Computer underground Digest Sun Oct 31, 1992 Volume 4 : Issue 54

Computer underground Digest Sun Oct 31, 1992 Volume 4 : Issue 54

Editors: Jim Thomas and Gordon Meyer ([email protected])
Archivist: Brendan Kehoe
Shadow-Archivists: Dan Carosone / Paul Southworth / Ralph Sims
Copy Editor: Etaion Shrdleaux, Sr.

CONTENTS, #4.54 (Oct 31, 1992)
File 1--Two New Shadows
File 2--Some comments on NBC Dateline's "Hacker" Segment
File 3--Transcript of DATELINE NBC: ARE YOUR SECRETS SAFE
File 4--Somebody gets access to freeway callbox codes, runs up bill

Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost from [email protected]. The editors may be
contacted by voice (815-753-6430), fax (815-753-6302) or U.S. mail at:
Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115.

Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL0 and DL12 of TELECOM; on Genie in the PF*NPC RT
libraries; from America Online in the PC Telecom forum under
"computing newsletters;" on the PC-EXEC BBS at (414) 789-4210; in
Europe from the ComNet in Luxembourg BBS (++352) 466893; and using
anonymous FTP on the Internet from ftp.eff.org (192.88.144.4) in
/pub/cud, red.css.itd.umich.edu (141.211.182.91) in /cud, halcyon.com
(192.135.191.2) in /pub/mirror/cud, and ftp.ee.mu.oz.au (128.250.77.2)
in /pub/text/CuD. Back issues also may be obtained from the mail
server at [email protected].
European distributor: ComNet in Luxembourg BBS (++352) 466893.

COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted for non-profit as long
as the source is cited. Some authors do copyright their material, and
they should be contacted for reprint permission. It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified. Readers are encouraged to submit reasoned articles
relating to computer culture and communication. Articles are
preferred to short responses. Please avoid quoting previous posts
unless absolutely necessary.

DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.

----------------------------------------------------------------------

Date: Tue, 20 Oct 1992 18:20:24 -0400
From: Brendan Kehoe <[email protected]>
Subject: File 1--Two New Shadows

I'm pleased to announce the availability of two additional mirrors of
the Computer Underground Digest archives. The main archive at
ftp.eff.org is now replicated by:

IN THE US:
red.css.itd.umich.edu (141.211.182.91) in /cud(Michigan)
halcyon.com (192.135.191.2) in /pub/mirror/cud(Washington)

IN AUSTRALIA:
ftp.ee.mu.oz.au (128.250.77.2) in /pub/text/CuD

All three are exact copies of the archives stored on the EFF's machine.
Please save the bandwidth and visit the site closest to you.

A shadow in Europe or Scandinavia would also help (there's a lot of
interest from people in Finland, Sweden, Great Britain, and Germany
particularly).

Brendan Kehoe
[email protected]

------------------------------

Date: Sat, 31 Oct 92 16:11:58 CST
From: Jim Thomas <[email protected]>
Subject: File 2--Some comments on NBC Dateline's "Hacker" Segment

About a month ago, Susan Adams, producer of NBC's Dateline called me.
She indicated that Dateline was going to do a story on hackers, and
she wanted to know how many "hacker busts" had gone to court. She
limited the term "hacker" to teenaged computer intruders, and did not
seem interested in the more serious crimes of professional
criminals who ply their trade with computers or with computer abusers
who prey on their employers. Suspecting a pre-defined slant to the
story, I attempted to make it clear that, despite increased visibility
of attention to computer abuse, there have been relatively few
indictments. Operation Sun Devil, I explained, was mostly smoke and
served more to dramatize "hacker activity" far more than its success
in apprehending them. I provided some basic background in the Sun
Devil, Len Rose, and Phrack cases, some of which she seemed to know.
I emphasized the civil rights issues, the complexity of the "hacker
phenomenon," and the hyperbole of law enforcement and media that
distorts the nature of the problem and thereby obstructs solutions.
At some length I attempted to explain the problem of media
sensationalism, the problems of balancing Constitutional rights with
legitimate law enforcement interests and the potential for abuse that
created by an imbalance, and the need for responsible and incisive
reporting by the media. Ms. Adams indicated that she had talked to
Mike Godwin of the EFF, who I presumed would have told her the same
thing, and others who claimed to have been contacted by Dateline staff
indicated that they, too, cautioned against sensationalism. Believing
that NBC would like to think that its quality of programming exceeds
that of Geraldo's "Now it can be Told" (See CuD #3.37 special issue on
"Mad Hacker's Key Party"), I anticipated a balanced, accurate, and
non-sensationalized depiction of "hackers." To paraphrase H.L.
Mencken, nobody ever went broke underestimating the accuracy of tv
tabloid journalism. The program that aired on Tuesday, October 27,
1992, could have been worse, but that's hardly a sound way to evaluate
a program.

