####################################### # # # # # ======== =\ = ====== # # == = \ = = # # == = \ = ====== # # == = \ = = # # == = \= ====== # # # # # # # # ''''''''''''''''''''' # # # # # # > Written by Dr. Hugo P. Tolmes < # # # # # ####################################### Issue Number: 03 Release Date: November 19, 1987 TITLE: "Making Computers Snoop-Proof" FROM: Fortune DATE: March 17, 1987 If a strange delivery truck appears to have been stuck across the street from your office for hours and the "workmen" seem to be spending a lot of time in the back fiddling with with fancy electronic equipment, it might be time to get nervous. That personal computer on the secretary's desk and the mainframeadown the hall leak information by the diskful. Each time a keyboard is tapped or a letter appears on a screen or a printer, computers emit radio frequency transmissions that can be picked up as much as half a mile away. While companies that are not in the defense business need not worry yet- there's evidence that garden-variety industrial espionage types engage in this kind of snooping- the Pentagon has become so concerned that it is spending $200 million a year to eliminate or muffle signals from machines used by the military, security agencies, and defense contractors. The name given to the government program: Tempest, as in the type that it can be contained in a teapot. Manufacturers use two methods to bring computers or peripheral equipment up to Tempest standards. The first, called suppression, consists of building a machine with special chips, wiring, and other components that do not give off as many emissions as standard components. For example, a Tempest machine might be built using optical fiber, which sends out no radio waves, rather than copper wire, which does. The second method, called containment, entails enclosing the machine in a leakproof case, perhaps made of special plastic that traps radio frequencies. A Tempest computer can cost twice as much as the civilian equivalent, although prices have begun to drop now that the military is ordering thousands at a time. Manufacturers say the high prices are justified by the cost of special materials, separate assembly lines, and elaborate testing. Industry predictions that sales of snoop-proof computers might reach $1 billion a year by 1990 have lured more than 50 manufacturers into making products that meet Tempest standards. "The market has exploded," says James D'Arezzo, a vice president of Compaq Computer, which sells Tempest versions of its portables. "The market is estimated to grow from 30% to 35% a year and it's not letting up. It is lucrative." For newcomers to the business, getting started isn't easy, especially since the technical standards are classified. "You have to be qualified by the government to learn the specifications," Corp. "But it's hard to get qua lified if you don't understand the specs." Zenith solved the problem last year by buying Inteq, a small company that was already turning Zenith's personal computers into Tempest machines. Zenith now has orders from the Pentagon for 12,000 personal computers built to Tempest standards. Many Tempest orders are secret, but industry watchers say Wang Laboratories is the biggest supplier. It sold an estimated $75 million of button-lipped computers, word processors, and other devices to the armed forces and military contractors in 1984. One reason for Wang's success is the variety of its offereings: more than 50 products meet Tempest standards , according to International Data Corp., a Massachussetts market research firm. IDC notes that by making the Tempest products operate just like its regular equipment, Wang has won Pentagon orders for standard machines as well. Another company prospering from Tempest wizardry is Iverson Technology Corp. For ten years Iverson has manufactured secure devices to electronically read special type; it built on that expertise to come up with a Tempest version of the IBM personal computer. Sales of the McLean, Virginia company tripled in 1985 to $17 million. Its return on shareholders' equity was also impressive: 25%. The company- the biggest pure play in the Tempest field -went public las year at $8 a share last July; its stock recently traded over the counter at around $14. The biggest payoff to Tempest manufacturers will come when, and if, corporations get worried about what computers are leaking and start buying secure machines. This probably won't happen soon. Executives at the companies that make secure computers report some civilian interest in the product but virtually no sales. "I've studied computer security for 16 years and never heard of anybody doing that kind of industrial espionage," says Donn Parker, a consultant at the SRI International consulting firm in Menlo Park, California. "The best way to get information is the old-fashioned way. Go to the local bar and buy the employees a few drinks." - Brian O'Reilly $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ NOTA: The fear of this type of espionage has been expressed in many articles. The military