. . . x .xX welcome to x X XxX .xxxxxX .xXX XX XxX xxxxxxx XXXXXXXXXXXXX .. XxX .XXX XXX x xXXXX XXXXXX xx XXXX xXXX XXX ¸ XXXXX XxXXX xXXX XX XXXXX ¸ XX XxXXXXxXXX XXXXx XXXXX X XX XXXxXXxXXX XXXxxx. XXXXXXXXXX XX XXX XxXXXXxXXX XXX XXXXXXXXXXXXXXX XXX XXX XXXXX XXX ¸ $$$$$$$$XXXXXXX X XXX XXXX XXX x $$ $$$$$$$ $ x XXx XXX XX ` ' ` x XXXXXXX ' XXXxXxXxXxX ` .xXXXXX ' XX XxX$ . XXX ' XXX$ x ' .xxXX$ ' ` xXxX$. ' ' XxX$ x XXX$ xx XxX$ $xXxXxXxXx$ '$$$$$$$$$ ¡ascii concepts by c0rr +*¤*¤*¤*¤*¤*¤*¤*¤*¤*¤*¤*¤*¤*¤*¤*¤*¤*¤*¤*¤*¤*¤*¤*¤*¤*¤*¤*¤*¤*¤*¤*¤*¤*¤*¤*¤*¤*¤*+ ° ° ° . . . T a b l e o f C o n t e n t s ° ° ° +**¤*¤*¤*¤*¤*¤*¤*¤*¤*¤*¤*¤*¤*¤*¤*¤*¤*¤*¤*¤*¤*¤*¤*¤*¤*¤*¤*¤*¤*¤*¤*¤*¤*¤*¤*¤*¤*¤+ -- Introduction = by: ruiner -- -- _carbon_'s Intro = by: _carbon_ (imagine that) -- Tech Articles -- The "Parsable Telephone Scan" format = by: prez -- -- An Argument for the Linux GUI = by: doc -- -- Hiding from ECM using 09 = by: _carbon_ -- -- High speed telco data lines primer = by: larsu -- -- Basic encryption - 1 = by: orez -- -- "Crypto stuph" = by: c0rr -- -- Bell Canada VMB Insecurity = by: Prez -- -- The Echelon "Myth" Exposed = by: c0rr -- -- Findlay, Ohio Walmart PBX Extensions = by: ruiner -- -- The 419 Report = by: the Amerisuk Crew (ok, Admin-x-, doc, and ruiner) -- The end of 419 as we know it = by: Admin-X- -- Who the fuck are we? Who cares? -- Members -- -- Other People -- -- Shoutouts -- Contact: www.amerisuk.com -- emails and shit are there on the members page. you're smart,you'll find them ------------------------------------------------------------------------------- -- Introduction = by: ruiner -- ------------------------------------------------------------------------------- Welcome, gentle readers, to Zine 3, brought to you by Amerisuk Communications. This is ruiner, and I will be chief editor for this issue (As if you knew who I am, or even cared, for that matter.) That means that I'm the one responsible for most if not all of the annoying smartass comments throughout the zine. A few of you may find them amusing, maybe. Probably not. I am also responsible for spelling and grammer checking, as I am reasonably good at it, and I feel that it is necessary to not put forth the impression that Amerisuk is simply a group of slack-jawed yokels who cannot spell. Releasing any medium of spreading knowledge that is filled with typos and incorrect grammar really does nothing apart from making the offending group seem sloppy and/or fucking stupid. And I assure you, any typos or misspellings are INTENTIONAL! (heh heh heh) But anyway, we here at Amerisuk would like to offer a sincere apology for Zine 2. Unfortunately, there was some shit going on with the group, personal problems, which caused some people to not submit articles on time, or not at all. As a result, the issue was certainly not up to par with what we had hoped to achieve. However, my article, in my infallible biased opinion, is certainly of the same quality as all of my writing. This may sound narcissistic of me, but I did not actually imply that my writing is good, simply consistent. Anyway, we hope this issue is much more technical and enjoyable than the previous one. And, again, we are very very sorry for Zine 2, and we promise never to release anything so pitiful a second time. So, enjoy Zine 3! -- ruiner ------------------------------------------------------------------------------- -- Carbon's Intro -- ------------------------------------------------------------------------------- I would like to take this time to talk about the recent DoS attacks and the media's "claims". It seems apparent to amerisuk that the government has taken it upon themselves to use this situation and to scare people into accepting martial law on the internet. At the same time it seems as though many hackers are pointing fingers to other hackers and questioning their abilities and passions with the relevance of their age. I'm not going to speak on the government and it's exploitation of the people since it is pretty much the same old story. However, I assure you that hackers blaming hackers is very disturbing. I find the age of someone interested in hacking or security very irrelevant. Who is to define 'what a hacker is'? Not everyone had the luxury or resources to start when the term 'old school' was born. To shun a newcomer only because you feel that they will never compare to you or because the less people that learn, the more eleet you are is not what it is about. Without someone to pass the ethics to, the underground will become no more than a faded rebellious trend. To say that some 'kid' pulled off these attacks is as absurd as the media stating that it was hackers. The hackers who feel this way must remember, you began somewhere too. It is your own self-centeredness that has blinded you. ***** Zine wasnt meant to be a rip off of Phrack or any other great and well known zine. Zine is for anyone with an interesting article or view that can reach out to others. If you're well known in the computer world, or just an average irc'er, it doesnt matter. We are looking for good content, knowledge, and expressive material. This is a zine for the people by the people. Later -carbon carbon_baked ------------------------------------------------------------------------------- *************** Articles *************** ------------------------------------------------------------------------------- -- The "Parsable Telephone Scan" format = by: prez -- ------------------------------------------------------------------------------- Composed by Prez (prez@lfx.org) Hey guys, it's prez :) Back from the dead. Over the last few weeks, I've taken some time to get some stuff done. Me and the locals have been doing a lot of our own stuff, but mainly, we've been drawing a 'map' of our local area via scanning. While doing this, we kinda made up a "standard format" for documenting scans. After using it, we decided that this format of documenting scans really had potential for wider use, because of a few things: - Parsable The format is so easily parsable that any phreaker could write a program/script to parse this into whatever format they like to view their scans in. - Ease Documenting scans is fast and easy and you can generally fly through numbers. - Global Just think, if we started documenting all our scans in a universal scan format, the scans could be used for more than just reading, they could be referenced by different programs and utilities for whatever information they need. Anyways.. the format is a lot like ASM code, where you have an "address", "instruction", and arguments. A normal line of a scan would look something like this.. . 