The teaser to the "Are Your Secrets Safe" segment framed the story
around the potential dangers that "hackers" pose: They can wipe-out
your bank account, crash the E911 system, and destroy the nation's
telephone networks. In case we missed the point, footage from
Sneaker's linked Ben Kingsly's scene, in which he discussed his mad
scheme of "bringing down the whole damn system" with the activities of
"hackers." The opening shot of a silhouetted young hacker identified
only under the pseudonym "Quintin" bragging about his exploits
reinforced the shadowy activities. Quintin demonstrated no skills,
and other than simply assert that he had previously engaged in vague
activities, his primary function on the show seemed to be little more
than as a dramatic prop that enabled the producers to shape the mood
of their recreation. Quintin may or may not be an arch-fiend, but he
neither did nor said anything that established credibility. Even the
screen shot of nic.ddn.mil and UFO information has a piscine
smell--there was no evidence that it was anything more than a file
readily obtained either by ftp or even (shades of Cliff Stoll) a file
inserted in a computer system to trap intruders. Either way, the
mystery of Quintin's identity seemed the message, and he provided
nothing of any substance not known to anybody who roams the Internet.

Brief interviews with Kent Alexander, the prosecutor in the "Atlanta
3" case, and with Scott Ticer of BellSouth, elicited the
corporate/law-enforcement view of hackers as dangerous criminals who
should be prosecuted. For them, the issues are black and white,
simple, and unequivocal. The solutions to the problem are clear, as
the Atlanta Legion of Doom cases indicated: Put 'em in prison.

The moderator, Jon Scott, then informed the audience that, to learn
more about the hacker world, he went "underground." Dramatic
terminology, but grossly inaccurate. To go "underground" presumably
would mean hooking up with people surreptitiously involved in on-going
intrusion who could clearly demonstrate how one might break into
military computers, access and re-program the E911 system, or shift
money from one bank account to another. Scott did none of this.
Instead, he interviewed two former LoD participants, both of whom are
visible and quite "above ground," and neither of whom demonstrated
much of value, let alone anything that could be considered dangerous.
Adam Grant, sentenced to a brief stint in Federal prison in the
"Atlanta 3" case, and Scott Chasin, a former LoD participant who, with
some LoD friends, were partners in ComSec, a short-lived computer
security consulting firm, demonstrated a few "hacker tricks," but
nothing that could even remotely be considered dangerous.

Grant explained "trashing"--rummaging through trash to find useful
information--to Scott. Grant took Scott to a BellSouth trashbin to
illustrate how he used to trash. Although BellSouth presumably
implemented policies requiring locks on trashbins, on one side of the
bin the lock was unlocked and there was no lock on the other side. One
presumes nothing of interest was found, or it would have become another
prop in the show. In Hacker Crackdown, Bruce Sterling provides an
account of his own trashing experience during a moment of boredom at a
law enforcement computer security conference (pp. 197-202) that was
far more interesting and produced far more detailed information.

