when in reality, most people in the industry are hackers in
the first place.  He expressed an interest in trying to get people together to
work on changing the stereotype of the modern hacker and helping hackers find
legitimate jobs in the computer field.


6. Predat0r, TAP Magazine, Editor; Blitzkrieg BBS, Sysop

Predat0r gave a short update on the current status of TAP and tried to explain
why he hadn't produced an issue in over a year.  Legal problems (something
about being accused of stealing a laptop computer) that were taking up his time
and resources were at fault.  However, he says that those issues have been
resolved and that TAP will start publishing again with issue #106 sometime this
fall.

He gave his promise that he would not just fold the magazine and rip everyone
off who had sent him money.


7. Mr. Icom, Cybertek, Editor

Similar to Predat0r, Mr. Icom expressed his apologies for having been somewhat
delinquent in getting new issues of his magazine out.  He claimed that issue #7
would be released in the near future. 


8. Erik Bloodaxe (Chris Goggans)[Legion of Doom][Comsec Data Security, Inc.]

It was only a year ago at SummerCon '91 that Erik Bloodaxe, Doc Holiday, and
Malefactor proudly announced the formation of Comsec.  Now, the following year,
it seemed that events had come full circle.  What had happened to Comsec?  Why
did it go out of business?  What is the deal?  That's what everyone wanted to
know and what Goggans was prepared to discuss.

One of the factors that contributed to the failure of Comsec was operating
costs associated with creating the company in the first place.  Unfulfilled
promises of investment in the company from people like Kenyon "Malefactor"
Shulman and a whisper campaign against them by others in the computer security
industry and a criminally negligent press hurt them badly, so much in fact they
could not recover.

Goggans continued his tale of corruption and unfair play in the security
community.  For example, there was an agreement between Goggans and ISPNews
about Goggans writing a regular column in their bi-monthly publication.
However, after he submitted his first article, the newly formed editorial board
decided against allowing it to be published.  They said it was common for the
editorial board to not allow sensitive articles in their magazine.  But when
ISPNews was asked what other contributors had their articles reviewed like
this, they could produce no names.  It should also be pointed out that among
the members of the editorial board is one William J. Cook, formally an
assistant United States Attorney in Chicago -- the same prosecutor who is
responsible for the cases against Phrack co-founder Craig Neidorf (Knight
Lightning), Shadow Hawk, Steve Jackson Games, Len Rose, The Mentor, and Chris
Goggans himself!

But it didn't end there!  Someone on the editorial advisory board (without
permission from Goggans) forwarded his article to the head of security for
SprintNet.  Goggans received a threatening letter from SprintNet that called
his article potentially libelous and claimed that it contained inaccuracies
and proprietary company information.

But waitasec if the article contains confidential information then how could it
be innaccurate?  And if it's inaccurate then how could it divulge useful
security flaws in their security?

Most recently, Goggans wrote an article for ComputerWorld (see PWN 40/1) about
hackers and computer security.  It addresses Tymnet and Telenet security
issues.  He discussed how hackers exploit these networks and how they can be
stopped.  He read the article aloud in full.  It was typical of most security
articles -- detailed, technically rounded, and somewhat dry.  There were no big
security revelations or tips.

He then went on to read some of the editorial replies of people responding to
his article in subsequent issues of ComputerWorld.  The audience did not
approve of their negative response.

Finally, the discussion turned to the situation with MOD.  Goggans talked about
the persistent harassment he had been subjected to by Phiber Optik and other
members of his alleged New York based organization.

Goggans said that in addition to the usual childish prank calls he would often
receive, MOD obtained his credit information including his credit card numbers
and posted them on bulletin boards and IRC.  They were also responsible for
changing his residential home telephone long distance service from U.S. Sprint
to AT&T so they could more easily obtain his long distance calling records.

He was not alone -- other partners at Comsec and Doc Holiday's (Scott Chasin)
mother were also harassed.  Harassing a hacker is one thing, but going after a
man's family and livelihood is clearly stepping beyond the bounds of a hacker's
code of ethics.  Something had to be done aboutthe problem, so Comsec decided
to end MOD's reign of criminal obnoxiousness by any means necessary.

There was a debate as to the proper way to handle this situation.  Goggans
revealed that he eventually turned to the FBI for assistance, who were
surprising helpful.  Some people at SummerCon were critical of his admission.

Emmanuel Goldstein was the most outspoken of those who responded.  "If we start
resorting to asking the FBI to resolve our problems, then that is a worse
violation than what MOD did to you.  The more appropriate response would be to
use the same tricks to get back at them."

Emmanuel also gave an example of what he meant.  One day, his office starting
receiving lots of calls from people who wanted trips to Europe.  It turned out
that an answering machine at a travel agency had been left with an outgoing
message that told callers to contact both John Maxfield and Emmanuel Goldstein
and gave out both their numbers.  Maxfield solved the problem by called the
feds... 2600 hacked the answering machine and changed the message to something
more innocuous.

However clever Emmanuel's ideas might be, Goggans stated that, "legitimate
business people cannot resort to illegal means to correct such a situation.  We
had no other alternatives."

The debate continued for 30 minutes until, eventually, Knight Lightning stepped
in, pointed out that this discussion could go on forever, and that it was time
to start closing up shop.


9. DrunkFux, HoHoCon, Director

Before the meeting was officially concluded, dFx had a few things to discuss
concerning how the guests had been conducting themselves in the hotel and he
wanted to relate an experience he had at HoHoCon '91.

"The rowdiness at HoHoCon made last night at SummerCon look like a daycamp."

Drunkfux explained that the managers at the hotel for HoHoCon blamed the
conferences guests for all sorts of damage, and threatened to hold dFx
financially responsible.  The manager even threatened to bill his credit card
for the damage.  dFx responded by calling his credit card company and they
informed him that what the hotel had threatened to do was illegal and they
would be more than happy to prosecute the Hilton Hotel if they attempted to
bill dFx for such charges.

The Hilton staff claimed that some conference guests set fire to part of a
hallway, but refused to show dFx the damage when asked.  dFx's attorney (a
relative who had gotten involved at this point) asked if any fire alarms had
gone off.  The reply was no.  The attorney then informed the Hilton staff that
he would be happy to sue them on behalf of the conference guests for
endangering their lives by placing them in accommodations with defective fire
alarms.  The Hilton staff changed their story.

Another claim against the HoHo'ers was that they had engaged in and allowed
underage drinking.  The attorney pointed out that the hotel's own bartenders
were responsible for serving many of them and if Hilton's claim was true, he
would be forced to call the state and have the hotel's liquor license revoked.
The Hilton staff changed their story.

This sequence of point/counter-point repeated itself a few times until all
claims were dropped.

A few days later, the two hotel managers who had previously accused dFx of
damage went to his house to personally apologize.  They gave him coupons for
free nights the next time he stays at one of their hotels.  dFx recorded the
meeting on videotape and he joked around about putting the scene into gifs and
distributing it to a BBS near you!
_______________________________________________________________________________

 Afterwards
 ~~~~~~~~~~
After the official meeting, many guests left the hotel to eat, trash, and
explore the city.  Frosty and some of the other GCMS-MechWarriors started a
game of Hacker (Steve Jackson Games) in the conference room.  Many people soon
wandered over to Northwest Plaza Mall; where the trouble began.


 Rule #4
 ~~~~~~~
About 10 or more people (including Emmanuel Goldstein, The Conflict, Erik
Bloodaxe, Doc Holiday, and Signal Surfer) had entered the Northwest Plaza mall
and a couple of them had baseball caps on... backwards.

A few minutes later, they were approached by mall security who told them that
wearing their hats backwards was a violation of Rule #4 and was not allowed.
Specifically the security guard said, "All clothing must be worn in the way it
was meant to be worn."  Go figure, aren't hats supposed to be worn on your
head?  This was more than Emmanuel and the others would take.  They marched
right into Sears and Emmanuel bought everyone (who didn't already have a hat) a
bright red St. Louis Cardinals baseball cap.

Now all of them had their hats on backwards and they started strolling around
the mall soon catching the eye of another always-alert rent-a-cop, mall
security guard.  After telling them to turn their hats around (and dropping his
walkie-talkie in his attempt to call for backup), the security guard was
approached by Emmanuel who wanted to discuss this Rule #4.

Another guard mumbled something about how a case on the matter had already gone
to the appellate court, but he neglected to mention the outcome and we have
been unable to find any details about case.

The security guards (now in full force) told Emmanuel this policy was in fact
posted at all entrances and then they threw everyone out of the mall.  Emmanuel
says that he circled the mall noting that the rule was actually only posted at
2 of the 12 entrances.  Another interesting rule was #6, which made it illegal
to have a cellular phone, beeper, or any other device capable of making sounds
in the mall.  Erik Bloodaxe had broken this rule when he had played "Mary Had A
Little Lamb" on Signal Surfers cellular phone.


 Nightfall
 ~~~~~~~~~
Towards the late afternoon about half of the Con ventured to the St. Louis
waterfront on the Mississippi (Laclede's Landing) where the riverboats, bars
and the Arch is found.

Holistic Hacker showed videos in his room including:

"ESS Phun"                         - A humorous raid of a Bell Central Office
                                     by three hackers.
"Unsolved Mysteries"               - The Kevin Poulsen episode.
"Rudolph the Heavy-Metal Reindeer" - No explanation.
"Good Morning America"             - See Doc Holiday EAT his own hand!
"Now It Can Be Told"               - Phiber Optik, Emmanuel Goldstein, and
                                     Knight Lightning on Geraldo.
"SummerCon '89"                    - Highlights of SummerCon '89.
"SummerCon '91"                    - Highlights of SummerCon '91.

Later in the evening, things just went out of control.  Smoke bombs were going
off, power outages were occurring, rooms were filling up with trash found in
dumpsters at major computer and telecommunications office buildings.  Dena was
back stalking new prey (and found it).

Agent Steal and DrunkFux went to the Ozzy Osbourne concert while Erik Bloodaxe
and Doc Holiday went out with the girls from last year's conference.  They
didn't make it back to the hotel until the next morning <wink wink>.

Security guards were running around threatening to send people to jail for no
specific reason other than being disruptive.

The only serious discussions that night took place in the RDT room.
_______________________________________________________________________________

 Sunday
 ~~~~~~
The guests slowly began waking up just before mandatory checkout time from the
hotel.  As they gathered in the lobby and outside for last minute discussions
and group photos, the group began to slowly dwindle in size.  A few had to catch
flights right away, a few would be staying until Monday morning, but everyone
promised to return next year.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

           PWN ^*^ PWN ^*^ PWN { SummerCon '92 } PWN ^*^ PWN ^*^ PWN
           PWN ^*^ PWN ^*^ PWN {  Guest List!  } PWN ^*^ PWN ^*^ PWN

     Agent Steal                 Erik Bloodaxe             The Not
     Albatross                   Father Crime              Omega
     Apollo Phoebus              Forest Ranger             OPii
     Aragorn                     Frosty                    Phaedrus
     Black Phoenix               Gateway                   Phantom Phreaker
     Brian Oblivion              The Gatsby                The Pope
     Bucky                       Golgo 13                  Predat0r
     The Butler                  Holistic Hacker           The Public
     Coder Decoder               Hunter                    Pyro
     Colin                       Junkmaster                Rambone
     The Conflict                Just Dave                 Sarlo
     Control C                   Knight Lightning          Scooter
     Count Zero                  Krynn                     The Serpent
     Cray-Z Phreaker             Lord MacDuff              Signal Surfer
     Crimson Death               Louis Cypher              Slack Master
     Dark Angel                  Lucifer 666               Slave Driver
     Dark Creaper                Magic Man                 Taran King
     Disk Jockey                 Minor Threat              Tom Brokaw
     Dispater                    Mr. Icom                  Video Vance
     Doc Holiday                 Mucho Maas                Voyager
     Dr. Cypher                  Mudge                     Weapons
     Dr. Williams                Nat X                     White Knight
     Drab Jester                 Night Ranger              Wind Runner
     Drunkfux                    Nihil
     Emmanuel Goldstein          Norris

A total of 73 people and they are what made it worth remembering!
_______________________________________________________________________________

 A Few Things We Learned At SummerCon
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 By The Pope and Nihil

- Don't try to buy beer at stores that have gas pumps.
- How correctly wear a baseball hat.
- "Playing" cellular phones is illegal.
- All mall security officers are imported from Mississippi.
- The showers at the Executive Internation only have two temperatures:
  freeze and scald.
- Frosty bought a lifetime supply knee-high tube socks before they went out of
  style in the 1970's.
- How to pick up underage girls.
- Control C should have chosen the alias "No Control C."
- After being awake for 43 hours (and drinking for 30), OPii's accent
  disappears.
- Hanging out with Crimson Death and Phantom Phreaker means worrying about
  being drug tested at work Monday morning.
- Hanging out with Crimson Death, Phantom Phreaker, and Erik Bloodaxe will
  teach you how to defeat Moday morning's drug test.
- Erik Bloodaxe and The Pope are the Siskel and Ebert of pornographic films.
- Agent Steal has big hair.
- Taran King has perfect hair.
- DO NOT get into a car with Voyager and The Public.


--------------------------------------------------------------------------------


                                ==Phrack Inc.==

                    Volume Four, Issue Forty, File 12 of 14

              PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN
              PWN                                             PWN
              PWN              Phrack World News              PWN
              PWN                                             PWN
              PWN           Issue 40 / Part 1 of 3            PWN
              PWN                                             PWN
              PWN        Compiled by Datastream Cowboy        PWN
              PWN                                             PWN
              PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN


 Scantronics BBS Seized By San Diego Police Department             July 1, 1992
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 By Knight Lightning and The Gatsby
 Special Thanks to Bruce Bigelo (San Diego Union-Tribune)

                 "Multiplexor and The Crypt Keeper Spill Guts"

A lot of stories have been circulating in the press over the past two months
about hordes of credit card stealing computer hackers that were disrupting
the economy of the United States.  It all began with rumors about Multiplexor,
a small time hacker that was thought to have spent some time in Long Island,
New York and supposedly is from Indiana.  The story was that Multiplexor had
carded a plane ticket to San Diego to see a girl or meet some friends, but
when he landed, he was met by the police instead.

Where that information or the supposed "1,000 member hacker ring" theory came
from, we might never know, but we know do know the facts in this case thanks
to police reports and warrant affidavits supplied by the court and acquired by
The Gatsby with help.

That information and more is now available.

For purposes of understanding the following, "SEMENICK" and "MARCOV" are both
the same person.  You might know him better under the names of Multiplexor or
The Prisoner.  Later in this file, you will see references to a person named
Kevin Marcus who is better known to some as The Crypt Keeper.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

                          SAN DIEGO POLICE DEPARTMENT
                         Investigators Follow-Up Report

CASE NUMBER:  N/A
DATE:         March 23, 1992
TIME:         1300 Hours
SUBJECT:      Damage Assessment of and Intelligence gathering on Illegal entry
              (Hacking) Computer Systems and the Illegal use of Credit Cards.
SUSPECT:      SEMENICK, John Edward        AKA: MARCOV, Eric Edward
VICTIM:       Zales Jewelry Store
LOCATION:     4465 La Jolla Village Drive, San Diego, CA
DETECTIVE:    Dennis W. Sadler (I.D.# 2486)

On March 31, 1992, I received a ARJIS 4 form from Officer Smyth (I.D.# 3871)
regarding some papers found by a Mr. Maurice Osborne at his residence.

Mr. Osborne had asked an individual by the name of Eric MARCOV, who had rented
a room from him, to leave.  After MARCOV left the house, Mr. Osborne discovered
some papers with what appeared to be credit card information on them.  Mr.
Osborne called the police and reported what he found.

Officer Smyth collected the papers and wrote the attached report.  After
reviewing these papers, I learned that they did in fact contain some personal
information on individuals which included the person's name, address, credit
card number, card expiration date, and social security number.  It appeared
that the person who wrote these notes was possibly using this credit card
information illegally.

I contacted Mr. Osborne by phone on March 31st.  He verified the contents of
the report and he stated that he feels MARCOV may still be in town.  On April
2nd, I was contacted by Mr. Osborne who learned that MARCOV was staying at a
motel in the beach area named Sleepy Time.

On April 2, 1992, while in the beach area, I came across the Sleepy Time Motel.
I contacted the motel manager, William Gainok.  I asked Mr. Gainok if he had
a person registered there by the name of Eric MARCOV.  He said that he did and
that Marcov was in room number 108.