has feared that something like this could jeopardize national security or something like that. The specifics for the standards on the protections are noted as being secret. This could mean that the radio emissions only have to be down to a certain level (and you might still be able to receive them.) $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ TITLE: War Against Phone Hacking Heats Up FROM: ANTIC Magazine DATE: September 1987 BY GREGG PEARLMAN, ANTIC ASSISTANT EDITOR Computer break-ins are no longer viewed as harmless pranks. For example, unauthorized computer access is a misdemeanor under 502PC of the California Penal Code if you just trespass and browse around -- and if it's your first offense. Butmaliciously accesses, alters, deletes, damages, destroys or disrupts the operation of any computer system, computer network, computer program or data is guilty of public offense" -- a felony under Section C of that code. Even changing a password to "Gotcha" is a felony if it can be proven that it was a "malicious access." In California, the maximum punishment is state imprisonment, a $10,000 fine and having your equipment confiscated. The penalty depends on who you are, your prior record and the seriousness of the crime. And you don't have to, for instance, breach national security to be guilty of a felony. Accessing even a simple system for a small company could damage vital data for more than a year's worth of business, especially if that company didn't properly back up its data. There are all kinds of computer crime. Stealing an automated teller machine card and withdrawing money from an account is a computer crime because you're using a computer to get money out of a system. But simply trespassing in a system and not doing any damage is normally a misdemeanor, according to Sgt. John McMullen of the Stanford University Police Services. This kind of crime has become very common. "Every kid with a computer is tempted," he said. Unfortunately, it can take months to complete an investigation. For instance, the so-called "LEGION OF DOOM" case, beginning in September, 1986, took 10 months to solve and involved people in Maryland, New York, Pennsylvania, Oregon and California. If someone breaks into the computers of, for example, California's Pacific Bell, and the break-in is severe, Pacific Bell Security gets warrants issued, and then, with the police, confiscates computers, manuals, telephone lists and directories -- all related equipment. It's common for the computer to be tied up for a few months as evidence. (And by the time Pacific Bell Security does get involved, the evidence is usually overwhelming -- the conviction rate is extremely high.) "Whenever I'm involved in a case," said McMullen, "I ask the judge for permission to confiscate the equipment. That's one big incentive for hackers not to do this kind of stuff. I haven't had any repeaters, but I know of one case where the guy probably WILL do it again when he gets out. "Usually the shock of what happens to a juvenile's parents -- who bought the equipment and watched it get confiscated -- is enough to make them stop. But we don't really have enough cases to know what the parents do." ACCESS "It's easy for hackers to find company phone numbers," said Daniel Suthers, Atari user and operations manager at Pacific Bell in Concord, California. "Most large companies have a block of 500 to 1,000 phone numbers set aside for their own use. At least one line will have a modem. "People post messages on hacker/phreaker bases on some BBS's and say 'I don't know who this phone number belongs to, but it's a business, judging by the prefix, and has a 1200-baud tone.' Then it's open season for the hackers ers aren't much different than hackers -- they're just specifically telephone-oriented. In "CompuTalk: Texas-Sized BBS" (Antic, August 1987), sysop Kris Meier discussed phreakers who appear to have called from phone numbers other than the ones they were actually using. A computer isn't needed to do this -- it's usually done with a "blue box." "The blue boxes were used mostly in the late 1960s and early '70s," said McMullen. "They fool the network and let people make free long distance calls -- a tone generator simulates the signalling codes used by long distance operators. The boxes were phased out a couple of years ago, though: they no longer let hackers access AT&T, but Sprint and MCI can be accessed by something similar. However, computer programs are normally used now." To get long-distance phone service, hackers now use one of several programs passed among other hackers (on bulletin boards, for example). They find the local access number for Sprint or MCI and then run the program -- perhaps for a few days. It generates and dials new phone numbers, and the hackers can check to see how many new or free codes they've turned up. They can post the codes on a BBS, and their friends will use them until they g et stopped by the long-distance company -- depending on how long it takes the company to realize that these numbers hadn't been issued yet -- or until the customers