1201 RES or 0317 CORP "Sheprod K-9 Security" . ..As you can see, you have: - the "address", the number - the "instruction", the type of find - the "arguments", any additional information Now, lets just run over all the types of finds you can have, and this definitely doesn't cover everything out there.. I'll explain in a second about these, and any arguments they can have. ERR Error RES Residential line CORP Business of any kind FAX Fax machine RING Unanswered AUTO Automated System DESC Any number needing explanation %%%% Odd or unexplainable, this is what we're looking for;) Heh, this is where this turns into a man page :P ERR [error number] Okay, these are the set of errors that the Telco has, you know the ones, "the number you have reached is out of service.." or the type. These are predefined at the top of a scan, I'll explain this later when I show you an example. ANOTHER NOTE: XX is going to be the "Number changed to.." error, this is be standard so that they can read argument's properly, as a line changed should look something like: 1794 ERR XX 519-448-4794 Make sure the number has no spaces in it.. :) RES [*] Residential, * can be any additional information about the line. CORP [name] Business of any kind.. if they sell, they are CORP :) Now, [name] is just that, the name of the business.. if you could hear it. PAY [*] If you have a definite way of telling if a line is a payphone (sometimes there are "outgoing calls only" messages), feel free to use this.. * is your comment, perhaps "This line accepts incoming calls".. FAX [*] Just that, a fax. * is any additional information. RING Okay, RING is usally just used when you don't get an answer, this can mean someone isn't home or whatever.. The parsing program I'm working on can be set to output these, just so you know which ones you should re-dial later. AUTO [*] Heh, ANY automated system. If it takes DTMF for menus, it's automated. Automated systems do not include Home Answering Machines that don't take DTMF input, those are RES/CORP. AUTO can override use of RES/CORP depending on if it takes DTMF/Voice for input, I guess you just have to use your judgement. * is any explanation. DESC [*] If there is something about this line that really needs explaining, use this. * is your description. %%%% [*] Heh, I've only used this twice. These are numbers that are one of a few things: Unexplainable, Really REALLY dope, or something really special. * is your explaination of the number, and any advice for people that are going to call it. A good example is: 0297 %%%% Unused VMB.. This is odd because the first thing you do when you get Bell Call Answering is set it up.. If you guys remember a certain VMB I had for awhile, this was the exact situation. 0315 %%%% "LP Dispatch" Local Police Dispatch, need I explain this? Now, for your example file.. With a few comments (##'s are excluded from any actual scans): 905 387 ## the area code and exchange your scanning { ## inside the {}'s you can define your error messages 00 "We're sorry, your call can not be completed as dialed.." 01 "We're sorry, the number you have reached is not in service.." 02 "Bell Canada, There is no service at (number), I repeat.." } 0001 RES 0002 CORP "Boomer's Strip-club" 0003 RES 0004 ERR 02 0005 ERR 0006 DESC Tones, then pulse, then disconnects. 0007 %%%% There is a dialtone, and you can dial out local! 0008 BUSY 0009 AUTO Voicemail system for Hamilton Spectator 0010 PAYF Heh, you get the idea, right? Anyways, anyone that is going to make a parsing script for this format, keep one thing in mind. Expandability. There may be a lot of things I didn't include that are so common they should have their own 'code'. Make sure your program can handle unexpected codes (you know, without crashing), in case new things are incorporated into the "standard". If you guys have any feedback or suggestions for the Parsable Telephone Scan format, please drop me a line.. My contact information (email, irc, ptsn) is below. The top of it, to all my boys at Amerisuk :) Peace, Prez prez@lfx.org prez_ on efnet 905-312-0297 ------------------------------------------------------------------------------- -- An Argument for the Linux GUI = by: doc -- ------------------------------------------------------------------------------- I've been sitting around wondering a few things. I'm not an expert by any stretch of the imagination on the subject of computer graphics. I do believe that I have some valid suggestions and possibilities for a GUI environment running with a UNIX flavored operating system. It is my opinion that X has soured a super stable kernel. Also, the instability of an operating system (i.e. Windows 95) that has the word window at the root of the name of the operating system has caused hard core computer enthusiasts to question the validity of a graphical file manipulation tool/graphical display tool. Another reason (the best counter argument that I would agree with) is