The interview with Scott Chasin was equally misleading. Chasin typed
what appeared to by a simple "whois" command that lists the Internet
addresses of the target. For example, typing "whois jthomas" would
produce the following addresses on military computers:

whois jthomas
Thomas, James (JT276)[email protected]
(703) 695-1565 225-1565
Thomas, James (JT5)[email protected]
(505) 678-5048 (DSN) 258-5048
Thomas, Jeffery (JT21)[email protected]
(804) 764-6610 (DSN)574-6610
Thomas, Jeffrey K. (JKT9)[email protected]
(505) 678-4597 (DSN) 258-4597
Thomas, Jennifer L. (JLT9)[email protected]
(301) 671-2619 (DSN) 584-2619
Thomas, Joseph, Jr. (JT168)[email protected]
(205) 876-7407 (DSN) 746-7407
Thomasovich, John L. (JLT5)[email protected]
(201) 724-3760 (DSN) 880-3760

Or, "whois 162.45.0.0" would give:

Central Intelligence Agency (NET-CIA)
Central Intelligence Agency
OIT/ESG/DSED
Washington, DC 20505

Netname: CIA
Netnumber: 162.45.0.0

Coordinator:
703-281-8087

Record last updated on 22-Jul-92.

Or, "ftp nic.ddn.mil" would connect us to the Network Information
Center, which was shown on Quintin's screen, a military system that
allows anonymous ftp privileges, where the command "cd /pub ; ls"
would produce a list of the documents that one could (legally) rummage
through. One could "grep" or "find" "UFO" or any other key word
quite legitimately. Dateline did a major disservice to viewers by not
explaining at least minimal basics of computer technology and the
workings of Internet. Nothing portrayed by Chasin or Scott or on the
screen necessarily indicated wrong doing, and in fact it seemed
nothing more than a routine use of commands available to anyone with a
Unix system and Internet access. In fact, we learned nothing that
isn't explained in Krohl's "The Whole Internet" or Kehoe's "Zen and
the Art of the Internet." Dateline took basic information and made it
appear arcane, dangerous, and of special significance.

Chasin next demonstrated "social engineering," in which a telephone
caller attempts to con useful information from somebody through
deception. Chasin was given a week to access any point of a system
belonging to a corporation identified only as one of the "Fortune
500." Posing as a company computer operator, it took only a few calls
and 90 minutes (collapsed for dramatic effect into about a minute on
the program) to con a receptionist out of her password. Whether this
access would allow deeper penetration into the computers or simply
allow the intruder to read the secretary's private mail remains
unknown. Although a convincing demonstration of social engineering, it
also emphasizes a point that Dateline glossed over, which hackers and
security personnel have been saying for years: The greatest threat to
computer security is the individual user.

Computer crime is serious. It is unacceptable. Computer predations are
wrong. But, the Dateline description did little to illustrate its
nature and complexity and did much to re-inforce public technophobia
and fears of computer literate teenagers. The issue here isn't
whether the term "hacker" is again abused, whether "hackers" receive
good or bad press, or whether a program develops a slant that is
merely not to one's liking. Dateline's error was far more serious than
any of these trivial cavils. At root, Dateline presented
misinformation, seemed to have a story carved out in advance and
merely sought detail for it, and depicted little of substance in
contriving a fear-mongering story organized around assertion rather
than evidence. It only confused the nature of computer crime, and
confused perceptions lead to bad laws, bad law enforcement, and no
solutions.

As Adam Grant pointed out, the fact that people have the ability to
intrude upon a system or to shoot somebody does not mean they are
necessarily social threats. To exaggerate a "hacker threat" feeds the
folly of excessive punishment for computer delinquents, and it
suggests that the answer to the "hacker problem" is to apprehend the
hacker rather than address the broader questions of computer
responsibility, computer security, and computer literacy. Even with
its hyperbole, Dateline could have salvaged some respectability if it
had concluded by informing users that computer systems generally are
intended to be open, that *trust* is a crucial element of computer
use, and that users themselves can take significant steps to increase
security little effort.

Dateline seemed uninterested in its responsibility to the public. It
seemed more interested in presenting a sexy story. When Geraldo
presented "Mad Hacker's Key Party," the producer had the class to
engage in a dialogue with critics and seemed genuinely interested in
learning from criticism. I wonder if Susan Adams, producer of this
Dateline segment, will do the same?