discover that their numbers have been accessed by someone who isn't "authorized." Bulletin boards can be especially easy prey. "If a hacker knew your BBS program intimately, he could probably figure it out, but that's messy," said Suthers. "If he can find a back door, it's easier. Sysops are notorious for putting in their own back doors because, though they have all the security under the sun on the FRONT doors, they still want to get in without problems. It's just like what happened in the films Tron and Wargames -- which probably taught a whole generation a lot of things." Meier had said in the August, 1987 issue of Antic that someone once called his board COLLECT. Simply put, the caller fooled the operator. McMullen says that's been around for a long time. "It's common in prisons and situations where the phones are restricted." McMullen also said that if the timing is just right, as soon as the modem answers, the phreaker can wait for an operator to say "Will you accept the charges," then say "Yes." The operator can't tell which end said yes, and if the modem has a long delay before the connect tone, the phreaker can get away with it. It couldn't be done entirely electronically -- the voice contact is needed. "I've never run across people accessing online services such as CompuServe in this way, but I'm sure it happens," said McMullen. "People suddenly get strange charges on their phone bills. "The hackers I've dealt with are very brilliant and good at what they do. Of course, when you do something all day that you're really interested in, you're GOING to be good at itmost recent hack er case at Stanford University dealt with the Legion of Doom, an elite group of hackers who broke into computers -- some containing national defense-related items. "As I understand it, they're supposed to be the top hackers in the nation," McMullen said. "I started investigating the case when it began crossing state lines, getting a bit too big. I contacted the FBI, who said that because of the Secret Service's jurisdiction over credit card and telephone access fraud, they'd taken over computer crime investigations that are across state lines -- actually, anything involving a telephone access code. This case, of course, involved access codes, because the Sprint and AT&T systems were used, and it was the Secret Service, not the FBI, that made the arrests. "I think that the publicity from this case will scare people, and there'll be a lot less hacking for a while. Some hackers are afraid to do anything: they're afraid that the Secret Service is watching them, too." TRACING AT&T, Sprint and MCI now have ANI -- Automatic Number Identification -- as does Pacific Bell. It aids a great deal in detecting hackers. Pacific Bell usually just assists in this type of investigation and identifies the hackers. "It's easy to trace a call if the caller logs in more than once," said Suthers. "The moment they dial in, a message is printed out -- before the phone even answers -- pinpointing where it came from, where it went to, the whole shmeer. "A blue box made it much harder to detect, but if a hacker used it consistently, we could eventually trace it back. So if someone is in California and makes it look as if he'd called from New York, we can trace it across the country one way, and then back across. Generally, though if the call IS billed to a New York number, the caller is actually somewhere like Florida. But we can back-trace the call itself, especially if it's extremely long." But recently someone broke into Pacific Bell "through a fluke of circumstances." Suthers said, "We closed down that whole area, so they can't get back in that way, but if they dial the number again, they're in trouble." If Pacific Bell Security detects a break-in, the area is secured immediately. Sometimes hackers are steered toward a kind of "pseudo-system" that makes them THINK they've broken in -- but in fact they're being monitored and traced. As to how many hackers there are, who knows? There's a lot of misuse and inside work that's never detected or reported. SECURITY Security systems are expensive, but someone with a lot of data and an important system should seriously look into one. Very few hackers are caught, simply because few corporations have good security systems. "Passwords should never be names, places or anything that can be found in a dictionary," said Suthers. "People shouldn't be able to just write a program to send words from their AtariWriter Plus dictionary disk. Normally there should be a letter here, a few numbers there -- garbage. tes a pr ogram to generate random symbols and keeps calling back until he breaks in, he'll probably be traced. "Some corporations aren't very computer literate and don't worry about things like passwords until they've been hit, which is a shame. But it's all out there in the books. TRICKS OF THE UNIX MASTER (by Russell Sage, published by SAMS Publications, $22.95) is a beautiful book that tells you exactly what to do to avoid break-ins." McMullen said that Stanford is trying to tighten up security by emphasizing