that the end luser may not totally understand the actual process that is occurring when he/she manipulates a file. I however, will make a bold statement. Graphical manipulation can be your friend! Here is why. Number one, some people are graphically oriented learners, just as others learn by hearing, and others by doing. Ignoring the possibility that those with such talents could increase there productivity by a graphical shell is wasteful. Number two, putting a black eye on GUI's in general has led to the belief that all graphics are evil. I say that seeing a jpeg of something may explain a complex idea much easier than 1000 lines of text. Number three, humans spend more time manipulating objects in a graphical world than they do concepts that are totally textually based. Therefore, is it wise to ignore the trait that has been taught to us from birth? This concept is sometimes labeled under the topic integration of humans and computers. (Of course, when VR becomes available, we can manipulate objects visually, tactually, orally, with smell and hearing.) OK, doc, these seem like a few wonderful reasons that might mean that graphics aren't totally evil. Now, what do we do to integrate this with my favorite UNIX flavor? I'm glad you asked. Number one premise, this should all work over a network connection, just like X is "supposed" to do. An luser should be able to sit down in front of a thin client or xterm and be able to see the desktop originating from the server. Number two, basic shapes that need to be drawn will be held in memory on the client side. (For clarification, the server/client paradigm is not the sick, twisted MIT logic of X. Rather, I refer to that which commands are issues by the luser, or client, and the server is the large, stoic computer that sits in a corner processing millions of requests for junk email and quake 2 games.) These shapes can be mathematically combined and end up meaning the intended shape. This shape can be represented by the coordinates of where the objects vertices should be, and any other specific information required by the computer. This could be a special graphic that is outside of the normal set of shapes sitting on the client side. A compressed (and hopefully low-res) graphic could be sent and told to exist within a specified coordinate. My third idea is that it must be able to work with the kernel, and be able to manipulate files graphically the same way that files are handled textually in say, bash, for example. The guru mantra of, "everything in UNIX is a file!" must be held as a fundamental design belief. Number four relies on some simple ideas that I had when playing a legacy DOS game. It also is sort of like what you run into if you have ever used edit.exe in your life. How about this. The GUI could be simple ASCII and ANSI characters. If some graphic needed to be displayed, it could be loaded in a separate window, or even switch screens. It could take normal mouse commands, much like edit.com does. Much could be done in addition to all of the ideas presented here. Basically I intend to get ideas stirring in the minds of UNIX lovers. Just because GUI's have been typically unstable shells, doesn't mean that we should give up on the concept it self. We should see it as a challenge to rise above, and create. -- doc ------------------------------------------------------------------------------- -- Hiding from ECM using 09 = by: _carbon_ -- ------------------------------------------------------------------------------- *Penalties for the possession of "test cards" or programmers is $10,000 and up, so dont be stupid... please dont cry to us, it's not our responsibility* Smart Cards are commonly found in DTV (Direct TV) units. The two types of cards that are focused upon are H and HU (upgrade) cards. At this moment only H cards can be reprogrammed do to the "encryption" of the HU, but this will come to an end soon. In normal circumstances, once a modified card is detected, dtv will loop you. They simply send an ECM packet, which is treated just like an update and basically makes the card unusable. H cards however, have what is called a 09 command security flaw. When a 09 command is received, it is used to determine what key (encryption) will be used to authenticate the incoming data. The ASIC (hardware on card) will then start calculating what the the real validated signature should look like and then the key goes through the algorithm. When/if the card is changed do to the incoming data, it is buffered for later processing. Once the signature command is received it is compared to the calculated validation signature...if all goes well, all buffered commands are executed with no problems. With this said, you may see how easy it would be to send a valid 09 followed by a desired command, another 09, and then following that with a known public signature for a message containing nothing. What happens is, the ASIC is initialized because of the first 09, the desired commands are buffered, and the ASIC is hit with another 09 that causes it to reinitialize. It then analyzes the empty data, which is valid and releases the buffered data that was stored after our first 09 command. Now depending who you are you may want to program this yourself, or you may want to get a script that does it automatically like Stealth. I find that 3M works the best.... Can you use a script without changes using 3M? YES. Do I recommend it? NO. You must remember that if you make/modify a 3M there is less chance for dtv to be able to loop you because your 3M code doesnt match theirs. *It is important not to give out your private 3M!