####################################### # # # # # ======== =\ = ====== # # == = \ = = # # == = \ = ====== # # == = \ = = # # == = \= ====== # # # # # # # # ''''''''''''''''''''' # # # # # # > Written by Dr. Hugo P. Tolmes < # # # # # ####################################### Issue Number: 02 Release Date: November 19, 1987 Welcome to the first REAL issue. Real meaning that it contains articles. With nothing further, this issue now goes to the articles. Issue #2 Index: 1) They sure can talk in Raleigh 2) Teaching Computer Ethics in the Schools 3) Cash-Machine Magician 4) Cheaper Electronics Makes it a Snap to Snoop 5) Los Alamos Nuclear Facility Security Boost $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ TITLE: "They sure can talk in Raleigh" FROM: The Chicago Tribune (Tempo Section) DATE: July 21, 1987 (Wednesday) "What is that?" Kathy Riedy asked her husband, John, as he entered the family home in Raleigh, N.C., the other day with a box under his arm. "It's the phone bill," he said, and before she had a chance to let that register, he opened the box. Inside was one long-distance phone bill from Sprint- all 729 pages of it, all 3 pounds, 13.5 ounces of it- for $24,129.99. The Riedys' Sprint bill usually runs about $5 a month. But in June, according to the statement, he had been on the long-distance line for 10,731 minutes, or 72 days and 51 minutes. Examining the statement in detail, Riedy discovered that most of the calls had been made over a three-day period, June 15-17. Not even as teenagers, so far as they could recall, had either of the Riedys spent 72 days on the phone in a month, let alone three days. Riedy had been ready for something like this. He received a notice that his calling card would be revoked because of excessive use. Evidently phone companies get suspicious when a single residential customer suddenly runs up a monthly bill in five figures. Puzzled by the notice, Riedy tried several times to call Sprint, he said, but the lines were always busy. "We had some fun with it," says Kathy Riedy. "Our 22-year-old son is here for the summer. So we asked him if he would look at the phone bill and tell us which calls were his. Then we handed him the box." The bills showed that Riedy had made $3.27 worth of long-distance calls from Raleigh in June. The rest were dialed in Minneapolis, Indianapolis and Chicago, about 1,500 of them all together, including calls to California, New York, Colorado and Texas. "We were never worried," says Kathy Riedy. "It's easy to prove you didn't make $24,000 worth of calls," she explained, "but imagine the trouble we would have had if the bill had been for $200." ---- Clarence Petersen ---- $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ NOTA (Notes On the Article): T of code abuse. There are some important details that should be remembered: "received a notice that his calling card would be revoked because of excessive use"- The LDC computer detected excessive use of the code. "phone companies get suspicious when a single residential customer suddenly runs up a monthly bill in five figures"- This is the main reason why LD Companies (LDC's) cancel codes. "dialed in Minneapolis, Indianapolis and Chicago, about 1,500 of them all together, including calls to California, New York, Colorado and Texas"- This makes it very likely that the code was hacked out and then passed to different phreak bulletin boards. That would be a logical reason why the calls were placed from different states. $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ TITLE: "Teaching Computer Ethics in the Schools" FROM: Education Digest DATE: February 1987 Changing the Attitudes of "Hackers" by William Weintraub Several outstanding problems with computer use must be addressed by any responsible school district: copyright violations, unauthorized entry into computers and phone fraud. John Rogers, a security agent for Bell Atlantic, says, "75 % of computer phone fraud is committed by people under 25....the rest is often committed by adults using the children as vehicles for the crime." Schools that teach computer literacy and don't teach the ethical/legal use of computers are doing a disservice to their students. The FBI has taken a serious approach to computer crime, many agents focusing on nothing but this type of fraud. FBI Special Agent Larry Hurst says, "Teaching kids about computers without teaching the ethical use and rules is like giving a child a car and not teaching him the rules of the road." One of the reasons schools have been slow to react to this type of crime is that it usually involves students who ordinarily do not get into troulbe and who justify their acts by saying, "I really didn't hurt anyone." As Rogers states, "Many of the people involved are not the kind who would ever consider stealing from anyone in a physical manner." They are often of above-average intelligence, considered trustworthy, and just trying to "beat the system." However it isn't a victimless crime. In 1984, in New York City alone, $70 million in phone and computer fraud occurred. This charge is passed right on to the customer. After a NEWSWEEK reporter wrote an article on people who invade computer systems without authorization some of these so-called "hackers" invaded a national credit history computer and destroyed the financial history of the writer of the article. They charged thousands of dollars to his account numbers, shut off his utilities, and sent him death threats from across the nation. Computer fraud is not a victimless crime. $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ NOTA: Here are some thing that will help clear up this article: "a NEWSWEEK reporter wrote an article on people who invade computeorization"- The person they are talking about is Richard "Revenge of Hackers" Sandza. "invaded a national credit history computer and destroyed the financial history of the writer of the article"- This refers to someone on Pirate-80 getting into TRW and posting Richard Sandza's credit-card numbers. $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ TITLE: "Cash-Machine Magician" FROM: US News & World Report DATE: Unknown Automated bank-teller machines can be maddening devices, but