Ü ÜÛßÛÜ ÜÛÛÜ ßßßÛÜ Released: 8/10/96 by Korrupt ÞÝÜÛÛ Û ß Û ÞÛÝ ß Type: PAC BELLS Sleuth System & getting their passwords ÞÝßÛÜ Û Û ÞÛÝ - Rebels of Telecommunications - ÛÛÝÛÛÝÛÛÜÛÛ ÞÛÝ - Returns - ß Ûß ßßß ß - To the H/P/A Scene - -/- Pacific Bells Sleuth Anti-Fraud System -/- Pacific Bell Grants DRC Rights To Market, Support And Enhance Its "Sleuth" Fraud-Control System SAN FRANCISCO -- Pacific Bell has granted exclusive rights to Andover, Massachusetts-based Dynamics Research Corp. to market, support and enhance its Sleuth system which is reported to substantially reduce a leading type of telephone fraud. Sleuth recognizes fraud-profile calls charged to such "alternate billing services" as calling cards. The system can alert telecommunication security personnel to the possible fraud, who then can quickly cancel the misused calling card. "This agreement allows Dynamics Research Corp. to provide around-the-clock system support for Sleuth users, who include all but one (NYNEX) of the seven regional Bell operating companies," said Richard D. Noponen, director of Pacific Bell Operator Servic According to Noponen, his company's new long-distance unit, Pacific Bell Communications, will be a DRC customer when it begins operations early next year. DRC also gets exclusive rights to market Sleuth worldwide and to enhance the system as opportunity DRC has identified the telecommunications industry as a target market for its technical and customer-support expertise, said President and CEO Albert Rand. "We're confident that with Pacific Bell's industry knowledge, insights from a growing Sleuth users Noponen said that while he can't quantify total industry losses to fraud, Sleuth has been reported by some customers to reduce calling card fraud by more than 80 percent. "One of our customers said their fraud losses dropped from about $10 million a year. Noponen said Pacific Bell sought the agreement with DRC to free up company resources for projects more closely aligned with its core activities. The exclusive nature of the agreement assures a focused evolution of Sleuth to meet the needs of Pacific Bell Sleuth, a complex program with more than 1 million lines of programming code, was developed and first used by Pacific Bell in 1993. Noponen said he expects the next major enhancement will be to have Sleuth monitor direct-dialed calling patterns for fraudulent calls. Pacific Bell is looking to DRC to help find and implement new ways to fight fraud. "The fraudsters come up with new wrinkles all the time," Noponen said. "We think that with DRC, we will be able to keep up with them better than we can on our own." I thought a few of you out there might like to read this article, it kinda fills you with happiness that PAC Bell is thinking about us. Trying to stop us, they just can't seem to figure out that, that is just not going to happen. There is always a way around things. -/- PAC BELL Source code & Documentation on Passwords -/- ( The following information was downloaded directly from PAC Bell's FTP security section ) HOW TO SET UP A "LOOK ASIDE" PASSWORD FILE UNDER SUNOS 4.0 Make a backup copy of /etc/{passwd,group} If you haven't already selected the "C2 security software" option from suninstall when you installed your machine, you will need to do so. This I haven't verified myself, but people who didn't select it said they were missing some files. If you have sun source, create the directory /etc/security and protect it mode 711. You should modify rpc.yppasswdd and change it to force the passwd.adjunct file to be created mode 600; the way it comes from sun it will create the file 644 (obviously a bad thing) If you don't have sun