------------------------------

Date: Wed, 28 Oct 92 10:00:55 MST
From: [email protected](we're tiny we're toony)
Subject: File 3--Transcript of DATELINE NBC: ARE YOUR SECRETS SAFE

From the same guy that brought you a transcript of Geraldo's NOW IT
CAN BE TOLD, here's a transcript of last night's DATELINE NBC episode
which featured a segment called ARE YOUR SECRETS SAFE that dealt with
hackers:

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Transcript of ARE YOUR SECRETS SAFE segment of
DATELINE NBC airing October 27, 1992

PRODUCER: SUSAN ADAMS
EDITOR: MARY ANN MARTIN

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Announcer: Well, when we come back, how computer hackers can make you
and me their victims. The computer underground can potentially shut
down our high-tech society. Our financial records, medical data,
communications systems, it's all at their finger tips. Jon Scott
reports. Next.

<Commercials>

Announcer: <first few words garbled: Paraphrased, "In the old
days when you faced breaking and entering">...you knew it. Today, it's
not that simple. In our high tech society, we can be targets of crime
and never suspect a thing. It's crime by computer hackers. They've
been glamorized by Hollywood most recently in the hit film "Sneakers."
But, how do real hackers operate, and just what kind of damage can
they do? Tonight, Jon Scott goes into their world to see how they
access ours.

[shot of computer screen, keys being pressed is the sound heard.

<Text on the screen reads: We don't want to scare you, but ...>

[FADE to silhouette of shadowed hacker, voice altered electronically]

"QUINTIN": I have accessed - you name it, really: credit card
companies, telephone companies, government installations, military
installations, political organizations, senators' computer systems.

JON SCOTT [reporter]<voice-over>: His voice is altered. His face
hidden. His name - an alias.

[fade to A HACKER %white male, approx. 14-18, wearing blue Yankess
hat backwards, t-shirt and jeans% sitting at small desk in front of a
laptop]

SCOTT: In fact we don't even know his real name. That's the only
way "Quintin" would agree to talk to us. Because "Quintin" is a
hacker: a computer genius who illegally breaks into computers for
fun.

[fade back to silhouette shot, camera shot alters between SCOTT
%reporter% and QUINTIN]

SCOTT: Have you ever shared information, say, about a company with
one of their competitors?

QUINTIN: That I have not done.

SCOTT: Have you ever been tempted to?

QUINTIN: Umm, there's always kind of the lurking temptation.

[fade to shot of QUINTIN's hands at keyboard]

SCOTT<voice-over>: It's a frightening thought: someone breaking
into your computer and roaming around in it with the potential to
share, sell, even alter what they see. That's what hackers can do.
Quintin told us he's read the private mail of a US Senator,

[close-up shot of laptop screen showing info from nic.ddn.mil
concerning UFO info at Wright-Patterson Air Force Base in Ohio]

browsed through secret government files on UFOs, and gone snooping in
our nation's military computers.

[fade back to silhouette shot again]

SCOTT: Do you recognize that what you do is illegal?

QUINTIN: <pause> Yeah, Yeah I do.

SCOTT: Is it immoral?

QUINTIN: To me, no.

[fade to shot standing in the midst of a room filled with computers]

SCOTT: More and more hackers like "Quintin" are out there, illegally
breaking into systems that could contain information about you.
Think about how much of your life is on a computer: your credit
rating, financial records, your paycheck at work - computers run your
telephone, your electricity, and your gas. In corporate America, it
seems, they run everything.

[fade to shot from the movie SNEAKERS - Ben Kingsley and Robert
Redford sitting and talking]

REDFORD: Stock market?

KINGSLEY: Yes.

REDFORD: Currency market?

KINGSLEY: Yes.

REDOFRD: Commodities market?

KINGSLEY: Yes?

REDFORD: Small countries?

KINGSLEY: <pause> I might even be able to crash the whole damn
system.

SCOTT<voice-over>: In the movie SNEAKERS, Ben Kingsley dreamed of
using a computer to dismantle the world's financial system. To some
it's not so far-fetched.

[fade to shot of Kent Alexander in empty courtroom]

KENT ALEXANDER: Most people think of this movie as science-fiction.
After prosecuting this case, I think of it as reality.