the importance of better passwords. "When researchers want to do their work, however, they don't want to mess with passwords and codes," he said. "Universities seem to want to make their systems easier for researchers to use. The more accessible it is, obviously, the less security there is in terms of passwords. It's easier to use your name as a password than some complicated character string. "So any hacker worth his salt can go onto any computer system and pull out an account. Especially with UNIX, it's very easy to access it, entering as the password the first name of the person who has the account. These Legion of Doom hackers used a program that actually found out what the passwords were: it began by just checking the names. They were very successful -- it was just unbelievable." But McMullen feels that security fell way behind the advances made in computers, and several avenues were left open for people to explore. "Often these hackers don't mean to be malicious or destructive," he said, "but I think they really feel triumphant at getting on. Sometimes they do damage without realizing it, just by tramping through the system: shutting down phone lines, programs and accounting systems." However, the strides made in security since then have accounted for arrests, confiscations and convictions all over the country -- but there are still many more who haven't been caught. $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ NOTA: Most real hackers are familiar with LOD/H (Legion of Doom/Legion of Hackers). Currently there is a technical journal being put out by LOD/H. It can be found on most of the finer boards. $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ TITLE: Toll Fraud Trial Sets New Tone FROM: Network World DATE: May 25, 1987 DALLAS- The recent jury conviction of a Texas man for the theft and sale of long-distance access codes may make it easier for long-haul carriers to stem the tide of toll fraud, which costs the industry and estimated $500 million a year. On May 11, a U.S. District Court jury here found Dallas resident Jack Brewer guilty on two counts each of trafficking and possession of telephone access codes stolen from Texas National Telecommunications, Inc. (TNT), a Texas long-distance carrier. Brewer was charged under a section of the federal Comprehensive Crime Control Act of 1984. Sources close to the the case said Brewer may be the first person to be convil fraud in the U.S. The case is also seen as important because it indicates growing recognition of toll fraud as a serious crime. Brewer was selling the stolen codes, which telephone callers use to access long-distance circuits of carriers other than AT&T and which those carriers use for billing, according to Terry K. Ray, the assistant U.S. attorney who prosecuted Brewer. TNT officials said use of the stolen codes cost the company $30,000. Ray said he met with representatives of MCI Communications Corp. last week to discuss the investigative techniques used to apphrehend Brewer and legal methods used to win the conviction. Brewer will be sentenced by a judge on June 4 and faces a maximum sentence of 50 years imprisonment and a $1 million fine. Toll fraud places a heavy financial burden on MCI and other carriers Neither MCI nor AT&T would divulge what toll fraud costs them, but US Sprint Communications Co. said fraudulent use of access codes lowered its first-quarter 1987 revenue by $19 million. Brewer was apprehended through a sting operation conducted with the help of TNT, Southwestern Bell Corp. and the U.S. Secret Service. Southwestern Bell monitored Brewer's private telephone as he dialed numbers sequentially in a trial-and-error attempt to ascertain active access numbers. The regional Bell holding company kept a list of the working access codes obtained by Brewer. Secret Service agents then contacted Brewer, posing as buyers of access numbers. For $3,000, Brewer sold them a list of 15 numbers, which matched the list made by the RBHC. MCI has joined with AT&T, US Sprint and some smaller carriers to form the Communications Fraud Control Association. Rami Abuhamdeh, executive director of the Tysons Corner, Va.-based group, said there have been several convictions for toll fraud to date, but those cases were decided by judges, not juries. A number of federal and state statutes apply in stolen code cases, depending on how and where the offender defrauds a carrier, Abuhamdeh said. Gaston Sigue, a lawyer for the antifraud association, said the TNT case is significant because jury convictions are more difficult to get than convictions from a judge, and it indicates that Americans have come to recognize telephone fraud as a serious crime. Abuhamdeh said that as carriers gain equal access to local exchanges, they will phase out code numbers as a way of accessing long-distance circuits and the level of toll fraud will decline. $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ NOTA: This type of code-selling has gone on a lot. Many times, the sellers are homeless who just go up to a telephone and randomly hack codes out. The people