At approximately 8:40 am, I knocked on the door to room number 108.  A white
male answered the door.  I asked him if he was Eric MARCOV.  He said yes.  I
identified myself as a San Diego Police Detective and told him that I needed
to talk to him about some questionable credit card activity.

As he opened the motel room door, I saw more papers like <those> given to me by
Mr. Osborne laying on the floor near the door with more credit card information
on them.  After being invited into the motel room, I asked MARCOV if he knew
why I was here.  He said I think so.  I asked MARCOV why he thought so.  He
said the credit cards.

At this point, I was only interviewing MARCOV regarding the papers found at Mr.
Osborne's residence.  I had no active case or any evidence indicating that
MARCOV was involved in, or a suspect of any criminal or illegal activity.

I asked MARCOV if he had any I.D. on him.  He said that he did not.  MARCOV
gave me the following information; Eric Edward MARCOV, DOB 05-15-74, then
changed the year to 73.  He said he was 18 going on 19.  He did not know his
social security number.  When asked if he had a drivers' license, he said that
he has never had one.  MARCOV appeared to be between the age of 17 to 19 years
old.

While asking him about papers, he started talking about computers and gaining
information from various systems.  He talked for about 10 minutes.  After that,
I decided to call the FBI because hacking was involved in obtaining the credit
card information and numbers, plus the information was coming from out of
state.  MARCOV also sounded like he knew a lot about computer hacking and was
involved in it himself.

At 8:58 am, I called the local office of the FBI and told them what I had and
asked if they would be interested in talking with MARCOV.  I asked MARCOV prior
to calling the FBI, if he would be willing to talk with them about his computer
activities.  He agreed to talk with them.

A short later Special Agent Keith Moses called me back at the motel.  I
explained to him what I had and what MARCOV was willing to talk about.  After
going over the case with Moses, he agreed to come out and talk with MARCOV.

Both Moses and I interviewed MARCOV regarding his hacking activities and
knowledge.  MARCOV was extensively involved in the hacking community during
the last four years and had some superior knowledge about what was happening in
the hacker world.  We later learned that he had been arrested for computer
crimes in early 1991 in Indianapolis.  We attempted to contact the
investigators that worked that case, but we never received any calls back after
numerous attempts.

During the interview, I attempted to confirm MARCOV's true identity.  I asked
him for his parents' information.  He said he did not remember their home phone
numbers, but they had a phone.  He also could not remember their home
addresses.  I asked him for his parents' employment information.  He said that
his father worked for a local (his home town) turbine company.

I called the information number for the local phone company and then called the
company to verify this information.  However, the company's personnel office
could not locate any employee matching the name given to me by MARCOV.  MARCOV
also gave me the school and year he graduated.  I called the local school
district's administrative office and discovered they had no record of MARCOV
attending or graduating from their school system.

I confronted him with this information and he finally gave me his true
information.  His true name was John Edward SEMENICK, DOB 05-15-75.  I located
his father's work number and contacted him.  He was very uninterested about his
son's whereabouts or condition.  When asked if he would supply an airline or
bus ticket for transportation home, he said he would not.  His father further
stated that when his son decided to come home, he'll have to find his own way.
SEMENICK's parents are divorced and he lives with his father.  However, we
learned that his mother had filed a runaway report with the local sheriff's
office.

I contacted his mother and she seemed a little more concerned, but said she
would not provide a ticket or funds for his return.  I asked both parents if
while John was in San Diego would they have any problems if their son assisted
us in our investigation.  I explained to them that he was not facing any known
criminal charges at that point and that the information he would be giving us
would be for damage assessment and intelligence gathering purposes on hackers

Both parents stated that they had no problem with him assisting us if he was
not being charged.  Because SEMENICK was a juvenile and a runaway report was
filed on him, we contacted the U.S. Attorney's office, the District Attorney's
Juvenile Division, and the Juvenile Hall Probation Intake Officer for advice.

They advised us that their was no problem with him giving us information.
SEMENICK was booked into Juvenile hall as a runaway and then released to a
halfway home for the evening.  The intake officer explained to us that because
his parents would not send for him, they would only keep him for one evening
and then he would be let go on his own again the next day.

After SEMENICK went through the runaway process and was being released, we
picked him back up.  The FBI agreed and furnished the fund's to put SEMENICK up
in a hotel, give him living expenses, and then provide transportation for him
home.  SEMENICK was put up in a suite at the Mission Valley Marriott.  He was
allowed to do what he wanted while staying at the hotel and to see his friends
at any time.

During SEMENICK's stay at the Marriott, either myself or Agent Moses stayed in
the hotel room next to SEMENICK's.  During the three day stay at the hotel,
SEMENICK was able to provide us with some very useful information and
intelligence.  It was not enough to make any arrest, but we obtained some very
valuable information.  We were not able to independently verify the information
by another source.

During the period of April 3rd to April 5th, 1992, SEMENICK contacted numerous
persons by phone who were involved in computer hacking.  SEMENICK willingly and
voluntarily signed an FBI consent form giving us permission to record his phone
calls during the course of our investigation.  There were numerous tape
recorded phone conversations involving at least 4 separate individuals.

During this same period of time, information in data format was also downloaded
from another individual's computer located on the East Coast to the computer
we had set up.  The information we received during the download was current
credit records just obtained from CBI credit reporting company by this person,
a CBI manual written in part by "Kludge" a San Diego hacker, and numerous
other files/documents involving illegal activity such as "carding."  "Carding"
is a term used by the hacker community regarding the illegal or fraudulent use
of credit cards or credit card numbers by hackers nationwide.

SEMENICK stated that he had been a member of a local BBS called Scantronics
when he was an active hacker.  He stated that the board is run by a guy named
"KLUDGE" and contains hundreds of files and documents.  He said that most of
these files and documents contained on "KLUDGE's" computer are "how to"
manuals.  This means that they instruct the person who obtains them through
Scantronics BBS on how to do various things both legal and illegal.  Some of
the illegal activities that are covered on this BBS is carding, phone hacking,
ATM fraud, and credit bureau information.

We obtained three documents written by or put out by either "KLUDGE" or
Scantronics BBS.

THIS INVESTIGATION IS ONGOING AT THIS TIME AND FURTHER INFORMATION AND EVIDENCE
WILL BE ADDED.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

                          SAN DIEGO POLICE DEPARTMENT
                         Investigators Follow-Up Report

CASE NUMBER:  N/A
DATE:         April 30, 1992
TIME:         0700 Hours
SUBJECT:      Computer Hacking
SUSPECT:      N/A
VICTIM:       N/A
LOCATION:     N/A
DETECTIVE:    Dennis W. Sadler (I.D.# 2486)

On April 16, 1992, I was contacted by Kevin Marcus.  Marcus learned that we
were investigating individuals who were illegally logging (hacking) into
various computer systems nationwide.  Marcus runs a local computer bulletin
board system (BBS) called The Programmer's Paradise.  Marcus was concerned
about the illegal activities had had seen on various local BBSs and contacted
me.

Marcus also said that he had received computer messages from a person who goes
by the name (handle) of Knight Lightning in New York who asked him if he heard
anything about our investigation.  Knight Lightning told Marcus that on April
3rd a reporter from San Diego by the name of Bigelo had contacted and talked to
him about our ongoing investigation.

--  --  --  --  --  --  --  --
Enclosure 1:

Date: Fri, 10 Apr 1992 18:14:11 -500
To: knight@eff.org
From: Craig Neidorf <knight@eff.org>
Subject: Runaway Teen Hacker Picked Up?

I was just contacted by a reporter in San Diego about a hacker case.

Apparently there is a teenage hacker from Indiana who ran away from home to
California to see some girl there.  The local police and the FBI supposedly
picked him up on April 3rd and he remains in their custody uncharged while he
is telling them all sorts of information on hacker rings across the nation.

Does anyone have any clues as to who this kid is or what's going on?

:Knight Lightning

--  --  --  --  --  --  --  --

Enclosure 2:

Date: Thu, 16 Apr 1992 22:25:17 -0400
From: Craig Neidorf <knight@eff.org>
To: tck@netlink.cts.com
Subject: Re: Hi.

Bruce Bigelo, Union Tribune.  Left his number at the office.  Nothing going on,
but I understand that you called him.

Craig

--  --  --  --  --  --  --  --

Marcus offered to assist us.  I asked if he knew of a BBS called Scantronics.
He said that he did and that he had been a member of that BBS and view the
files on that board in the past to see what the board carried.  Marcus is a
computer science major at a local college and is doing research in the anti-
virus field.  Marcus stated that the board carried a lot of technical data, but
had nothing regarding his subject.  Marcus also belongs to other local and out-
of-state BBSs where he talks with other individuals with his same interest.

Marcus stated that he was last on Scantronics BBS about a month ago and he had
seen numerous computer files that involved CBI and carding.  Carding is a term
used by hackers who are involved in the illegal or fraudulent use of credit
cards and their numbers.  These credit card numbers are obtained from credit
reporting companies such as CBI and TRW, by illegally accessing (hacking) their
way into those company computers and reading or copying private individuals
credit reports and information.

Most copies of credit reports from these companies will show a person's name,
current and previous addresses, social security number, employer, salary, and
all current credit history including all credit cards and their account
numbers.  They <the hackers> then use these credit card numbers to obtain
goods.

If one of the hackers used an account number he found on a credit report that
he illegally pulled from the credit reporting company, the victim would most
likely not find out that their card had been illegally used until the next
billing cycle which could be as much as 45 days after the illegal transaction
took place.  According to the credit card industry, this is one of the most
risk free and safest way to commit credit card fraud.

Marcus said that the person's name who ran this BBS was Jeremy.  He did not
know his last name, but the handle he is known by is "KLUDGE."  I asked if he
knew the phone number to this BBS and he gave me 423-4852.  The BBS phone
number, the operator's first name, and <the operator's> handle matched the
information we had learned earlier.

Marcus also gave me two disks <that> contained some files which had been
downloaded (left on his BBS) by other persons on his system.  He regularly
checks his board and removes or deletes files regarding questionable or illegal
activity such as carding.

I viewed both of these disks and they contained some very interesting files.
These files included various topics <such as> an auto theft manual, CBI manual,
TRW manual, American Express card info, and many other files which if
downloaded or copied by another person, that person could easily gain illegal
access to various credit reporting companies and commit various other illegal
types of activity.

I told Marcus if he came across any further information regarding this type of
activity or further information about the BBS called Scantronics to please
contact me.

On April 17, 1992, I met Marcus and he said that he had logged onto Scantronics
last night by using an access number a friend gave him.  This same friend had
let him use his access number to gain access to this BBS on many prior
occasions.  He did this on his own, without any direction whatsoever from me or
any other law enforcement official.

Marcus handed me a 5 1/4" computer disk and said that it contained some file
listings and a list of all validated users.  Marcus also stated that the disk
contained a copy of the messages that were sent to him through his BBS by the
person in New York regarding our investigation [those messages displayed above
from Knight Lightning].

He asked me if I wanted him to log on and see for myself what was on "KLUDGE's"
BBS.  I told him that I would have to consult with the D.A.'s office first.
However, I was unable to get a hold of our D.A. liaison.  I told <Marcus> that
I'd get back with him later.

After talking to D.A. Mike Carlton, I advised Marcus not to go into Scantronics
BBS unless it was for his own information.  However he said that if he came
across any further information during his normal course of running his own BBS,
he would notify me.

--  --  --  --  --  --  --  --

[The police report also contained 60 pages of printouts of postings and text
files found on Scantronics BBS.  It is also made very clear that Kevin Marcus
(aka The Crypt Keeper) accessed Scantronics BBS by using the password and
account number of The Gatsby.  Files include:

-  "Credit Bureau Information" which sounds harmless enough to begin with and
    turns out is actually a reprint of an article from the September 27, 1992
    issue of Business Week Magazine

-  "Advanced Carding" by The Disk Jockey, which dates back to 1987.

-  "The Complete CBI Manual of Operations" by Video Vindicator and Kludge,
    dated October 10, 1991.

 Aftermath
 ~~~~~~~~~
On April 23, 1992, a search warrant was issued in the municipal court of the State of California in the county of San Diego which authorized the seizure of:

A.  All telephone company subscriber information to include service start date,
    copy of most current billing statement, current credit information, and
    location of telephone service to the following telephone numbers;
    (619)XXX-XXXX and (619)XXX-XXXX and any other telephone number information
    in any chain of call forwarding, to or from the listed phone numbers.

B.  All telephone company records which includes subscriber information,
    service start date, copy of most current billing statement, current credit
    information, and location of telephone service phone numbers to which calls
    are being forwarded to or from, from the listed phone numbers.

               CERTIFICATION TO DEFER NOTIFICATION TO SUBSCRIBER

     The Court finds there is substantial probable cause to believe
     notification to the subscriber whose activities are recorded in the
     records described above would impede or destroy this investigation.
     Accordingly, the court certifies the request of the San Diego Police
     Department that notification to the subscriber be deferred pending
     further order of this court.


On April 30, 1992, a search warrant was issued in the municipal court of the
State of California in the county of San Diego which authorized the search of
Kludge's residence and the seizure of:

     All computer equipment and paraphernalia use in computer hacking, or apart
     of the BBS known as Scantronics which includes, but is not limited to
     monitor(s), keyboard(s), CPU(s), which may or may not contain hard disk
     drive(s), floppy drive(s), tape drive(s), CD rom drive(s), modem(s),
     fax/modem(s), all hard copies (paper copies) of any computer files which
     have been stored or currently stored on/in a computer system, all
     documents whether in hard or data form which show how to operate any
     computer program or computer file, all memory storage devices which may
     include hard disk drive(s), 5 1/4" and 3 1/2" computer memory storage
     disks, all computer memory storage and computer back up tapes, and all
     computer CD rom disks capable of computer data storage; and, documents and
     effects which tend to show dominion and control over said premises and
     computer system, including fingerprints, records, handwritings, documents
     and effects which bear a form of identification such as a person's name,
     photograph, social security number, or driver's license number and keys.

The warrant was used immediately and Scantronics BBS and much more was seized.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 The Crypt Keeper Responds
 ~~~~~~~~~~~~~~~~~~~~~~~~~
Date: Wed, 17 Jun 92 09:13:50 PDT
From: tck@bend.UCSD.EDU (Kevin Marcus)
To: knight@eff.org
Subject: Hmm.

I'll start at the beginning...

On April 3rd, I arrived at my workplace (a computer store) around 3 pm.
Multiplexor is sitting in the back with some FBI agent and Detective Dennis
Sadler.  The reason they chose my store for technical support is because Dennis
and one of my managers are very good friends.

I saw what was happening, and I saw Multiplexor call up Kludge's board and try
to log on, but alas he was not validated.  Nonetheless, that same day I told
Gatsby and Kludge what was up, because they are/were my friends and I didn't
want something bad to happen to them.

A few days later, my boss suggested that I tell Dennis that I was on Kludge's
board awhile ago, but that I was not anymore because they might have found
something on me.  So the next time I saw him (he comes in about once a week,
still), I told him that I was on the board awhile ago, but that I wasn't
anymore.  He asked a few stupid questions and I didn't really say a whole bunch
about.

He eventually found out that I had warned Kludge about his board.  I am not
really sure how, I sure as heck didn't tell him.  He then told me that I
nearly blew their investigation and for interfering with an investigation the
maximum penalty was like 5 years or something like that.  He was getting ready
to arrest me and take me down to the county courthouse when my boss was able to
convince him that I was a good kid, not looking for trouble, and that I would
get him something to re-strengthen.  So, even though Dennis didn't tell me
specifically to get something from Kludge's board, he told me that what he
needed to get his case back up to par was an idea of what was on the board,
like a buffering of his system.

That night I called up Gatsby and got his password from him.  I called and
buffered.  The next time that I saw him [Sadler], I told him what I had done.
He wanted to know how I got on Kludge's board, and I told him through a
friend's account.  He asked me which friend, and I said "The Gatsby."  He then
started asking me a bunch of questions about Gatsby such as, "What is his real
name?"  And, at first I said that I didn't want to tell him, and then he said
that I was withholding evidence and he could bust me on that alone.  So I told
him his name and that he lived in XXXXX (a suburb of San Diego).  They already
had him and Kludge in phone conversations over Kludge's line since it was taped
for a while so they knew who he was in the first place.

