[ 28 63 29 20 31 39 39 39 20 63 72 75 63 69 70 68 75 78 20 68 77 61 ] =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-= ========================================================================== = <=-[ HWA.hax0r.news ]-=> = ========================================================================== [=HWA'99=] Number 24 Volume 1 1999 July 10th 99 ========================================================================== [ 61:20:6B:69:64:20:63:6F:75: ] [ 6C:64:20:62:72:65:61:6B:20:74:68:69:73: ] [ 20:22:65:6E:63:72:79:70:74:69:6F:6E:22:! ] ========================================================================== "software doesn't kill data -- people do." - Drew Ulricksen from zdnn HWA.hax0r.news is sponsored by Cubesoft communications www.csoft.net and www.digitalgeeks.com thanks to p0lix for the digitalgeeks bandwidth and airportman for the Cubesoft bandwidth. Also shouts out to all our mirror sites! tnx guys. http://www.csoft.net/~hwa http://www.digitalgeeks.com/hwa HWA.hax0r.news Mirror Sites: ~~~~~~~~~~~~~~~~~~~~~~~~~~~ http://www.csoft.net/~hwa/ http://www.digitalgeeks.com/hwa. http://members.tripod.com/~hwa_2k http://welcome.to/HWA.hax0r.news/ http://www.attrition.org/~modify/texts/zines/HWA/ http://packetstorm.harvard.edu/hwahaxornews/ * DOWN * http://archives.projectgamma.com/zines/hwa/. http://www.403-security.org/Htmls/hwa.hax0r.news.htm SYNOPSIS (READ THIS) -------------------- The purpose of this newsletter is to 'digest' current events of interest that affect the online underground and netizens in general. This includes coverage of general security issues, hacks, exploits, underground news and anything else I think is worthy of a look see. (remember i'm doing this for me, not you, the fact some people happen to get a kick/use out of it is of secondary importance). This list is NOT meant as a replacement for, nor to compete with, the likes of publications such as CuD or PHRACK or with news sites such as AntiOnline, the Hacker News Network (HNN) or mailing lists such as BUGTRAQ or ISN nor could any other 'digest' of this type do so. It *is* intended however, to compliment such material and provide a reference to those who follow the culture by keeping tabs on as many sources as possible and providing links to further info, its a labour of love and will be continued for as long as I feel like it, i'm not motivated by dollars or the illusion of fame, did you ever notice how the most famous/infamous hackers are the ones that get caught? there's a lot to be said for remaining just outside the circle... @HWA =-----------------------------------------------------------------------= Welcome to HWA.hax0r.news ... #24 =-----------------------------------------------------------------------= We could use some more people joining the channel, its usually pretty quiet, we don't bite (usually) so if you're hanging out on irc stop by and idle a while and say hi... ******************************************************************* *** /join #HWA.hax0r.news on EFnet the key is `zwen' *** *** *** *** please join to discuss or impart news on techno/phac scene *** *** stuff or just to hang out ... someone is usually around 24/7*** *** *** *** Note that the channel isn't there to entertain you its for *** *** you to talk to us and impart news, if you're looking for fun*** *** then do NOT join our channel try #weirdwigs or something... *** *** we're not #chatzone or #hack *** *** *** ******************************************************************* =-------------------------------------------------------------------------= Issue #24 =--------------------------------------------------------------------------= [ INDEX ] =--------------------------------------------------------------------------= Key Intros =--------------------------------------------------------------------------= 00.0 .. COPYRIGHTS ...................................................... 00.1 .. CONTACT INFORMATION & SNAIL MAIL DROP ETC ....................... 00.2 .. SOURCES ......................................................... 00.3 .. THIS IS WHO WE ARE .............................................. 00.4 .. WHAT'S IN A NAME? why `HWA.hax0r.news'?.......................... 00.5 .. THE HWA_FAQ V1.0 ................................................ =--------------------------------------------------------------------------= Key Content =--------------------------------------------------------------------------= 01.0 .. GREETS .......................................................... 01.1 .. Last minute stuff, rumours, newsbytes ........................... 01.2 .. Mailbag ......................................................... 02.0 .. From the Editor.................................................. 03.0 .. PacketStorm Security begins to rebuild and plans a come-back. ... 04.0 .. New zine from .nz AnarchyNZ...................................... 05.0 .. DefCon & www.defcon.org cracked.................................. 06.0 .. BO2k to be unveiled at Def-Con on Saturday at 7pm, wait for it... 07.0 .. CIA Not Breaking Into Banks ..................................... 08.0 .. SETI@home gets cracked........................................... 09.0 .. Network Solutions DNS Spoofed ................................... 10.0 .. Bad permissions set on passwords stored by WebTrends software.... 11.0 .. Three Blind Men Accused of Computer Tampering in Israel ......... 12.0 .. FBI Opens Seattle Computer Crime Squad .......................... 13.0 .. Alaska Prosecutes First Case of Illegal Computer Intrusion....... 14.0 .. NOAA website hacked.............................................. 15.0 .. U.S not the only ones to have high profile sites hacked ......... 16.0 .. Social Engineering Alive and Well ............................... 17.0 .. Snooping OK on Pager Numbers?.................................... 18.0 .. Fed Servers Face Severe Security Shortfall ...................... 19.0 .. Mitnick in the News ............................................. 20.0 .. Home PC Next Target for Hackers ................................. 21.0 .. LSA can be crashed .............................................. 22.0 .. Hack-Net announces the BURN ANTIONLINE campaign.................. 23.0 .. All-Star voting cheater nabbed .................................. 24.0 .. Hackernews Now Available on Palm VII ............................ 25.0 .. U.S. Vulnerable to Cyber Attack ................................. 26.0 .. Logging on to cyber-crime ....................................... 27.0 .. Parts 1 and 2 of the infowar series ran by the Christian Monitor 28.0 .. Novell Cracker Pandora 4.0 Released ............................. 29.0 .. Cypherpunks will hold meeting at DefCon ......................... =--------------------------------------------------------------------------= RUMOURS .Rumours from around and about, mainly HNN stuff (not hacked websites) AD.S .. Post your site ads or etc here, if you can offer something in return thats tres cool, if not we'll consider ur ad anyways so send it in. ads for other zines are ok too btw just mention us in yours, please remember to include links and an email contact. Corporate ads will be considered also and if your company wishes to donate to or participate in the upcoming Canc0n99 event send in your suggestions and ads now...n.b date and time may be pushed back join mailing list for up to date information....................................... Current dates: Aug19th-22nd Niagara Falls... ................. HA.HA .. Humour and puzzles ............................................ Hey You!........................................................ =------=........................................................ Send in humour for this section! I need a laugh and its hard to find good stuff... ;)........................................... SITE.1 .. Featured site, ................................................. H.W .. Hacked Websites ............................................... A.0 .. APPENDICES...................................................... A.1 .. PHACVW linx and references...................................... =--------------------------------------------------------------------------= @HWA'99 00.0 (C) COPYRIGHT, (K)OPYWRONG, COPYLEFT? V2.0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ THE OPINIONS OF THE WRITERS DO NOT NECESSARILY REFLECT THE OPINIONS OF THE PUBLISHERS AND VICE VERSA IN FACT WE DUNNO WTF IS GONNA TAKE RESPONSIBILITY FOR THIS, I'M NOT DOING IT (LOTS OF ME EITHER'S RESOUND IN THE BACKGROUND) SO UHM JUST READ IT AND IF IT BUGS YOU WELL TFS (SEE FAQ). Important semi-legalese and license to redistribute: YOU MAY DISTRIBUTE THIS ZINE WITHOUT PERMISSION FROM MYSELF AND ARE GRANTED THE RIGHT TO QUOTE ME OR THE CONTENTS OF THE ZINE SO LONG AS Cruciphux AND/OR HWA.hax0r.news ARE MENTIONED IN YOUR WRITING. LINK'S ARE NOT NECESSARY OR EXPECTED BUT ARE APPRECIATED the current link is http://welcome.to/HWA.hax0r.news IT IS NOT MY INTENTION TO VIOLATE ANYONE'S COPYRIGHTS OR BREAK ANY NETIQUETTE IN ANY WAY IF YOU FEEL I'VE DONE THAT PLEASE EMAIL ME PRIVATELY current email cruciphux@dok.org THIS DOES NOT CONSTITUTE ANY LEGAL RIGHTS, IN THIS COUNTRY ALL WORKS ARE (C) AS SOON AS COMMITTED TO PAPER OR DISK, IF ORIGINAL THE LAYOUT AND COMMENTARIES ARE THEREFORE (C) WHICH MEANS: I RETAIN ALL RIGHTS, BUT I GIVE YOU THE RIGHT TO READ, QUOTE AND REDISTRIBUTE/MIRROR. - EoD Although this file and all future issues are now copyright, some of the content holds its own copyright and these are printed and respected. News is news so i'll print any and all news but will quote sources when the source is known, if its good enough for CNN its good enough for me. And i'm doing it for free on my own time so pfffft. :) No monies are made or sought through the distribution of this material. If you have a problem or concern email me and we'll discuss it. cruciphux@dok.org Cruciphux [C*:.] 00.1 CONTACT INFORMATION AND MAIL DROP ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Wahoo, we now have a mail-drop, if you are outside of the U.S.A or Canada / North America (hell even if you are inside ..) and wish to send printed matter like newspaper clippings a subscription to your cool foreign hacking zine or photos, small non-explosive packages or sensitive information etc etc well, now you can. (w00t) please no more inflatable sheep or plastic dog droppings, or fake vomit thanks. Send all goodies to: HWA NEWS P.O BOX 44118 370 MAIN ST. NORTH BRAMPTON, ONTARIO CANADA L6V 4H5 WANTED!: POSTCARDS! YESH! POSTCARDS, I COLLECT EM so I know a lot of you are ~~~~~~~ reading this from some interesting places, make my day and get a mention in the zine, send in a postcard, I realize that some places it is cost prohibitive but if you have the time and money be a cool dude / gal and send a poor guy a postcard preferably one that has some scenery from your place of residence for my collection, I collect stamps too so you kill two birds with one stone by being cool and mailing in a postcard, return address not necessary, just a "hey guys being cool in Bahrain, take it easy" will do ... ;-) thanx. Ideas for interesting 'stuff' to send in apart from news: - Photo copies of old system manual front pages (optionally signed by you) ;-) - Photos of yourself, your mom, sister, dog and or cat in a NON compromising position plz I don't want pr0n. - Picture postcards - CD's 3.5" disks, Zip disks, 5.25" or 8" floppies, Qic40/80/100-250 tapes with hack/security related archives, logs, irc logs etc on em. - audio or video cassettes of yourself/others etc of interesting phone fun or social engineering examples or transcripts thereof. Stuff you can email: - Prank phone calls in .ram or .mp* format - Fone tones and security announcements from PBX's etc - fun shit you sampled off yer scanner (relevant stuff only like #2600 meeting activities) - reserved for one smiley face -> :-) <- - PHACV lists of files that you have or phac cd's you own (we have a burner, *g*) - burns of phac cds (email first to make sure we don't already have em) - Any and all telephone sounds/tones/beeps/trunk drops/line tests/etc in .ram etc format or .mp* If you still can't think of anything you're probably not that interesting a person after all so don't worry about it Our current email: Submissions/zine gossip.....: hwa@press.usmc.net Private email to editor.....: cruciphux@dok.org Distribution/Website........: sas72@usa.net @HWA 00.2 Sources *** ~~~~~~~~~~~ Sources can be some, all, or none of the following (by no means complete nor listed in any degree of importance) Unless otherwise noted, like msgs from lists or news from other sites, articles and information is compiled and or sourced by Cruciphux no copyright claimed. News & I/O zine ................. http://www.antionline.com/ Back Orifice/cDc..................http://www.cultdeadcow.com/ News site (HNN) .....,............http://www.hackernews.com/ Help Net Security.................http://net-security.org/ News,Advisories,++ .(lophtcrack)..http://www.l0pht.com/ NewsTrolls .