____________________________________________________________________________ ____________________________________________________________________________ THE SYNDICATE REPORT Information Transmittal No. 20 (Part 2 of 2) Released January 31, 1989 Featuring: Editor's Note How to Tap Fiber-Optic Cable Toll Fraud Literally on the Home Cracker's Love a Challenge Modems Annexed, ISDN In Briefs notes from The Report "CLID Going National" by The Sensei Editor Syndicate Report Magazine ____________________________________________________________________________ ____________________________________________________________________________ EXPOSITION: TSR Once again, The Report accepts outside sources. Anybody can write/provide information to The Syndicate Report. Articles/Information may be provided through RADIO WAVES Bulletin Board System 612-471-0060. Any info such as Busts, Phreaking, Hacking, Data / Telecommunications, and new developments on any the previous mentioned specialties will be: accepted, labeled, and given full actual credit to the article/info provider(s), or writer(s). -- ** All articles have been presented by me unless shown at the end of the article as the information provider(s), or writer(s). ** ____________________________________________________________________________ ____________________________________________________________________________ HOW TO TAP FIBER-OPTIC CABLE: TSR (i.w 1\21) Fiber Optic networks, long touted for their immunity from snooping by foreign governments or local competitors, no longer offer the total security they once did, according to the experts who say that, given enough resources, any network can now be tapped. "Five years ago, I would have said that FO networks were totally secure, but that's no longer true," stated Northern Telecom. According to Northern Telecom, tapping a FO cable requires stripping the cable's plastic outer sheathing and gaining access to the glass fibers within. "When we enter a fiber bundle, we have instruments that detect whether a given fiber is carrying a signal before we cut it," North Telecom stated. "A tap could be accomplished in much the same way." Tapping an optical fiber relies on a macrobending effect. Bending a fiber 180 degrees around an 1/8-inch radius forces the contained light signal to go around a tighter bend than it's capable of traversing without some loss of light. This light loss can be detected and, given the right equipment, demultiplexed and decoded. "Our test instruments that clamps on the fiber show the escaping signal has a 30-dB dynamic range," Telecom said. "That's a signal level a thousand times stronger than background noise and easily capable of being demultiplexed. It's not an easy task, but it can be done." Given the reality that fiber can be tapped, Telecom said one security effort could be to detect the 3-dB signal loss on the fiber bundle that would typically accompany such a tapping. "Most fiber systems have a 10-dB window before an alarm sounds, so you either have to preattenuate the system so that a 3-dB loss causes the alarm to sound or get some finer method of measurement." Other security measures suggested by Telecom include the use of air-core cables, which have pressurized air inside them. "If they cut through the cable to get to the fiber, air pressure is lost and an alarm sounds," Telecom says. Even steel or iron pipes ought to be pressurized for true security, and anyone who goes to the trouble of tapping fiber isn't going to be deterred by a little iron." There is a significant security advantage to fiber over other media, according to Northern Telecom. With coax (Coaxial Cable), or twisted pair (Normal Tele-lines), you can take the signals right out of the air. Sure you can tap a fiber-optic cable, but it's hard to do and fairly easy detected. First the bad guys have to get to the cable, which is usually in a secure run, and then they have to get the data, which is nearly always encrypted. ____________________________________________________________________________ ____________________________________________________________________________ TOLL FRAUD LITERALLY ON THE HOME: TSR (z.b 1\25) According to Dennis E. Love, a northern California inventor and entrepreneur, telephone utility companies throughout the United States are unwittingly promoting telephone toll fraud by installing a new telephone line demarcation device on all new construction and every time a service is made. Love said the new device has an easily accessible standard phone jack that is located on the outside of the home and provides the opportunity for anyone to plug in a standard telephone and make calls that would be charged to the phone bill of the person whose phone line was attached to the new device. Love said he has evidence that this toll fraud is already occurring in California and that Pacific Bell, California's largest phone utility, is attempting to minimize the situation by denying that the problem exists. It should be noted that by California law, it is not against the law to engage in this toll fraud activity. If a person engaging in toll fraud were caught red-handed, he could only be charged with trespassing, even if the cost of the phone call was as great as that amount set to delineate grand theft. the only recourse for the victim would be a civil suit. Love said the whole thing started when the Federal Communications Commission deregulated portions of the telephone industry and broke up AT&T. At that time the FCC ruled that the first standard phone jack would serve as the demarcation point separating customer and phone utility responsibility. The device that the phone utilities are using, and that has been installed on about 400,000 homes in California to date, is manufactured