If Sadler didn't have anything hanging over my head, such as interfering with
an investigation, and/or withholding evidence, then I would not have said jack,
more than likely.  My first contact with him was on suggestion of my boss, who
is a good friend of his, and he might have told my boss something which made
him worry and think that I would be arrested for something, I do not know.

Now, if I was a nark, then I can assure you that a LOT more people would have
gone down.  I have a plethora of information on who is who, who is where, who
does what, etc. and, even though it's old, I bet a lot of it is true.  If I
wanted there to be another Operation Sun-Devil, then I would have given all of
that information to him.  But I didn't, because that is not at all what I had
wanted.  I didn't want anyone to get busted (including myself) for anything.

If I were a nark, then I would probably have given him a lot more information,
wouldn't you think?

I sure do.

I am not asking anyone to forget about it.  I know that I screwed up, but there
is not a whole bunch about it that I can do right now.

When Sadler was here asking me questions, it didn't pop into my mind that I
should tell him to wait and then go and call my attorney, and then a few
minutes later come back and tell him whatever my lawyer said.  I was scared.
_______________________________________________________________________________

 Hackers Aren't The Real Enemy                                     June 8, 1992
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 By Chris Goggans (ComputerWorld)(Page 37)

(Goggans is a 23-year old hacker who is currently seeking employment with
anyone who won't make him cut his hair.)

For years articles have been published about people who call themselves
"hackers."  These have been written by people who have investigated hackers,
who have been the targets of hackers, who secure systems against hackers and
who claim to know hackers.  As a member of the so-called "computer
underground," I would like to present the hacker's point of view.

I hope you will put aside any personal bias you may have toward people who call
themselves  hackers  because it is probably based on media reports rather than
real contact.

I also hope you won't refuse to read this because you have a problem with my
ethics.  Over the past 11 years, operating under the pseudonym Erik Bloodaxe, I
had opportunities to become rich beyond the dreams of avarice and wreak great
havoc on the world's computer networks.  Yet I have done neither.  I have
looked behind doors that were marked "employees only" but have never disrupted
the operation of business.  Voyeurism is a far cry from rape.

Illegal, but not criminal

Undeniably, the actions of some hackers are illegal, but they are still hardly
criminal in nature.  The intention of most of these individuals is not to
destroy or exploit systems but merely to learn in minute detail how they are
used and what they are used for.  The quest is purely intellectual, but the
drive to learn is so overwhelming that any obstacle blocking its course will be
circumvented.  Unfortunately, the obstacles are usually state and federal laws
on unauthorized computer access.

The overwhelming difference between today's hackers and their 1960s MIT
namesakes is that many of my contemporaries began their endeavors too young to
have ready access to computer systems.  Few 13-year-olds find themselves with
system privileges on a VAX through normal channels.

My own first system was an Atari 8-bit computer with 16K of memory.  I soon
realized that the potential of such a machine was extremely limited. With the
purchase of a modem, however, I was able to branch out and suddenly found
myself backed by state-of-the-art computing power at remote sites across the
globe.  Often, I was given access by merely talking to administrators about the
weak points in their systems, but most often my only access was whatever
account I may have stumbled across.

Many people find it hard to understand why anyone would risk prosecution just
to explore a computer system.  I have asked myself that same question many
times and cannot come up with a definitive answer.  I do know that it is an
addiction so strong that it can, if not balanced with other activities, lead to
total obsession.  Every hacker I know has spent days without sleep combing the
recesses of a computer network, testing utilities and reading files.  Many
times I have become so involved in a project that I have forgotten to eat.

Hackers share almost no demographic similarities:  They are of all income
levels, races, colors and religions and come from almost every country.  There
are some shared characteristics, however.  Obsessive-compulsive behavior (drug
or alcohol abuse, gambling, shoplifting) is one.  Others have a history of
divorce in their families, intelligence scores in the gifted to genius level,
poor study habits and a distrust of any authority figure.  Most hackers also
combine inherent paranoia and a flair for the romantic -- which is apparent in
the colorful pseudonyms in use throughout the hacker community.

In most cases, however, once hackers reach college age -- or, at minimum, the
age of legal employment -- access to the systems they desire is more readily
available through traditional means, and the need to break a law to learn is
curtailed.

Popular media has contributed greatly to the negative use of the word "hacker."
Any person found abusing a long-distance calling card or other credit card is
referred to as a hacker.  Anyone found to have breached computer security on a
system is likewise referred to as a hacker and heralded as a computer whiz,
despite the fact that even those with the most basic computer literacy can
breach computer security if they put their minds to it.

Although the media would have you believe otherwise, all statistics show that
hackers have never been more than a drop in the bucket when it comes to serious
computer crime.  In fact, hackers are rarely more than a temporary nuisance, if
they are discovered at all.  The real danger lies in the fact that their
methods are easily duplicated by people whose motives are far more sinister.
Text files and other information that hackers write on computer systems can be
used by any would-be corporate spy to help form his plan of attack on a
company.

Given that almost everyone is aware of the existence and capabilities of
hackers -- and aware of how others can go through the doors hackers open -- the
total lack of security in the world's computers is shocking.

Points of entry

The primary problem is poor systems administration.  Users are allowed to
select easily guessed passwords.  Directory permissions are poorly set.  Proper
process accounting is neglected.  Utilities to counter these problems exist for
every operating system, yet they are not widely used.

Many systems administrators are not provided with current information to help
them secure their systems.  There is a terrible lack of communication between
vendors and customers and inside the corporate community as a whole.

Rather than inform everyone of problems when they are discovered, vendors keep
information in secret security databases or channel it to a select few through
electronic-mail lists.  This does little to help the situation, and, in fact,
it only makes matters worse because many hackers have access to these databases
and to archives of the information sent in these mailing lists.

Another major problem in system security comes from telecommunications
equipment.  The various Bell operating companies have long been the targets of
hackers, and many hackers know how to operate both corporate and central office
systems better than the technicians who do so for a living.

Increased use of computer networks has added a whole new dimension of
insecurity.  If a computer is allowed to communicate with another on the same
network, every computer in the link must be impenetrable or the security of all
sites is in jeopardy.  The most stunning examples of this occur on the
Internet.  With such a wide variety of problems and so little information
available to remedy them, the field of computer security consulting is growing
rapidly.  Unfortunately, what companies are buying is a false sense of
security.  The main players seem to be the national accounting firms.  Their
high-cost audits are most often procedural in nature, however, and are rarely
conducted by individuals with enough technical expertise to make
recommendations that will have a real and lasting effect.

Ultimately, it is the responsibility of the systems administrators to ensure
that they have the proper tools to secure their sites against intrusion.
Acquiring the necessary information can be difficult, but if outsiders can get
their hands on this information, so can the people who are paid to do the job.
_______________________________________________________________________________

                               THE GREAT DEBATE

                          Phiber Optik v. Donn Parker

 Cyberpunk Meets Mr. Security                                         June 1992
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 By Jonathan Littman (PC Computing Magazine)(Page 288)

The boy cautiously approached the table and asked the tall, distinguished bald
gentleman in the gray suit if he could join him.  The boy's conference name tag
read Phiber Optik; the gentleman's read Donn Parker.  One was a member of the
Legion of Doom, the infamous sect of teenage hackers charged with fraud,
conspiracy, and illegal computer access in 1990; the other was a legendary
security expert.

The unlikely pair had been brought together by an unusual gathering, the
nation's first Computers, Freedom, and Privacy conference, held in the San
Francisco Bay Area on the last weekend of March 1991.  They were part of an
eclectic mix of G-men, Secret Service agents, prosecutors, privacy advocates,
and hackers who had come to see the other side up close.

Only weeks before, Optik's laptop computer had been seized by state police in
an investigation begun by the Secret Service.  Optik and fellow hackers Acid
Phreak and Scorpion were among the first to come under the scrutiny of the
Secret Service in the days of Operation Sun Devil, a 14-city sweep in the
spring of 1990 that resulted in 42 seized computers, 23,000 confiscated disks,
and four arrests.

The criminal charges brought against Optik and his cohort included illegal
computer access and trading in stolen access codes.  Optik, a juvenile at the
time of his initial questioning, spent a day in jail and was later convicted of
a misdemeanor for theft of services.

Parker knew the story well.  Over the last two decades, the former Lutheran
Sunday school teacher has interviewed dozens of criminals to whom computers
were simply the tools of the trade.  Along the way, he earned a worldwide
reputation as the bald eagle of computer crime.  Parker speaks frequently to
law-enforcement agencies and corporations as a consultant to SRI International,
a leading research and management firm based in Menlo Park, California.  His
books Fighting Computer Crime and Crime by Computer, countless articles, and a
large Justice Department study on computer ethics have established him as the
foremost authority on the hacker psyche.

PARKER: How do you view the ethics of getting into someone's computer system?

OPTIK:  I know what your point of view is because I've read your papers and
        I've listened to you talk.  I know that you think any entry, you know,
        any unauthorized entry, is criminal.

        I can't say I agree with that.  I do agree that anyone who's an
        impressionable teenager, who's on the scene and wants to break into as
        many computers as is humanly possible to prove a point, has the
        potential to do damage, because they're juveniles and have no idea what
        they're doing, and they're messing around in places that they have no
        business being.

        At the time, I was 17 years old and still a minor.  There was no way I
        was going to be able to buy a Unix, a VAX, my own switching system.
        These are the things I'm interested in learning how to program.  It
        would not have been possible to access this type of computer
        development environment had I not learned how to break into systems.
        That's the way I see it.

PARKER: What are you doing at this conference?  What's your purpose?

OPTIK:  Basically I want to be exposed to as many people as possible and hear
        as many people's views as I can.

PARKER: What's your ultimate purpose then-what would you like to do as far as
        a career?  Do you think this is a way for you to get into a career?

OPTIK:  Well, of course, I hope to enter the computer industry.  Just by being
        here, I hope to talk to people like you, the many people who are
        professionals in the field, hear their views, have them hear my views.

        See, the thing I regret the most is that there is this communication
        gap, a lack of dialogue between people who proclaim themselves to be
        hackers and people who are computer professionals.  I think if there
        were a better dialogue among the more respectable type of hackers and
        the computer professionals, then it would be a lot more productive.

PARKER: How do you tell the difference between a more responsible type of
        hacker? 

OPTIK:  I realize that its a very big problem.  I can see that it's pretty
        impossible to tell, and I can clearly understand how you come to the
        conclusions that you initially state in your paper about how hackers
        have been known to cheat, lie, and exaggerate.  I experienced that
        firsthand all the time.  I mean, these people are generally like that.
        Just keep in mind that a large number of them aren't really hardcore
        hackers -- they're impressionable teenagers hanging out.  Its just that
        the medium they're using to hang out is computers.

        I don't consider myself part of that crowd at all.  I got into
        computers early on. Like when I was entering junior high school.  I was
        really young, it must have been preteen years.  I'm talking about 12 or
        13 years old when I got a computer for Christmas.

        I didn't immediately go online.  I'm not one of these kids today that
        get a Commodore 64 with a modem for Christmas because they got good
        grades on their report card.  The reason I would have called myself a
        hacker is, I was hacking in the sense of exploring the world inside my
        computer, as far as assembly language, machine language, electronics
        tinkering, and things of that nature.  That truly interested me.

        The whole social online thing I could really do without because that's
        where these ideas come from.  You know, this whole negative, this bad
        aftertaste I get in my mouth when I hear people put down the whole
        hacking scene.  Its because of what they're hearing, and the reason
        they're hearing this is because of the more outspoken people in this
        "computer underground" and the twisted coverage in the media, which is
        using this whole big hype to sell papers.

        And the people who are paying the price for it are people like me; and
        the people who are getting a twisted view of things are the
        professionals, because they're only hearing the most vocal people.
        It's another reason why I'm here, to represent people like myself, who
        want other people to know there are such things as respectable hackers.
        You know hacking goes beyond impressionable young teenage delinquents.

PARKER: How would you define hacking?

OPTIK:  It's this overall wanting to understand technology, to be able to
        communicate with a machine on a very low level, to be able to program
        it.  Like when I come upon a computer, it's like my brain wants to talk
        to its microprocessor.  That's basically my philosophy.

PARKER. And does it matter to you who actually owns the computer?

OPTIK:  Usually it does.  Oh, at first it didn't matter.  The mere fact of
        getting into Unix, and learning Unix, was important enough to warrant
        me wanting to be on the system.  Not because of information that was in
        there. I really don't care what the information is.

        You know there's that whole Cyberpunk genre that believes information
        should be free.  I believe in computer privacy wholly.  I mean if
        someone wants something to be private, by all means let it be private.
        I mean, information is not meant for everyone to see if you design it
        as being private.  That's why there is such a thing as security.

        If someone wants to keep something private, I'm not going to try to
        read it.  It doesn't interest me. I couldn't care less what people are
        saying to each other on electronic mail.  I'm there because I'm
        interested in the hardware.

PARKER: How is anyone else going to know that you're not interested in reading
        their private mail?

OPTIK:  That's a problem I have to deal with.  There's not a real solution in
        the same way that there's no way that you're really going to be able
        to tell whether someone's malicious or not.  Hackers do brag, cheat,
        and exaggerate.  They might tell you one thing and then stab you in the
        back and say something else.

PARKER: I've interviewed over 120 so-called computer criminals.

OPTIK:  Right.

PARKER: I've interviewed a lot of hackers, and I've also interviewed a lot of
        people engaged in all kinds of white-collar crime.

OPTIK:  Yeah.

PARKER: And it seems to me that the people I have talked with that have been
        convicted of malicious hacking and have overcome and outgrown that
        whole thing have gone into legitimate systems programming jobs where
        there is great challenge, and they're very successful.  They are not
        engaged in malicious hacking or criminal activity, and they're making a
        career for themselves in technology that they love.

OPTIK:  Right.

PARKER: Why couldn't you go that route?  Why couldn't you get your credentials
        by going to school like I did and like everybody else did who functions
        as a professional in the computer field, and get a challenging job in
        computer technology?

OPTIK:  I certainly hope to get a challenging job in computer technology.  But
        I just feel that where I live, and the way the school system is where I
        am, it doesn't cater to my needs of wanting to learn as much about
        technology as fast as I want to learn.

PARKER: Yeah, but one of the things you have to learn, I guess, is patience,
        and you have to be willing to work hard and learn the technology as
        it's presented.

OPTIK:  You know, you just have to remember that by being able to go places
        that people shouldn't, I'm able to learn things about technology that
        schools don't teach.  It's just that programs in local colleges where I
        am, they couldn't even begin to grasp things that I've experienced.

PARKER: OK, so you want instant gratification then.

OPTIK:  It's not so much gratification . . .

PARKER: You're not willing to spend four years in a--

OPTIK:  I certainly am willing to go to college.

PARKER: Uh huh.

OPTIK:  I definitely intend to go to college; I just don't expect to learn very
        much concerning technology. I do expect to learn some things about
        technology I probably didn't know, but I don't expect to be exposed to
        such a diverse amount of technology as in my teenage years.

PARKER: OK, well, I can see impatience and a lack of opportunity to do all
        that stuff very quickly, but--

OPTIK:  I wouldn't go so far as to call it impatience.  I'd call it an
        eagerness to learn.

PARKER: Eagerness to learn can be applied in the establishment process of
        education in all kinds of ways.  You can excel in school.

OPTIK:  I was never Mr. Academia, I can tell you that right off the bat.  I
        don't find much of interest in school.  Usually I make up for it by
        reading technology manuals instead.

PARKER: How are you going to spend four years in school if you've already
        decided you're really not suited to be in school?

OPTIK:  Well, it's not so much school as it is that I feel constrained being in
        high school and having to go through junior high school and high school
        because of the way the educational program are tailored to like, you
        know --

PARKER: Well, if you hold this direction that you're going right now, you could
        very well end up as a technician repairing equipment, maintaining
        computers, and you could very well end up in a dead-end job.

        In order to break into a higher level of work, you need a ticket, you
        need a degree, you have to prove that you have been able to go to
        school and get acceptable grades.  The route that you're going doesn't
        seem to me to lead to that.

        Now there are some people who have managed to overcome that, OK --
        Geoff Goodfellow.  Steve Wozniak.  But those people are 1 out of
        100,000.  All the other 99,000-odd people are technicians.  They're
        leading reasonable lives, making a reasonable income, but they're not
        doing very big things.  They're keeping equipment running.

OPTIK:  Yeah.