* In the next issue I will finish teaching you how to reprogram the H card, for educational purpose only...of course :) If you cant wait, I suggest just looking it up on irc or the web. Until then.... -later carbon ------------------------------------------------------------------------------- -- High speed telco data lines primer = by: larsu -- ------------------------------------------------------------------------------- Telco data lines are used for many things, by telcos themselves as interexchange trunks, by ISP's as backbone connections to upstream providers or NAPs, and by companies to connect satallite offices to headquarters. These lines are dedicated point to point links (with a telco CO or two in the middle). Thus, they don't have phone numbers or what not. They're just connected all the time to one location. Anyhow, you might end up doing something where some info on these lines might be handy. Perhaps SE'ing an IS person into fucking with their CSU and watching their network connection go down. Or perhaps not. DS0 - aka 56k/64k dedicated circuit This is the smallest line size that really matters. Telcos say you can purchase smaller lines, but I've never seen one. DS0's are either 56kbps or 64kbps digital data lines, depending whether it's provisioned for in-band or out-of-band signalling. A DS0 is generally delivered to the customer's demarc as a pair of wires marked on their gateway box with red plastic locking caps, which run out to a RJ11 (4 wire telco plug) beige wall wart. Telcos mark the wall wort with various Do Not Disturb messages, and with a circuit ID #. Ameritech uses circuit ID numbers in the form IBZD################### (20 or so digits). The customer then hooks a small DS0 capable CSU/DSU (most are about the same size as external modems). These CSU's are programmable for different options, such as in-band or out-of-band signalling, normally through a set of dip switches on the bottom or the back of the unit. DS0 CSU's usually just have an RS-232 serial port, which would either connect to a router, or a computer, depending on the application. If connected to a router, it could be used to link two networks together, or perhaps as a dedicated internet link for a small office. If connected to a serial port of a unix box, it could be used as a ppp link, or for providing remote terminals. DS1 - aka T1 This is a very common dedicated line. It can transmit up to 1.544 Mbps when provisioned as a full, clear channel (out of band signalling) DS1. it is equivalant to 24 DS0's. Single DS1s are delivered to customer premises using 2 copper pairs, covered with red plastic locking caps in the customers gateway. This then goes over shielded twisted pair cabling to a device called a smartjack. This is still on the telco's side of the demarcation point. The smartjack is a self powered termination device a little larger than a deck of cards. When telco's install these, they put them in a rackmount chassis that holds about 5 of them. They have a few status LED's on them to alert things like link failure, etc. DS1's then connect from the smartjack to either a separate CSU, which is usually about the size of a tall external modem, or directly into something else that performs CSU functions, like some routers, wan cards, or modem pools. Most DS1's are privisioned for data only, but they are also capable to transmitting voice, with 1 line per channel (24 channels total). Inteligent CSU's can break up a DS1, allowing voice and data simulataniously. If you ever shop around for a dedicated Internet connection, you will notice almost all backbone providers offer fractional DS1 service. The offer this by providing a full DS1 circuit to your premise, and then configuring their CSU equipment to accept data on the corresponding number of circuits. ------------------------------------------------------------------------------- -- Basic encryption - 1 = by: orez -- ------------------------------------------------------------------------------- A beginners look at the history of cryptography and how it is used today. -orez Ok I was reading some things on the net to other day, and I really haven't found and basic introductions to cryptography, and the algorithms used. So I felt inclined to write a simple file on how cryptography works. Since this is the first of more I plan to write, I'll just cover most of the simple algorithms. Such as the Caesar shift aka. substitution cipher and monoalphabetic as, as well as some polyalphabetic algorithms. The easiest ciphter to make and break is the simple substitution cipher. The way the substitution cipher works, is you have the normal alphabet and the cipher alphabet. Like this: abcdefghijklmnopqrstuvwxyz - standard alphabet efghijklmnopqrstuvwxyzabcd - cipher alphabet Now, the way this works is you create a message. Say this will be our message "the come from the west". What we do is replace each letter in our message with the corresponding letter from our cipher alphabet. So our encrypted text would read like this: "xli gsqi jvsq xli aiwx" see how that works? If not I'll show you step by step real quick. Ok the first letter of our message is "t". So we look up at our alphabet and find the "t". Now look at the cipher alphabet and find the letter that is right below the "t" and that is what we replace the "t" with. And then continue the same way with all the letters. T This was a very simple cipher. But it worked well for a while around the 15-century. But as I'm sure you can see already, it is very easily cracked. The first thing you can look at is letter frequency. Assuming you know the language it is written in, you can compare the frequency of the encrypted messaged to the frequency of letters in normal words. Here is a list of the english alphabet and the frequency they occur in letters. Letter | percentage Letter | percentage ------------------------ ----------------------- a 8.2 n 6.7 b 1.5 o 7.5 c 2.8 p 1.9 d 4.3 q 0.1 e 12.7 r 6.0 f 2.2 s 