by SIECOR U.S.A. and has a standard modular jack that serves as the first modular jack in the house. Unfortunately, it also provides a convenient way to commit telephone toll fraud. The FCC said that the SIECOR device submitted to the FCC meets the required specifications. The California Public Utilities Commission (CPUC), ordered Pacific Bell to go ahead with the SIECOR device. At that time the CPUC had not considered the toll fraud issue in making that order. Love said he has developed a device, the Station Release Breaker, or SRB, which satisfies all of the FCC requirements. In addition, it is well protected from the weather and does not allow for toll fraud. Love said he presented his device to the CPUC but has been waiting for over two years for a decision while the SIECOR device is being installed at an alarming rate. Love is currently forming a nationwide coalition, among consumer advocacy groups, against the installation of any device that uses a modular jack accessible to anyone that desires to use it. TURN, a San Francisco-based consumer group headed by Silvia Siegle, has thrown their support in Love's corner, as has UCAN, a San Diego-based consumer group headed by Mike Shames. In an effort to save the phone customers astronomical costs in toll fraud as well as the $1.1 billion that it will cost to retrofit the state of Calif., Love and his new-found supporters intend to file an emergency motion with the CPUC enjoining Pacific, General, and other utilities in the state from further installation of this "bothersome jack" until a decision is reached by the CPUC on the toll fraud issues. Love said it is not important to him that his device be the one used but that some device that allows the customers to test, diagnose, and re-establish their own phone service without the encouragement of toll fraud be approved. Love asked, "What would it be like to have every home in America with a jack on the outside so that whoever desired to do so could walk right up and plug in? Think about it." ::::::::::::::: Information provided by Euclidean Wave / 415 ::::::::::::::: ____________________________________________________________________________ ____________________________________________________________________________ CRACKER'S LOVE A CHALLENGE: TSR (i.w 1\28) The only truly secure network is on that's locked up and physically isolated from the rest of the world. Short of that, "network security" becomes a relative term rather than an absolute one -- trading off the advantage of security against the problems it brings. In some cases, organizations deliberately limit the amount of system security, saying that having too much security simply sets up a challenge for hackers. The organizations most likely to use such a minimalist approach are universities. Universities have a large number of hackers as users -- the type of user most likely to look upon breaking through a security system as a problem to be solved, without malicious intent. And universities are dedicated to spreading information and thus have a philosophical difficulty with keeping it locked up. While such openness is less common in a nonacademic environment, it nevertheless exists. "Anyone in the world can dial in and get on my system," David Parks (AKA) Tom E Hawk who runs four BBS's California. "The more open my systems have been, the fewer problems I've had with hackers." ____________________________________________________________________________ ____________________________________________________________________________ MODEMS ANNEXED, ISDN IN: TSR (fbs 1\30) When Dennis Hayes started his Atlanta-based Hayes Microcomputer Products in 1977 on a borrowed dining room table, the future seemed boundless. Hayes and his partner, Dale Heatherington, spent their evenings soldering together personal computer modems -- devices that allow computers to communicate via telephone lines. By 1984 privately held Hayes Microcomputer Products was commanding 55% of the personal computer modem market, with sales of more than 100$ million. The expression "Hayes compatible" is now as standard in the PC modem as "IBM compatible" in the PC business. Hayes didn't invent modems. They date back to the '60s, as complicated, cranky devices that had to be taken apart and rewire every time their phone numbers and software changed. Hayes, who started his career installing these models all over rural Georgia for electric utility cooperatives, knew he could do better. He changed data communications forever by giving users the ability to control a modem with their software instead of a screwdriver. What about the danger that the so-called Integrated Services Digital Network (ISDN) will obviate the need for modems? Hayes swears he isn't going to sit back and watch modems turn into the buggy whips of the 21st Century. Instead, he is working on an ISDN circuit board that will plug into a PC, enabling it to support a telephone call, data communications and video transmission all at the same time. Explains Hayes: "Soon a modem will come to mean any device which connects a computer to the phone line - analog or digital." And he expects to remain "king of modems" in the broader sense, as he did of modems in the narrower sense. :::::::::::::::::: Information provided by The Teknition ::::::::::::::::::: ____________________________________________________________________________ ____________________________________________________________________________ THOMAS COVENANT CRACKED BY THE FEDERAL COMPUTER CRIME UNIT: Recently, about 3 weeks ago, the infamous Thomas Covenant was cracked by the FBI Computer Crime Unit. Apparently, the FBI caught TC completely off guard, thus found some sensitive information including: Hacking documents, PW's and