source, and you don't mind installing binaries that have been built by someone else, anon FTP to bu.edu (128.197.2.6) and pick up the file binary/security/rpc.yppasswdd Otherwise, create the directory /etc/security mode 700. This will cause the function issecure(3) to always return false for users other than root, but I haven't seen any adverse affects (yet.) Neither have I tested it much, though. The reason that all of this is needed is that the issecure looks like #define PASSWD_ADJ "/etc/security/passwd.adjunct" issecure() { return(( access(PASSWD_ADJ, F_OK) == 0); } ie. if /etc/security isn't readable, then return "secure" ! bu-foo# ls -lga /etc/security total 24 drwx--s--x 2 root wheel 512 Mar 27 15:29 ./ drwxr-sr-x 6 root wheel 3584 Mar 27 04:46 ../ -rw------- 1 root wheel 62 Feb 27 13:00 group.adjunct -rw------- 1 root wheel 10193 Mar 27 15:28 passwd.adjunct Each entry from /etc/passwd has the encrypted password text commented out and replaced with the magic token "##user" (the passwd routines now know how to handle this new format) jdh:##jdh:3000:4940:Jason Heirtzler,x2780:/usr1/it/jdh:/bin/csh There is a entry in /etc/security/passwd.adjunct that contains the actual encrypted text jdh:aZw5eQq5n0o3k::::: Make sure "rpc.pwdauthd" starts from rc.local on both the yp master AND the yp clients (it starts right after rpc.lockd on our machine) On the YP client, the passwd file ends as it usually does -- with the string "+::0:0:::". The client also has it's own passwd.adjunct file (in it's own /etc/security dir mode 711) Ours looks like this root:GmXib0plXHJiY::::: nobody:*::::: daemon:*::::: sys:*::::: bin:*::::: uucp:*::::: news:*::::: ingres:*::::: sync:::::: sysdiag:*::::: +::0:0::: The group file mirrors the way the passwd file is setup (here the magic token is different "#$user"). seven:#$seven:7:jdh,budd and each entry in group.adjunct looks like this (there is only colon per line.) seven:* Some SunOS 3 programs had to be recompiled to work correctly (anything that uses the getpw???() stuff?), although nothing we built under 4.0 had problems after we made the switch. passwd.adjunct & group.adjunct are YP maps. There is one minor syntax error in /var/yp/Makefile -- a missing single quote in the c2secure rule. It should be changed to read make 'NOPUSH=$(NOPUSH)' passwd.adjunct.time group.adjunct.time;\ Good luck! -/- How to add a system user to the PAC BELL SUNOS System-/- The following is Unix Source code on how to Add a user to the system, so for those of you whom break in, and understand unix, check this out, this may help you out some. #!/bin/sh # # @(#)add_user 1.9 90/10/26 SMI # # add user script for use with sys-config # arguments: uname uid gid fullname homedir shell # # dirname is in SystemV catagory - so put it herein shdirname() { expr \ ${1-.}'/' : '\(/\)[^/]*//*$' \ \| ${1-.}'/' : '\(.*[^/]\)//*[^/][^/]*//*$' \ \| . } myname=`basename $0` Passwd=/etc/passwd # dank: server has a second database to update NISPasswd=/var/yp/src/passwd # dank: and a adjunct password database C2Passwd=/etc/security/passwd.adjunct PATH=$PATH:/usr/ucb export PATH # check for root if [ "`whoami`x" != "root"x ]; then echo "You must be root to do $myname!" exit 1 fi # check for number of args if [ $# -ne 6 ]; then echo "${myname}: invalid number of arguments" echo " usage: ${myname} uname uid gid \"fullname\" homedir shell" exit 1 fi # put args into named variables uname=$1 uid=$2 gid=$3 fullname=$4 homedir=$5 shell=$6 # checks for validity of arguments # check uid if test $uid -lt 10 ; then echo "uid: uid must be greater than 10 and less than 60000" exit 1 elif test $uid -gt 60000 ; then echo "uid: uid must be greater than 10 and