SCOTT: Former computer prosecuter Kent Alexander was one of the
first to win a conviction against computer hackers.

ALEXANDER: I've seen hackers who've tapped into phone systems and
litterally tapped into phone lines to listen in on telephone
conversations. Hackers have broken into credit bureaus to get
people's credit histories, hackers have broken into credit card
records to have money wired to themselves.

[shot of newspaper clippings related to the Atlanta 3 LoD case]

SCOTT<voice-over>: In a highly-publicized trial in 1990, Alexander
sent three Atlanta hackers to jail, among them - Adam Grant.

[fade to shot of Grant and Scott walking to BellSouth building at
night.]

SCOTT: So how often would you come over here?

GRANT: In the beginning as maybe as much as a couple times a week.

SCOTT<voice-over>: Adam belonged to an elite hacker club called the
Legion of Doom. One of the methods he used to obtain secret computer
codes was to rummage through the trash at BellSouth - the regional
phone company in Atlanta.

[they stop in front of a BFI trash dumpster and examine it]

GRANT: Back a few years ago they weren't locked. You could just
slide the doors open, reach in, grab a bag, leave. This one's not
even locked.

SCOTT<voice-over>: Using the information he found here Adam was able
to sit in front of his home computer and hack into the heart of
BellSouth.

SCOTT: They didn't learn something on this side [pointing to
unlocked dumpster - slides it open, it contains a bunch of folded up
cardboard boxes].

GRANT<voice-over>: At BellSouth we were able to get into all manner
of computers.

[fade to shot of Grant sitting and talking]

uh, the phone switches themselves.

SCOTT: In essence you got to the point where you could've turned off
everybody's phones in Georgia.

GRANT: About any one of a couple dozen of us could've done that.

[fade to shot of interior of BellSouth command center]

SCOTT<voice-over>: for more than a year, Adam and his friends had
free access to the inner workings of 12 BellSouth computer systems.

[back to previous shot]

SCOTT: They say you could've crashed or broken the 911 system.

GRANT: Mmm-hmm <nods>. The operative word for me is *could have*.

SCOTT: You could have done that?

GRANT: Yes. I could go out and shoot people. You can.

SCOTT: BellSouth cracked down hard on Adam and the others, even
though it acknowledges they never disrupted phone service or changed
any customer accounts.

[shot of US phone network display]

[fade to shot of BellSouth spokesman Scott Ticer]

TICER: We don't care what the motive may or may not be.

SCOTT<voice-over>: Scott Ticer is a corporate spokesman for
BellSouth.

TICER: We are not talking about Wally and the Beav, much less Eddie
Haskel. We're not dealing with a bunch of mischievous pranksters
playing in some high-tech toyland [possibly toilet, not clear]. This
is a crime.

[shot of skyscraper]

SCOTT<voice-over>: BellSouth is just one example of a company
stalked by hackers. In a recent New York case, members of a club
known as the Masters of Deception

[shots of MoD-related newspaper articles]

were indicted, accused of hacking into institutions like:

[corporate logos appear on computer monitor]

the Bank of America, Martin Marietta, PacificBell, SouthwesternBell,
New York Telephone, TRW, Information America, and New York
University. So how does a hacker get into these systems? To find
out, Dateline went underground into the hacker's world.

[fade to shot of Scott Chasin]

CHASIN: Power and ego have a lot to do with hacking.

SCOTT: 21 year-old Scott Chasin spent 9 years as a hacker. He says
his hacker days are behind him now, but he still keeps tabs on the
hacker underground.

[shot of monitor with a bunch of Account: and Password: 's]

CHASIN: Basically these are passwords for a university that somebody
has cracked.

SCOTT: Scott showed as a hacker's secret meeting place - a private
electronic bulletin board.

[shot of login to board called TCH]

individual hacker clubs set up these boards so members may swap
information.

<reads message on screen>"I need some help figuring out how to crash
my school's computer system"? Is he serious?

CHASIN: Sure. Why wouldn't he be?

[varying shots of crack screens from pirated software and hacking
utilities <password hackers, wardialers%]

SCOTT<voice-over>: Hacker clubs, some of whose logos you see here,
are very competitive. Sometimes its club v. club, sometimes its
member v. member.