there is one thing they supposedly do will: protect customers' accounts. Not always apparently. Police are looking hard for Robert Post, 35, a Polish-born electronics expert and former ATM repairman who brags that he is something of a magician. According to the secret service, Post last year managed to make some $86,000 disappear from cash machines-all from other people's bank accounts. Post allegedly worked his legerdemain with blank white plastic cards and a small magnetic encoding machine that he bought for $1,800. By peering over customers' shoulders and retrieving their discarded banking receipts, he obtained the personal ID and bank account numbers need to activate the computerized tellers. Using the encoding machine, he embellished his plastic with strips of magnetic tap bearing digital codes almost identical to those on the defrauded customers' cards. Eventually, though, a recurring flaw in Post's codes was picked up by the bank's computer. Post skipped out on a $25,000 bail in Manhattan. He is still at large. $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ NOTA: I found this article very interesting. The most important piece was the part about the magnetic encoding machine. ATM fraud is definitely the crime of the future. The magnetic encoding machine most likely encoded the cards with the customers' PIN. "a recurring flaw in Post's codes was picked up by the computer"- Was something really wrong with his method or did the customers just report the things that were wrong with their accounts? After making $86,000 from ATM's, I don't think that Mr. Post will be turning himself in. $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ TITLE: "Cheaper Electronics Makes it a Snap to Snoop" FROM: US News & World Report (Business Section) DATE: May 18, 1987 In the old-tech days, a wiretap had to be hooked up directly to the phone line, leaving a physical trace of tampering. Newer devices are impossible to detect. Take long-distance phone calls. At least part of their trip usually takes place over micro wave-relay links, pairs of dish-shaped antennas on hilltops about 30 miles apart. Anyone in the path of these kind of microwave beams with the right kind of radio receiver can pick up calls loud and clear. To find frequencies serving two particluar phones and eavesdropper might have accomplices place a brief call between those phones and send a distintive tracer signal over the line. A microcomputer could then channels and switch on a recorder when it detected the the dialing code. International calls, which are often beamed up by satellites, can be intercepted with a satellite dish anywhere within hundreds of miles of a ground station. To protect its own secrets, the US government uses only buried telephone lines and fiber-optic cables for most of its most sensitive communications. Scramblers and other devices encrypt all classified telephone calls, telexed messages and computer data sent over phone lines. And, under a program code-named TEMPEST, computer equipment used for classified work is tightly shielded to prevent electronic leaks. Until recently, bulk and expense restricted sophisticated scramblers to government agencies that use classified information. Their file-cabinet size and $60,000-plus price tag had put them out of the reach of paper-clip manufactureres worried mostly about keeping the wraps on next month's production figures. Microchip technology has now cut the costs to about $20,000, however, and at lease one manufacturer E-Systems- a Dallas- based defense contractor- is beginning to promote the equipment for sale to private companies. TEMPEST equipment, required for defense contractors who handle classified data, is being adopted by others as well. Chase Manhattan, the third-largest bank in the US, is planning to include electronic shielding in new office construction. Encrypting computer data sent over telephone lines has been more widely accepted by industry, especially banks, though most bank managers refuse to believe that something dire can happen to them. "They say, 'A spy would have to pick out that one little wire that has our stuff on it,'" says Bob Meadows, former assistant director for security and risk management at American Bankers Association. That's one reason why most ATM's, and many electronic funds transfers, are still unencryped. In addition, confustion has arisen over a uniform coding standard, needed so that everyone speaks the same encrypted language. The federal government has been trying to introduce a new, more secure standard to replace one already adopted by many banks. The banks have balked at the new code because of classification restrictions that forbid its use outside of the US. $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ NOTA: This article explained many different types of telecommunications security. Operation TEMPEST was mentioned and so was other news on government security. One of the main things that was emphasized was the picking up of radio waves to monitor both calls and transmissions from computer equipment. Only certain portions of the article were typed up (the interesting parts.) $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ TITLE: Los Alamos Nuclear Facility Security Boost FROM: ------- DATE: September 7, 1987 LAB UPGRADES RADIO SECURITY Concerned about illegal interception of computer-emitted radio signals, the US Departmened security systems at the Los Alamos National Laboratory. An article by the lab's security division says recently security personnel at the lab went outdoors and used radios to detect computer information leaks, finding that computer and communication systems data inside could be detected by spy radios in a nearby parking lot. DOE spokesman Dave Jackson told The Associated Press, "We had our own people go out there with sophisticated equipment to detect this." First to call attention to the problem was an article published in PanorAma, a monthly for employees of Pan Am World Services, which has about 1,600 employees at the lab. --Charles Bowen $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ NOTA: This is just a report on more security at military installations because of Operation TEMPEST.