PARKER: And if you have all this curiosity and all this drive and this energy
        (which is what it takes), and you go a route that gets you to a
        position where you can do real, exciting, advanced research . . .  I
        mean, I've talked to a lot of hackers.  I'm thinking of one in
        Washington, D.C., who was convicted of a computer crime.  He went back
        to school, he's got his degree, and he has a very top systems
        programming job.  He said he finally reached a point where he decided
        he had to change the way he was going about this, because the way
        things were going, the future for him was pretty bleak.

        And it seems to me, hopefully, you may come to a realization that to
        do important things, exciting things, ultimately you've got to learn
        the computer-science way of presenting operating systems, and how to
        write programs of a very large, complex nature.

        Have you ever done that, have you ever written a really big computer
        program?

OPTIK:  I've written this . . .

PARKER: There's a discipline involved that has to do with learning how to be an
        engineer.  It takes a tremendous amount of education and discipline.
        And it sounds to me like you lack the discipline.  You want instant
        gratification, you want to be an expert now.  And you end up being an
        expert all right, but in a very narrow range of technology.

        You learn the Novell LAN, you learn some other aspect, you learn about
        a telephone company's switching system.  That doesn't lead to a career
        in designing and developing systems.  That leads to a career in
        maintaining the kind of hardware that you've been hacking.

        And it seems to me you've got to go back and learn the principles.
        What are the basic principles of an operating system?  What are the
        basic principles of access control?  Until you've gone back and learned
        those basics, you're flying by the seat of your pants, and just picking
        up odds and ends of stuff that you can grab quickly.

OPTIK:  I don't see it so much as grabbing things quickly.  I've put a lot of
        time into studying very detailed things.  It's not so much popping in
        and popping out and whatever I find I'm glad I found it.  I do spend a
        lot of time studying manuals and things.

PARKER: Manuals are not going to do it.  All you do in learning a manual is
        learn the current equipment and how it works.  If you studied Donald
        Kanuth's volumes on computer science programming and computer sciences,
        you would learn the theory of computer programming, you would learn
        the operating system theory, you would learn the theory that is the
        foundation on which all of these systems are built.

OPTIK:  But that's the thing I guess I don't do. I was never much concerned
        with theory of operation.  I was always concerned with how things work,
        and how I can use them.  Like how to program.  I'll admit I was never
        much into theory.  It never interested me.  Like with what I do-theory
        really doesn't play any role at the present time.  Of course, that's
        subject to change at any time.  I'm rather young . . .

A FRIEND WHISPERED in Optik's ear that it was time to go.  Still locked in
debate, the hacker and the security man left the table and walked together
toward the escalator.  In profile, at the bottom of the moving stairs, they
were an odd couple:  Optik with his shiny, jet black hair, Parker with his
shiny dome.

Parker was speaking calmly, warning Optik that one day hacking wouldn't seem
so boundless, that one day his opportunities wouldn't seem quite so vast.
Optik fidgeted, glancing away.  Conference attendees filed up the escalator.

"I don't want to be a hacker forever," blurted Optik.

The next afternoon the bank of hotel phones was crowded with business people
and conference attendees punching in to get their messages and make their
calls.  There was Optik, wedged between the suits, acoustic coupler slipped
over the phone receiver, a laptop screen flickering before his eyes, his hands
flitting over the keys.

He was still young.


--------------------------------------------------------------------------------


                                ==Phrack Inc.==

                    Volume Four, Issue Forty, File 13 of 14

              PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN
              PWN                                             PWN
              PWN              Phrack World News              PWN
              PWN                                             PWN
              PWN           Issue 40 / Part 2 of 3            PWN
              PWN                                             PWN
              PWN        Compiled by Datastream Cowboy        PWN
              PWN                                             PWN
              PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN


 MOD Indicted                                                      July 8, 1992
 ~~~~~~~~~~~~
 Taken from U.S. Newswire

The following is the press release issued by the United States Attorney's
Office in the Southern District of New York.

                      Group of "Computer Hackers" Indicted
                      First Use of Wiretaps in Such a Case

NEW YORK -- A group of five "computer hackers" has been indicted on charges of
computer tampering, computer fraud, wire fraud, illegal wiretapping, and
conspiracy, by a federal grand jury in Manhattan, resulting from the first
investigative use of court-authorized wiretaps to obtain conversations and data
transmissions of computer hackers.

A computer hacker is someone who uses a computer or a telephone to obtain
unauthorized access to other computers.

The indictment, which was filed today, alleges that Julio Fernandez, a/k/a
"Outlaw," John Lee, a/k/a "Corrupt," Mark Abene, a/k/a "Phiber Optik," Elias
Ladopoulos, a/k/a "Acid Phreak," and Paul Stira, a/k/a "Scorpion," infiltrated
a wide variety of computer systems, including systems operated by telephone
companies, credit reporting services, and educational institutions.

According to Otto G. Obermaier, United States Attorney for the Southern
District of New York, James E. Heavey, special agent in charge, New York Field
Division, United States Secret Service, William Y. Doran, special agent in
charge, Criminal Division, New York Field Division, Federal Bureau of
Investigation, and Scott Charney, chief of the Computer Crime Unit of the
Department of Justice, the indictment charges that the defendants were part of
a closely knit group of computer hackers self-styled "MOD," an acronym used
variously for "Masters of Disaster" and "Masters of Deception" among other
things.

The indictment alleges that the defendants broke into computers "to enhance
their image and prestige among other computer hackers; to harass and intimidate
rival hackers and other people they did not like; to obtain telephone, credit,
information and other services without paying for them; and to obtain
passwords, account numbers and other things of value which they could sell to
others."

The defendants are also alleged to have used unauthorized passwords and billing
codes to make long distance telephone calls and to be able to communicate with
other computers for free.

Some of the computers that the defendants allegedly broke into were telephone
switching computers operated by Southwestern Bell, New York Telephone, Pacific
Bell, U.S. West and Martin Marietta Electronics Information and Missile Group.
According to the indictment, such switching computers each control telephone
service for tens of thousands of telephone lines.

In some instances, the defendants allegedly tampered with the computers by
adding and altering calling features.  In some cases, the defendants allegedly
call forwarded local numbers to long distance numbers and thereby obtained long
distance services for the price of a local call. Southwestern Bell is alleged
to have incurred losses of approximately $370,000 in 1991 as a result of
computer tampering by defendants Fernandez, Lee, and Abene.

The indictment also alleges that the defendants gained access to computers
operated by BT North America, a company that operates the Tymnet data transfer
network.  The defendants were allegedly able to use their access to Tymnet
computers to intercept data communications while being transmitted through the
network, including computer passwords of Tymnet employees.  On one occasion,
Fernandez and Lee allegedly intercepted data communications on a network
operated by the Bank of America.

The charges also allege that the defendants gained access to credit and
information services including TRW, Trans Union and Information America.  The
defendants allegedly were able to obtain personal information on people
including credit reports, telephone numbers, addresses, neighbor listings and
social security numbers by virtue of their access to these services.  On one
occasion Lee and another member of the group are alleged to have discussed
obtaining information from another hacker that would allow them to alter credit
reports on TRW.  As quoted in the indictment, Lee said that the information he
wanted would permit them "to destroy people's lives... or make them look like
saints."

The indictment further charges that in November 1991, Fernandez and Lee sold
information to Morton Rosenfeld concerning how to access credit services.  The
indictment further alleges that Fernandez later provided Rosenfeld's associates
with a TRW account number and password that Rosenfeld and his associates used
to obtain approximately 176 TRW credit reports on various individuals.  (In a
separate but related court action, Rosenfeld pleaded guilty to conspiracy to
use and traffic in account numbers of TRW.  See below).

According to Stephen Fishbein, the assistant United States attorney in charge
of the prosecution, the indictment also alleges that members of MOD wiped out
almost all of the information contained within the Learning Link computer
operated by the Educational Broadcasting Corp. (WNET Channel 13) in New York
City.  The Learning Link computer provided educational and instructional
information to hundreds of schools and teachers in New York, New Jersey and
Connecticut.  Specifically, the indictment charges that on November 28, 1989,
the information on the Learning Link was destroyed and a message was left on
the computer that said: "Happy Thanksgiving you turkeys, from all of us at MOD"
and which was signed with the aliases "Acid Phreak," "Phiber Optik," and
"Scorpion."  During an NBC News broadcast on November 14, 1990, two computer
hackers identified only by the aliases "Acid Phreak" and "Phiber Optik" took
responsibility for sending the "Happy Thanksgiving" message.

Obermaier stated that the charges filed today resulted from a joint
investigation by the United States Secret Service and the Federal Bureau of
Investigation.  "This is the first federal investigation ever to use court-
authorized wiretaps to obtain conversations and data transmissions of computer
hackers," said Obermaier.  He praised both the Secret Service and the FBI for
their extensive efforts in this case.  Obermaier also thanked the Department of
Justice Computer Crime Unit for their important assistance in the
investigation.  Additionally, Obermaier thanked the companies and institutions
whose computer systems were affected by the defendants' activities, all of whom
cooperated fully in the investigation.

Fernandez, age 18, resides at 3448 Steenwick Avenue, Bronx, New York.  Lee
(also known as John Farrington), age 21, resides at 64A Kosciusco Street,
Brooklyn, New York.  Abene, age 20, resides at 94-42 Alstyne Avenue, Queens,
New York.  Elias Ladopoulos, age 22, resides at 85-21 159th Street, Queens, New
York.  Paul Stira, age 22, resides at 114-90 227th Street, Queens, New York.
The defendants' arraignment has been scheduled for July 16, at 10 AM in
Manhattan federal court.

The charges contained in the indictment are accusations only and the defendants
are presumed innocent unless and until proven guilty.  Fishbein stated that if
convicted, each of the defendants may be sentenced to a maximum of five years
imprisonment on the conspiracy count.  Each of the additional counts also
carries a maximum of five years imprisonment, except for the count charging
Fernandez with possession of access devices, which carries a maximum of ten
years imprisonment.  Additionally, each of the counts carries a maximum fine of
the greater of $250,000, or twice the gross gain or loss incurred.

- - - - - - - - - - - - - - - - - -  - - - - - - - - - - - - - - - - - - - - -

In separate but related court actions, it was announced that Rosenfeld and
Alfredo De La Fe [aka Renegade Hacker] have each pleaded guilty in Manhattan
Federal District Court to conspiracy to use and to traffic in unauthorized
access devices in connection with activities that also involved members of MOD.

Rosenfeld pled guilty on June 24 before Shirley Wohl Kram, United States
District Judge.  At his guilty plea, Rosenfeld admitted that he purchased
account numbers and passwords for TRW and other credit reporting services from
computer hackers and then used the information to obtain credit reports, credit
card numbers, social security numbers and other personal information which he
sold to private investigators.  Rosenfeld added in his guilty plea that on or
about November 25, 1991, he purchased information from persons named "Julio"
and "John" concerning how to obtain unauthorized access to credit services.
Rosenfeld stated that he and his associates later obtained additional
information from "Julio" which they used to pull numerous credit reports.
According to the information to which Rosenfeld pleaded guilty, he had
approximately 176 TRW credit reports at his residence on December 6, 1991.

De La Fe pled guilty on June 19 before Kenneth Conboy, United States District
Judge.  At his guilty plea, De La Fe stated that he used and sold telephone
numbers and codes for Private Branch Exchanges ("PBXs").  According to the
information to which De La Fe pleaded guilty, a PBX is a privately operated
computerized telephone system that routes calls, handles billing, and in some
cases permits persons calling into the PBX to obtain outdial services by
entering a code.  De La Fe admitted that he sold PBX numbers belonging to Bugle
Boy Industries and others to a co-conspirator who used the numbers in a call
sell operation, in which the co-conspirator charged others to make long
distance telephone calls using the PBX numbers.  De La Fe further admitted that
he and his associates used the PBX numbers to obtain free long distance
services for themselves.  De La Fe said that one of the people with whom he
frequently made free long distance conference calls was a person named John
Farrington, who he also knew as "Corrupt."

Rosenfeld, age 21, resides at 2161 Bedford Avenue, Brooklyn, N.Y. Alfredo De La
Fe, age 18, resides at 17 West 90th Street, N.Y. Rosenfeld and De La Fe each
face maximum sentences of five years, imprisonment and maximum fines of the
greater of $250,000, or twice the gross gain or loss incurred.  Both defendants
have been released pending sentence on $20,000 appearance bonds.  Rosenfeld's
sentencing is scheduled for September 9, before Shirley Wohl Kram.  De La Fe's
sentencing is scheduled for August 31, before Conboy.

-----

Contacts:

Federico E. Virella Jr., 212-791-1955, U.S. Attorney's Office, S. N.Y.
Stephen Fishbein, 212-791-1978, U.S. Attorney's Office, S. N.Y.
Betty Conkling, 212-466-4400, U.S. Secret Service
Joseph Valiquette Jr., 212-335-2715, Federal Bureau of Investigation

Editor's Note:  The full 23 page indictment can be found in Computer
                Underground Digest (CUD), issue 4.31 (available at ftp.eff.org
                /pub/cud/cud).
_______________________________________________________________________________

 EFF Issues Statement On New York Computer Crime Indictments       July 9, 1992
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Cambridge, MA -- The Electronic Frontier Foundation (EFF) issued a statement
concerning the indictment of MOD for alleged computer-related crimes.

This statement said, in part, that EFF's "staff counsel in Cambridge, Mike
Godwin is carefully reviewing the indictment."

EFF co-founder and president Mitchell Kapor said "EFF's position on
unauthorized access to computer systems is, and has always been, that it is
wrong.  Nevertheless, we have on previous occasions discovered that allegations
contained in Federal indictments can also be wrong, and that civil liberties
can be easily infringed in the information age.  Because of this, we will be
examining this case closely to establish the facts."

When asked how long the complete trial process might take, assistant U.S.
attorney Fishbein said "I really couldn't make an accurate estimate.  The
length of time period before trial is generally more a function of the
defense's actions than the prosecution's.  It could take anywhere from six
months to a year.
_______________________________________________________________________________

 Feds Tap Into Major Hacker Ring                                  July 13, 1992
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 By Mary E. Thyfault (InformationWeek)(Page 15)

Law enforcement officials are taking the gloves off-and plugging their modems
in-in the battle against computer crime.

In one of the largest such cases ever, a federal grand jury in Manhattan
indicted five computer "hackers" -- part of a group that calls itself MOD, for
Masters of Deception -- on charges of computer tampering, computer fraud, wire
fraud, illegal wiretapping, and conspiracy.

Some of the hackers are accused of stealing phone service and selling
information on how to obtain credit reports.  The victims (a dozen were named
in the indictments, but numerous others are likely to have been hit as well)
include three Baby Bells, numerous credit bureaus, and BankAmerica Corp.

For the first time, investigators used court-authorized wiretaps to monitor
data transmissions over phone lines. The wiretapping comes as the FBI is
unsuccessfully lobbying Congress to mandate that telecom equipment and service
companies build into new technology easier ways for securities agencies to tap
into computer systems.

Ironically, the success of this wiretap, some say, may undermine the FBI's
argument.  "They did this without the equipment they claim they need," says
Craig Neidorf, founder of hacker newsletter Phrack.

If convicted, the alleged hackers-all of whom are under 22 years old-could face
55 years each and a fine of $250,000, or twice the gross gain or loss incurred.
One charged with possessing an access device could face an additional five
years.

The vulnerability of the victims' networks should be surprising, but experts
say corporations continue to pay scant attention to security issues.  For
instance, despite the fact that the credit bureaus are frequent targets of
hackers and claim to have made their networks more secure, in this case, most
of the victims didn't even know they were being hit, according to the FBI.

Two of the victims, value-added network service provider BT Tymnet and telco
Southwestern Bell, both take credit for helping nab the hacker ring.  "We
played an instrumental role in first recognizing that they were there," says
John Guinasso, director of global network security for Tymnet parent BT North
America.  "If you mess with our network and we catch you -- which we always do
-- you will go down."
_______________________________________________________________________________

 Second Thoughts On New York Computer Crime Indictments           July 13, 1992
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 By John F. McMullen (Newsbytes)

NEW YORK -- On Wednesday, July 9th, I sat at a press briefing in New York
City's Federal Court Building during which law enforcement officials presented
details relating to the indictment of 5 young computer "hackers".  In
describing the alleged transgressions of the indicted, United States Assistant
Attorney Stephen Fishbein wove a tale of a conspiracy in which members of an
evil sounding group called the "Masters of Destruction" (MOD) attempted to
wreck havoc with the telecommunications system of the country.

The accused were charged with infiltrating computer systems belonging to
telephone companies, credit bureaus, colleges and defense contractors --
Southwestern Bell, BT North America, New York Telephone, ITT, Information
America, TRW, Trans Union, Pacific Bell, the University of Washington, New York
University, U.S. West, Learning Link, Tymnet and Martin Marietta Electronics
Information and Missile Group.  They were charged with causing injury to the
telephone systems, charging long distance calls to the universities, copying
private credit information and selling it to third parties -- a long list of
heinous activities.

The immediate reaction to the indictments were predictably knee-jerk.  Those
who support any so-called "hacker"-activities mocked the government and the
charges that were presented, forgetting, it seems to me, that these charges are
serious -- one of the accused could face up to 40 years in prison and $2
million in fines; another -- 35 years in prison and $1.5 million in fines.  In
view of that possibility, it further seems to me that it is a wasteful
diversion of effort to get all excited that the government insists on misusing
the word "hacker" (The indictment defines computer hacker as "someone who uses
a computer or a telephone to obtain unauthorized access to other computers.")
or that the government used wiretapping evidence to obtain the indictment (I
think that, for at least the time being that the wiretapping was carried out
under a valid court order; if it were not, the defendants' attorneys will have
a course of action).

On the other hand, those who traditionally take the government and corporate
line were publicly grateful that this threat to our communications life had
been removed -- they do not in my judgement properly consider that some of
these charges may have been ill-conceived and a result of political
considerations.

Both groups, I think, oversimplify and do not give proper consideration to the
wide spectrum of issues raised by the indictment document.  The issues range
from a simple black-and-white case of fraudulently obtaining free telephone
time to the much broader question of the appropriate interaction of technology
and law enforcement.

The most clear cut cases are the charges such as the ones which allege that two
of the indicted, Julio Fernandez a/k/a "Outlaw" and John Lee a/k/a "Corrupt"
fraudulently used the computers of New York University to avoid paying long
distance charges for calls to computer systems in El Paso, Texas and Seattle,
Washington.  The individuals named either did or did not commit the acts
alleged and, if it is proven that they did, they should receive the appropriate
penalty (it may be argued that the 5 year, $250,000 fine maximum for each of
the counts in this area is excessive, but that is a sentencing issue not an
indictment issue).

Other charges of this black-and-white are those that allege that Fernandez
and/or Lee intercepted electronic communications over networks belonging to
Tymnet and the Bank of America.  Similarly, the charge that Fernandez, on
December 4, 1991 possessed hundreds of user id's and passwords of Southwestern
Bell, BT North America and TRW fits in the category of "either he did it or he
didn't."

A more troubling count is the charge that the indicted 5 were all part of a
conspiracy to "gain access to and control of computer systems in order to
enhance their image and prestige among other computer hackers; to harass
and intimidate rival hackers and people they did not like; to obtain telephone,
credit, information, and other services without paying for them; and to obtain
passwords, account numbers and other things of value which they could sell to
others."

To support this allegation, the indictment lists 26, lettered A through Z,
"Overt Acts" to support the conspiracy.  While this section of the indictment
lists numerous telephone calls between some of the individuals, it mentions
the name Paul Stira a/k/a "Scorpion" only twice with both allegations dated
"on or about" January 24, 1990, a full 16 months before the next chronological
incident. Additionally, Stira is never mentioned as joining in any of the
wiretapped conversation -- in fact, he is never mentioned again!  I find it
hard to believe that he could be considered, from these charges, to have
engaged in a criminal conspiracy with any of the other defendants.

Additionally, some of the allegations made under the conspiracy count seem
disproportionate to some of the others.  Mark Abene a/k/a "Phiber Optik" is of
possessing proprietary technical manuals belonging to BT North America while it
is charged that Lee and Fernandez, in exchange for several hundred dollars,
provided both information on how to illegally access credit reporting bureaus
and an actual TRW account and password to a person, Morton Rosenfeld, who later
illegally accessed TRW, obtained credit reports on 176 individuals and sold the
reports to private detective (Rosenfeld, indicted separately, pled guilty to
obtaining and selling the credit reports and named "Julio" and "John" as those
who provided him with the information).  I did not see anywhere in the charges
any indication that Abene, Stira or Elias Ladopoulos conspired with or likewise
encouraged Lee or Fernandez to sell information involving the credit bureaus to
a third party

Another troubling point is the allegation that Fernandez, Lee, Abene and
"others whom they aided and abetted" performed various computer activities
"that caused losses to Southwestern Bell of approximately $370,000."  The
$370,000 figure, according to Assistant United States Attorney Stephen
Fishbein, was developed by Southwestern Bell and is based on "expenses to
locate and replace computer programs and other information that had been
modified or otherwise corrupted, expenses to determine the source of the
unauthorized intrusions, and expenses for new computers and security devices
that were necessary to prevent continued unauthorized access by the defendants
and others whom they aided and abetted."

While there is precedent in assigning damages for such things as "expenses
for new computers and security devices that were necessary to prevent continued
unauthorized access by the defendants and others whom they aided and abetted."
(the Riggs, Darden & Grant case in Atlanta found that the defendants were
liable for such expenses), many feel that such action is totally wrong.  If a
person is found uninvited in someone's house, they are appropriately charged
with unlawful entry, trespassing, burglary -- whatever the statute is for the
transgression; he or she is, however, not charged with the cost of the
installation of an alarm system or enhanced locks to insure that no other
person unlawfully enters the house.

When I discussed this point with a New York MIS manager, prone to take a strong
anti-intruder position, he said that an outbreak of new crimes often results in
the use of new technological devices such as the nationwide installation of
metal detectors in airports in the 1970's.  While he meant this as a
justification for liability, the analogy seems rather to support the contrary
position.  Air line hijackers were prosecuted for all sorts of major crimes;
they were, however, never made to pay for the installation of the metal
detectors or absorb the salary of the additional air marshalls hired to combat
hijacking.

I think the airline analogy also brings out the point that one may both support
justifiable penalties for proven crimes and oppose unreasonable ones -- too
often, when discussing these issues, observers choose one valid position to the
unnecessary exclusion of another valid one.  There is nothing contradictory, in
my view, to holding both that credit agencies must be required to provide the
highest possible level of security for data they have collected AND that
persons invading the credit data bases, no matter how secure they are, be held
liable for their intrusions.  We are long past accepting the rationale that the
intruders "are showing how insecure these repositories of our information are."
We all know that the lack of security is scandalous; this fact, however, does
not excuse criminal behavior (and it should seem evident that the selling of
electronic burglar tools so that someone may copy and sell credit reports is
not a public service).

The final point that requires serious scrutiny is the use of the indictment as
a tool in the on-going political debate over the FBI Digital Telephony
proposal.  Announcing the indictments, Otto G. Obermaier, United States
Attorney for the Southern District of New York, said that this investigation
was "the first investigative use of court-authorized wiretaps to obtain
conversations and data transmissions of computer hackers."  He said that this
procedure was essential to the investigation and that "It demonstrates, I
think, the federal government's ability to deal with criminal conduct as it
moves into new technological areas."  He added that the interception of data
was possible only because the material was in analog form and added "Most of
the new technology is in digital form and there is a pending statute in
Congress which seeks the support of telecommunications companies to allow the
federal government, under court authorization, to intercept digital
transmission.  Many of you may have read the newspaper about the laser
transmission which go through fiber optics as a method of the coming
telecommunications method. The federal government needs the help of Congress
and, indeed, the telecommunications companies to able to intercept digital
communications."

The FBI proposal has been strongly attacked by the American Civil Liberties
Union (ACLU), the Electronic Frontier Foundation (EFF) and Computer
Professionals for Social Responsibility (CPSR) as an attempt to
institutionalize, for the first time, criminal investigations as a
responsibility of the communications companies; a responsibility that they feel
belongs solely to law-enforcement.  Critics further claim that the proposal
will impede the development of technology and cause developers to have to
"dumb-down" their technologies to include the requested interception
facilities.  The FBI, on the other hand, maintains that the request is simply
an attempt to maintain its present capabilities in the face of advancing
