The LOD/H Technical Journal, Issue #3: File 10 of 11 ----------------> Clearing up the Mythical LOD/H Busts <------------------ Following is an article taken from Pirate-80 that Scan Man typed up which talks about the summer busts of 87. They called it the "LOD" case but as usuall, they were disillusioned. Our guess is that Oryan Quest was one of the first to be investigated, and due to his calling of other hackers when a DNR was on his line, led the authorities to the others who were eventually visited. Oryan claimed he was in LOD and this is where they must have gotten the idea that everyone he spoke to was in LOD also. In this respect the article is rather humorous in that they caught people who were not in LOD/H. Normally we would not put reprints of magazine articles in the LOD/H Technical Journal, but seeing how it is relevant in clearing up any misconceptions, we decided to put it in. ------------------------------------------------------------------------------ Remember, Oryan Quest is *NOT* now, *NEVER* has, and *NEVER* will be in LOD/H! ------------------------------------------------------------------------------ From: SCAN MAN To: ALL Subj: LEGION OF DOOM BUST WAR AGAINST PHONE HACKING HEATS UP BY GREGG PEARLMAN, ANTIC ASSISTANT EDITOR Computer break-ins are no longer viewed as harmless pranks. For example, unauthorized computer access is a misdemeanor under 502PC of the California Penal Code if you just trespass and browse around -- and if it's your first offense. But: "Any person who maliciously accesses, alters, deletes, damages, destroys or disrupts the operation of any computer system, computer network, computer program or data is guilty of public offense" -- a felony under Section C of that code. Even changing a password to "Gotcha" is a felony if it can be proven that it was a "malicious access." In California, the maximum punishment is state imprisonment, a $10,000 fine and having your equipment confiscated. The penalty depends on who you are, your prior record and the seriousness of the crime. And you don't have to, for instance, breach national security to be guilty of a felony. Accessing even a simple system of a small company could damage vital data for more than a year's worth of business, especially if that company didn't properly back up its data. There are all kinds of computer crime. Stealing an automated teller machine card and withdrawing money from an account is a computer crime because you're using a computer to get money out of a system. But simply trespassing in a system and not doing any damage is normally a misdemeanor, according to Sgt. John McMullen of the Stanford University Police Services. This kind of crime has become very common. "Every kid with a computer is tempted," he said. Unfortunately, it can take months to complete an investigation. For instance, the so-called "LEGION OF DOOM" case, beginning in September, 1986, took 10 months to solve and involved people in Maryland, New York, Pennsylvania, Oregon and California. If someone breaks into the computers of, for example, California's Pacific Bell, and the break-in is severe, Pacific Bell Security gets warrants issued, and then, with the police, confiscates computers, manuals, telephone lists and directories -- all related equipment. It's common for the computer to be tied up for a few months as evidence. (And by the time Pacific Bell Security does get involved, the evidence is usually overwhelming -- the conviction rate is extremely high.) "Whenever I'm involved in a case," said McMullen, "I ask the judge for permission to confiscate the equipment. That's one big incentive for hackers not to do this kind of stuff. I haven't had any repeaters, but I know of one case where the guy probably WILL do it again when he gets out. "Usually the shock of what happens to a juvenile's parents -- who bought the equipment and watched it get confiscated -- is enough to make them stop. But we don't really have enough cases to know what the parents do." ACCESS "It's easy for hackers to find company phone numbers," said Daniel Suthers, Atari user and operations manager at Pacific Bell in Concord, California. "Most large companies have a block of 500 to 1,000 phone numbers set aside for their own use. At least one line will have a modem. "People post messages on hacker/phreaker bases on some BBS's and say 'I don't know who this phone number belongs to, but it's a business, judging by the prefix, and has a 1200-baud tone.' Then it's open season for the hackers and phreakers." Phreakers aren't much different than hackers -- they're just specifically telephone-oriented. In "CompuTalk: Texas-Sized BBS" (Antic, August 1987), sysop Kris Meier discussed phreakers who appear to have called from phone numbers other than the ones they were actually using. A computer isn't needed to do this -- it's usually done with a "blue box." "The blue boxes were used mostly in the late 1960s and early '70s," said McMullen. "They fool the network and let people make free long distance calls -- a tone generator simulates the signalling codes used by long distance operators. The boxes were phased out a couple of years ago, though: they no longer let hackers access AT&T, but Sprint and MCI can be accessed by something similar. However, computer programs are normally used now." To get long-distance phone service, hackers now use one of several programs passed among other hackers (on bulletin boards, for example). They find the local access number for Sprint or MCI and then run the program -- perhaps for a few days. It generates and dials new phone numbers, and the hackers can check to see how many new or free codes they've turned up. They can post the codes on a BBS, and their friends will use them until they get stopped by the long-distance company -- depending on how long it takes the company to realize that these numbers hadn't been issued yet -- or until the customers discover that their numbers have been accessed by someone who isn't "authorized." Bulletin boards can be especially easy prey. "If a hacker knew your BBS program intimately, he could probably figure it out, but that's messy," said Suthers. "If he can find a back door, it's easier. Sysops are notorious for putting in their own