6.3 g 2.0 t 9.1 h 6.1 u 2.8 i 7.0 v 1.0 j 0.2 w 2.4 k 0.8 x 0.2 l 4.0 y 2.0 m 2.4 z 0.1 Ok, now that you have the frequency that letters occur in the English language lets see if you can crack a simple substitution cipher. jazp pua aevqoz Now that you understand how this cipher works, and understand how to crack it, you must be thinking to yourself "how could people actually use this?" Well, people realized that it was easy to crack. For one you know how many letters are in each word and where the spaces are, so something had to be done about that. People started creating new symbols instead of using just letters. Bigger alphabets were also created using numbers and punctuation. With all that thrown in it does make it considerably harder to crack. Still not impossible, but harder than before. I'll show you what I mean. say you have a normal alphabet abcdefghijklmnopqrstuvwxyz, but now add | + } ] } = a space and the rest are just nulls (tossed in randomly to confuse someone trying to decrypt it but don't actually represent anything.) here is an example of an encrypted message using this technique: "aas|jebn}kjen+ekn}nmqxz]klj lk}neko" see how using the basic frequency method would be harder to decrypt this message? Oh by the way if you didn't decrypt the first message or aren't sure what it is, it says "beat the enigma". Anyway I'm sure you all understand how this cipher/algorithm works by now. A more advanced encryption method is the Vigenere cipher. The strength in using this cipher lies in using 26 distinct different cipher alphabets. Each shifted by one letter with respect to the pervious alphabet. I'll create a diagram that shows how this is setup. plain- abcdefghijklmnopqrstuvwxyz 1 |bcdefghijklmnopqrstuvwxyza 2 |cdefghijklmnopqrstuvwxyzab 3 |defghijklmnopqrstuvwxyzabc 4 |efghijklmnopqrstuvwxyzabcd 5 |fghijklmnopqrstuvwxyzabcde 6 |ghijklmnopqrstuvwxyzabcdef 7 |hijklmnopqrstuvwxyzabcdefg 8 |ijklmnopqrstuvwxyzabcdefgh 9 |jklmnopqrstuvwxyzabcdefghi 10 |klmnipqrstuvwxyzabcdefghij 11 |lmnopqrstuvwxyzabcdefghijk 12 |mnopqrstuvwxyzabcdefghijkl 13 |nopqrstuvwxyzabcdefghijklm 14 |opqrstuvwxyzabcdefghijklmn 15 |pqrstuvwxyzabcdefghijklmno 16 |qrstuvwxyzabcdefghijklmnop 17 |rstuvwxyzabcdefghijklmnopq 18 |stuvwxyzabcdefghijklmnopqr 19 |tuvwxyzabcdefghijklmnopqrs 20 |uvwxyzabcdefghijklmnopqrst 21 |vwxyzabcdefghijklmnopqrstu 22 |wxyzabcdefghijklmnopqrstuv 23 |xyzabcdefghijklmnopqrstuvw 24 |yzabcdefghijklmnopqrstuvwx 25 |zabcdefghijklmnopqrstuvwxy 26 |abcdefghijklmnopqrstuvwxyz (gee that was fun to type, yeah right) Now that you see how this cipher is layed out, let me show you how it is used. Here's how your message would like before you encrypted it. whitewhitewhitewhitewhi diverttroopstoeastridge You're probably wondering what that whitewhitewhite jargon at the top is huh? That is your keyword. The keyword repeats across your message evenly with the message. Also notice that there are no spaces in the message, so there will be no spaces in the repeating keyword. Here is where the encryption part starts, each letter in the keyword represents a cipher alphabet (from the table above). Each letter represents the row that starts with that letter, "w" represents alpabet 22 and "h" represents alphabet 7, and so on. We will start by encrypting the first letter, we look at the first letter of the message "d" then look to see what letter of our keyword is above it. "w" is the letter above it, so we know that we are using alphabet 22 to get the cipher letter. then we look up at the plain alphabet on top, find the letter "d", then follow the column below "d" in the plain alphabet to row 22 and see what letter is there. "z" is the letter we find. If you're not quite sure how we did that I'll draw a diagram. we want D--------| step 1. plain - abcdefghijklmnopqrstuvwxyz | | step 2. (then follow the row below D to the cipher | alphabet. in this case its row 22) | | row 22 wxyzabcdefghijklmnopqrstuv step 3. find the letter that it lines up with "d" from the plain alphabet, which is "z" Then we would repeat the same steps but this time since the second letter of our message is "i" and the corresponding letter(the letter above "i") in our keyword is "h" and "h" represents row 7. We find the letter "i" in the plain alphabet then follow straight down to row 7 and the replacement letter is "p". and just follow the same steps. try it, see if you can encrypt our message on your own. If you don't feel like it because it takes a really long time, or you want to see if you are right here is our encrypted message. white-zpdxvpazhslzbhiwzbkmznm Remember when using this method of encryption make sure you and the person that is receiving the message have the same table with the cipher alphabets, and don't forget to include the keyword along with the encrypted message. I'm sorry if that section was confusing to read, it was rather confusing to write, but i'm sure you'll all get it soon if you didn't already. That is a very popular method of encryption and is still in use today because of its difficulty to crack. Now i'm not saying the boys at the NSA or any cryptanalysis can't crack this style, but it is much harder then the basic substitution cipher. Not to mention most common people wouldn't have a clue how to begin cracking that cipher. That is all i have for now, I hope to have more coming soon, depends how ambitious i am, but i hope you enjoyed reading and learned from it as well. If you would like to contact me to ask me a question about it or tell me how much you didn't/did like it feel free to email me at orez@amerisuk.com or find me on irc. (EFnet orez #askcomm) I'd like to greet everyone at amerisuk, and my old zn boys. --peace, orez orez@amerisuk.com orez on irc vmb=877-209-8146 ext. 6555 ------------------------------------------------------------------------------- -- 'crypto stuph' = by: c0rr, aka corrupt youth -- ------------------------------------------------------------------------------- [article requires some basic encryption knowledge] If you've ever seriously talked to me, you'd know that I'm not a big fan of the U.S. Government. This is just one of the many reasons why. DEC encryption, assumed pretty secure and even endorsed by the U.S. Gov't., is 56-bit 'crypto.' What that breaks down to is that the Gov't wants us to use encryption that has a total of 2^56, or 72057594037927936 possible keys. What they don't tell you, is that currently low-end NSA(http://www.nsa.gov:8080) machines can decrypt data thats been "securely" encrypted with DEC encryption in appox. 