technology.

Whatever the merits of the FBI position, it seems that the indictments either
would not have been made at this time or, at a minimum, would not have been
done with such fanfare if it were not for the desire to attempt to drum up
support for the pending legislation.  The press conference was the biggest
thing of this type since the May 1990 "Operation Sun Devil" press conference in
Phoenix, Arizona and, while that conference, wowed us with charges of "hackers"
endangering lives by disrupting hospital procedures and being engaged in a
nationwide, 13 state conspiracy, this one told us about a bunch of New York
kids supposedly engaged in petty theft, using university computers without
authorization and performing a number of other acts referred to by Obermaier as
"anti-social behavior" -- not quite as heady stuff!

It is not to belittle these charges -- they are quite serious -- to question
the fanfare.  The conference was attended by a variety of high level Justice
Department, FBI and Secret Service personnel and veteran New York City crime
reporters tell me that the amount of alleged damages in this case would
normally not call for such a production -- New York Daily News reporter Alex
Michelini publicly told Obermaier "What you've outlined, basically, except for
the sales of credit information, this sounds like a big prank, most of it"
(Obermaier's response -- "Well, I suppose you can characterize that as a prank,
but it's really a federal crime allowing people without authorization to
rummage through the data of other people to which they do not have access and,
as I point out to you again, the burglar cannot be your safety expert.  He may
be inside and laugh at you when you come home and say that your lock is not
particularly good but I think you, if you were affected by that contact, would
be somewhat miffed").  One hopes that it is only the fanfare surrounding the
indictments that is tied in with the FBI initiative and not the indictments
themselves.

As an aside, two law enforcement people that I have spoken to have said that
while the statement that the case is "the first investigative use of court-
authorized wiretaps to obtain conversations and data transmissions of computer
hackers," while probably true, seems to give the impression that the case is
the first one in which data transmission was intercepted.  According to these
sources, that is far from the case -- there have been many instances of
inception of data and fax information by law enforcement officials in recent
years.

I know each of the accused in varying degrees.  The one that I know the best,
Phiber Optik, has participated in panels with myself and law enforcement
officials discussing issues relating to so-called "hacker" crime.  He has also
appeared on various radio and television shows discussing the same issues.  His
high profile activities have made him an annoyance to some in law enforcement.
One hopes that this annoyance played no part in the indictment.

I have found Phiber's presence extremely valuable in these discussions both for
the content and for the fact that his very presence attracts an audience that
might never otherwise get to hear the voices of Donald Delaney, Mike Godwin,
Dorothy Denning and others addressing these issues from quite different vantage
points.  While he has, in these appearances, said that he has "taken chances to
learn things", he has always denied that he has engaged in vandalous behavior
and criticized those who do.  He has also called those who engage in "carding"
and the like as criminals (These statements have been made not only in the
panel discussion, but also on the occasions that he has guest lectured to my
class in "Connectivity" at the New School For Social Research in New York City.
In those classes, he has discussed the history of telephone communications in a
way that has held a class of professionals enthralled by over two hours.

While my impressions of Phiber or any of the others are certainly not a
guarantee of innocence on these charges, they should be taken as my personal
statement that we are not dealing with a ring of hardened criminals that one
would fear on a dark night.

In summary, knee-jerk reactions should be out and thoughtful analysis in!  We
should be insisting on appropriate punishment for lawbreakers -- this means
neither winking at "exploration" nor allowing inordinate punishment.  We should
be insisting that companies that have collected data about us properly protect
-- and are liable for penalties when they do not.  We should not be deflected
from this analysis by support or opposition to the FBI proposal before Congress
-- that requires separate analysis and has nothing to do with the guilt or
innocence of these young men or the appropriate punishment should any guilt be
established.
_______________________________________________________________________________

 New York Hackers Plead Not Guilty                                July 17, 1992
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
New York City -- At an arraignment in New York Federal Court on Thursday, July
16th, the five New York "hackers," recently indicted on charges relating to
alleged computer intrusion, all entered pleas of not guilty and were released
after each signed a personal recognizance (PRB) bond of $15,000 to guarantee
continued appearances in court.

As part of the arraignment process, United States District Judge Richard Owen
was assigned as the case's presiding judge and a pre-trial meeting between the
judge and the parties involved.

Charles Ross, attorney for John Lee, told Newsbytes "John Lee entered a not
guilty plea and we intend to energetically and aggressively defend against the
charges made against him."

Ross also explained the procedures that will be in effect in the case, saying
"We will meet with the judge and he will set a schedule for discovery and the
filing of motions.  The defense will have to review the evidence that the
government has amassed before it can file intelligent motions and the first
meeting is simply a scheduling one."

Majorie Peerce, attorney for Stira, told Newsbytes "Mr. Stira has pleaded not
guilty and will continue to plead not guilty.  I am sorry to see the government
indict a 22 year old college student for acts that he allegedly committed as a
19 year old."

The terms of the PRB signed by the accused require them to remain within the
continental United States.  In requesting the bond arrangement, Assistant
United States Attorney Stephen Fishbein referred to the allegations as serious
and requested the $15,000 bond with the stipulation that the accused have their
bonds co-signed by parents.  Abene, Fernandez and Lee, through their attorneys,
agreed to the bond as stipulated while the attorneys for Ladopoulos and Stira
requested no bail or bond for their clients, citing the fact that their clients
have been available, when requested by authorities, for over a year.  After
consideration by the judge, the same $15,000 bond was set for Ladopoulos and
Stira but no co-signature was required.
_______________________________________________________________________________

 Young Working-Class Hackers Accused of High-Tech Crime           July 23, 1992
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 By Mary B.W. Tabor with Anthony Ramirez (The New York Times)(Page B1, B7)

                        Computer Savvy, With an Attitude

Late into the night, in working-class neighborhoods around New York City, young
men with code names like Acid Phreak and Outlaw sat hunched before their
glowing computer screens, exchanging electronic keys to complex data-processing
systems.  They called themselves the Masters of Deception.  Their mission: to
prove their prowess in the shadowy computer underworld.

Compulsive and competitive, they played out a cybernetic version of "West Side
Story," trading boasts, tapping into telephone systems, even pulling up
confidential credit reports to prove their derring-do and taunt other hackers.
Their frequent target was the Legion of Doom, a hacker group named after a
gang of comic-book villains.  The rivalry seemed to take on class and ethnic
overtones, too, as the diverse New York group defied the traditional image of
the young suburban computer whiz.

But Federal prosecutors say the members of MOD, as the group called itself,
went far beyond harmless pranks.

Facing Federal Charges

On July 16, five young men identified by prosecutors as MOD members pleaded not
guilty to Federal charges including breaking into some of the nation's most
powerful computers and stealing confidential data like credit reports, some of
which were later sold to private investigators.  Prosecutors call it one of the
most extensive thefts of computer information ever reported.

The indictment says the men entered the computer systems of Southwestern Bell,
TRW Information Services and others "to enhance their image and prestige among
other computer hackers; to harass and intimidate rival hackers and other people
they did not like; to obtain telephone, credit, information and other services
without paying for them; and to obtain passwords, account numbers and other
things of value which they could sell to others."

With modems that link their terminals to other computers over ordinary
telephone lines, young hackers have been making mischief for years.  But as the
nation relies more and more on vast networks of powerful computers and as
personal computers become faster and cheaper, the potential for trouble has
soared.  For example, Robert Tappan Morris, a Cornell student, unleashed a
program in 1988 that jammed several thousand computers across the country.

A Polyglot Group

But the world of computer hackers has been changing.  Unlike the typical
hackers of old -- well-to-do suburban youths whose parents could afford costly
equipment -- the Masters of Deception are a polyglot representation of blue-
collar New York: black, Hispanic, Greek, Lithuanian and Italian.  They work
their mischief often using the least expensive computers.

One of the young men, 21-year-old John Lee, who goes by the name Corrupt, has
dreadlocks chopped back into stubby "twists," and lives with his mother in a
dilapidated walk-up in Bedford-Stuyvesant, Brooklyn.  He bounced around
programs for gifted students before dropping out of school in the 11th grade.
Scorpion -- 22-year-old Paul Stira of Queens -- was his class valedictorian at
Thomas A. Edison High School in Queens.  Outlaw -- Julio Fernandez, 18, of the
Bronx -- first studied computers in grade school.

They met not on street corners, but via computer bulletin boards used to swap
messages and programs.

With nothing to identify them on the boards except their nicknames and uncanny
abilities, the young men found the computer the great democratic leveler.

Questions of Profit

There may be another difference in the new wave of hackers.  While the
traditional hacker ethic forbids cruising computer systems for profit, some new
hackers are less idealistic.  "People who say that," said one former hacker, a
friend of the MOD who insisted on anonymity, "must have rich parents.  When you
get something of value, you've got to make money."

Mr. Lee, Mr. Fernandez, Mr. Stira and two others described as MOD members --
20-year-old Mark Abene (Phiber Optik), and 22-year-old Elias Ladopoulos (Acid
Phreak), both of Queens -- were charged with crimes including computer
tampering, computer and wire fraud, illegal wiretapping and conspiracy.  They
face huge fines and up to five years in prison on each of 11 counts.

The youths, on advice of their lawyers, declined to be interviewed.

Prosecutors say they do not know just how and when youthful pranks turned to
serious crime.  Other hackers said the trouble began, perhaps innocently
enough, as a computer war with ethnic and class overtones.

The Masters of Deception were born in a conflict with the Legion of Doom, which
had been formed by 1984 and ultimately included among its ranks three Texans,
one of whom, Kenyon Shulman, is the son of a Houston socialite, Carolyn Farb.

Banished From the Legion

Mr. Abene had been voted into the Legion at one point.  But when he began to
annoy others in the group with his New York braggadocio and refusal to share
information, he was banished, Legion members said.

Meanwhile, a hacker using a computer party line based in Texas had insulted Mr.
Lee, who is black, with a racial epithet.

By 1989, both New Yorkers had turned to a new group, MOD, founded by Mr.
Ladopoulos.  They vowed to replace their Legion rivals as the "new elite."

"It's like every other 18- or 19-year-old who walks around knowing he can do
something better than anyone else can," said Michael Godwin, who knows several
of the accused and is a lawyer for the Electronic Frontier Foundation of
Cambridge, Massachusetts, which provides legal aid for hackers.  "They are
offensively arrogant."

Hacker groups tend to rise and fall within six months or so as members leave
for college, meet girls or, as one former hacker put it, "get a life."  But the
MOD continued to gather new members from monthly meetings in the atrium of the
Citicorp Building in Manhattan and a computer bulletin board called Kaos.
According to a history the group kept on the computer network, they enjoyed
"mischievous pranks," often aimed at their Texas rivals, and the two groups
began sparring.

Texas-New York Sparring

But in June 1990, the three Texas-based Legion members, including Mr. Shulman,
Chris Goggans and Scott Chasin, formed Comsec Data Security, a business
intended to help companies prevent break-ins by other hackers.

Worried that the Texans were acting as police informers, the MOD members
accused their rivals of defaming them on the network bulletin boards.  Several
members, including Mr. Abene, had become targets of raids by the Secret
Service, and MOD members believed the Texans were responsible, a contention the
Texans respond to with "no comment."

But the sparring took on racial overtones as well.  When Mr. Lee wrote a
history of the MOD and left it in the network, Mr. Goggans rewrote it in a jive
parody.

The text that read, "In the early part of 1987, there were numerous amounts of
busts in the U.S. and in New York in particular" became "In de early time part
uh 1987, dere wuz numerous amounts uh busts in de U.S. and in New Yo'k in
particular."

Mr. Goggans said that it was not meant as a racist attack on Mr. Lee.  "It was
just a good way to get under his skin," he said.

Exposing Identities

MOD's activities, according to the indictment and other hackers, began to
proliferate.

Unlike most of the "old generation" of hackers who liked to joyride through the
systems, the New Yorkers began using the file information to harass and
intimidate others, according to prosecutors.  Everything from home addresses to
credit card numbers to places of employment to hackers' real names -- perhaps
the biggest taboo of all -- hit the network.

In the indictment, Mr. Lee and Mr. Fernandez are accused of having a
conversation last fall in which they talked about getting information on how to
alter TRW credit reports to "destroy people's lives or make them look like
saints."

The prosecutors say the youths also went after information they could sell,
though the indictment is not specific about what, if anything, was sold.  The
only such information comes from another case earlier this month in which two
other New York City hackers, Morton Rosenfeld, 21, of Brooklyn, and Alfredo de
la Fe, 18, of Manhattan, pleaded guilty to a conspiracy to use passwords and
other access devices obtained from MOD.  They said they had paid "several
hundred dollars" to the computer group for passwords to obtain credit reports
and then resold the information for "several thousand dollars" to private
investigators.

News Media Attention

Competition for attention from the news media also heated up.  The former
Legion members in Comsec had become media darlings, with articles about them
appearing in Time and Newsweek.  Mr. Abene and Mr. Ladopoulos also appeared on
television or in magazines, proclaiming their right to probe computer systems,
as long as they did no damage.

In one highly publicized incident, during a 1989 forum on computers and privacy
sponsored by Harper's magazine, John Perry Barlow, a freelance journalist and
lyricist for the Grateful Dead, went head to head with Mr. Abene, or Phiber
Optik.  Mr. Barlow called the young  hacker a "punk."

According to an article by Mr. Barlow -- an account that Mr. Abene will not
confirm or deny -- Mr. Abene then retaliated by "downloading" Mr. Barlow's
credit history, displaying it on the computer screens of Mr. Barlow and other
network users.

Skirmishes Subside

"I've been in redneck bars wearing shoulder-length curls, police custody while
on acid, and Harlem after midnight, but no one has ever put the spook in me
quite as Phiber Optik did at that moment," Mr. Barlow wrote.  "To a middle-
class American, one's credit rating has become nearly identical to his
freedom."

In recent months, hackers say, the war has calmed down.  Comsec went out of
business, and several Masters of Deception were left without computers after
the Secret Service raids.

Mr. Abene pleaded guilty last year to misdemeanor charges resulting from the
raids.  On the night before his arrest this month, he gave a guest lecture on
computers at the New School for Social Research.

Mr. Lee says he works part time as a stand-up comic and is enrolled at Brooklyn
College studying film production.

Mr. Stira is three credits shy of a degree in computer science at Polytechnic
University in Brooklyn.  Mr. Fernandez hopes to enroll this fall in the
Technical Computer Institute in Manhattan.  Mr. Ladopoulos is studying at
Queens Community College.

No trial date has been set.

But the battles are apparently not over yet.  A couple of days after the
charges were handed up, one Legion member said, he received a message on his
computer  from Mr. Abene.  It was sarcastic as usual, he said, and it closed,
"Kissy, kissy."

[Editor's Note:  Article included photographs of Phiber Optik, Scorpion,
                 Corrupt, and Outlaw.]
_______________________________________________________________________________

 Frustrated Hackers May Have Helped Feds In MOD Sting             July 20, 1992
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 By James Daly (ComputerWorld)(Page 6)

NEW YORK -- Are hackers beginning to police themselves?  The five men recently
charged with cracking into scores of complex computer systems during the last
two years may have been fingered by other hackers who had grown weary of the
group's penchant for destruction and vindictiveness, members of the hacker
community said.

The arrest of the defendants, whom federal law enforcement officials claimed
were members of a confederation variously called the "Masters of Deception" and
the "Masters of Disaster" (MOD), was cause for celebration in some quarters
where the group is known as a spiteful fringe element.

"Some of these guys were a big pain," said one source who requested anonymity
for fear that unindicted MOD members would plot revenge.  "They used their
skills to harass others, which is not what hacking is all about.  MOD came with
a 'you will respect us' attitude, and no one liked it."

Said another: "In the past few months, there has been a lot of muttering on the
[bulletin] boards about these guys."

In one episode, MOD members reportedly arranged for the modem of a computer at
the University of Louisville in Kentucky to continually dial the home number of
a hacker bulletin board member who refused to grant them greater access
privileges.  A similar threat was heard in Maryland.

In the indictment, the defendants are accused of carrying on a conversation in
early November 1991 in which they sought instructions on how to add and remove
credit delinquency reports "to destroy people's lives . . . or make them look
like a saint."  Unlike many other hacker organizations, the members of MOD
agreed to share important computer information only among themselves and not
with other hackers.

Officials Mum

Who exactly helped the FBI, Secret Service and U.S. Attorney General's Office
prepare a case against the group is still anyone's guess.  Assistant U.S.
Attorney Stephen Fishbein is not saying.  He confirmed that the investigation
into the MOD began in 1990, but he would not elaborate on how or why it was
launched or who participated.  FBI and Secret Service officials were equally
mute.


Some observers said that if the charges are true, the men were not true
"hackers" at all.

"Hacking is something done in the spirit of creative playfulness, and people
who break into computer security systems aren't hackers -- they're criminals,"
said Richard Stallman, president of the Cambridge, Massachusetts-based Free
Software Foundation, a public charity that develops free software.  The
foundation had several files on one computer deleted by a hacker who some
claimed belonged to the MOD.

The MOD hackers are charged with breaking into computer systems at several
regional telephone companies, Fortune 500 firms including Martin Marietta
Corp., universities and credit-reporting concerns such as TRW, Inc., which
reportedly had 176 consumer credit reports stolen and sold to private
investigators.  The 11-count indictment accuses the defendants of computer
fraud, computer tampering, wire fraud, illegal wiretapping and conspiracy.

But some hackers said the charges are like trying to killing ants with a
sledgehammer.  "These guys may have acted idiotically, but this was a stupid
way to get back at them," said Emmanuel Goldstein, editor of 2600, a quarterly
magazine for the hacker community based in Middle Island, New York.

Longtime hackers said the MOD wanted to move into the vacuum left when the
Legion of Doom began to disintegrate in late 1989 and early 1990 after a series
of arrests in Atlanta and Texas.  Federal law enforcement officials have
described the Legion of Doom as a group of about 15 computer enthusiasts whose
members re-routed calls, stole and altered data and disrupted telephone
services.


--------------------------------------------------------------------------------


                                ==Phrack Inc.==

                    Volume Four, Issue Forty, File 14 of 14

              PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN
              PWN                                             PWN
              PWN              Phrack World News              PWN
              PWN                                             PWN
              PWN           Issue 40 / Part 3 of 3            PWN
              PWN                                             PWN
              PWN        Compiled by Datastream Cowboy        PWN
              PWN                                             PWN
              PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN


 Bellcore Threatens 2600 Magazine With Legal Action               July 15, 1992
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
THE FOLLOWING CERTIFIED LETTER HAS BEEN RECEIVED BY 2600 MAGAZINE.  WE WELCOME
ANY COMMENTS AND/OR INTERPRETATIONS.

Leonard Charles Suchyta
General Attorney
Intellectual Property Matters

Emanuel [sic] Golstein [sic], Editor
2600 Magazine
P.O. Box 752
Middle Island, New York 11953-0752

Dear Mr. Golstein:

It has come to our attention that you have somehow obtained and published in
the 1991-1992 Winter edition of 2600 Magazine portions of certain Bellcore
proprietary internal documents.

This letter is to formally advise you that, if at any time in the future you
(or your magazine) come into possession of, publish, or otherwise disclose any
Bellcore information or documentation which either (i) you have any reason to
believe is proprietary to Bellcore or has not been made publicly available by
Bellcore or (ii) is marked "proprietary," "confidential," "restricted," or with
any other legend denoting Bellcore's proprietary interest therein, Bellcore
will vigorously pursue all legal remedies available to it including, but not
limited to, injunctive relief and monetary damages, against you, your magazine,
and its sources.

We trust that you fully understand Bellcore's position on this matter.

Sincerely,


LCS/sms


LCS/CORR/JUN92/golstein.619

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Emmanuel Goldstein Responds
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~
The following reply has been sent to Bellcore.  Since we believe they have
received it by now, we are making it public.

Emmanuel Goldstein
Editor, 2600 Magazine
PO Box 752
Middle Island, NY 11953

July 20, 1992

Leonard Charles Suchyta
LCC 2E-311
290 W. Mt. Pleasant Avenue
Livingston, NJ 07039

Dear Mr. Suchyta:

We are sorry that the information published in the Winter 1991-92 issue of 2600
disturbs you.  Since you do not specify which article you take exception to, we
must assume that you're referring to our revelation of built-in privacy holes
in the telephone infrastructure which appeared on Page 42.  In that piece, we
quoted from an internal Bellcore memo as well as Bell Operating Company
documents. This is not the first time we have done this.  It will not be the
last.

We recognize that it must be troubling to you when a journal like ours
publishes potentially embarrassing information of the sort described above.
But as journalists, we have a certain obligation that cannot be cast aside
every time a large and powerful entity gets annoyed.  That obligation compels
us to report the facts as we know them to our readers, who have a keen interest
in this subject matter.  If, as is often the case, documents, memoranda, and/or
bits of information in other forms are leaked to us, we have every right to
