Date: 20 Oct 1992 18:00:41 -0800 From: "Stuart Hauser" Subject: File 6--SRI Seeks "Phreaks" for New Study A team working with Donn Parker at the SRI is gathering information about the perceived vulnerabilities (and related topics) of the software and control systems of the public switched telephone and data networks from the perspective of the hacker community and other knowledgeable sources. It is an extension of prior research that Donn has been carrying on over the past 20 years into the vulnerabilities of end-user computer systems, also from the perspective of hackers. Like the other projects, this is a pure research study. Our objective is to gather our information through face-to-face, telephone and keyboard interviews of members of the hacker community and its observers in the next two to four weeks. We are not attempting to identify and collect information on criminal activities, but rather on what folks know or hear about the weaknesses and vulnerabilities of the PSTN/PDNs. Below is a more complete brief on our interests. Stuart Hauser *********************************************************** Information Sheet for Participants in SRI's Study of the Public Switched Telephone Network October 1992 SRI International is conducting a study of the security aspects of voice and data communications networks, referred to as "Cyberspace" by some. Specifically, we are looking at the security of the public switched telephone networks and public data networks (PSTN/PDN) from the perspective of the vulnerability of the network management and control software residing in the switching systems and the computers that manage them. This study is part of SRI's ongoing research into information and communications systems worldwide and how they are viewed by the international "hacker" community. We are seeking the views of many experts-including what we have called "good hackers" for many years-on a number of issues relating to the security and vulnerability of the PSTN/PDNs, and on the international "malicious cracker" community. We know that the security of the software that controls the PSTN/PDNs is as important to most hackers as it is to everyone else who is interested in exploring Cyberspace. Consequently, we believe that the good hackers are as interested as we are in helping us and other PSTN/PDN stakeholders understand what the really malicious crackers might see as the weaknesses and vulnerabilities of these networks, what new technologies-including the use of human engineering techniques-they might be planning to use to gain access, and what they might be planning to do next. This study is being led and conducted by Donn B. Parker, who has been conducting this type of research for SRI International and its clients for the past 20 years, and is well known throughout both the good hacker and malicious cracker communities. As in the case of the prior field research of this kind, Mr. Parker and his associates will be gathering information through face-to-face interviews of the members of the hacker community in the United States, Canada, Europe, and several other countries. SRI International is a research and consulting organization that is not owned by any business or government agency; we are not in the law enforcement or criminal investigation business. This is a pure research project to determine the vulnerability and security of the software that manages and controls the PSTN/PDNs. Our interests are very much the same as were those for earlier projects in which our interests were focused on the vulnerability and security of the now widely used computer information systems. We do not work with law enforcement agencies to collect information on any individual or group and we will not reveal the names of our information sources unless the sources ask us to do so. A summary of our findings will be sent to you on request after the study has been completed. By working together in this way, SRI and cooperating information professionals can help protect the major highways of Cyberspace for our respective uses and interests. Donn B. Parker dparker@sri.com (415) 859-2378 ------------------------------ Downloaded From P-80 International Information Systems 304-744-2253