(daily news ).........http://www.newstrolls.com/ News + Exploit archive ...........http://www.rootshell.com/beta/news.html CuD Computer Underground Digest...http://www.soci.niu.edu/~cudigest News site+........................http://www.zdnet.com/ News site+Security................http://www.gammaforce.org/ News site+Security................http://www.projectgamma.com/ News site+Security................http://securityhole.8m.com/ News site+Security related site...http://www.403-security.org/ News/Humour site+ ................http://www.slashdot.org +Various mailing lists and some newsgroups, such as ... +other sites available on the HNN affiliates page, please see http://www.hackernews.com/affiliates.html as they seem to be popping up rather frequently ... http://www.the-project.org/ .. IRC list/admin archives http://www.anchordesk.com/ .. Jesse Berst's AnchorDesk alt.hackers.malicious alt.hackers alt.2600 BUGTRAQ ISN security mailing list ntbugtraq <+others> NEWS Agencies, News search engines etc: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ http://www.cnn.com/SEARCH/ Link http://www.foxnews.com/search/cgi-bin/search.cgi?query=hack&days=0&wires=0&startwire=0 Link http://www.news.com/Searching/Results/1,18,1,00.html?querystr=hack Link http://www.ottawacitizen.com/business/ Link http://search.yahoo.com.sg/search/news_sg?p=hack Link http://www.washingtonpost.com/cgi-bin/search?DB_NAME=WPlate&TOTAL_HITLIST=20&DEFAULT_OPERATOR=AND&headline=&WITHIN_FIELD_NAME=.lt.event_date&WITHIN_DAYS=0&description=hack Link http://www.zdnet.com/zdtv/cybercrime/ Link http://www.zdnet.com/zdtv/cybercrime/chaostheory/ (Kevin Poulsen's Column) Link NOTE: See appendices for details on other links. http://news.bbc.co.uk/hi/english/sci/tech/newsid_254000/254236.stm Link http://freespeech.org/eua/ Electronic Underground Affiliation Link http://ech0.cjb.net ech0 Security Link http://axon.jccc.net/hir/ Hackers Information Report Link http://net-security.org Net Security Link http://www.403-security.org Daily news and security related site Link Submissions/Hints/Tips/Etc ~~~~~~~~~~~~~~~~~~~~~~~~~~ All submissions that are `published' are printed with the credits you provide, if no response is received by a week or two it is assumed that you don't care wether the article/email is to be used in an issue or not and may be used at my discretion. Looking for: Good news sites that are not already listed here OR on the HNN affiliates page at http://www.hackernews.com/affiliates.html Magazines (complete or just the articles) of breaking sekurity or hacker activity in your region, this includes telephone phraud and any other technological use, abuse hole or cool thingy. ;-) cut em out and send it to the drop box. - Ed Mailing List Subscription Info (Far from complete) Feb 1999 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~ ~~~~~~~~ ISS Security mailing list faq : http://www.iss.net/iss/maillist.html THE MOST READ: BUGTRAQ - Subscription info ~~~~~~~~~~~~~~~~~~~~~~~~~~~ What is Bugtraq? Bugtraq is a full-disclosure UNIX security mailing list, (see the info file) started by Scott Chasin . To subscribe to bugtraq, send mail to listserv@netspace.org containing the message body subscribe bugtraq. I've been archiving this list on the web since late 1993. It is searchable with glimpse and archived on-the-fly with hypermail. Searchable Hypermail Index; http://www.eecs.nwu.edu/~jmyers/bugtraq/index.html Link About the Bugtraq mailing list ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The following comes from Bugtraq's info file: This list is for *detailed* discussion of UNIX security holes: what they are, how to exploit, and what to do to fix them. This list is not intended to be about cracking systems or exploiting their vulnerabilities. It is about defining, recognizing, and preventing use of security holes and risks. Please refrain from posting one-line messages or messages that do not contain any substance that can relate to this list`s charter. I will allow certain informational posts regarding updates to security tools, documents, etc. But I will not tolerate any unnecessary or nonessential "noise" on this list. Please follow the below guidelines on what kind of information should be posted to the Bugtraq list: + Information on Unix related security holes/backdoors (past and present) + Exploit programs, scripts or detailed processes about the above + Patches, workarounds, fixes + Announcements, advisories or warnings + Ideas, future plans or current works dealing with Unix security + Information material regarding vendor contacts and procedures + Individual experiences in dealing with above vendors or security organizations + Incident advisories or informational reporting Any non-essential replies should not be directed to the list but to the originator of the message. Please do not "CC" the bugtraq reflector address if the response does not meet the above criteria. Remember: YOYOW. You own your own words. This means that you are responsible for the words that you post on this list and that reproduction of those words without your permission in any medium outside the distribution of this list may be challenged by you, the author. For questions or comments, please mail me: chasin@crimelab.com (Scott Chasin) Crypto-Gram ~~~~~~~~~~~ CRYPTO-GRAM is a free monthly newsletter providing summaries, analyses, insights, and commentaries on cryptography and computer security. To subscribe, visit http://www.counterpane.com/crypto-gram.html or send a blank message to crypto-gram-subscribe@chaparraltree.com.  To unsubscribe, visit http://www.counterpane.com/unsubform.html.  Back issues are available on http://www.counterpane.com. CRYPTO-GRAM is written by Bruce Schneier.  Schneier is president of Counterpane Systems, the author of "Applied Cryptography," and an inventor of the Blowfish, Twofish, and Yarrow algorithms.  He served on the board of the International Association for Cryptologic Research, EPIC, and VTW.  He is a frequent writer and lecturer on cryptography. CUD Computer Underground Digest ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This info directly from their latest ish: Computer underground Digest    Sun  14 Feb, 1999   Volume 11 : Issue 09                             ISSN  1004-042X        Editor: Jim Thomas (cudigest@sun.soci.niu.edu)        News Editor: Gordon Meyer (gmeyer@sun.soci.niu.edu)        Archivist: Brendan Kehoe        Poof Reader:   Etaion Shrdlu, Jr.        Shadow-Archivists: Dan Carosone / Paul Southworth                           Ralph Sims / Jyrki Kuoppala                           Ian Dickinson        Cu Digest Homepage: http://www.soci.niu.edu/~cudigest [ISN] Security list ~~~~~~~~~~~~~~~~~~~ This is a low volume list with lots of informative articles, if I had my way i'd reproduce them ALL here, well almost all .... ;-) - Ed Subscribe: mail majordomo@repsec.com with "subscribe isn". @HWA 00.3 THIS IS WHO WE ARE ~~~~~~~~~~~~~~~~~~ Some HWA members and Legacy staff ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ cruciphux@dok.org.........: currently active/editorial darkshadez@ThePentagon.com: currently active/man in black fprophet@dok.org..........: currently active/IRC+ man in black sas72@usa.net ............. currently active/IRC+ distribution vexxation@usa.net ........: currently active/IRC+ proof reader/grrl in black dicentra...(email withheld): IRC+ grrl in black Foreign Correspondants/affiliate members ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Qubik ............................: United Kingdom D----Y ...........................: USA/world media HWA members ......................: World Media Past Foreign Correspondants (currently inactive or presumed dead) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ N0Portz ..........................: Australia system error .....................: Indonesia Wile (wile coyote) ...............: Japan/the East Ruffneck ........................: Netherlands/Holland And unofficially yet contributing too much to ignore ;) Spikeman .........................: World media Please send in your sites for inclusion here if you haven't already also if you want your emails listed send me a note ... - Ed Spikeman's site is down as of this writing, if it comes back online it will be posted here. http://www.hackerlink.or.id/ ............ System Error's site (in Indonesian) ******************************************************************* *** /join #HWA.hax0r.news on EFnet the key is `zwen' *** ******************************************************************* :-p 1. We do NOT work for the government in any shape or form.Unless you count paying taxes ... in which case we work for the gov't in a BIG WAY. :-/ 2. MOSTLY Unchanged since issue #1, although issues are a digest of recent news events its a good idea to check out issue #1 at least and possibly also the Xmas issue for a good feel of what we're all about otherwise enjoy - Ed ... @HWA 00.4 Whats in a name? why HWA.hax0r.news?? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Well what does HWA stand for? never mind if you ever find out I may have to get those hax0rs from 'Hackers' or the Pretorians after you. In case you couldn't figure it out hax0r is "new skewl" and although it is laughed at, shunned, or even pidgeon holed with those 'dumb leet (l33t?) dewds' this is the state of affairs. It ain't Stephen Levy's HACKERS anymore. BTW to all you up and comers, i'd highly recommend you get that book. Its almost like buying a clue. Anyway..on with the show .. - Editorial staff @HWA 00.5 HWA FAQ v1.0 Feb 13th 1999 (Abridged & slightly updated again) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Also released in issue #3. (revised) check that issue for the faq it won't be reprinted unless changed in a big way with the exception of the following excerpt from the FAQ, included to assist first time readers: Some of the stuff related to personal useage and use in this zine are listed below: Some are very useful, others attempt to deny the any possible attempts at eschewing obfuscation by obsucuring their actual definitions. @HWA - see EoA ;-) != - Mathematical notation "is not equal to" or "does not equal" ASC(247) "wavey equals" sign means "almost equal" to. If written an =/= (equals sign with a slash thru it) also means !=, =< is Equal to or less than and => is equal to or greater than (etc, this aint fucking grade school, cripes, don't believe I just typed all that..) AAM - Ask a minor (someone under age of adulthood, usually <16, <18 or <21) AOL - A great deal of people that got ripped off for net access by a huge clueless isp with sekurity that you can drive buses through, we're not talking Kung-Fu being none too good here, Buy-A-Kloo maybe at the least they could try leasing one?? *CC - 1 - Credit Card (as in phraud) 2 - .cc is COCOS (Keeling) ISLANDS butthey probably accept cc's CCC - Chaos Computer Club (Germany) *CON - Conference, a place hackers crackers and hax0rs among others go to swap ideas, get drunk, swap new mad inphoz, get drunk, swap gear, get drunk watch videos and seminars, get drunk, listen to speakers, and last but not least, get drunk. *CRACKER - 1 . Someone who cracks games, encryption or codes, in popular hacker speak he's the guy that breaks into systems and is often (but by no means always) a "script kiddie" see pheer 2 . An edible biscuit usually crappy tasting without a nice dip, I like jalapeno pepper dip or chives sour cream and onion, yum - Ed Ebonics - speaking like a rastafarian or hip dude of colour also wigger Vanilla Ice is a wigger, The Beastie Boys and rappers speak using ebonics, speaking in a dark tongue ... being ereet, see pheer EoC - End of Commentary EoA - End of Article or more commonly @HWA EoF - End of file EoD - End of diatribe (AOL'ers: look it up) FUD - Coined by Unknown and made famous by HNN - "Fear uncertainty and doubt", usually in general media articles not high brow articles such as ours or other HNN affiliates ;) du0d - a small furry animal that scurries over keyboards causing people to type weird crap on irc, hence when someone says something stupid or off topic 'du0d wtf are you talkin about' may be used. *HACKER - Read Stephen Levy's HACKERS for the true definition, then see HAX0R *HAX0R - 1 - Cracker, hacker wannabe, in some cases a true hacker, this is difficult to define, I think it is best defined as pop culture's view on The Hacker ala movies such as well erhm "Hackers" and The Net etc... usually used by "real" hackers or crackers in a derogatory or slang humorous way, like 'hax0r me some coffee?' or can you hax0r some bread on the way to the table please?' 2 - A tool for cutting sheet metal. HHN - Maybe a bit confusing with HNN but we did spring to life around the same time too, HWA Hax0r News.... HHN is a part of HNN .. and HNN as a proper noun means the hackernews site proper. k? k. ;& HNN - Hacker News Network and its affiliates http://www.hackernews.com/affiliates.html J00 - "you"(as in j00 are OWN3D du0d) - see 0wn3d MFI/MOI- Missing on/from IRC NFC - Depends on context: No Further Comment or No Fucking Comment NFR - Network Flight Recorder (Do a websearch) see 0wn3d NFW - No fuckin'way *0WN3D - You are cracked and owned by an elite entity see pheer *OFCS - Oh for christ's sakes PHACV - And variations of same Phreaking, Hacking, Anarchy, Cracking, Carding (CC) Groups Virus, Warfare Alternates: H - hacking, hacktivist C - Cracking C - Cracking V - Virus W - Warfare A - Anarchy (explosives etc, Jolly Roger's Cookbook etc) P - Phreaking, "telephone hacking" PHone fREAKs ... CT - Cyber Terrorism *PHEER - This is what you do when an ereet or elite person is in your presence see 0wn3d *RTFM - Read the fucking manual - not always applicable since some manuals are pure shit but if the answer you seek is indeed in the manual then you should have RTFM you dumb ass. TBC - To Be Continued also 2bc (usually followed by ellipses...) :^0 TBA - To Be Arranged/To Be Announced also 2ba TFS - Tough fucking shit. *w00t - 1 - Reserved for the uber ereet, noone can say this without severe repercussions from the underground masses. also "w00ten" 2 - Cruciphux and sAs72's second favourite word (they're both shit stirrers) *wtf - what the fuck *ZEN - The state you reach when you *think* you know everything (but really don't) usually shortly after reaching the ZEN like state something will break that you just 'fixed' or tweaked. @HWA -=- :. .: -=- 01.0 Greets!?!?! yeah greets! w0w huh. - Ed ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Thanks to all in the community for their support and interest but i'd like to see more reader input, help me out here, whats good, what sucks etc, not that I guarantee i'll take any notice mind you, but send in your thoughts anyway. * all the people who sent in cool emails and support FProphet Pyra TwstdPair _NeM_ D----Y Kevin Mitnick (watch yer back) Dicentra vexxation sAs72 Spikeman p0lix Vexx Ken Williams/tattooman of PacketStorm, hang in there Ken...:( and the #innerpulse, crew (innerpulse is back!) and some inhabitants of #leetchans .... although I use the term 'leet loosely these days, ;) shouts to #feed-the-goats and #cache kewl sites: + http://www.securityfocus.com NEW + http://www.hackcanada.com + http://www.l0pht.com/ + http://www.2600.com/ + http://www.freekevin.com/ + http://www.genocide2600.com/ + http://www.packetstorm.harvard.edu/ ******* DOWN ********* SEE AA.A + http://www.hackernews.com/ (Went online same time we started issue 1!) + http://www.net-security.org/ + http://www.slashdot.org/ + http://www.freshmeat.net/ + http://www.403-security.org/ + http://ech0.cjb.net/ @HWA 01.1 Last minute stuff, rumours and newsbytes ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "What is popular isn't always right, and what is right isn't always popular..." - FProphet '99 +++ When was the last time you backed up your important data? ++ Read email from DNV in the mailbag about a bug in many www on-site search options ++ Packet Storm Security Data Returned From HNN http:www.hackernews.com/ contributed by Ken Williams Harvard University has graciously shipped a 17.2GB hard drive that should contain the complete Packet Storm Security Archives to Ken Williams. Ken has told HNN that he is currently investigating the numerous offers he has received to host the site and hopes to have it back online soon. He has said that the legal issues surrounding this mess still need to be resolved. For more information on this story see the HNN archives. HNN Archive for July 1, 1999 http://www.hackernews.com/arch.html?070199 ++ GOBBLING UP A PAC-MAN RECORD (CULT. 3:00 am) http://www.wired.com/news/news/email/explode-infobeat/culture/story/20607.html from Wired News Practice makes perfect, and someone has reached the unreachable score on the popular Pac-Man arcade game. It only took Billy Mitchell 15 years to do it. By Leander Kahney. ++ INSIDE THE VIRUS WRITER'S MIND (POL. 9:15 am) http://www.wired.com/news/news/email/explode-infobeat/politics/story/20624.html from Wired News Hackers who author the programs that infect PCs are not all adult sociopaths or adolescent dropouts. But they are usually male and well-to-do. Vince Beiser reports from Las Vegas. ++ DEFCON: BRING IN DA NOISE (TECH. 8:15 am) http://www.wired.com/news/news/email/explode-infobeat/technology/story/20621.html from Wired News The annual hacker convention kicks off in Las Vegas Friday. Some will be here for talk of exploits and scripts. Others just want to party. By Polly Sprenger. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ++ MAILZONE'S NEW MP3 MONITOR (CULT. 3:00 am) http://www.wired.com/news/news/email/explode-infobeat/culture/story/20619.html from Wired News New software can block MP3 file attachments in corporate email and tell the difference between legal and illegal music files. Skeptics abound. By Joe Ashbrook Nickell. ++ REPORT: MIDEAST MISSES THE NET (POL. 3:00 am) http://www.wired.com/news/news/email/explode-infobeat/politics/story/20616.html from Wired News Censorship, taxes, and traditional Muslim mores have curbed Net use throughout much of the Middle East. A human rights organization reports on the restrictions. Declan McCullagh reports from Washington. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ++ EX-SPAM KING SHOWS NO MERCY (POL. 3:00 am) http://www.wired.com/news/news/email/explode-infobeat/politics/story/20618.html from Wired News Once the undisputed king of spam, Sanford Wallace sues a competitor for US$1 million for allegedly libeling him as a spammer. By Deborah Scoblionkov. ++ ONLY YOU CAN PREVENT CYBERCRIME (POL. Wednesday) http://www.wired.com/news/news/email/explode-infobeat/politics/story/20609.html from Wired News The man charged with streamlining the US government's cyber defenses says the public and private sectors must share resources to prevent attacks. Vince Beiser reports from Las Vegas. Thanks to myself for providing the info from my wired news feed and others from whatever sources, also to Spikeman for sending in past entries.... - Ed @HWA 01.2 MAILBAG - email and posts from the message board worthy of a read ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From: dev-null@no-id.com Date: Fri, 9 Jul 1999 20:13:53 -0400 Message-Id: <199907100013.UAA02126@pistol.cde.com> To: hwa@press.usmc.net Reply-To: hwa@press.usmc.net Subject: Credit Card reply-to: gadjoman@bigfoot.com This time there is some news in france: It seems that a french techincian was able to break the credit card system used in france (and worldwide) using some common hardware. Using his PC, he build a false credit card and used it (not in an illegal way). Of course, being a "good" citizen he warned the "banque de fance" (fench cental bank) of the poblem. To thank him, he had the visit fom the fench cops and was chaged of credit card fraud ... for more infomation (sorry it is all in fench) see: http://altern.org/humpich/ and http://www.zataz.com/Magazine/SH.html gadjo -- This message has been sent via an anonymous mail relay at www.no-id.com. -=- From: "DNV" Reply-To: "DNV" Date: Wed, 7 Jul 99 23:40:48 +0100 To: hwa@press.usmc.net Subject: a small Bug..and maybe old...I don't know! HI!! Great Mag you got...keep you the good work. Anyway.... I write to you because I found a funny 'bug'. On many homepages there is a "search" botten ,try it!! I tryed and found alot of funny stuff like emails,login... and other stuff. It can give you a good idea if you are going to SE the firm. The best to look for is files like .dat .passwd .htpasswd and other system files that are interesting too "look" at. ---- Here is one the exampel i tryed: www.global-one.net (a very BIG ISP) search for .dat http://www.global-one.net/en/consultant/con-reg.dat ---- I have seen many other site with the same 'bug' ,but I really don't know is its a old bug.. or just a programmer error. please give me some credit for it if you are going to publish it and if its any good.... (I hope so....hehehe) ------------ Your fan and friend... DNV@xxxxxxx.dk ================================================================ @HWA 02.0 From the editor. ~~~~~~~~~~~~~~~~ #include #include #include main() { printf ("Read commented source!\n\n"); /* *Seems like Ken's doing ok with his data, after all the hullaballoo and *yellin it turns out Harvard kicked up the data that consisted of his *site so that poor packetstorm.nl.linux.org 486 needn't have gone thru *all that networking pain, well maybe this was a wake up call a great site *like PSS *should* be mirrored and it sounds like this is whats in the *works now with the new 'multiple server approach' to the rebuilding of *the site, so soon all you leeches (like me) can jump back in and grab *your fill of the 0-day security juarez.... * * *Meamwhile, slim pickings this week, i'm not rich and can't afford the *flight to DefCon so i'll be reporting third hand as usual as to what's up *and will keep you up to date on the webcasts and shit like Parse doing a *gig from the conf... so this issue will probably be released after FedCon *erh DefCon 99...in case you hadn;t figured that out by reading it now. * *THE NEW AND IMPROVED (MORE STARCH!) ISSUE #24 IS NOW ON YOUR SCREEN! *visuals by Cruciphux, lenses by my Dad, Colour by colourful puppies * */ printf ("EoF.\n"); } Congrats, thanks, articles, news submissions and kudos to us at the main address: hwa@press.usmc.net complaints and all nastygrams and mailbombs can go to /dev/nul nukes, synfloods and papasmurfs to 127.0.0.1, private mail to cruciphux@dok.org danke. C*:. @HWA 03.0 PacketStorm Security begins to rebuild and plans a come-back ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From packetstorm.genocide2600.com July 6th 1999 The index.html; (links not included, check it out yourself) Packet Storm Security is Closed. But it will be coming back soon, bigger and better than ever, to servers (yes, servers is very plural) near you. And, of course, it'll be sponsor-free, banner-free, no membership fee. Just plain fucking FREE. :) The way your personal and network security and privacy should be. FREE Security and Crypto warez here: ATTRITION Bruce Schneier's Counterpane Systems Spaf's Hotlist HNN HNC Insecure.org John Young's Cryptome L0pht Heavy Industries s e c u r i t y f o c u s Technotronic pgp keys are cool click me! click me too! Hit me, baby! You are visitor number 1 since Dec 31, 1969. view the source, luke. The HTML Source; -=- Here's an article of interest linked to from the old packetstorm url... http://www.globe.com/dailyglobe2/184/metro/Harvard_defends_role_in_dean_s_resignation_amid_porn_claims+.shtml Harvard defends role in dean's resignation amid porn claims By James Bandler, Globe Correspondent and Ross Kerber Globe Staff, 07/03/99 n his first public comment on the matter, Harvard President Neil L. Rudenstine has defended his university's role in the forced resignation of the Harvard Divinity School dean who stepped down last fall amid allegations of pornography use on his office computer. Rudenstine rejected criticism in the press that divinity school technicians had violated the privacy of Dean Ronald Thiemann by notifying authorities about the presence of pornography on his office computer. ''At no time did any Harvard personnel violate Professor Thiemann's privacy,'' Rudenstine said in a written statement released Thursday. The role of the university's technology staff was reviewed at the senior levels of the university and there was nothing invasive or inappropriate about the staff's actions, he said. ''Rather, staff members repeatedly and over a period of more than a year carried out tasks that the dean directed them to perform, consistent with their official duties, in a place that had clearly become part of their professional work environment. ''In so doing, they were unavoidably and involuntarily exposed to inappropriate materials which they found to be not only offensive, but severely distressing.'' Thiemann, who presided over the divinity school for nearly 13 years, stepped down in November citing personal and professional reasons. He has not commented publicly on the matter. Thiemann's lawyer, Harvard Law School professor Charles Ogletree, said Thiemann was profoundly disappointed by Rudenstine's statement. He said that it was difficult to understand why the university did not contact Thiemann about the allegations earlier if there really had been problems for a year. ''Dean Thiemann has made every effort to respect and maintain the privacy for him and his family and has avoided any public comment on the allegations,'' Ogletree said. ''After 13 years of unprecedented success serving as dean of the divinity school, there is a strong feeling that he is now being kicked in the stomach when he's down, while the university continues to protect the privacy of those who have made allegations against dean.'' Sources at Harvard said the pornographic material was discovered in October on Thiemann's Harvard-owned computer after he requested a new hard drive to replace his existing one, which was full. The computer was in the office of Thiemann's Harvard-owned residence. Sources said that an explicit pornographic image was on the computer screen when a technician walked into the room. Ogletree said the incident did not happen. In a process that involved down-loading the files from the old hard drive to the divinity school's mainframe to the new hard drive the technician saw sexually explicit file names crossing the screen, according to sources. Because of the presence of so many image files, the file transfer process took an entire work day, the sources said. When the technician's supervisor inquired why the transfer was taking so long, he did not want to answer, but eventually did, the sources said. Rudenstine said in his statement that staff members were ''reluctant to report the matter,'' and eventually spoke only to senior officers at the divinity school. After consultation, the senior officers reported the facts to the university president's office, Rudenstine said. After the pornography scandal became public this spring, Thiemann became something of a reluctant cause celebre among Internet privacy rights activists. In the Thursday edition of the Boston Phoenix, media critic Dan Kennedy singled out Rudenstine in his annual ''Muzzle Awards,'' a list of people who Kennedy said undermine free speech. Harvard, for the most part, declined to respond to the attacks. But it was the recent remarks of Harvard Law School professor Alan Dershowitz that prompted the university to defend its beleaguered information technology staff after he referred to them as ''snoops'' and ''peeping toms.'' In other Harvard news, the university said that on Wednesday its technicians removed an independently produced Web site from school computers after receiving a complaint that it contained offensive material. University spokesman Joe Wrinn said the site was operated by a group known as PacketStorm Security, led by a site administrator in North Carolina. Harvard had made an unusual agreement recently to host the popular site in order to help distribute software security tools. But in addition, the PacketStorm's site included graphic sexual images and other material apparently intended to satirize a rival Web site, AntiOnline.com, devoted to software security matters. According to a letter to Harvard from AntiOnline founder John Vranesvich, the PacketStorm site included ''a large archive of libelous and, to put it bluntly, sick material,'' including '' images ranging from people engaged in homosexual activities, to a nun that appears to be covered in seminal fluid.'' The descriptions were accurate, said Harvard spokesman Wrinn, prompting the university to remove the site from its computers because it violated school policies. Harvard is in the process of returning the data to PacketStorm administrator Ken Williams, Wrinn said. Williams could not be reached for comment, but in a letter posted on a different site on the Web he denied that his site had posed a threat to Vranesevich and complained that in shutting down the site, Harvard acted inapropriately, because ''no laws or rules were broken on my part.'' This story ran on page B3 of the Boston Globe on 07/03/99. © Copyright 1999 Globe Newspaper Company. @HWA 04.0 New zine from .nz AnarchyNZ ~~~~~~~~~~~~~~~~~~~~~~~~~~~ http://surf.tO/AnarchyNZ A new zine has just started up which intends to cover the underground scene in Auckland New Zealand, (a small island just off the coast of Australia) check em out they're brand new and looking for members... @HWA 05.0 DEFCON ~~~~~~ Friday June 9th, DefCon starts, www.defcon.org gets hacked by ADMcrew, claiming to be representing ADM-con, checked this hack out it looks almost too neat to be for real but who knows? as a courtesy the original page is linked to at the bottom of the hacked page Intro; (Wired) Coming Soon: Back Orifice 2000 by Niall McKay 3:00 a.m. 30.Jun.99.PDT An underground computer security group is poised to release a new version of a notorious software program that could allow crackers to watch and listen in on Windows-based PC users. The Cult of the Dead Cow said it will release Back Orifice 2000 on 9 July -- at the annual Def Con convention in Las Vegas. "This will demonstrate that Microsoft's operating systems are completely insecure and a bad choice for consumers and businesses who demand privacy," said Oxblood Ruffin, a former United Nations consultant and current Cult of the Dead Cow spokesman. Def Con is perhaps the most unusual gathering in the computer security field. Hackers, crackers, and self-proclaimed security