report on the contents therein.  If you find fault with this logic, your
argument lies not with us, but with the general concept of a free press.

And, as a lawyer specializing in intellectual property law, you know that you
cannot in good faith claim that merely stamping "proprietary" or "secret" on a
document establishes that document as a trade secret or as proprietary
information.  In the absence of a specific explanation to the contrary, we must
assume that information about the publicly supported telephone system and
infrastructure is of public importance, and that Bellcore will have difficulty
establishing in court that any information in our magazine can benefit
Bellcore's competitors, if indeed Bellcore has any competitors.

If in fact you choose to challenge our First Amendment rights to disseminate
important information about the telephone infrastructure, we will be compelled
to respond by seeking all legal remedies against you, which may include
sanctions provided for in Federal and state statutes and rules of civil
procedure.  We will also be compelled to publicize your use of lawsuits and the
threat of legal action to harass and intimidate.

Sincerely,

Emmanuel Goldstein

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Exposed Hole In Telephone Network Draws Ire Of Bellcore          July 24, 1992
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 Taken from Communications Daily (Page 5)

                         Anyone Can Wiretap Your Phone

Major security hole in telephone network creates "self-serve" monitoring
feature allowing anyone to listen in on any telephone conversation they choose.
Weakness involves feature called Busy Line Verification (BLV), which allows
phone companies to "break into" conversation at any time.  BLV is used most
often by operators entering conversation to inform callers of emergency
message.  But BLV feature can be used by anyone with knowledge of network's
weakness to set up ad hoc 'wiretap' and monitor conversations, said Emmanuel
Goldstein, editor of 2600 Magazine, which published article in its Winter 1991
issue.

2600 Magazine is noted for finding and exposing weaknesses of
telecommunications.  It's named for frequency of whistle, at one time given
away with Cap'n Crunch cereal, which one notorious hacker discovered could,
when blown into telephone receiver, allow access to open 800 line.  Phone
companies have since solved that problem.

Security risks are outlined in article titled "U.S. Phone Companies Face Built-
In Privacy Hole" that quotes from internal Bellcore memo and Bell Operating Co.
documents: "'A significant and sophisticated vulnerability' exists that could
affect the security and privacy of BLV." Article details how, after following 4
steps, any line is susceptible to secret monitoring.  One document obtained by
2600 said: "There is no proof the hacker community knows about the
vulnerability."

When Bellcore learned of article, it sent magazine harsh letter threatening
legal action.  Letter said that if at any time in future magazine "comes into
possession of, publishes, or otherwise discloses any Bellcore information"
organization will "vigorously pursue all legal remedies available to it
including, but not limited to, injunctive and monetary damages."  Leonard
Suchyta, Bellcore General Attorney for Intellectual Property Matters, said
documents in magazine's possession "are proprietary" and constitute "a trade
secret" belonging to Bellcore and its members -- RBOCs.  He said documents are
"marked with 'Proprietary' legend" and "the law says you can't ignore this
legend, its [Bellcore's] property."  Suchyta said Bellcore waited so long to
respond to publication because "I think the article, as we are not subscribers,
was brought to our attention by a 3rd party."  He said this is first time he
was aware that magazine had published such Bellcore information.

But Goldstein said in reply letter to Bellcore: "This is not the first time we
have done this.  It will not be the last."  He said he thinks Bellcore is
trying to intimidate him, "but they've come up against the wrong publication
this time."  Goldstein insisted that documents were leaked to his magazine:
"While we don't spread the documents around, we will report on what's contained
within."  Suchyta said magazine is obligated to abide by legend stamped on
documents.  He said case law shows that the right to publish information hinges
on whether it "has been lawfully acquired.  If it has a legend on it, it's sort
of hard to say it's lawfully acquired."

Goldstein said he was just making public what already was known: There's known
privacy risk because of BLV weakness: "If we find something out, our first
instinct is to tell people about it.  We don't keep things secret."  He said
information about security weaknesses in phone network "concerns everybody."
Just because Bellcore doesn't want everyone to know about its shortcomings and
those of telephone network is hardly reason to stifle that information,
Goldstein said.  "Everybody should know if their phone calls can be listened in
on."

Suchyta said that to be considered "valuable," information "need not be of
super, super value," like proprietary software program "where you spent
millions of dollars" to develop it.  He said information "could well be your
own information that would give somebody an advantage or give them some added
value they wouldn't otherwise have had if they had not taken it from you."
Goldstein said he was "sympathetic" to Bellcore's concerns but "fact is, even
when such weaknesses are exposed, [phone companies] don't do anything about
them."  He cited recent indictments in New York where computer hackers were
manipulating telephone, exploiting weaknesses his magazine had profiled long
ago.  "Is there any security at all [on the network]?" he said.  "That's the
question we have to ask ourselves."

Letter from Bellcore drew burst of responses from computer community when
Goldstein posted it to electronic computer conference.  Lawyers specializing in
computer law responded, weighing in on side of magazine.  Attorney Lance Rose
said: "There is no free-floating 'secrecy' right . . . Even if a document says
'confidential' that does not mean it was disclosed to you with an understanding
of confidentiality -- which is the all-important question."  Michael Godwin,
general counsel for Electronic Frontier Foundation, advocacy group for the
computer community, said: "Trade secrets can qualify as property, but only if
they're truly trade secrets.  Proprietary information can (sort of) qualify as
property if there's a breach of a fiduciary duty."  Both lawyers agreed that
magazine was well within its rights in publishing information.  "If Emmanuel
did not participate in any way in encouraging or aiding in the removal of the
document from Bellcore . . . that suggests he wouldn't be liable," Godwin said.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Bellcore And 2600 Dispute Publishing Of Article                  July 27, 1992
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 By Barbara E. McMullen & John F. McMullen (Newsbytes)

MIDDLE ISLAND, NY -- Eric Corley a/k/a "Emmanuel Goldstein", editor and
publisher of 2600 Magazine: The Hacker Quarterly, has told Newsbytes that he
will not be deterred by threats from Bellcore from publishing material which he
considers important for his readership.

Earlier this month, Corley received a letter (addressed to "Emanuel Golstein")
from Leonard Charles Suchyta, General Attorney, Intellectual Property Matters
at Bellcore taking issue with the publication by 2600 of material that Suchyta
referred to as "portions of certain Bellcore proprietary internal documents."

The letter continued "This letter is to formally advise you that, if at any
time in the future you (or your magazine) come into possession of, publish, or
otherwise disclose any Bellcore information or documentation which either (i)
you have any reason to believe is proprietary to Bellcore or has not been made
publicly available by Bellcore or (ii) is marked "proprietary," "confidential,"
"restricted," or with any other legend denoting Bellcore's proprietary interest
therein, Bellcore will vigorously pursue all legal remedies available to it
including, but not limited to, injunctive relief and monetary damages, against
you, your magazine, and its sources."

While the letter did not mention any specific material published by 2600,
Corley told Newsbytes that he believes that Suchyta's letter refers to an
article entitled "U.S. Phone Companies Face Built-In Privacy Hole".that appears
on page 42 of the Winter 1991 issue.  Corley said "What we published was
derived from a 1991 internal Bellcore memo as well as Bell Operating Company
documents that were leaked to us.  We did not publish the documents.  However,
we did read what was sent to us and wrote an article based upon that.  The
story focuses on how the phone companies are in an uproar over a 'significant
and sophisticated vulnerability' that could result in BLV (busy line
verification) being used to listen in on phone calls."

The 650-word article said, in part, "By exploiting a weakness, it's possible
to remotely listen in on phone conversations at a selected telephone number.
While the phone  companies can do this any time they want, this recently
discovered self-serve monitoring feature has created a telco crisis of sorts."

The article further explained how people might exploit the security hole,
saying "The intruder can listen in on phone calls by following these four
steps:

"1. Query the switch to determine the Routing Class Code assigned to the BLV
    trunk group.
"2. Find a vacant telephone number served by that switch.
"3. Via recent change, assign the Routing Class Code of the BLV trunks to the
    Chart Column value of the DN (directory number) of the vacant telephone
    number.
"4. Add call forwarding to the vacant telephone number (Remote Call Forwarding
    would allow remote definition of the target telephone number while Call
    Forwarding Fixed would only allow the specification of one target per
    recent change message or vacant line)."

"By calling the vacant phone number, the intruder would get routed to the BLV
trunk group and would then be connected on a "no-test vertical" to the target
phone line in a bridged connection."

The article added "According to one of the documents, there is no proof that
the hacker community knows about the vulnerability.  The authors did express
great concern over the publication of an article entitled 'Central Office
Operations - The End Office Environment' which appeared in the electronic
newsletter Legion of Doom/Hackers Technical Journal.  In this article,
reference is made to the 'No Test Trunk'."

The article concludes "even if hackers are denied access to this "feature",
BLV networks will still have the capability of being used to monitor phone
lines.  Who will be monitored and who will be listening are two forever
unanswered questions."

Corley responded to to Suchyta's letter on July 20th, saying "I assume that
you're referring to our revelation of built-in privacy holes in the telephone
infrastructure which appeared on Page 42.  In that piece, we quoted from an
internal Bellcore memo as well as Bell Operating Company documents.  This is
not the first time we have done this.  It will not be the last.

"We recognize that it must be troubling to you when a journal like ours
publishes potentially embarrassing information of the sort described above.
But as journalists, we have a certain obligation that cannot be cast aside
every time a large and powerful entity gets annoyed.  That obligation compels
us to report the facts as we know them to our readers, who have a keen interest
in this subject matter.  If, as is often the case, documents, memoranda, and/or
bits of information in other forms are leaked to us, we have every right to
report on the contents therein.  If you find fault with this logic, your
argument lies not with us, but with the general concept of a free press.

"And, as a lawyer specializing in intellectual property law, you know that
you cannot in good faith claim that merely stamping "proprietary" or "secret"
on a document establishes that document as a trade secret or as proprietary
information.  In the absence of a specific explanation to the contrary, we must
assume that information about the publicly supported telephone system and
infrastructure is of public importance, and that Bellcore will have difficulty
establishing in court that any information in our magazine can benefit
Bellcore's competitors, if indeed Bellcore has any competitors.

"If in fact you choose to challenge our First Amendment rights to disseminate
important information about the telephone infrastructure, we will be compelled
to respond by seeking all legal remedies against you, which may include
sanctions provided for in Federal and state statutes and rules of civil
procedure.  We will also be compelled to publicize your use of lawsuits and the
threat of legal action to harass and intimidate.

  Sincerely,
  Emmanuel Goldstein"

Corley told Newsbytes "Bellcore would never have attempted this with the New
York Times.  They think that it would, however, be easy to shut us up by simple
threats because of our size.  They are wrong.  We are responsible journalists;
we know the rules and we abide by them.  I will, by the way, send copies of the
article in question to anyone who request it.  Readers may then judge for
themselves whether any boundaries have been crossed."

Corley, who hosts the weekly "Off the Hook" show on New York City's WBAI radio
station, said that he had discussed the issue on the air and had received
universal support from his callers.  Corley also told Newsbytes, that, although
he prefers to be known by his nomme de plume (taken from  George Orwell's
1984), he understands that the press fells bound to use his actual name.  He
said that, in the near future, he will "end the confusion by having my name
legally changed."

Bellcore personnel were unavailable for comment on any possible response to
Corley's letter.
_______________________________________________________________________________

 Interview With Ice Man And Maniac                                July 22, 1992
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 By Joshua Quittner (New York Newsday)(Page 83)

Ice Man and Maniac are two underground hackers in the New England area that
belong to a group known as Micro Pirates, Incorporated.  They agreed to be
interviewed if their actual identities were not revealed.

[Editor's Note:  They are fools for doing this, especially in light of how
                 Phiber Optik's public media statements and remarks will
                 ultimately be used against him.]

Q: How do you define computer hacking?

Maniac:  Hacking is not exploration of computer systems.  It's more of an
         undermining of security.  That's how I see it.

Q: How many people are in your group, Micro Pirates Incorporated?

Ice Man: Fifteen or 14.

Maniac:  We stand for similar interests.  It's an escape, you know.  If I'm not
         doing well in school, I sit down on the board and talk to some guy in
         West Germany, trade new codes of their latest conquest.  Escape.
         Forget about the real world.

Ice Man. It's more of a hobby.  Why do it?  You can't exactly stop.  I came
         about a year-and-a-half ago, and I guess you could say I'm one of the
         ones on a lower rung, like in knowledge.  I do all the -- you wouldn't
         call it dirty work -- phone calls.  I called you -- that kind of
         thing.

Q: You're a "social engineer"?

Ice Man: Social engineering -- I don't know who coined the term.  It's using
         conversation to exchange information under false pretenses.  For
         example, posing as a telecommunications employee to gain more
         knowledge and insight into the different [phone network] systems.

Q: What social engineering have you done?

Maniac:  We hacked into the system that keeps all the grades for the public
         school system.  It's the educational mainframe at Kingsborough
         Community College.  But we didn't change anything.

Ice Man: They have the mainframe that stores all the schedules, Regents scores,
         ID numbers of all the students in the New York high school area.  You
         have to log in as a school, and the password changes every week.

Q: How did you get the password?

Ice Man: Brute force and social engineering.  I was doing some social
         engineering in school.  I was playing the naive person with an
         administrator, asking all these questions toward what is it, where is
         it and how do you get in.
 
Q: I bet you looked at your grades.  How did you do?

Ice Man: High 80s.

Q. And you could have changed Regents scores?

Ice Man: I probably wouldn't have gotten away with it, and I wouldn't say I
         chose not to on a moral basis.  I'd rather say on a security basis.

Q: What is another kind of social engineering?

Maniac:  There's credit-card fraud and calling-card fraud.  You call up and
         say, "I'm from the AT&T Corporation.  We're having trouble with your
         calling-card account.  Could you please reiterate to us your four-
         digit PIN number?"  People, being kind of God-fearing -- as AT&T is
         somewhat a God -- will say, "Here's my four-digit PIN number."

Q:  Hackers from another group, MOD, were arrested recently and charged with,
    among other things, selling inside information about how to penetrate
    credit bureaus.  Have you cleaned up your act?

Maniac:  We understand the dangers of it now.  We're not as into it.  We
         understand what people go through when they find out a few thousand
         dollars have been charged to their credit-card account.

Q: Have you hacked into credit bureaus?

Ice Man: We were going to look up your name.

Maniac:  CBI [Credit Bureau International, owned by Equifax, one of the largest
         national credit bureaus], is pretty insecure, to tell you the truth.

Q: Are you software pirates, too?

Maniac: Originally.  Way back when.

Ice Man: And then we branched out and into the hacking area.  Software piracy
         is, in the computer underground, the biggest thing.  There are groups
         like THG and INC, which are international.  THG is The Humble Guys.
         INC is International Network of Crackers, and I've recently found out
         that it's run by 14 and 15-year-olds.  They have people who work in
         companies, and they'll take the software and they'll crack it -- the
         software protection -- and then distribute it.

Q: Are there many hacking groups in New York?

Maniac:  Three or four.  LOD [the Legion of Doom, named by hacker Lex Luthor],
         MOD, MPI and MOB [Men of Business].

Q: How do your members communicate?

Ice Man: The communication of choice is definitely the modem [to access
         underground electronic bulletin boards where members leave messages
         for each other or "chat" in real time].  After that is the voice mail
         box [VMB].  VMBs are for communications between groups.

         A company, usually the same company that has beepers and pagers and
         answering services, has a voice-mail-box service.  You call up [after
         hacking out an access code that gives the user the ability to create
         new voice mail boxes on a system] and can enter in a VMB number.
         Occasionally they have outdial capabilities that allow you to call
         anywhere in the world.  I call about five every day.  It's not really
         my thing.

Q: Is your group racially integrated?

Ice Man: Half of them are Asian.  Also we have, I think, one Hispanic.  I never
         met him.  Race, religion -- nobody cares.  The only thing that would
         alienate you in any way would be if you were known as a lamer.  If you
         just took, took, took and didn't contribute to the underground.  It's
         how good you are, how you're respected.

Maniac:  We don't work on a racial basis or an ethnic basis.  We work on a
         business basis.  This is an organized hobby.  You do these things for
         us and you get a little recognition for it.

Ice Man: Yeah.  If you're a member of our group and you need a high-speed
         modem, we'll give you one, on a loan basis.

Q: How does somebody join MPI?

Maniac:  They have to contact either of us on the boards.

Ice Man: And I'll go through the whole thing [with them], validating them,
         checking their references, asking them questions, so we know what
         they're talking about.  And if it's okay, then we let them in.  We
         have members in 516, 718, 212, 201, 408, and 908.  We're talking to
         someone in Florida, but he's not a member yet.

Q: Are any MPI members in other hacking groups?

Ice Man: I know of no member of MPI that is in any other group.  I wouldn't
         call it betrayal, but it's like being in two secret clubs at one time.
         I would want them faithful to my group, not any other group.  There is
         something called merging, a combination of both groups that made them
         bigger and better.  A lot of piracy groups did that.

Q: Aren't you concerned about breaking the law?

Maniac:  Breaking the law?  I haven't gotten caught.  If I do get caught, I
         won't be stupid and say I was exploring -- I'm not exploring.  I'm
         visiting, basically.  If you get caught, you got to serve your time.
         I'm not going to fight it.
_______________________________________________________________________________

 FBI Unit Helps Take A Byte Out Of Crime                          July 15, 1992
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 By Bill Gertz (The Washington Times)(Page A4)

FBI crime busters are targeting elusive computer criminals who travel the world
by keyboard, telephone and  computer  screen and use such code names as "Phiber
Optik," "Masters of Disaster," "Acid Phreak" and "Scorpion."

"Law enforcement across the board recognizes that this is a serious emerging
crime problem, and it's only going to continue to grow in the future," said
Charles L. Owens, chief of the FBI's economic crimes unit.

Last week in New York, federal authorities unsealed an indictment against five
computer hackers, ages 18 to 22, who were charged with stealing long-distance
phone service and credit bureau information and who penetrated a wide variety
of computer networks.

The FBI is focusing its investigations on major intrusions into banking and
government computers and when the objective is stealing money, Mr. Owens said
in an interview.

FBI investigations of computer crimes have doubled in the past year, he said,
adding that only about 11 percent to 15 percent of computer crimes are reported
to law enforcement agencies.  Because of business or personal reasons, victims
often are reluctant to come forward, he said.

Currently, FBI agents are working on more than 120 cases, including at least
one involving a foreign intelligence agency.  Mr. Owens said half of the active
cases involve hackers operating overseas, but he declined to elaborate.

The FBI has set up an eight-member unit in its Washington field office devoted
exclusively to solving computer crimes.

The special team, which includes computer scientists, electrical engineers and
experienced computer system operators, first handled the tip that led to the
indictment of the five hackers in New York, according to agent James C. Settle,
who directs the unit.

Computer criminals, often equipped with relatively unsophisticated Commodore 64
or Apple II computers, first crack into international telephone switching
networks to make free telephone calls anywhere in the world, Mr. Settle said.

Hackers then can spend up to 16 hours a day, seven days a week, breaking into
national and international computer networks such as the academic-oriented
Internet, the National Aeronautics and Space Administration's Span-Net and the
Pentagon's Milnet.

To prevent being detected, unauthorized computer users "loop and weave" through 
computer networks at various locations in the process of getting information.

"A lot of it is clearly for curiosity, the challenge of breaking into systems,"
Mr. Settle said.  "The problem is that they can take control of the system."

Also, said Mr. Owens, computer hackers who steal such information from
commercial data banks may turn to extortion as a way to make money.

Mr. Settle said there are also "indications" that computer criminals are
getting involved in industrial espionage.

The five hackers indicted in New York on conspiracy, computer-fraud, computer
tampering, and wire-fraud charges called themselves "MOD," for Masters of
Deception or Masters of Disaster.

The hackers were identified in court papers as Julio Fernandez, 18, John Lee,
21, Mark Abene, 20, Elias Ladopoulos, 22, and Paul Stira, 22.  All live in the
New York City area.

Mr. Fernandez and Mr. Lee intercepted data communications from a computer
network operated by the Bank of America, court papers said.

They also penetrated a computer network of the Martin Marietta Electronics
Information and Missile Group, according to the court documents.

The hackers obtained personal information stored in credit bureau computers,
with the intention of altering it "to destroy people's lives or make them look
like saints," the indictment stated.
_______________________________________________________________________________

 And Today's Password Is...                                        May 26, 1992
 ~~~~~~~~~~~~~~~~~~~~~~~~~~
 By Robert Matthews (The Daily Telegraph)(page 26)