Accounts, and other lists of information. In response, Digital Logic's Data Service and Phoenix Project will down for approximately 1-2 months to wait for the scene to blow over. The Ronz, who is another witnessed hacker, tells that Digital Data Logic Service (DLDS) has been packed up and buried inside of a Nuclear Waste Dumping Ground. As for Phoenix Project, its been taken down, but TSR is not sure of the total details. Anyways, it is hoped that this bust won't take too many systems down. From what The Ronz says, the FBI and "other" government agencies are going on a mass crackdown (as usual) in late January, which happens to be happening now according to sources. So far nothing has happened to TC, but only time will tell... -- UPDATE! ON TC BUST -- Well about the Thomas Covenant bust, the whole ordeal is featured in Phrack Issue #23. This is the current story... TC was busted boxing (wire tapping) on his junction box in his apartment basement. He hooked into a certain line and, and he over heard a guy arguing with his wife. Unfortunately, this guy was a dangerous NSA (National Security Agency) employee. The NSA Agent had a measurable amount of equipment on his line to detect if it was being tapped. The NSA Agent prompted the police to catch Thomas Covenant in the fraudulent act. In turn, the cops turned upside down his apartment and seized PW files and other unknown bits of information. ____________________________________________________________________________ ____________________________________________________________________________ THE WASP - BUSTED BY FEDS The WASP- who was hacking government computers (Defense related items) was caught by a line trace. The Federal Agents picked him up along with some highly illegal information. The Feds were also are looking for LOD namely Lex Luthor, and Phase Jitter relating to the bust. Lex talked with the Feds via code, and the air was cleared with the Feds, and with LOD. :::::::::::::::: Source on Busts by Professor Falken / 612 ::::::::::::::::: ____________________________________________________________________________ ____________________________________________________________________________ ::::::::::::::::::::::::SYNDICATE REPORT BRIEF NOTES:::::::::::::::::::::::: ... TID BITS ON BELL ... // Service Tells 'Who is Ringin' // New Jersey Bell Telephone has decided to offer a service that will allow customers to determine if a phone call is for them - without picking up the phone. How to know: Different ring patterns. The service may start next month. Monthly fee: $4.50 for homes, 6.50$ for offices. _____________________________________________________________ // Service Helps Social Security // MCI has created an 800 toll-free number program to help the Social Security Administration add about 6 million more beneficiaries by the 21st century. IN magazine says the MCI Advanced 800 Service and Menu Routing Service will take an estimated 50 million calls this year from people in the USA and Canada. _____________________________________________________________ // New Jersey Bell - CLID // New Jersey Bell is introducing Caller ID, CLID, which produces an output of the callers Telephone Number on LCD Screens. The customer may block out phone prankers or annoying advertisers via CLID. The callers get a central-office recording telling them to buzz off. Currently 6 calls maybe blocked at one time only, with a price. If a 60.00$ device can capture phone number data from the phone line for display, another device could sit between a telephone line and a personal computer, trapping and storing incoming phone numbers. Both NJ Bell, and Nynex offer are offering the services nationally. ::::::::::::: Information provided by The Sensei :::::::::::: _____________________________________________________________ // Frequent Fliers Phone Flagging // An MCI-Northwest Airlines promotion started last September "has met and exceeded our expectations," says MCI's Brian Thompson. MCI and Northwest offered frequent fliers one mile for every $1 of calls. But other long- distance companies aren't rushing in. Sprint says the company is looking into the idea. AT&T says it has no plans for a similar program. ____________________________________________________________________________ ____________________________________________________________________________ :::::::::::::::::::::::::: TSR "Quote of the Month" :::::::::::::::::::::::: "Watch that 'sed' editor - it can invoke a chain reaction" - SysAdmin, New York ____________________________________________________________________________ ____________________________________________________________________________ TSR will accept additional sponsor/support Systems. If you have a certain interest in the Report, and wish to provide support to TSR -- Leave your BBS number -- also any other information on RADIO WAVES Bulletin Board System. ____________________________________________________________________________ ____________________________________________________________________________ The End System TSR :: 915-821-1856 --------- Lunatic Labs :: 415-278-7421 At Login: Any UNIX Default PW P/H System PlaydoLand Systems :: 612-522-3959 --------- The Outlet @ :: 313-261-6141 P/H-Files BBS Private P/H Newuser:Kenwood Radio Waves System :: 612-471-0060 * #1 Syndicate Support BBS * ____________________________________________________________________________ ____________________________________________________________________________ This concludes this Transmittal No. 20 (Part 2 of 2) Released January 31st, 1989 by The Sensei Editor of The Syndicate Report ____________________________________________________________________________ ____________________________________________________________________________