experts will mingle with media, security professionals, federal law enforcement officers, and "script kiddies" who deface Web pages with prefab cracking code. Security groups of all stripes use the occasion to release software and show off gadgets. But Back Orifice 2000 is perhaps the most anticipated item. Unlike previous versions of the software, Back Orifice 2000 will run on Windows NT and feature strong encryption and a modular architecture that the group said will allow hackers and other security groups to write plug-ins. The program will be released as open source to encourage further development by the security community. Back Orifice, released at last year's DefCon, may allow malicious users to monitor and tamper with computers without the permission or knowledge of their owners. The program is classified as a Trojan Horse because crackers need to dupe the user into installing an application on their hard disk. Despite this, Oxblood Ruffin said that the program is currently installed on up to a half-million PCs worldwide. Though that number could not be independently verified, an Australian computer security group last November said that 1,400 Australian Internet accounts have been compromised by Back Orifice. Back Orifice 2000 also promises to be a great deal more difficult to detect than its predecessor because it enables users to configure its port setting. Previously, intrusion detection and antivirus programs could detect Back Orifice because it used a default port setting of 31337. A Microsoft Windows NT Server security manager said the company is closely monitoring Back Orifice development and is working with antivirus and intrusion detection software vendors to provide customers with utilities to combat the software. "Trojan Horses are not technological issues but a social engineering problem because they rely on the ability of the cracker to trick the user into running an application," said Scott Culp. "It's just a fact of computer science that if you run a piece of code on your machine you run the risk making your system vulnerable." The solution, according to Culp, is to ensure that users do not install any software from untrusted sources and regularly update antivirus and intrusion detection programs. Also at the show, independent security consulting firm L0pht Heavy Industries will release AntiSniff, a network monitoring tool, and will announce BootyCall, a PalmPilot War Dialer. Such programs will automatically dial telephone numbers in sequence, looking for modems. Zero-Knowledge Systems is also expected to provide further details about Freedom, a network of servers promising total online anonymity. Def Con will also feature some of its legendary sideshow attractions, such as the Spot the Fed contest. In this game, conference attendees are invited to point out suspicious attendees who may be working for federal law enforcement agencies. Winners will be awarded an "I spotted the Fed" T-shirt. Other diversions include a fancy dress ball, Hacker Jeopardy, and the Hacker Death Match, a game that enables hackers to take their flame mails out of cyberspace and into reality by dressing up in giant inflatable Sumo suits to do battle. Well-heeled attendees are invited to a US$100 outing to Cirque du Soleil. Meanwhile, the conference will include sessions on how to detect wiretaps; the art and science of enemy profiling; hacking ethics, morality, and patriotism; cyber-forensic analysis; and a talk on the practice of hiring hackers as security consultants. -=- And DefCon; heres an update from Wired on defcon; DefCon: Bring in Da Noise by Polly Sprenger 8:15 a.m. 8.Jul.99.PDT Every year it's the same. DefCon rolls around, and every media outlet churns out an article citing an "old school" hacker complaining that the "script kiddies" don't have any skills, don't have any respect, and never had to rebuild an Altair with their bare hands. Here you go: "I've been a hacker since before there were microcomputers," said Chris Tucker, a one-time hacker who is now semi-retired due to arthritis. "I see [DefCon] as an opportunity to act like a mentor, to say 'this is how it should be done, don't give in to the dark side kids.'" But while the older generation of DefCon attendees is hand-wringing over the fact that "kids these days don't even write their own exploits anymore," the younger generation is busy donning fright wigs and fingernail polish in preparation for another DefCon staple: the raves. Hackers and raves have gone hand in hand since the industrial music of the '80s gave way to the electronica of the '90s, said The Clone, one of this year's attendees. "DefCon is a weekend event held from early in the morning until about 10pm," he said. "What's there to do between then and morning? Sleep? Of course not. Going raving is where it's at." This year's conference coincides with the anniversary party of Candy FactorE, a locale that The Clone said has propelled the Vegas raving scene. "Two underground scenes combine in one city. What could be better?," he asked. Brian Fite of HSK, a security-interest site, said that even the music divides the old-timer hackers from the younger generation. "I came out of hard core punk, the old school," he said. "Now, house music and raves is the 'underground.'" But if raves is what they come for, raves is what they'll get, Fite said. More than 24 bands and DJs have been invited to perform onstage at DefCon. Their musical genres, listed on the DefCon site, range from industrial to house to jungle to trance. Brandon Cox, another HSK staffer attending DefCon for the first time, said he expects the difference between the two groups of hackers to be obvious: "All the young guys will be walking around in baggy pants and Adidas', and all the old guys will be wearing Doc Martens and black T-shirts." The musical performances will be Webcast by Pirate Radio UK, for anyone who wants to experience the music remotely. Cox, 25, said hackers of his generation are attracted to the techno music both because of its roots in technology and the way it draws together the underground. "I think it was young, outcast kids, looking for a way to fit in," Cox said. "Maybe it's more that everybody is accepted," said Fite. "A lot of these hip-hop kids dress weird, and accept other, different cultures. Diversity is good for the species." But ravers, like non-malicious hackers, resent the image that gets presented to the public about their subculture. "There have been rumors of undercover reporters looking for 'hot' sweeps week stories in raves," said "Driz," a Vegas-area raver. "One misinformed story gives off a surprising amount of bad impressions. If there's a trace of something juicy, reporters seem to turn on their hidden cameras and focus on the negativity." But ravers like Driz can see past the negativity. "There is nothing better when there's a smile on every face, the music is thumpin', everyone's dancing, and the vibes are good!" More from Wired; Fear and Hacking in Las Vegas by Polly Sprenger 3:00 a.m. 10.Jul.99.PDT LAS VEGAS -- The sun rose Friday morning on the first day of Def Con, the annual hacker conference, with labor crews hosing down the parking lots and the highways. Workers were dealing with the aftermath of an unexpected thunderstorm that shut down the airport Thursday and left the city sunk in a thick layer of mud. More than 600 of Def Con's 6,000 expected attendees were already in town for the Black Hat security conference. The timing was unfortunate, however. Next door to the predominately male-attended Black Hat conference was a teenage dance competition, where, after spending the day listening to talks on security issues, attendees could watch adolescent dancers shaking their groove thang. "Someone's gonna get arrested," sighed Chris, from Toronto, in the bar of the nearby Hard Rock Cafe later. But by mid-morning, hackers shook off their Thursday night hangovers to descend on the convention hall. Hacker groups and enthusiasts did a brisk trade in T-shirts, hacker equipment, and zines. As a TV crew cruised the hall, an organizer asked everyone to be mature and not deface the camera. "Be good, and next time Mom will let you wear the big pants," he said to the youthful, baggy-panted crowd. Convention-goers were testing their competitive side in the sixth annual Spot the Fed contest (several agents were outed by early afternoon), and by donning inflatable sumo wrestling suits for a little all-in-fun mock violence. "Always wanted to beat up some punk on the mailing list? You really hate the person who always argues with you?" DefCon organizers asked. "How about media vs. the underground? Or feds vs. hackers? We've rented giant inflatable sumo suits for you to do battle." T-shirts like "I miss crime" and "I hate stupid people" caught approving glances from the crowd, while a photographer wandered around the room snapping shots of any available woman for the "Babes of Def Con" photo album. Outside the smoky, crowded hall, a group of younger attendees was gleefully stringing cable from hotel room to hotel room, beefing up the paltry connection offered by the Alexa Park convention center and resort. The "day in the sun" feeling was soured a bit as a group of security enthusiasts posted "wanted" signs accusing John P.Vranesevich, founder of AntiOnline, of criminal activities. They accuse the computer security pundit of paying crackers to hit sites in exchange the scoop. Vranesevich and his supporter, Happy Hacker Carolyn Meinel, vocally deny that he has done anything wrong, and point the finger back at the accusers, who have posted material about Vranesevich on their Web site. The controversy escalated last week, when a popular site for security information, PacketStorm, was removed from its host server at Harvard after university officials were told that the site had negative and allegedly libelous information about Vranesevich on it. But according to Brian Fite of HSK, the tension only adds another dimension of excitement to the goings-on. Also on the underground agenda is a party to announce the "launch" of Back Orifice 2000, a hacking tool for Microsoft office 2000; a formal black-and-white ball where T-shirts will be traded in for tuxes; and assorted, sordid all-night raves. -=- The aftermath according to HNN; Defcon Recovery contributed by Space Rogue We are still hung over and recovering from Defcon this past weekend. Our plane landed just hours ago and we are currently reading the 1200+ emails that have piled up over the last six days. We should hoepfully have regular news for your tomorrow. Defcon Notes The estimated attendance for Defcon this year was 3000 people. 1200 more people than last year. The BO2K presentation was standing room only. A few early copies of BO2K were thrown out to the crowd on CD. Someone took one of those copies and duplicated it. Unfortunately the dups are infected with CIH. If you did not receive an original copy be sure to double check it. Carolyn Meinel was escorted out of the Alexis Park Hotel. The official reason given for the ejection was due to two seperate violations of press privilages. The Defcon.org Web Page was cracked just as the con was starting on Friday. We should hopefully have an archived copy soon. We hope to return to full coverage of all the news tomorrow. Hopefully we will be sober by then. -=- The NYTimes;, Contributed by someone on IRC (#feed-the-goats?) sorry forget your nick... Hackers Say Government Falls Short on Computer Security By MATT RICHTEL AS VEGAS -- A White House official took a verbal pounding Friday night at a conference of computer hackers and security professionals, some of whom accused the Government of inadequately protecting its computers. The criticisms came during a panel debate called "Meet the Feds" at Defcon, the annual gathering of computer hackers. After the discussion, Jeffrey A. Hunker, senior director for infrastructure protection for the National Security Council, conceded that the hackers have a point when they say that the Government has far to go. "We have something to learn from them," he said. Malicious hackers, known as "crackers," have taught the Government several lessons in recent months, taking down several major Web sites including those of the White House, Senate and FBI. Many of the more than 2,000 attendees at Defcon VII are not interested in wreaking havoc. They are computer security professionals and hackers with a general interest in deconstructing computer code, although their standard black attire and occasional arrogance gave the conference some menacing overtones. Around 400 attendees gathered in a main auditorium to hear Hunker speak, and some took him to task and accused the Government of ignoring security issues for too long. Chief among the criticisms was that the Government should not rely so heavily on software from the Microsoft Corp. The company is a perennial whipping boy at Defcon because many of its programs have been shown to contain security flaws. Hunker and several other Government employees on the panel, including a representative from the Defense Department, said they have been hampered by limited funds and a lack of qualified technical personnel. Hunker said the Government is pouring resources into the security problem and that President Clinton's proposed budget for fiscal year 2000 includes $500 million in financing for research and development, of which a portion would go to bolstering the computer infrastructure. "Almost all of the systems we are dependent on have significant vulnerabilities," Hunker said. "This conference is about identifying the vulnerabilities." Some in attendance responded well to Hunker's conciliatory tone, complimenting him afterwards on his effort to start a dialogue with hackers. Hunker said that while he has followed cutting-edge hacking technology, the conference was the first time he has immersed himself in hacker culture. At least one hacker in the crowd was unforgiving. "I hope they hack all the '.gov' sites in the next 12 months, just like they said they would," said a hacker in his mid-20s who identified himself only as "Codepoet," referring to threats from cracker groups to take down all Government Web pages. "There's a lot of arrogance on the part of the Government about technology," he said. Contributing to the tension between hackers and Government officials at the conference were the recent raids by the FBI on computer crime suspects. In June, a new cybercrime unit overseen by the United States Attorney's office in Dallas said it had