                  "Ways Of Keeping Out The Determined Hacker"

One of the late Nobel Prize-winning physicist Richard Feynman's favorite
stories was how he broke into top-secret atomic bomb files at Los Alamos by
guessing that the lock combination was 271828, the first six digits of the
mathematical constant "e".  Apart from being amusing, Feynman's anecdote stands
as a warning to anyone who uses dates, names or common words for their computer
password.

As Professor Peter Denning, of George Mason University, Virginia, points out in
American Scientist, for all but the most trivial secrets, such passwords simply
aren't good enough.  Passwords date back to 1960, and the advent of time-
sharing systems that allowed lots of users access to files stored on a central
computer.  It was not long before the standard tricks for illicitly obtaining
passwords emerged:  Using Feynman-style educated guessing, standing behind
computer users while they typed in their password or trying common system
passwords like "guest" or "root".  The biggest security nightmare is, however,
the theft of the user-password file, which is used by the central computer to
check any password typed in.

By the mid-1970s, ways of tackling this had been developed.  Using so-called
"one-way functions", each password was encrypted in a way that cannot be
unscrambled.  The password file then contains only apparently meaningless
symbols, of no obvious use to the would-be hacker.  But, as Denning warns, even
this can be beaten if passwords are chosen sloppily.  Instead of trying to
unscramble the file, hackers can simply feed common names and dates -- or even
the entire English dictionary -- through the one-way function to see if the end
result matches anything on the scrambled password file.  Far from being a
theoretical risk, this technique was used during the notorious Project
Equalizer case in 1987, when KGB-backed hackers in Hanover broke the passwords
of Unix-based computers in America.

Ultimately, the only way to solve the password problem is to free people of
their fear of forgetting more complex ones.  The long-term solution, says
Denning, probably lies with the use of smart-card technology.  One option is a
card which generates different passwords once a minute, using a formula based
on the time given by an internal clock.  The user then logs on using this
password.  Only if the computer confirms that the password corresponds to the
log-on time is the user allowed to continue.  Another smart-card technique is
the "challenge-response" protocol.  Users first log on to their computer under
their name, and are then "challenged" by a number appearing on the screen.
Keying this into their smart card, a "response number" is generated by a
formula unique to each smart card.  If this number corresponds to the response
expected from a particular user's smart card, the computer allows access.  A
number of companies are already marketing smart-card systems, although the
technology has yet to become popular.

In the meantime, Denning says that avoiding passwords based on English words
would boost security.  He highlights one simple technique for producing non-
standard words that are nonetheless easy to remember: "Pass-phrases".  For
this, one merely invents a nonsensical phrase like "Martin says Unix gives gold
forever", and uses the first letter of each word to generate the password:
MSUGGF.  Such a password will defeat hackers, even if the password file is
stolen, as it does not appear in any dictionary.  However, Denning is wary of
giving any guarantees.  One day, he cautions, someone may draw up a
computerized dictionary of common phrases.  "The method will probably be good
for a year or two, until someone who likes to compile these dictionaries starts
to attack it."
_______________________________________________________________________________

 Outgunned "Computer Cops" Track High-Tech Criminals               June 8, 1992
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 By Tony Rogers (Associated Press)

BOSTON -- The scam was simple.  When a company ordered an airline ticket on its
credit card, a travel agent entered the card number into his computer and
ordered a few extra tickets.

The extra tickets added up and the unscrupulous agent sold them for thousands
of dollars.

But the thief eventually attracted attention and authorities called in Robert
McKenna, a prosecutor in the Suffolk County district attorney's office.  He is
one of a growing, but still outgunned posse of investigators who track high-
tech villains.

After the thief put a ticket to Japan on a local plumbing company's account, he
was arrested by police McKenna had posing as temporary office workers.  He was
convicted and sentenced to a year in prison.

But the sleuths who track high-tech lawbreakers say too many crimes can be
committed with a computer or a telephone, and too few detectives are trained to
stop them.

"What we've got is a nuclear explosion and we're running like hell to escape
the blast.  But it's going to hit us," said Chuck Jones, who oversees high-tech
crime investigations at the California Department of Justice.

The problem is, investigators say, computers have made it easier to commit
crimes like bank fraud.  Money transfers that once required signatures and
paperwork are now done by pressing a button.

But it takes time to train a high-tech enforcer.

"Few officers are adept in investigating this, and few prosecutors are adept
in prosecuting it," Jones said.

"You either have to take a cop and make him a computer expert, or take a
computer expert and make him a cop.  I'm not sure what the right approach is."

In recent high-tech crimes:

- Volkswagen lost almost $260 million because of an insider computer scam
  involving phony currency exchange transactions.

- A former insurance firm employee in Fort Worth, Texas, deleted more than
  160,000 records from the company's computer. 

- A bank employee sneaked in a computer order to Brinks to deliver 44
  kilograms of gold to a remote site, collected it, then disappeared.

Still, computer cops have their successes.

The Secret Service broke up a scheme to make counterfeit automatic teller
machine cards that could have netted millions.

And Don Delaney, a computer detective for the New York State Police, nabbed
Jaime Liriano, who cracked a company's long-distance phone system.

Many company phone systems allow employes to call an 800 number, punch in a
personal identification number and then make long-distance calls at company
expense.

Some computer hackers use automatic speed dialers -- known as "demon dialers"
-- to dial 800 numbers repeatedly and try different four-digit numbers until
they crack the ID codes.  Hackers using this method stole $12 million in phone
service from NASA.

Liriano did it manually, calling the 800 number of Data Products in
Wallingford, Connecticut, from his New York City apartment.  He cracked the
company's code in two weeks.

Liriano started selling the long distance service -- $10 for a 20-minute call
anywhere -- and customers lined up inside his apartment.

But Delaney traced the calls and on March 10, he and his troopers waited
outside Liriano's apartment.  On a signal from New York Telephone, which was
monitoring Liriano's line, the troopers busted in and caught him in the act.

Liriano pleaded guilty to a misdemeanor of theft of services, and was
sentenced to three years' probation and community service.

Data Products lost at least $35,000.  "And we don't know what he made,"
Delaney said of Liriano.
_______________________________________________________________________________

 Who Pays For Calls By Hackers?                                   June 12, 1992
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 By Kent Gibbons (The Washington Times)(Page C1)

ICF International Inc. doesn't want to pay $82,000 for unauthorized calls by
hackers who tapped the company's switchboard.

AT&T says the Fairfax engineering firm owns the phone system and is responsible
for the calls, mostly to Pakistan.

Now their dispute and others like it are in Congress' lap.  A House
subcommittee chairman believes a law is needed to cap the amount a company can
be forced to pay for fraudulent calls, the same way credit card users are
protected.

Edward Markey, the Massachusetts Democrat who held hearings on the subject
said long-distance carriers and local telephone companies should absorb much of
those charges.

Victims who testified said they didn't know about the illegal calls until the
phone companies told them, sometimes weeks after strange calling patterns
began.  But since the calls went through privately owned switchboards before
entering the public telephone network, FCC rules hold the switchboard owners
liable.

"This is one of the ongoing dilemmas caused by the breakup of AT&T," Mr. Markey
said.  Before the 1984 Bell system breakup, every stage of a call passed
through the American Telephone & Telegraph Co. network and AT&T was liable for
fraudulent calls.

Estimates of how much companies lose from this growing form of telephone fraud
range from $300 million to more than $2 billion per year.

The range is so vast because switchboard makers and victims often don't report
losses to avoid embarrassment or further fraud, said James Spurlock of the
Federal Communications Commission.

Long-distance carriers say they have stepped up their monitoring of customer
calls to spot unusual patterns such as repeated calls to other countries in a
short period.  In April, Sprint Corp. added other protective measures,
including, for a $100 installation charge and $100 monthly fee, a fraud
liability cap of $25,000 per incident.

AT&T announced a similar plan last month.

Robert Fox, Sprint assistant vice president of security, said the new plans cut
the average fraud claim from more than $20,000 in the past to about $2,000
during the first five months of this year.

But the Sprint and AT&T plans don't go far enough, Mr. Markey said.

ICF's troubles started in March 1988.  At the time, the portion of ICF that was
hit by the fraud was an independent software firm in Rockville called Chartways
Technologies Inc.  ICF bought Chartways in April 1991.

As with most cases of fraud afflicting companies with private phone systems,
high-tech bandits broke into the Chartways switchboard using a toll-free number
set up for the company's customers.

Probably aided by a computer that randomly dials phone numbers, the hackers
got through security codes to obtain a dial tone to make outside calls.

The hackers used a fairly common feature some companies offer out-of-town
employees to save on long-distance calls.  Ironically, Chartways never used the
feature because it was too complicated, said Walter Messick, ICF's manager of
contract administration.

On March 31, AT&T officials told Chartways that 757 calls were made to Pakistan
recently, costing $42,935.

The phone bill arrived later that day and showed that the Pakistan calls had
begun 11 days before, Mr.Messick said.

Because of the Easter holiday and monitoring of calls by Secret Service agents,
ICF's outside-calling feature was not disconnected until April 4.  By then, ICF
had racked up nearly $82,000 in unauthorized calls.

A year ago, the FCC's Common Carrier Bureau turned down ICF's request to erase
the charges.  The full commission will hear an appeal this fall.
_______________________________________________________________________________

 Dutch Hackers Feel Data Security Law Will Breed Computer Crime    July 7, 1992
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 By Oscar Kneppers (ComputerWorld Netherland)

HAARLEM, the Netherlands -- Dutch hackers will be seriously reprimanded for
breaking and entering computer systems, if a new law on computer crime is
passed in the Netherlands.

Discussed recently in Dutch parliament and under preparation for more than two
years, the proposed law calls hacking "a crime against property."  It is
expected to be made official in next spring at the earliest and will consist of
the following three parts:

-  The maximum penalty for hackers who log on to a secured computer system
   would be six months' imprisonment.

-  If they alter data in the system, they could spend up to four years in
   prison.

- Those who illegally access a computer system that serves a "common use" --
  like that in a hospital or like a municipal population database -- could soon
  risk a prison sentence of six years.

This pending law does not differentiate between computer crimes committed
internally or externally from an office.  For example, cracking the password of
a colleague could lead to prosecution.

Hackers believe this law will only provoke computer crime, because the hackers
themselves will no longer offer "cheap warnings" to a computer system with poor
security.

Rop Gonggrijp, who is sometimes called the King of Hacking Holland, and is
currently editor-in-chief of Dutch computer hacker magazine "Hack-tic" warns
that this law could produce unexpected and unwanted results.

"Students who now just look around in systems not knowing that it [this
activity] is illegal could then suddenly end up in jail," he said.  Gonggrijp
equates hacking to a big party, where you walk in uninvited.

Gonggrijp is concerned about the repercussions the new law may have on existing
hackers.  He said he thinks the current relationship between computer hackers
and systems managers in companies is favorable.  "[Hackers] break into, for
example, an E-mail system to tell the systems manager that he has to do
something about the security.  If this law is introduced, they will be more
careful with that [move].  The cheap warning for failures in the system will,
therefore, no longer take place, and you increase chances for so-called real
criminals with dubious intentions," he added.

According to a spokesman at the Ministry of Justice in The Hague, the law gives
the Dutch police and justice system a legal hold on hackers that they currently
lack.

"Computer criminals [now] have to be prosecuted via subtle legal tricks and
roundabout routes.  A lot of legal creativity was [previously] needed.  But
when this law is introduced, arresting the hackers will be much easier," he
said.

The Dutch intelligence agency Centrale Recherche Informatiedienst (CRI) in The
Hague agreed with this.  Ernst Moeskes, CRI spokesman, said, "It's good to see
that we can handle computer crime in a directed way now."
_______________________________________________________________________________

 PWN Quicknotes
 ~~~~~~~~~~~~~~
1.  Printer Avoids Jail In Anti-Hacking Trial (By Melvyn Howe, Press
    Association Newsfile, June 9, 1992) -- A printer avoided a jail sentence
    in Britain's first trial under anti-hacking legislation.  Freelance
    typesetter Richard Goulden helped put his employers out of business with a
    pirate computer program -- because he said they owed him L2,275 in back
    pay.  Goulden, 35, of Colham Avenue, Yiewsley, west London, was
    conditionally discharged for two years after changing his plea to guilty on
    the second day of the Southwark Crown Court hearing.  He was ordered to pay
    L1,200 prosecution costs and L1,250 compensation to the company's
    liquidators.  Goulden had originally denied the charge of unauthorized
    modification of computer material under the 1990 Computer Misuse Act.
    After his change of plea Judge John Hunter told him:  "I think it was plain
    at a very early stage of these proceedings that you had no defence to this
    allegation." Mr. Warwick McKinnon, prosecuting, told the jury Goulden added
    a program to a computer belonging to Ampersand Typesetters, of Camden,
    north-west London, in June last year which prevented the retrieval of
    information without a special password.  Three months later the company
    "folded".  Mr Jonathan Seitler, defending, said Goulden had changed his
    plea after realizing he had inadvertently broken the law.
_______________________________________________________________________________

2. ICL & GM Hughes In Joint Venture To Combat Computer Hackers (Extel Examiner,
   June 15, 1992) -- General Motors Corporation unit, Hughes STX, and ICL have
   set up a joint venture operation offering ways of combating computer
   hackers.  Hughes STX is part of GM's GM Hughes Electronics Corporation
   subsidiary.  ICL is 80% owned by Fujitsu.  Industry sources say the venture
   could reach $100 million in annual sales within four years.
_______________________________________________________________________________

3.  Another Cornell Indictment (Ithaca Journal, June 17, 1992) -- Mark Pilgrim,
    David Blumenthal, and Randall Swanson -- all Cornell students -- have each
    been charged with 4 felony counts of first-degree computer tampering, 1
    count of second-degree computer tampering, and 7 counts of second-degree
    attempted computer tampering in connection with the release of the MBDF
    virus to the Internet and to various BBSs.

    David Blumenthal has also been charged with two counts of second-degree
    forgery and two counts of first-degree falsifying business records in
    connection with unauthorized account creation on Cornell's VAX5 system.  He
    was also charged with a further count of second-degree computer tampering
    in connection with an incident that occurred in December of 1991.
_______________________________________________________________________________

4. Computer Watchdogs Lead Troopers To Hacker (PR Newswire, July 17, 1992) --
   Olympia, Washington -- State Patrol detectives served a search warrant at an
   East Olympia residence Thursday evening, July 16, and confiscated a personal
   computer system, programs and records, the Washington State Patrol said.

   The resident, who was not on the premises when the warrant was served, is
   suspected of attempts to break into computer files at the Department of
   Licensing and the State Insurance Commissioner's office.

   The "hacker's" attempts triggered computerized security devices which
   alerted officials someone was attempting to gain access using a telephone
   modem.  Patrol detectives and computer staff monitored the suspect's
   repeated attempts for several weeks prior to service of the warrant.

   Placement of a telephone call by a non-recognized computer was all that was
   required to trigger the security alert.  The internal security system then
   stored all attempted input by the unauthorized user for later retrieval and
   use by law enforcement.  Integrity of the state systems was not breached.

   The investigation is continuing to determine if several acquaintances may be
   linked to the break in.  Charges are expected to be filed as early as next
   week in the case.

   CONTACT: Sgt. Ron Knapp of the Washington State Patrol, (206)459-6413
_______________________________________________________________________________

5. UPI reports that the 313 NPA will split to a new 810 NPA effective
   August 10, 1994.

   Oakland, Macomb, Genesee, Lapeer, St. Clair and Sanilac counties as well as
   small sections of Saginaw, Shiawassee and Livingston counties will go into
   810.  Wayne, Washtenaw, Monroe, and small parts of Jackson and Lenawee
   counties will remain in 313.  The city of Detroit is in Wayne County and
   won't change.
_______________________________________________________________________________


--------------------------------------------------------------------------------