30 seconds. Not a very wise choice to go with, whereas SSL[I believe that's the name] uses 128-bit crypto(2^128, or 3.4028236692093846346337460743177e+38 possible keys) is a little more secure, and not endorsed by the U.S. Gov't. Even with a late version of PGP(5.0 or so) you can get 512-bit encryption(2^512, or 1.340780792994259709957402499821e+154 possible keys), and is not completely, but pretty secure encryption for modern machines. Unless you're withholding priceless information from the President or the Pope, I personally don't think the government would take the time, effort, and man-power to decrypt a home user's file. But, on the other hand, what if the government is somehow involved with the algorithms and the authors of the encryption, and they have way more powerful machines than we could ever think of, trying to crack the heavy crypto...?! We'll never know. I somehow feel that noone is safe from the governments wrath, and that they log and catch a lot more stuff than they should, or will ever be willing to share. Now go lay your head down on your bed in a room filled with linetaps, hidden microphones and 24/7 video feeds, while a van outside your house monitors your brainwaves with a mini-DSS satellite dish. >;) +EOF+ ------------------------------------------------------------------------------- -- Bell Canada VMB Insecurity = by: Prez -- ------------------------------------------------------------------------------- Written by Prez (prez@lfx.org) Well, since the beginning, I've been obsessed with telecommunications exploits.. And I'm a canuck (Laugh it up guys, Loonies and Toonies;), so who better to bring you the latest exploits for Canadian based systems than me?:) I kinda made this document more of a story that explains to you how to do it at the same time, because stories are just so much more fun. Today, I'll teach you young canadian phreaks how you can score yourself some free, anonymous, telephone communication. Since a lot of us communicate.. both with our local scene, and the entire of it.. via telephone, a VMB (voice mail box) is an extremely safe and anonymous way to keep in touch with people. If you're wondering what a voice mail box is, you can think of it as a remote answering machice. You can call up and check your messages from anywhere, making it extremely convenient. Now, I first signed up for Bell Call Answering (the VMB service Bell Canada offers, for only 4.99$ a month or so) when I had thought out a quick social engineering mind exploit that would score me some VMB action for a month or so, too bad they didn't notice, and I've been getting it ever since. (Sorry,I have a few secrets only I know for now:). When I was first given the information to setup my voice mail, I was given a phone number I call to check it (or, you can just hit *98) and a "temporary password". The temporary password, however, was my phone number. Being the UNIX goon that I am, I made a mental note of how damn insecure this was, and just made another point for the "Boy, When will Bell ever learn." list. So that's just dope, I call up the number, and using ANI it automatically knows who I am. "Welcome to Bell Home Answering Service, this service can help you blah in touch balah friends blah blah and blah blah blah blah blah the SYSTEM ADMINISTRATOR has assigned you a temporary password, please enter that password now...." I enter my phone number. Now, I have a good memory when it comes to automated systems, and I remembered a few things about setting up my VMB: - I was REQUIRED to say a name for the system. - I was REQUIRED to choose a message, the ONLY two options were to have that was automated with my NAME, or a custom message that I could record. I chose name, for lack of something cool to record.. My message sounds like following: "You call has been forwarded to an Automatic Voice Message Service, 'Prez' is not available. Please leave...", Prez being the name I recorded. Months, perhaps more passed. One day, I was talking to a good friend at the time, MaXmOuSe (this would later lead me to meeting the infamous orez;) who had found a rather interesting number. In fact, it was a dial-in node for DMS100 switch (all Canadian baby!).. while this was interesting, and I won't go into it;).. what's important was, the number was xxx-0000.. and after this number died, I decided to just check the '0000's in other exchanges, until I hit the famous 52x-0000 VMB. I call the number, and recieved the message: You call has been forwarded to an Automatic Voice Message Serivice, 9 0 5 - 5 2 [x] - 0 0 0 0 is not available. Please leave a...." "Whoa, shit...." It came to my mind that, WHY THE HELL did it give me the phone number? I never had that option in my VMB. Then I remembered, if the person hasn't recorded a name, they mustn't have setup the mail box yet. Well, that's just cool :) because guess who remembered the secret to Bell Canada's temporary passwords?:) ha ha ha.. I dial up the number again, and hit "*" to drop to a menu (I remember this from using it at home). It says: "Welcome to