issued 16 warrants in 12 jurisdictions after a year-long investigation into hacking-related crimes, but had not yet charged anyone. Before Defcon began, its organizers insisted the raids would have minimal impact on the conference. But a handful of crackers who confessed to participating in illicit activities privately whispered that they have newfound concerns about whether they might be next. "They reacted, so we reacted, so they reacted, so we reacted," said Codepoet, referring to the arms race between crackers and government. (He identified himself as a hacker, not a cracker.) The tension "is somewhat heightened," he said. Marc Maiffret, also known as Chameleon, had his home raided by the FBI last summer but was never charged with a crime. He said the raids have frightened some of the young hackers. Maiffret said he now works as a computer security professional. "People are afraid," he said. "There is a lot of pressure to go legit." Some said they were on edge because they did not know who might be raided next or what activities might put them on the radar of Government agents. That uncertainty is perpetuated in part by the Government itself, which has not yet issued any charges or made arrests in relation to the June raids. Nor has the Government said what areas of computer activity it is targeting, besides stating generally that the activities under investigation include stealing and misusing credit card numbers and computer passwords. A spokeswoman for the United States Attorney's office in Dallas, where the year-long investigation originated, declined to comment on what she described as an "ongoing investigation." However, a representative of the Nevada Attorney General's office who spoke at Defcon conceded that the Government is having trouble finding evidence of crimes on computers that it has confiscated. "We're behind on this stuff," said Kevin Higgins, Nevada's Chief Deputy Attorney General. "We may have gotten warrants and computers, but we may not know how to find" the evidence, he said. In some respects, it is notable that these high-ranking Government officials came to mingle with a gaggle of hackers and crackers at all. The image is in stark contrast to the origins of Defcon seven years ago, when it truly was a small gathering of insiders from the hacker underground. It used to be that hackers who spoke to the press were derided by their peers as "media whores." But this year, for the first time, the organizers of Defcon hired a publicity firm to work with reporters and set up interviews. Among the firm's other clients are Alicia Silverstone and Michael Richards (Kramer from "Seinfeld") -- not exactly icons of underground culture. Some hackers said privately that Defcon, which was conceived as an underground gathering and flourished that way, may be dying as it attracts a more diverse crowd. But the newfound openness may well suit Hunker, the White House official, and others who want to co-exist with hackers and even learn from them. "I want to get to know the hacker community better," he said. "These people are America's future." Related Sites These sites are not part of The New York Times on the Web, and The Times has no control over their content or availability. Defcon Matt Richtel at mrichtel@nytimes.com welcomes your comments and suggestions. -=- From ZDNet contributed by D----Y Privacy hits big at DEF CON By Robert Lemos, ZDNN July 12, 1999 11:58 AM PT URL: http://www.zdnet.com/zdnn/stories/news/0,4586,2292148,00.html LAS VEGAS -- As he sits across the table at DEF CON 7, Austin Hill, president and founder of the pro-privacy Zero Knowledge Systems Inc., makes the statement simply, boldly: "We are out to change the world." His vision: A world without boundaries, law enforcement without wiretaps, corporations without databases, and e-mail without spam. Hill announced the start of that vision on Sunday at DEF CON: A network that acts as a one-way mirror to the Internet -- the user can see the Net, but no site will be able to identify who the user actually is. Called Freedom Net, the virtual-network-within-the-Internet will allow Web surfers and e-mail users to hide behind one or several false identities. "This is the way the Internet should have been built," said Hill. "It's not anonymous; it's pseudnonymous." And it's not just for hackers, either, adds Hill. Inequality of information The Montreal, Canada, resident sees a big problem with the inequity of information today: The government and companies have it while the public does not, he said. "We can do society more good by protecting the ninety-nine-point-nine percent of the people out there that are not criminals than by treating them as such just to catch the point-one percent that are." In just the last year, Internet service providers, such as America Online Inc. (NYSE:AOL) and Yahoo! Inc. (Nasdaq:YHOO), have been subpoenaed to turn over the actual identity behind an online alias in not only criminal cases, but civil ones as well. John Q. Newman, another speaker at the conference and author of many how-to privacy books, uses his pseudonym not only online, but in the real world as well. "There is a general feeling that the government and industry know too much about you," said the author, who doesn't use his real name. "Combine that and the Internet and you get a witch's brew that destroys privacy." Beta testing on July 15 Entering beta testing on July 15, the Freedom Network is guaranteed to prevent such use of personal information, said Zero Knowledge's Hill. After downloading a free software client, users will pay for a pseudonym to use on the Internet. Since the audit trails associated with credit card payments are one way that a user's identity could be tracked, Zero Knowledge will disassociate a user's payment from the actual purchase or renewal of a pseudonym. After that, the user just uses the Internet as they always would. All data transferred to and from the user's computer will pass through the silvered glass of the Freedom Net. The network fully encrypts data from end-to-end to hide the content of the data and uses random routes through the Internet so that no user always receives data from a single server, obfuscating the user's online tracks. Using digital certificate technology, Zero Knowledge certifies that the data the user is receiving off the Internet is actually part of the Freedom Network, and thus "trustworthy." Yet, even the company cannot match usernames up with actual Web surfers -- none of that information is on any of its servers. "There is basically zero point in coming to our office with a subpoena," said Ian Goldberg, Internet guru and chief scientist for Zero Knowledge. "All the information that we have is publicly available from our servers." A lawsuit in waiting? And that makes Zero Knowledge and its Freedom Network a lawsuit waiting to happen, said Hill. Already, U.S. federal officials have noticed the start-up's efforts. Hill expects the situation to reach a boiling point before the end of the year. "We are fully prepared to defend ourselves," he said. The company has been coached on strategy by the Electronic Frontier Foundation and other privacy groups. Hill recognizes that the advent of the Freedom Network will make the job of law enforcement officers much harder. However, he points to successful cases against child pornographers that are developed by officers going undercover. "That's the way it will have to be done," he said, advocating a return to the days before wiretaps. "Policing is only easy in a police state." Wired; Aftermath , contributed by D----Y Wound-Up DefCon Winds Down by Polly Sprenger 3:00 a.m. 12.Jul.99.PDT LAS VEGAS -- The seventh annual DefCon hacker convention drew to a close Sunday, after a weekend of uninterrupted sensory overload. The event was marked by massive enthusiasm over the release of a new remote administration tool from the much-heralded Cult of the Dead Cow, and the quizzical expressions on the faces of the media as they attempted to grasp "the meaning" of DefCon. The CDC presentation featured a maelstrom of digital effects and technomusic that captured the energy of the three-day event. Also: Fear and Hacking in Las Vegas Def Con: Bring in Da Noise Inside the Virus Writer's Mind ABCNews.com's Michael Martinez presented a talk on the persistent rift between hackers and the press on Saturday. He provided a forum for hackers to confront a member of the tech media with questions like, "Since all these reporters want to learn to be hackers, why don't they just hire hackers to be reporters?" Martinez said that hackers had difficulty getting mainstream media to understand their message and perspective because so often communication breaks down between the two groups. "We know the how, the where, and the when," Martinez said. "But why? You complain that we don't get it, and we complain that you won't let us." Sunday morning and afternoon sessions were punctuated with rousing rounds of "Spot the Fed," the annual DefCon game of outing federal agents. Anyone identified as a Fed was brought up on stage for questioning. The suspected Feds, all of whom were more than willing to whip out badges after a few minutes of interrogation, were dressed almost universally in polo shirts and khakis, their crew-cut stiffness a striking contrast to their black-clad accusers. The audience hurled questions at them like, "Does your office have a ban on Furby's?" and "What does Dana Scully [the fictional X-files agent] really look like?" One Fed lost all hope of going undetected by responding, "Never heard of him." The day hit high gear with the release show for BO2K, or Back Orifice 2000, one of the few software announcements that required a sign posted on the door warning that the presentation might be dangerous to people with heart conditions. Nineteen of the 20 revered CDC members were present on stage, the most ever assembled in one place. The group took an older-but-wiser tone in its reverberating remonstrations to the audience. "Pick the cause before you pick the site you're gonna hack," the group advised, "and use a fuckin' spell checker!" Despite their bullying tone onstage, members of the CDC said later they're encouraged by the new, younger members of the hacking community. CDC members said they hoped the new rev of Back Orifice, released under the Gnu open source license, would encourage younger hackers to go back to the basics -- scripting code and exploring the technology themselves -- instead of using cookie-cutter programs. "They look at us up on stage and look at what we're doing, and they know they can't stand up there for doing something stupid," said CDC's Grand Master Ratte, MC of the group's gospel-like presentation. But it was another old-school hacker who caused the big scene Saturday. Carolyn Meinel, a favorite target of many in the DefCon crowd, obtained a press pass despite the efforts of several conference organizers. When Meinel wandered into the press area (with a sticker on her back that said "owned"), a Canadian reporter began interviewing her about her relationship with the organizers, asking why she wasn't granted a more civilized reception. Meinel was interrupted, then ejected, by conference staff. But not without a fight. It was good sport for the assembled journalists, although the Canadian reporter was appalled. "They invite criminals to speak at their conference, but they deny a freelancer a press pass?" said David Akin, technology reporter for the National Post in Toronto. Emmanuel Goldstein of 2600, the hacker quarterly journal and Web site, presented a nine-minute preview of his documentary about the arrest and imprisonment of Kevin Mitnick. Goldstein said the documentary was intended to be a counterpoint to the upcoming film, Takedown, which Mitnick supporters say unfairly casts the hacker as more devious and damaging than he really was. Goldstein's presentation was followed by a mysterious "social engineering contest," details of which must remain confidential, since Wired News was forcibly ejected from the room. Although the weekend was tempered with the expected disagreements between old hackers and young hackers, the media, and even a much-publicized argument within the community itself, DefCon 7 was undoubtedly an event to remember. @HWA 06.0 BO2k to be unveiled at Def-Con on Saturday at 5pm, wait for it. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ (I got mine but don't ask for a copy wait for it to come out on the official site www.bo2k.com ... - Ed ) Date: Fri, 2 Jul 1999 02:24:38 -0700 (PDT) From: Reid Fleming To: Christopher J. Rouland Subject: Back Orifice 2000 Dear Mr. Rouland: Thank you for your letter requesting us to furnish Internet Security Systems with a prerelease copy of Back Orifice 2000. We had come to expect that the letter would contain an offer of money or other merchandise. At least, your subordinate intimated as much on Internet Relay Chat. Nevertheless, we are gladly willing to provide you with the software you desire if and only if you will, in exchange, grant us one million dollars and a monster truck. This fee is not negotiable. Thank you for your time. We eagerly await your reply. best wishes, Reid Fleming, cDc http://www.cultdeadcow.com/~rfleming/ Screen shot: (from #defcon) http://ra.msstate.edu/~rwm8/bo2kscr.jpg Unknown how they got a copy in advance,(*g*) apparently some ppl from #bo were included in testing of the new BO and privy to inside stuff regarding its development... . . . A new year of hacker activity is being rung in with the release of Back Orifice 2k for the NT platform. source (gnu) will be released with this version so watch out for all the spinoffs... - Ed Hype on Back Orifice 2000 Reaches Fever Pitch contribued by Reid Fleming With the BO2K launch just days away the articles on BO2K are flourishing. HNN was able to get a sneak preview of the product and we think it will live up to all expectations and then some. This is a highly polished professional looking product. It will give the remote control vendors some competition. The antivirus industry is gearing up for a busy weekend as they try to figure out a way to detect BO2K. But since cDc is releasing source code under the GNU public license there will be hundreds of spinoffs as people create their own versions of BO2k. Each version will need to be detected seperately by the antivirus software. When will Microsoft and the industry learn that antivirus detection is not the solution? Time http://cgi.pathfinder.com/time/digital/daily/0,2822,27824,00.html