[shot of Grant]

GRANT: You want to make yourself unique. And one of the best ways
of doing that is being forceful - being obnoxious.

[shot of Grant typing]

SCOTT: For many like Adam, the underground is the first place they
found where they felt like they had power.

GRANT: You think about: "I can do something that's really
different. I can do nothing that none of my friends can. I can do
something that most people anywhere can't. And that makes you stand
out - makes you want to do it." It's like a criminal olympics.

[shot of Chasin typing]

SCOTT<voice-over>: Hackers might break into a computer with your
name in it by accessing one of the computer networks which link
millions of computers world-wide. Scott showed us what he could
reach from his living room. We went looking for the top-secret
National Security Agency. We found it.

[shot of Chasin typing "NSA" on monitor, then:

National Security Agency (NSA)
Network Services Agency (NET-NSA)
Whois: _
]

Same with the Pentagon.

[shot of monitor:

PENTAGON-HQDADSS.ARMY.MIL
26
]

CHASIN: Let's do a search for NASA.

SCOTT: It's like searching the phonebook for someone's street
address and learning where they live.

[screen shows 'whois' output of NASA matches]

CHASIN: Found over 247 of 'em.

SCOTT: 247 NASA computers?

CHASIN: Computers and networks, that are on the Internet. Correct.

SCOTT: But each of these NASA computers has a lock on it, and only
authorized users like NASA employees are allowed to have th keys. To
"unlock" most computer systems, authorized employess type in their
username and then their password. Passwords and user names are
supposed to be kept secret, but hackers have ways of getting them.

[shot of Quintin]

QUINTIN: Sometimes it's as simple as a phone-call to the company and
portraying myself as another employee, to pulling telephone records,
to actually entering the building and places where I physically
should not be.

SCOTT: So on the one-hand you break into the building and then you
break into the computers?

QUINTIN: Yes.

[shot of Scott]

SCOTT: Most hackers don't resort to burglary - they can get the
information they need over the phone. They call it social
engineering - basically, it's a con job. We asked Scott, the former
hacker, to show us how it's done. Dateline obtained permission from
a Fortune 500 company to have Scott try and hack in. The company
gave him 1 week to land anywhere inside its computer system. Posing
as a fellow staff member, Scott began by making random calls to
unsuspecting employees.

[Chasin on phone, ringing]

CHASIN: Hi. My name's Scott Chasin and I'm calling from Business
Affairs. I'm at home right now and I'm wondering if there's a way I
could get into the network - I just bought a PC.

EMPLOYEE1: You have Crosstalk?

CHASIN: Yes I do.

SCOTT<voice-over>: Hist first call was to the computer department.
He's looking for the 800 number he needs to dial to have his computer
connect to the company's system.

CHASIN: What is the number it has to dial?

EMPLOYEE1: Your best bet is to dial the 800 number.

CHASIN: Right. But, I don't show that on my screen.

EMPLOYEE1: What do you show?

CHASIN: It just says xxx-xxx-xxxx, I think, yeah.

EMPLOYEE1: Oh, it's 800-***-****.

SCOTT<voice-over>: With the phone-numbers, he's at the company's
front door. Now he needs the "keys": a username and password, to
get inside.

[phone rings]

CHASIN: Hi, *****, this is Scott Chasin calling from the computer
center.

EMPLOYEE2: Hi.

CHASIN: How ya doin'?

EMPLOYEE2: Ok!

CHASIN: Is everything up and runnin' down there?

EMPLOYEE2: Uhhh, why? 'we sposed to be down?

CHASIN: Yeah we're having some problems, we've been having some
reoccuring problems since last night.

EMPLOYEE2: Believe me, I'm not a computer maven person. hahaha.

CHASIN: Hahah. That's all right, I'll help ya out! If you log out
and log back in, we'll go through the whole scenario so I can see if
everything's ok on my end. Can you do that for me?

EMPLOYEE2: I think so...hold on...

SCOTT<voice-over>: Bare in mind he [Chasin] still can't see anything
on his end - it's a ruse. All he wants is a username and a password.
Even if he only gets a username from someone, a hacker can make an
educated guess at a password.