Bell Call Answering Service.. to identify yourself as a subscriber, please press '#'", I hit '#', "Please enter your phone number." I dial 905-52x-0000 "Welcome to Bell Home Answering Service, this service can help you......the System Administrator has assigned you a temporary password, please enter that password now...." I enter 52x-0000 I continue setting up the mail box.. and use it for personal communications for the next couple of months. A few notes for you ambitious phreaks who want to go do this, you will often find these unsetup numbers (for whatever reason they are there:/) when scanning, you can easily identify them as a number that gives the phone number instead of the recorded name. Also, I suggest you turn of "Message Waiting Indicator" after you setup your mail box, as if it is someones house, they will hear beeping on their line when YOU have a message waiting. Shouts for the ehchapee boys: orez, heretik, admin, fflewddur, fonejack, ronaldx.. and to those I missed, you know who you are;) Peace out, Prez email: prez@lfx.org irc: #znosr/prez_ on efnet ------------------------------------------------------------------------------- -- The Echelon "Myth" Exposed, by c0rr -- ------------------------------------------------------------------------------- For those of you who don't know, the Echelon is every modern phreak's dream come true. It's supposed to be a gigantic underground computer network, for the sheer purpose of logging and recording data. What kind of data you may ask... keywords. That's right, for close to twenty years now the Echelon (geographically placed in approx. four areas around the world) every call and every e-mail you've sent and recieved, has been monitored. Any time you happen to say a keyword, such as "bomb", you're conversation has been logged and a profile for you has been created. I have recently discovered Declassified CIA and NSA documents on where these underground machines have been placed, how long they've been up, and documents that frankly, just verify that this machine has been active all this time, proving that A. the rumor is true, and B. Big Brother is watching, listening, monitoring, and logging. The following URLs/pictures are purely factual, further proving this theory true. Supposedly, the Echelon has been placed in four areas: Sugar Grove West Virginia, U.S., Guam, Puerto Rico, and the fourth is unknown to me at the time. Resources: http://www.gwu.edu/~nsarchiv/nsa/index.html http://www.gwu.edu/~nsarchiv/nsa/publications/ic/intelligence_com.html http://www.gwu.edu/~nsarchiv/NSAEBB/NSAEBB23/index.html http://www.gwu.edu/~nsarchiv/NSAEBB/NSAEBB23/index2.html ------------------------------------------------------------------------------- -- Findlay, Ohio Walmart PBX Extensions = by: ruiner -- ------------------------------------------------------------------------------- We recently took a trip to Findlay, Ohio the day before the release of zine, on a search for more shit to add to the 419 report. We stopped by walmart, and doc and I decided to grab their PBX extensions off the pillar by the phone. Turns out, the damn thing was a sticker and we couldn't get it off without attracting undue attention. Riveting story, isn't it? So, quite unsmoothly (but nonetheless effectively), doc read the departments and numbers off of the sticker and i wrote them all down. Aren't we just fucking sly? Standard bullshit disclaimer, these are only provided as an information source, and as they are posted in the open, we figured we would add them to zine in case anyone happened to be curious as to what the extensions might be. We did not have time to verify if that is even the correct number, since we had done this the night before zine was released, but Admin-X- told me it was right. So don't count on it. Oh, and don't try and take over the store or anything. That might be illegal or something. Here they are. Walmart, Findlay Ohio - PBX extensions 1-419-425-1300 ---------------------------- Department -- Extension ---------------------------- Stationery -- 102 Photo Lab -- 104 Electronics -- 105, 106 Sporting Goods -- 109 Hardware -- 111 Lawn & Garden -- 116 Fabrics -- 119 Domestics -- 121 Men's Dept. -- 123 Shoes -- 125 Infants -- 126 Jewelry -- 133 Ladies' Dept. -- 134 Pharmacy -- 138 Snack Bar -- 149 Service Desk -- 150 Register 4 -- 152 Register 5 -- 157 Register 8 -- 156 Register 9 -- 161 Register 12 -- 160 Register 13 -- 165 Register 16 -- 164 Register 17 -- 169 Register 20 -- 168 Layaway -- 181 Invoice -- 182 PC Office -- 183 Receiving -- 186 Assoc. Lounge -- 187 Ladies Fitting Room -- 190 Optical -- 191, 193, 194 For Paging -- 129 (That's the important one ;) ---------------------------- There they are. What you choose to do with them is your business. Don't, for example, call and say that you are a terrorist and have taken control of the store. That would be cruel. (heh heh heh) Obtaining these was so much fun, expect others from more stores in future issues of Zine! soon. Who knows, maybe next time I'll even write a real article. -- ruiner ------------------------------------------------------------------------------- -- The End of 419 as we Know It = by: Admin-X- -- ------------------------------------------------------------------------------- Times change, things grow, things break apart. Including your local telephone network. For us that is our story, the story of our local area code. The problem? We're running out of Nxx numbers (prefix/exchange). This article is written to address this problem and how PUCO (Public Utilites Commistion of Ohio) plans to fix it. First off to explain Nxx numbers. Nxx numbers are given to every service carrier on a Telephone network, be it telco or wireless (pager,cell), everyone has them. Now you might say hell each Nxx can hold about