MSNBC http://www.msnbc.com/news/287542.asp CNN http://cnn.com/TECH/computing/9907/07/nthack.idg/index.html Time; Hackers Take Microsoft to School The makers of BackOrifice 2000, one of the most powerful hacker tools ever released, claim it's for our own good FROM WEDNESDAY, JULY 7, 1999 It's the kind of thing bellboys have nightmares about — an entire hotel full of hackers, messing with the computers, screwing up the phones and generally raising hell. That's the scene at DEF CON, an annual hacker convention held at the Alexis Park Hotel in Las Vegas. At last year's DEF CON a hacker group called the Cult of the Dead Cow released a program called BackOrifice that can completely take control of a computer over the Internet. This Friday DEF CON 1999 kicks off, and the Cult of the Dead Cow is back with a new version of BackOrifice that's more dangerous than ever. Should we be grateful? A little disingenuously, the Cult of the Dead Cow released the original BackOrifice as "a remote administration tool," a simple way of operating a computer running Windows 95 or 98 from a distance over an ordinary Internet connection. While it's possible to imagine scenarios in which having that kind of power would be useful — and there are legitimate applications that perform similar functions — such a tool is obviously very much open to abuse. Say, for example, allowing a hacker (or, as malicious hackers are sometimes called, a cracker) to take over a machine, read your personal information, send e-mail under your name and then erase your hard drive. Fortunately, BackOrifice has certain weaknesses. It can only take over machines on which BackOrifice has actually been installed, and once installed, it's not that hard to detect and remove. According to its creators, the new version of BackOrifice slated for release on Saturday is more powerful than ever. It's tougher to detect, gives the user a greater degree of control over the infected computer, and works on Windows NT, the heavy-duty version of Windows used by most large businesses. While the original version of BackOrifice was a threat to small businesses and private users, BackOrifice 2000, as it's called, will affect a much broader and more vital sector of the world's computers. So why does the Cult of the Dead Cow claim they're doing it all for our own good — and why do some computer programmers agree? To quote from the Cult's press release, "BackOrifice 2000 could bring pressure on [Microsoft] to finally implement a security model in their Windows operating system. Failure to do so would leave customers vulnerable to malicious attacks from crackers using tools that exploit Windows' breezy defenses." In other words, don't blame us, blame Microsoft for making a shoddy product — now maybe they'll improve it. As one poster on a hacking bulletin board wrote, "I feel better knowing that at least these holes will be known publicly and raise some sense of awareness rather than in a closed private environment where exploitation could continue unfettered." Not everybody agrees, but you can bet that Microsoft — currently at work on a new version of Windows largely based on NT — will be downloading a copy of BackOrifice 2000 and studying it closely. As the Cult of the Dead Cow — which claims to be one of the few hacker groups out there to include a female member — puts it, "Information is a virus. And we intend to infect all of you." -- LEV GROSSMAN MSNBC; ‘Cult’ gives hackers weapon vs. NT Group to release more powerful version of Back Orifice — and its own product to combat the hacking tool By Bob Sullivan MSNBC July 7 — Computer security firms are bracing for a serious flare-up of hacker activity come Saturday afternoon. With great fanfare at a Las Vegas trade show, the hacker group Cult of the Dead Cow will release a new version of its Back Orifice tool. The software, which makes it easy for computer intruders to hijack Windows-based PCs connected to the Internet, will be freely available on the Net. Much mischief is expected to follow — as is a “fix” from the Cult itself. THE FIRST VERSION OF BACK ORIFICE, so named to poke fun at Microsoft’s Back Office product, was released in August last year at the annual hacking trade show called DEF CON. This year’s show starts Friday, with the release of Back Orifice 2.0 as the marquee event. Back Orifice usually arrives at a victim’s computer as an e-mail attachment. Once the victim is tricked into opening the attachment, the software secretly installs itself and turns the victim’s computer into a “client.” Then, anyone with the other half of the Back Orifice software (the administrator tool) can control the victim’s PC from anywhere on the Internet. The hacker can then stealthily do anything to the victim’s machine that the victim could do — even delete all the hard drive’s contents. Back Orifice is at the center of one of the key debates in the security industry — while the Cult maintains it produced the software to reveal security flaws in Microsoft products, and ultimately make them safer, Microsoft says that’s just a cover to legitimize hacking. (Microsoft is a partner in MSNBC.) The tool has been ragingly popular among hackers — the Cult says it has been downloaded 300,000 times. And even though all anti-virus packages now detect the program, security firm ICSA Inc. says there are “tens of thousands” of machines that are currently infected, unbeknownst to their users. Peter Tippett, chief technologist at ICSA, said he knows of individual networks where hundreds of machines are currently compromised. According to the Cult, Back Orifice 2.0 has several enhancements. Chief among them, it now works on the Windows NT operating system. It also employs stronger encryption, which will reportedly make it harder to detect. And it is open source — meaning it will be “radically polymorphic,” as hackers extend it and create their own new variations of the program. Anti-virus software companies plan to spend the weekend analyzing the new software and creating a defense that they can spread to clients. That’s expected to take 24 to 48 hours. “It’s good that it’s being released on a weekend,” said Dan Takata of Data Fellows. “We’ll have time to play with it. Monday’s when I assume a lot of people will test it.” For that reason, software vendor Internet Security Systems Inc. asked Cult members for a pre-release version of the software. That way, clients could be protected before the product is released and a flurry of hacking followed. The Cult’s sarcastic reply: “We will gladly provide you with the software you desire if and only if you will, in exchange, grant us one million dollars and a monster truck.” “That shows they have no other intent than maliciousness,” said Jason Garns, Microsoft’s lead product manager for Windows NT security. “Unfortunately, they view this as being a game.” But Cult members say there are several good reasons not to give anti-virus vendors a leg up on Back Orifice. Chief among them — Sir Dystic, who authored the first version of Back Orifice, is working on what might be called a competitive product: a security software package that will protect users from Back Orifice and many other security threats. The group declined to offer more details. “We did think about giving it to all the AV vendors,” said a group member identifying himself as Tweety Fish. “But it’s a method of defense we don’t support.” Anti-virus software only reacts to known security threats; since Back Orifice is open source, many variants are expected, so the group believes most AV software will be ineffective anyway. “We will be releasing tools at DEF CON or in the near future which we believe will provide a much more robust method of protecting your system than what the AV vendors can do today,” Tweety Fish said. Also, if virus protection defeated Back Orifice immediately upon release, the tool would get no media attention. “It would dilute our press message,” said Reid Fleming, who wrote the sarcastic e-mail to ISS. That message, according to media-savvy Cult members, is that Windows NT is fundamentally flawed. Cult members describe Back Orifice as a remote administration tool, useful for network administrators to update software on user desktops. But software companies say that’s a smokescreen, and point out that the tool runs secretly, in the background. The Cult counters by saying Microsoft, trying too hard to simplify operating system administration, has created security holes. Windows shouldn’t allow a program to run secretly in the first place, the Cult says. “If Microsoft wasn’t so committed to hiding the real workings of desktop machines from users, it wouldn’t be a problem,” Tweety Fish said. “Microsoft is taking a complex problem of network and server security and trying to simplify it without acknowledging the consequences of that.” Still Microsoft’s Garns points out that ill-intentioned “remote administration tools” can be designed to attack any operating system and have existed for the Unix operating system for 20 years. “There’s nothing fundamentally unique about what’s happening here. It does not take advantage of any security vulnerability in Windows NT. It attacks people, not technology,” he said. “It was not created for the benefit and benevolence of users.” Chris Rouland of ISS agrees the program was clearly designed with ill intentions. “It offers live video capture of the screen.... We understand you can even remotely fake a blue screen so the computer looks like it’s crashed, but you can keep operating in the background,” Rouland said. “It sounds like it’s going to be a pretty malicious piece of code.” It is not yet known how Back Orifice will spread, though it most likely will be hidden inside one of several programs that will be e-mailed as an attachment. There are likely to be several variations, so virus companies urge Net users to exercise the standard caution when opening e-mail attachments. Users should also update their anti-virus software after detection for Back Orifice 2.0 is included, probably Monday or Tuesday. Have a comment or suggestion about this story? Write to tipoff@msnbc.com CNN; http://cnn.com/TECH/computing/9907/07/nthack.idg/index.html New and improved Back Orifice targets Windows NT July 7, 1999 Web posted at: 10:36 a.m. EDT (1436 GMT) by Tom Spring (IDG) -- In the consumer world,folks like Ralph Nader fight for consumer rights by helping pass tough consumer protection laws. Then there's the PC world. For us, there's a self-proclaimed equivalent: Groups of (mostly teenaged) hackers basking in the glow of computer monitors, who release nasty computer bugs under the guise of strong-arming software makers to get tough on privacy and security. "We want to raise awareness to the vulnerabilities that exist within the Windows operating system. We believe the best way to do this is by pointing out its weaknesses," says a member of the hacker group the Cult of the Dead Cow who goes by the pseudonym Sir Dystic. The Cult of the Dead Cow created and released the program Back Orifice last year to the general public at the Las Vegas hacker and security conference DEF CON. The program allows its users to remotely control victims' desktops, potentially undetected. At this year's conference, on July 9, Sir Dystic says the cult will outdo itself and release Back Orifice 2000. The program, he says, is smaller, nimbler, and twice as nefarious. Computer security experts question the Cult of the Dead Cow's intent. Releasing a hacking tool like Back Orifice 2000 in the name of safeguarding computer privacy is a bit like the American Medical Association infecting cattle with the deadly e. coli bacteria to inspire food companies to sell healthier meats. New and Improved Unlike earlier versions that affected consumers and small businesses, Back Orifice 2000 hits large organizations because it runs on Windows NT systems, which are more used by businesses. Also, the updated program is modular, so users can add additional functions. For example, they could hide files or activate a computer's microphone for real-time audio monitoring, according to Cult of the Dead Cow. Back Orifice 2000 will also be more difficult to detect via network monitoring programs, according to Sir Dystic. This is because the program can communicate back to the sender by using a variety of different protocols, making it hard to identify. The group also says it will make the source code available for Back Orifice 2000, which will likely spawn multiple strains of the program in the hacker community, experts say. Another purported function is real-time keystroke-logging, which can record and transmit a record of every keystroke of an infected computer. Also, the recipient can view the desktop of a targeted computer in real time. It should be noted that PC World Online has no independent confirmation that new Back Orifice 2000 program actually lives up to the claims of Cult of the Dead Cow. ZDNet; contributed by D----Y Back Orifice 2000 not to be feared By Drew Ulricksen, ZDNet News July 12, 1999 2:41 PM PT LAS VEGAS -- Back Orifice 2000 is not something to be feared. It is not a virus. It is not a Trojan horse. It is a remote administration tool. Really. BO2K -- the Cult of the Dead Cow's (cDc) much anticipated follow-up to Back Orifice -- is quite possibly one of the most full-featured remote admin tools on the market today. Combined with the aid of the new plug-in BOPeep, the tool -- which works on Windows 9x and NT machines -- enables system administrators to disable both the keyboard and mouse of the remote machine, and begin controlling it from their own PC. Sys admins can even fire up a video window of the remote PC so they can see what's on the monitor -- similar to PC Anywhere or VNC functionality. BOTool, a plug-in shortly to be released by L0pht Heavy Industries, another hacker group, will allow the client to view and edit the file system and registry of the remote machine in a interface similar to the Windows file manager and regedit programs. Among many other features, BO2K comes with a built-in proxy server and a Web server. The U.S. version comes with 3DES strong encryption, but the international version uses a weaker encryption scheme. According to cDc's DilDog (cDc members are only identified by their handles), BO2K was written from the ground up with security in mind. Strong encryption ensures all data and text will be transferred securely to prevent someone sniffing your password while you're remotely administering a PC. BO2K weighs in at only about 115KB in size