back doors because, though they have all the security under the sun on the FRONT doors, they still want to get in without problems. It's just like what happened in the films Tron and Wargames -- which probably taught a whole generation a lot of things." Meier had said in the August, 1987 issue of Antic that someone once called his board COLLECT. Simply put, the caller fooled the operator. McMullen says that's been around for a long time. "It's common in prisons and situations where the phones are restricted." McMullen also said that if the timing is just right, as soon as the modem answers, the phreaker can wait for an operator to say "Will you accept the charges," then say "Yes." The operator can't tell which end said yes, and if the modem has a long delay before the connect tone, the phreaker can get away with it. It couldn't be done entirely electronically -- the voice contact is needed. "I've never run across people accessing online services such as CompuServe in this way, but I'm sure it happens," said McMullen. "People suddenly get strange charges on their phone bills. "The hackers I've dealt with are very brilliant and good at what they do. Of course, when you do something all day that you're really interested in, you're GOING to be good at it." DOOM McMullen's most recent hacker case at Stanford University dealt with the Legion of Doom, an elite group of hackers who broke into computers -- some containing national defense-related items. "As I understand it, they're supposed to be the top hackers in the nation," McMullen said. "I started investigating the case when it began crossing state lines, getting a bit too big. I contacted the FBI, who said that because of the Secret Service's jurisdiction over credit card and telephone access fraud, they'd taken over computer crime investigations that go across state lines -- actually, anything involving a telephone access code. This case, of course, involved access codes, because the Sprint and AT&T systems were used, and it was the Secret Service, not the FBI, that made the arrests. "I think that the publicity from this case will scare people, and there'll be a lot less hacking for a while. Some hackers are afraid to do anything: they're afraid that the Secret Service is watching them, too." TRACING AT&T, Sprint and MCI now have ANI -- Automatic Number Identification -- as does Pacific Bell. It aids a great deal in detecting hackers. Pacific Bell usually just assists in this type of investigation and identifies the hackers. "It's easy to trace a call if the caller logs in more than once," said Suthers. "The moment they dial in, a message is printed out -- before the phone even answers -- pinpointing where it came from, where it went to, the whole shmeer. "A blue box made it much harder to detect, but if a hacker used it consistently, we could eventually trace it back. So if someone is in California and makes it look as if he'd called from New York, we can trace it across the country one way, and then back across. Generally, though if the call IS billed to a New York number, the caller is actually somewhere like Florida. But we can back-trace the call itself, especially if it's extremely long." But recently someone broke into Pacific Bell "through a fluke of circumstances." Suthers said, "We closed down that whole area, so they can't get back in that way, but if they dial the number again, they're in trouble." If Pacific Bell Security detects a break-in, the area is secured immediately. Sometimes hackers are steered toward a kind of "pseudo-system" that makes them THINK they've broken in -- but in fact they're being monitored and traced. As to how many hackers there are, who knows? There's a lot of misuse and inside work that's never detected or reported. SECURITY Security systems are expensive, but someone with a lot of data and an important system should seriously look into one. Very few hackers are caught, simply because few corporations have good security systems. "Passwords should never be names, places or anything that can be found in a dictionary," said Suthers. "People shouldn't be able to just write a program to send words from their AtariWriter Plus dictionary disk. Normally there should be a letter here, a few numbers there -- garbage. Thus, if someone writes a program to generate random symbols and keeps calling back until he breaks in, he'll probably be traced. "Some corporations aren't very computer literate and don't worry about things like passwords until they've been hit, which is a shame. But it's all out there in the books. TRICKS OF THE UNIX MASTER (by Russell Sage, published by SAMS Publications, $22.95) is a beautiful book that tells you exactly what to do to avoid break-ins." McMullen said that Stanford is trying to tighten up security by emphasizing the importance of better passwords. "When researchers want to do their work, however, they don't want to mess with passwords and codes," he said. "Universities seem to want to make their systems easier for researchers to use. The more accessible it is, obviously, the less security there is in terms of passwords. It's easier to use your name as a password than some complicated character string. "So any hacker worth his salt can go onto any computer system and pull out an account. Especially with UNIX, it's very easy to access it, entering as the password the first name of the person who has the account. These Legion of Doom hackers used a program that actually found out what the passwords were: it began by just checking the names. They were very successful -- it was just unbelievable." But McMullen feels that security fell way behind the advances made in computers, and several avenues were left open for people to explore. "Often these hackers don't mean to be malicious or destructive," he said, "but I think they really feel triumphant at getting on. Sometimes they do damage without realizing it, just by tramping through the system: shutting down phone lines, programs and accounting systems." However, the strides made in security since then have accounted for arrests, confiscations and convictions all over the country -- but there are still many more to come.  Downloaded From P-80 International Information Systems 304-744-2253 12yrs+