what 10,000 numbers? Well yes this is true BUT.. combined with the fact that the FCC requires every carrier to have it's own Nxx, and there only being 735 Nxx numbers in an area code provides the equation for the problem that we have before us. Even if an Nxx isn't used up completely the FCC requires any new carrier to get it's own... in other words they can't share Nxx numbers between companies. The solution(s) that PUCO has come up with are several splits (4 to be exact). The "NorthWest 7-county Split Plan", "6-County Split Plan", NorthWest 9-County Split Plan", "East/West Split Plan". Each one of these plans entails one side receiving a new area code and the other one keeping 419. According to PUCO, they have not reached a decision as to who is going to keep the old area code (419) and receive the new one. But in the past the more heavily "populated" part of the split usually gets the old area code. PUCO also said that there is also another solution, which is called an "Overlay". An Overlay is when they have 2 area codes within the same geographical area, and it will end futher "shrinking" of the geographical area. BUT with this overlay, according to PUCO, all "customers" will have to dial 10 digits or 1+10 digits for all calls. Please, if you live in the 419 area contact PUCO @ Beth.Ginaforcaro@puc.state.oh.us and tell them what you think about which plan. You can look at the plans in more detail @ http://www.puc.state.oh.us/DOCKET/reports/99-667.pdf ------------------------------------------------------------------------------- -- 419 Report = by: Amerisuk Communications -- ------------------------------------------------------------------------------- Blah Blah Disclaimer; Blah Blah These numbers are provided as a "public service" just like your handy telefone book or your local 411 lady. Now without any more stupid text, The 419 report. Our "Tech Support lines" VISA - 1-888-205-3343 JVC DVD - 1-877-278-2893 Memorex - 1-800-636-8352 Photo Booth Refund and Repair voicemail - 1-800-877-3545 Ameritech Directory Order Center - 1-800-346-4377 Telephone Line Repair - 1-800-572-4545 Payfone Service & Sale - 1-800-809-0878 "Numbers Not Shown" - 1-800-254-0902 Corporate HQ - 1-800-254-0902 High Cap provisioning - 1-800-809-0244 ? - 1-800-230-4345 ISDN provisioning ctr - 1-800-432-4736 Numbers ANI - 959-9674 Satan Boy - 1-419-457-5902 Mrs. Castellnetta Teach- 1-419-420-9840 Brandie Gryme (BITCH) - 1-419-372-1807 Yeti - 1-419-443-1140 Frau Joseph (Hitler) - 1-419-443-1167 Coin Test Line - 1-419-959-1230 Carrier - 1-800-959-1230 REDNECK - 1-419-396-7027 GTE Paystation - 1-800-483-2646 Wendy's (poop) - 1-419-843-7220 Meijirs - 1-419-423-2141 Qwest - 1-800-860-6440 Scutch Fone - 1-419-981-5912 FreakShow - 1-419-457-2015 REDNECK #2 - 1-419-436-1176 Sweaty Betty Kizer - 1-419-447-4716 Blein Brighton - 1-440-729-9977 Pager - 1-440-962-9915 Cell - 1-216-375-5475 FDC - 1-440-546-3591 Sprint IP dialing ctr - 1-888-301-5550 Atc FONE - 1-419-425-4546 payfone (424 exchange) - 1-419-424-9348 Free SEX - 1-419-425-0771 Payfone GHETTO lake! - 1-419-435-9905 War Dialing Reports Yelling Asshole - 1-419-448-9529 Carrier - 1-419-448-9096 Cute Girl Voice Mail - 1-419-448-2824 Carrier - 1-419-448-5380 Bay Networks Carrier - 1-419-448-5381 SCO openServer 5 - 1-419-448-5801 Library Dialup - 1-419-448-5275 NOECA dialup - 1-419-448-0693 Taco Bell dialup - 1-419-448-0884 Dante (alpha) - 1-419-448-4917 Tiger - 1-419-259-5341 VAX/VMS - 1-419-448-1637 Ameritech carrier? - 1-419-893-0685 Ameritech carrier? - 1-419-422-3741 ------------------------------------------------------------------------------- ************************************* Who the fuck are we? Who cares? ************************************* ------------------------------------------------------------------------------- -- Members -- ------------------------------------------------------------------------------- -- Admin-X- Founder of Amerisuk Communications and Editor of zine! Gave gadgett 100BaseT. -- doc_ (aka dr_deranged) Member of Amerisuk, co-bot owner, known for 'Profile of a Hacker' -- ruiner (aka painiac) Member of Amerisuk, mastermind of destruction, Supreme Godly Editor of Zine! (I can't do that, you say? well, guess what. I'm putting zine together and editing it, so I claim the title of Supreme Godly Editor. If you don't like it, you can blow me. I mean, its not like the rest of the group is gonna kick me out for it or anything. (nervous laughter.) -- orez Member of Amerisuk, h/p wizard, native midwest snowboard guru -- _carbon_ Member of Amerisuk, "keeper of the lost bread machines",verbose lover -- larsu System Administrator of Amerisuk Communications, white trash, nap bitch -- c0rr Member of Amerisuk, native h/p'er, channel idler, co-bot owner. -- proz Member of Amerisuk, EQ addict, mr.big-floppy-balls-hanging-out-boxers ------------------------------------------------------------------------------- -- Other People -- ------------------------------------------------------------------------------- -- ameritech channel bot, lover and fighter -- roadtrip arizonian ann arbor go'er, self-proclaimed resident scene whore -- desta VI bitch, VB fanatic -- sTaT-X a rarely seen species, only emerging as the need for apple juice engulfs his mind -- SkaPhreak channel idler and bitch, makes a mess over ska -- Redwurm "my comment? i dont have a comment!" ------------------------------------------------------------------------------- -- Shoutouts -- ------------------------------------------------------------------------------- -- g-dog: bald @#$! ;) -- dethy: mad exsploiter -- prez: curling 0wns :P -- Eliza: your bits make me wanna root your box -- xchief: rm ~/.bash_history next time, bud -- freakshow: die -- Zero_Chaos: we 0wnzzz j00. -- c0rr's ignorance: go away. :P End of File