[cut to interview of Chasin]

SCOTT: What are some common passwords that people use?

CHASIN: money, sex, love, secret, password. Mostly first names,
husband names, wife names, pet's names, social security numbers,
parts of their telephone....

[cut back]

SCOTT<voice-over>: But as we saw, most of the time a hacker doesn't
even have to guess.

CHASIN [on phone]: Why don't you tell me what your login id is cuz
I'm gonna watch you come across the network so I can see where the
problem's arising from.

EMPLOYEE3: What my login is?

CHASIN: Yeah.

EMPLOYEE3: ******

CHASIN: What password do you enter to get into the BIOS, [BIOC,
BIAC %unintelligible%]?

EMPLOYEE3: shy.

CHASIN: s-h-y is your password?

EMPLOYEE3: Yep.

CHASIN: s-h-y.

EMPLOYEE3: shy.

CHASIN: Ok, I'll tell ya what I'm gonna do, I'll go in there and see
if you have any stuck processes and I'll call ya back and tell ya
when it's all right.

SCOTT<voice-over>: Remember, he'd been given a week to break into
the system. It took him an hour-and-a-half.

CHASIN[on phone still]: Alright?

EMPLOYEE3: Thanx.

CHASIN: Ok, bye-bye.

CHASIN: I'm in.

SCOTT: So the receptionist, who simply hands you a password, might
be giving you access to the CEO's office.

CHASIN: Might be giving me the ability to shut down the company.

[cut to Quintin again]

SCOTT<voice-over>: The moral to computer users: don't give out your
password, and change it often. Hackers like Quintin are out there,
and to them it's a game - a challenge - to break into your system.

[cut to Grant again]

Just listen to Adam Grant, the guy who spent 7 months in jail for
Breaking into BellSouth's computers.

SCOTT: What's the lesson, in your story, for other hackers?

GRANT: Don't get caught.

SCOTT: Not "don't do it".

GRANT: People are going to do what they're going to do.

SCOTT: How do think it plays to people at home when you tell others,
simply, "don't get caught"?

GRANT: That's their own business. I don't think it's right for
other people to tell me how to live my life. So, I shouldn't tell
other people how to live their life.

SCOTT: And yet you acknowledge that hacking is wrong.

GRANT: Smoking is wrong. Taking drugs is wrong. People do it all
the time.

[FADE to computer monitor, showing:

Goodnight.

<Female announcer: If you're wondering about your home computer, you
don't really have much to worry about. If you don't use a modem, if
you aren't hooked up to a phone line, you have nothing to fear. And,
even if you are, hackers are not as interested in you as they are in,
say, your bank, or your credit union, or maybe the phone company.>
<end>

------------------------------

Date: Fri, 23 Oct 92 16:45:16 PDT
From: [email protected](UPI)
Subject: File 4--Somebody gets access to freeway callbox codes, runs up bill

GARDEN GROVE, Calif. (UPI) -- Somebody apparently got hold of the
serial number and telephone number of a Southern California freeway
callbox, and used them to rack up nearly $2,000 in phone bills.

The Orange County Transportation Authority is trying to determine just
how the phone thief used the electronic serial number and telephone
number of the freeway emergency callbox to make 11,733 calls totaling
25,875 minutes, and who will foot the bill.

OCTA Executive Director Stan Oftelie said they got suspicious because
calls charged to the callboxes' supposedly secret numbers average
fewer than 100 a month.

Oftelie said OCTA officials also are trying to determine how the
freeway box could be used for in-state and out-of-state calls since
the boxes connect directly to California Highway Patrol dispatch
headquarters.

"We're concerned about it," Oftelie said. "They shouldn't be able to
call anywhere but Highway Patrol headquarters." OCTA said it has
tightened security measures, and is talking with GTE Cellular and L.A.
Cellular to determine who will pay the bill. The callbox is one of
1,100 solar cellular phone boxes in the county. Most average 10 to
100 calls per month from motorists in trouble.

------------------------------

End of Computer Underground Digest #4.54
************************************
!