and utilizes only about 2MB of RAM. It is no CPU hog, either. Not only that, according to DilDog, the file transfer speed in BO2K is faster than any remote admin tool against which it was benchmarked. The price is right What do you expect to pay for something like this? $40? $60? Nope. Try $0. Besides being free, B02K is also open source, so if you'd like to strip out or add functionality, go right ahead, just make your code available. But if you'd rather not dive into source code, there's also the option of just writing a plug-in to pop in. Adding to the package is BO2K's customized setup. The original Back Orifice installed itself automatically as soon as it was run. BO2K launches, of all things, a Wizard to configure the setup. No longer is there a default port and password -- in BO2K you must assign it a port and password, or it won't run. That means there won't be a widespread epidemic of script kiddies scanning the entire net for port 31337, looking for people infected with BO2K. Software doesn't kill data ... "But it can run hidden, that's evil!" you say? It can run hidden, this is true, but this time around it can also run visible if you so choose. Many other software packages out there have the same option, and they even call it a feature. Believe it or not, some people even like it. There are dozens of software packages out there that, if installed with malicious intent, allow an attacker to do just as much damage as BO2K could, if used improperly. You won't see many of those programs being killed by anti-virus software, and it's a shame that there's almost a sure bet Back Orifice 2000 will. If common sense is used, you won't need to worry about BO2K or any other software being run maliciously on your machine. Just remember, software doesn't kill data -- people do. Drew Ulricksen is ZDNN's operations specialist. He attended DEF CON 7. -=- ZDNET *WHERE DO I GET IT? ***************************************************************** * * * On Jul 11th in #bo2k an url was posted with alleged bo2k code, since the file * * names do not match the announced file name sizes nor the source code but for * * the curious here's the url: http://206.98.65.238/cdcbo2k.zip - Ed * * * * Another url with the cd release supposedly virus checked (check it for CIH) * * * * (from #hwa.hax0r.news) * * http://www.hlz.nl/bo2k/leech/ <- i'd trust this one but urge people to * * be paranoid and wait for the 'official' release on www.bo2k.com * ************************************************************************************* @HWA 07.0 CIA Not Breaking Into Banks ~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by solvant On July 5th, 1999 the Associated Press and Sidney Morning Herald Internet edition ran a month old already debunked article describing how the CIA will be electronically breaking into various banks around the world to retrieve Solobadon Milsovics hidden money. This claim was originally made by Newsweek magazine on May 24th and was later picked up and ran by the Reuters News Service. HNN immediately questioned these claims. MSNBC also raised questions about the original article. By June 7th, William Arkin of the Washington Post had gathered enough evidence to completely debunk this story. Now, over a month after the original false report the Associated Press and Sydney Morning Herald blindly rerun the story without bothering to verify its accuracy. Did they just want to create sensationalism? Did they think people would not notice? Lets say this one last time: The CIA does not employ 'hackers' to break into foreign banks! NewsWeek- May 24 http://www.newsweek.com/nw-srv/printed/us/in/in0922_1.htm HNN Archive for May 25, 1999 http://www.hackernews.com/arch.html?052599#2 MSNBC- May 28 http://www.msnbc.com:80/news/274526.asp Washington Post - June 7 http://www.washingtonpost.com/wp-srv/national/dotmil/arkin060799.htm Sidney Morning Herald - July 5 http://www.smh.com.au/news/9907/05/world/world9.html Associated Press via ABC - July 5 http://abcnews.go.com/sections/world/DailyNews/clintontime990705.html Sidney Morning Herald; Monday, July 5, 1999 BALKANS Hackers on stand-by as CIA finds Milosevic cash The CIA believes it has traced banks in Greece, Cyprus and Russia - all traditional allies of Serbia - where President Slobodan Milosevic has salted away millions of dollars during his 10 years in power. United States Government computer hackers have been ordered to break into Mr Milosevic's foreign bank accounts and drain his hidden fortune as part of a clandestine CIA plan to overthrow the Yugoslav president. The controversial operation - opposed by some senior political and intelligence figures in Washington - is part of a covert six-point package authorised by Mr Clinton last week and reported in the Herald in May. Although details of the White House plan are secret, it is understood that CIA agents in the three countries would first visit the banks, set up new accounts and see how they operate. Using that information, National Security Agency hackers would then find a way round elaborate computer security systems to access accounts in the name of Milosevic and his family and siphon off the contents. But some intelligence officials fear the move against the Serbian leader's millions could backfire on the US by making its computer system a target for freelance hackers selling their skills to Washington's enemies. The other parts of the plan include funnelling cash to anti-Milosevic politicians in Serbia, giving money to newspapers and radio stations opposed to the Belgrade regime and making contact with Yugoslav military commanders thought to back a change in leadership. - The Telegraph, London @HWA 08.0 SETI@home gets cracked ~~~~~~~~~~~~~~~~~~~~~~ SETI@Home Project Web Page Defaced contributed by Santeri Saarimaa The main web page for the SETI@Home project was defaced over the weekend. The main page was replaced with a picture of Alf and the word 'Wanted'. HNN Cracked Pages Archive http://www.hackernews.com/archive/crackarch.html ZD Net http://www.zdnet.com/zdnn/filters/bursts/0,3422,2288248,00.html In case you missed it the SETI@Home project is still going strong and has released version 1.05 of their software. SETI@Home http://setiathome.ssl.berkeley.edu/ The HNN SETI Team is going strong but we could use your help. (I don't care what people say about this project the screen saver still rocks.) HNN SETI Team http://setiathome.ssl.berkeley.edu/stats/team/team_2251.html 09.0 Network Solutions DNS Spoofed ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ contributed by evenprime Network Solutions, Inc, which administers domain name registrations had its DNS entries spoofed last Friday. Visitors to the web sites for Network Solutions where redirected to competitors. This is the second time NSI has succumbed to such an attack. Wired http://www.wired.com/news/news/technology/story/20567.html C | Net http://www.news.com/News/Item/0,4,38721,00.html?st.ne.fd.gif.f Internet News http://www.internetnews.com/bus-news/article/0,1087,3_155511,00.html Wired; Network Solutions Cracked by Oscar S. Cisneros 1:45 p.m. 2.Jul.99.PDT Network Solutions was reeling Friday from an attack on its Web servers that redirected users visiting its Web site to other locations. "The FBI and Network Solutions are cooperating in determining the location" of the attack, said Network Solutions spokesman Brian O'Shaughnessy. "It was a DNS modify that was sent through the system that was accomplished by spoofing." He means that the IP addresses for Network Solutions servers were altered in the domain name system servers with a falsified template, so that Web browsers requesting the sites were instead sent to the IP address of another site. Network Solutions fixed the IP address Friday morning, but the changes will take some time to reach the domain name servers spread across the Net. Until that "emergency zone release" propagates, users visiting three Network Solutions sites -- Networksolutions.com, netsol.com, and dotpeople.com -- may be redirected to the Web sites of the Internet Corporation for Assigned Names and Numbers and the Internet Council of Registrars (CORE), he said. It is unclear exactly how long the crack has been in effect. "We are aware of the problem and have been looking into it for a while," Scott Hollenbech, a Network Solutions staffer, in an email to CORE early Friday morning. O'Shaughnessy said the source of the attack originated at a computer owned by SoftAware, an ISP located in the same building as ICANN in Marina del Rey, California. The attack was either done through physical or virtual access to one of their machines. "We've corrected it," O'Shaughnessy said. "It should take about 24 hours before everything's resolved." Jim Rutt, CEO of Network Solutions, said that investigators were working with preliminary evidence only and that the perpetrator has covered his tracks well. "It is easy to leave a breadcrumb trail," he said. It is a famous hacker trick" to launch an attack behind multiple servers. But Patrick Greenwell, Internet architect for DSL provider Telocity, said the blame might lie elsewhere. "NSI could be culpable in that they have not pushed for the implementation of DNS Sec, which is a security measure for these types of things," he said. "It requires authentication." Greenwell said that his analysis was based only on what little preliminary information was available, but that he believed the fault could largely be pinned on the Berkeley Internet Name Daemon,or BIND. BIND is an implementation of DNS protocols, which Greenwell said are inherently insecure. Because the software operates on the vast majority of DNS servers across the Internet, upgrading it would be difficult to do while maintaining backward compatibility. While it's unfortunate that this happened, I don't think it would be fair to point the finger at NSI," he said. "DNS is an inherently insecure protocol." "This has nothing to do with BIND," O'Shaughnessy said. Domain name addresses can be authenticated through varying levels of security, from a simple email method, to a password-protection scheme, to powerful PGP encryption. O'Shaughnessy said he could not immediately determine what method of security Network Solutions uses to secure its own domain name data. O'Shaughnessy added that the attack was reminiscent of one carried out by Eugene Kashpureff, who pleaded guilty in March of 1998 to one count of computer fraud for exploiting an NSI security hole. The Internet Council of Registrars, one of five registrars participating in the initial test period for domain competition, posted a statement on its Web site saying that it "strongly condemns these acts and may take legal action against the perpetrators." ICANN also condemned the crack as "an attempt to undermine the stability of the domain name system." The group has said it will cooperate with any investigation into the matter. The FBI could not be reached for comment. -=- C|Net; http://www.news.com/News/Item/0,4,38721,00.html?st.ne.fd.gif.f NSI's Web site hacked By Courtney Macavinta Staff Writer, CNET News.com July 2, 1999, 12:15 a.m. PT update Hackers struck major linchpins in the Internet's address system today, redirecting Network Solutions visitors to one of its future ".com" competitors and the new body in charge of managing the Net's technical functions, crippling that site too, according to NSI executives. The world's dominant domain name registrar, NSI discovered that its various sites were down about 2 a.m. PT today and that they were automatically sending surfers to a hopeful registrar, the Internet Council of Registrars (CORE), and the Net's new administrator, the nonprofit Internet Corporation for Assigned Names and Numbers. NSI's main site still appears to be malfunctioning, although the company said its system has been restored. ICANN's site also was inaccessible this morning, possibly due to increased traffic from NSI's visitors. ICANN also runs the Net's "L root" server, one of the 13 servers that comprise the worldwide network, but its technical administrator said there was no indication so far that ICANN's systems had been hacked too. "It was a hack. We're investigating it, and the FBI is involved," NSI spokesman Brian O'Shaughnessy said. "The FBI told us that they are on their way to the ICANN's building in Southern California now to secure the servers because there could have been a hack on their end." Specifically, the FBI is looking into an Internet service provider located in the same Marina Del Ray building as ICANN, SoftAware, which NSI says--based on its initial investigation--appears to be the launching pad for the hack. The Commerce Department and other international governments have anointed ICANN to administer the Net and to trigger competition in domain name registration, which Network Solutions has dominated since 1993 under a U.S. government contract. Both entities are responsible for the Net's most critical function: the domain name system that allows online users to call up Net and e-commerce sites by typing in names ending in ".com," ".org," and ".net." The hack is a sober reminder of the Web's vulnerability, even among companies and government agencies equipped with state-of-the-art security technology. Government entities from the White House to the National Weather Service have come under a rash of computer system attacks in recent months. In July 1997, a hack redirected NSI visitors to a site called AlterNIC, which aimed to compete with Network Solutions by offering alternate domains, such as ".ltd," ".sex," and ".med." AlterNIC's founder, Eugene Kashpureff, who exploited a security hole to "hijack" NSI's site, pleaded guilty in March 1998 to one count of computer fraud in the incident. Most of the 5 million domain names registered by NSI have been facilitated through its partners, such as Internet access providers. But of the approximately 10,000 names registered per day, about 3,000 are registered through NSI's own site. And at $119 for a two-year registration, the company could potentially lose thousands of dollars for the time that it was not in operation. CORE, one of five initial organizations chosen to compete with NSI directly by tapping into its registration system, alerted site visitors about the hack and said it would pursue its perpetrators. "These problems seem to be the result of illegal acts by hackers," CORE stated. "CORE strongly condemns these acts and may take legal action against the perpetrators." Today's hack will no doubt fuel the fire for