less than 60000" exit 1 fi # check gid if test $gid -lt 10 ; then echo "gid: gid must be greater than 10 and less than 60000" exit 1 elif test $gid -gt 60000 ; then echo "gid: gid must be greater than 10 and less than 60000" exit 1 fi # check shell if test ! -x $shell ; then echo "$shell: the program does not exist or is not executable" exit 1 fi # check homedir # check if homedir already exists if [ -f ${homedir} ]; then echo "${myname}: WARNING: a file named \"${homedir}\" already exists" echo "and is NOT a directory, NOT setting up user account" exit 1 fi if [ -d ${homedir} ]; then echo "${myname}: WARNING: home directory \"${homedir}\" already exists" echo " no files copied, NOT setting up user account" exit 1 fi # check if all but last path of homedir exits dir=`shdirname $homedir` if test ! -d $dir ; then echo "$dir: does not exist or is not a directory" exit 1 fi # check if $homedir is local dfout=`df $dir | ( read aline; read aline; echo $aline )` case $dfout in /dev*) ;; # $dir is on local machine *) echo "$dir: is not on local machine" exit 1;; esac # create a null /etc/passwd entry # # dank: Check NIS passwd # first check if one already exists if grep -s "^${uname}:" ${NISPasswd} ; then echo "${myname}: ERROR: ${uname} aleady in ${NISPasswd}"; exit 1; fi # check if uid already exists #if grep -s ".*:.*:${uid}:" ${NISPasswd} ; then if cut -d: -f3 < ${NISPasswd} | grep -s -w {uid} ; then echo "uid: ERROR: ${uid} already in ${NISPasswd}"; exit 1; fi # Check /etc/passwd # first check if one already exists if grep -s "^${uname}:" ${Passwd} ; then echo "${myname}: ERROR: ${uname} aleady in ${Passwd}"; exit 1; fi # check if uid already exists if grep -s ".*:.*:${uid}:" ${Passwd} ; then echo "uid: ERROR: ${uid} already in ${Passwd}"; exit 1; fi # Check /etc/security/passwd.adjunct # first check if one already exists if grep -s "^${uname}:" ${C2Passwd} ; then echo "${myname}: ERROR: ${uname} aleady in ${C2Passwd}"; exit 1; fi # dank: Create NIS passwd entry for server that refers to c2 password file pwent="${uname}:##${uname}:${uid}:${gid}:${fullname}:${homedir}:${shell}" # XXX sould we use tmp file and rename it? ( echo '$' ; echo 'i' ; echo "${pwent}" ; echo '.' ; echo 'w' ; echo 'q' ) | ed -s ${NISPasswd} > /dev/null if grep -s "^${uname}:" ${NISPasswd} ; then : else echo "${myname}: ERROR: password entry didn't go to ${NISPasswd}"; exit 1; fi # dank: Create /etc/passwd entry pwent="+${uname}:" # XXX sould we use tmp file and rename it? ( echo '$' ; echo 'i' ; echo "${pwent}" ; echo '.' ; echo 'w' ; echo 'q' ) | ed -s ${Passwd} > /dev/null if grep -s "^+${uname}:" ${Passwd} ; then : else echo "${myname}: ERROR: password entry didn't go to ${Passwd}"; exit 1; fi # dank: Create c2 passwd entry pwent="${uname}:::::" # XXX sould we use tmp file and rename it? ( echo '$' ; echo 'i' ; echo "${pwent}" ; echo '.' ; echo 'w' ; echo 'q' ) | ed -s ${C2Passwd} > /dev/null if grep -s "^${uname}:" ${C2Passwd} ; then : else echo "${myname}: ERROR: password entry didn't go to ${C2Passwd}"; exit 1; fi # dank: Remake YP database (cd /var/yp; make passwd c2secure) # make the home directory /bin/mkdir ${homedir} /usr/etc/chown ${uname} ${homedir} /bin/chgrp ${gid} ${homedir} # add default user startup files cp /usr/lib/Cshrc ${homedir}/.cshrc cp /usr/lib/Login ${homedir}/.login cp /usr/lib/.sunview ${homedir}/.sunview cp /usr/lib/.rootmenu ${homedir}/.rootmenu /usr/etc/chown -R ${uname} ${homedir} /bin/chgrp -R ${gid} ${homedir} # Set the initial password passwd ${uname} # is ok, exit 0 exit 0 Well the following PUBLIC NOTICE has been brought to you by the Rebels of Telecommunications, sign up NOW at a local Bell pay phone near you.....