legislation to improve computer security, such as the House Science Committee's Computer Security Enhancement Act, which was introduced yesterday. Internet News; http://www.internetnews.com/bus-news/article/0,1087,3_155511,00.html NSI Falls Prey to Hackers July 2, 1999 By the InternetNews.com Staff Business News Archives Web sites operated by Network Solutions Inc. were hit by hackers Friday who redirected visitors to one of the company's competitors. Starting before noon Eastern time, NSI officials discovered hackers were automatically sending its site visitors to the the Internet Council of Registrars -- or CORE -- as well as the Internet Corp. for Assigned Names and Numbers. ICANN is the new non-profit organization that oversees the Internet's address system. After it discovered the hack, CORE placed a message on its Web site notifying visitors of the hack which also listed the correct IP address for Network Solutions' site. CORE also posted a brief statement saying it strongly condemned the moves and is looking into legal action. ICANN officials said there had been no indications that the hackers had affected the root server that it administers. One of 13, ICANN's root server contains the database that allows domain names to be translated into IP numbers so that traffic can be properly routed. NSI released a statement Friday afternoon confirming a hack had occurred and said the FBI had been called into investigate. NSI is speculating that SoftAware, an Internet service provider based in the same California building as ICANN, was where the hack originated. In April, ICANN named five testbed registers which included CORE, America Online Inc., France Telecom/Oleane, Melbourne IT and register.com. They were the first to begin registering domain names and testing the new shared registration system developed to allow multiple competitors to handle the process. In addition, 29 companies have been accredited to register domain names once the system's test is complete. ICANN takes over the system from NSI which was granted an exclusive government contract to manage the domain system in 1993. @HWA 10.0 Bad permissions set on passwords stored by WebTrends software ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Space Rogue Internet Security Systems (ISS) X-Force has discovered a security hole in numerous WebTrends products. This hole allows access to service account and MAPI user names and passwords. WebTrends stores service account user name and password in a file called WebTrends.INI that allows "Everyone" full access. WebTrends recommends that you modify the ACL settings to an appropriate level and upgrade to the latest version. ISS X-Force http://xforce.iss.net/ 11.0 Three Blind Men Accused of Computer Tampering in Israel ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by dis-crete Three blind Arab brothers are being held for allegedly electronically breaking into the Mossad Intelligence Agency and the Shin Bet security service along with dozens of other Israeli institutions. They supposedly did this without special computer equipment for the blind. Apparently, the three blind brothers used a secret language, known only to them. They are accused of listening to sensitive telephone conversations, intercepting classified information and then passing it on to the Palestinian Authority, Egypt and Jordan. The brothers have refused to co-operate with the police and deny all allegations against them. The Defense lawyer has said he is having problems with the case because most of the information is considered classified. The prosecution has announced that it will call over 150 witness to give evidence against the brothers. Globe Technology http://www.globetechnology.com/gam/News/19990702/UHACKN.html Globe; Israeli police hold blind brothers in sensitive computer break-ins Geniuses allegedly hacked into spy agency without special equipment MATTHEW KALMAN Special to The Globe and Mail Friday, July 2, 1999 Tel Aviv -- Three blind Arab brothers are facing charges for allegedly hacking into some of Israel's most sensitive computer systems. The three young men allegedly broke into the computer systems and telephone switchboards of scores of Israeli institutions, including the Mossad intelligence agency and the Shin Bet security service. Muzher, Munzer and Shadi Budair, from the village of Kafr Qasem, appeared in Tel Aviv district court yesterday and are being held in custody on charges related to computer theft. Police allege that the brothers listened in on sensitive telephone conversations, intercepted classified information and passed it on to the Palestinian Authority and military intelligence officers from Egypt and Jordan. The brothers, each born blind, are reputed to be computer geniuses. Police said they were amazed to discover during a search of the Budair home last month that none of their equipment included special tools for the blind. The brothers have refused to co-operate with the police and deny all allegations against them. They are represented by lawyer Avigdor Feldman, who has defended many security prisoners, including Mordechai Vanunu, jailed 12 years ago for giving away Israeli nuclear secrets. Mr. Feldman said most of the evidence against the Budairs has been classified as "secret material" and he still doesn't know all the details of the charges. The prosecutor told the court yesterday that he intends to summon more than 165 witnesses to give evidence against the brothers. Police suspect them of stealing thousands of dollars worth of telephone calls abroad on behalf of friends calling the Persian Gulf states. They are also suspected of making thousands of dollars worth of illegal purchases by way of the Internet and by hacking into the computer systems of Israel's television shopping channel. According to sources close to the interrogation, Muzher, 23, and Munzer, 22, have in the past few years visited a number of Arab countries, where they contacted security and military officials and offered to share information gleaned from hacking into the computers of some of Israel's most sensitive security bodies, including the Mossad. The youngest brother, Shadi, is described as a minor under the age of 18, although his exact age is unclear. He faces charges of obstructing justice. Police Detective David Osmo, the officer in charge of the investigation, alleged that the brothers had been involved in illegal activity since at least 1996. "They have unique technological ability and knowledge and a complete mastery of communications and computers," he said. "Their skill has made it all the more difficult to collect the evidence against them." Their mother, Halima, said her sons had done nothing wrong. "I'm sure of their innocence," she said. "They are at home 24 hours a day and have never broken the law. I know my sons very well. This is not the first time that the police have raided our home. This time, they confiscated all the cellular phones and the computers. I believe they are doing this only because we are Arabs." Relatives of the Budairs say the three young men have been the target of repeated police arrests over the past four years. Kamel Issa, a teacher from the village school where Munzer and Muzher studied, described the brothers as "very ambitious young men with a remarkable influence on others." He said they invented a secret language, intelligible only to them. @HWA 12.0 FBI Opens Seattle Computer Crime Squad ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ "HNN.. the voice of reason" - MSNBC contributed by dis-crete The FBI's Seattle office has created the eighth special Computer Crime Squad, following New York, San Francisco, Dallas and Boston. The Seattle office will be staffed by 10 agents to focus on computer crime. FBI agents have been receiving training locally and in Washington, D.C., to operate newly purchased hardware and software intended to identify and track malicious computer activity. The article does acknowledge that most computer crimes are the result of disgruntled employees, and not what it calls 'recreational hackers'. Seattle Times http://www.seattletimes.com/news/local/html98/hack_19990704.html Posted at 11:25 p.m. PDT; Sunday, July 4, 1999 FBI, feds declare a war against computer crimes by Charles E. Brown Seattle Times staff reporter The Federal Bureau of Investigation's Seattle office and the U.S. Attorney's Office here are teaming up to fight computer-related crimes - everything from Internet fraud to hacking to spreading computer viruses. The Seattle FBI office has put together a team of 10 agents, some reassigned from other FBI work and others newly added, to focus on computer crime. "We've had an increase in (federal) resources to start this new squad," said Dana MacDonald, who has been charged with overseeing the team's daily operations. "We believe the wave of the future in criminal cases involves computer crimes, and we're trying to address that," said MacDonald, who has been supervising investigations of bank fraud and economic crimes, including computer crimes, in the Seattle office. For more than a year, agents have been receiving special training locally and at FBI headquarters in Washington, D.C., to operate the newly purchased hardware and software needed to identify and track criminal activity. "Emerging technologies in the computer field have mandated more specific training," MacDonald said. In the U.S. Attorney's Office, two assistant attorneys - Stephen Schroeder and Floyd Short - have been assigned to be computer and telecommunications coordinators. Short says they will remain in the fraud and white-collar-crimes division of the office, but the bulk of their duties will involve prosecuting computer-related crimes brought to them by federal law-enforcement agencies. "It's an anticipation by our office that we're going to get a lot more cases presented to us involving computer crimes," Short said. New York and San Francisco have had specialized teams in their FBI offices for two or three years, but more have been added recently, including in Dallas and Boston. Seattle's will be the eighth such team in the country. MacDonald said the FBI team is prepared to assist in cases where computers facilitate crime, such as in child pornography, drug-dealing or financial crimes. At a more sophisticated level, the unit will investigate intrusions into computer networks, sometimes pulled off by recreational hackers, but more commonly by disgruntled employees with access to corporate computers. The Seattle team could also be called upon as part of a larger response to cyberterrorists intent on pulling off the electronic equivalent of the World Trade Center bombing. Instead of targeting buildings, dams or planes, such terrorists could attack power grids, military defense, financial institutions or telecommunications systems. Copyright © 1999 Seattle Times Company @HWA 13.0 Alaska Prosecutes First Case of Illegal Computer Intrusion ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ "HNN.. the voice of reason" - MSNBC contributed by Weld Pond 27-year-old Michael Scott Moody has been sentenced to 10 months in prison and three years probation for using Net-Bus to gain access to two government computers at Elmendorf Air Force base. The systems in question contained personnel records and maintenance records for an F-15 squadron. The case is believed to be the first of its kind in Alaska. Anchorage Daily News http://www.adn.com/stories/T99070285.html Hacker gets time in prison Former airman downloaded porn By NATALIE PHILLIPS Daily News Reporter A former Elmendorf airman was sentenced to 10 months in prison Thursday for using his home computer to hack into the U.S. Air Force base's computer system and for downloading child pornography from the Internet. "I don't consider myself a criminal," 27-year-old Michael Scott Moody told District Court Judge James Singleton during his sentencing Thursday. "Honestly, at the time, I didn't consider it hacking. I thought of it more as a prank," he said. "I was curious to know if I could access the computer at work. Being a government computer, I considered it a challenge. It worked. I didn't meant to hurt no one." Assistant Attorney General Dan Cooper cautioned the judge that all computer hackers use that line. "This is the classic 'I did it for the challenge,' " Cooper said. "They all say they didn't mean to hurt anyone, it's always for the challenge. This breach of security cannot be underestimated." Moody plucked notorious software called NetBus off the Internet and installed it on two Elmendorf computers he had access to at work, Cooper said. Hackers usually send NetBus to unsuspecting computer owners by e-mail and disguise it in the attachment of a computer game called Wack-A-Mole. In the computer world, this type of software is known as a Trojan Horse because it is not what it is seems and can be dangerous. Once Moody installed the software, it allowed anyone with the knowledge of NetBus to access the Elmendorf computers, which contained personnel records and maintenance records for an F-15 squadron. Moody is the first person in Alaska to be prosecuted for computer hacking, according to Cooper. Others cases are under investigation. In a plea agreement, Moody pleaded guilty to one misdemeanor count of unauthorized access to a computer and one felony count of possession of child pornography. In exchange for his plea, the U.S. attorney's office dropped a charge of wire tapping, which stemmed from his using software to access computer keystrokes. "It's like eavesdropping on a computer," Cooper said. Moody was also placed on three years of probation and will be allowed to use a computer only at work. He is prohibited from accessing the Internet during his probation, and he had to forfeit his home computer. He had been in the Air Force about three years when he was discharged in the spring. The Air Force's "intrusion detection system" detected a hacker in November. The system immediately alerted the Air Force Computer Emergency Response Team based in Sacramento, Calif. A team analyst then monitored the hacking as it occurred, according to the indictment, which was handed down the following month. Thursday, Moody explained to the judge how he fell into misusing his computer. He said he got his home computer a year ago and once he became connected to the Internet, he began to explore. "As most people do, when I got on-line, I started to search for pornography and started a file," he said. "I was only interested in adult pornography." Eventually, Moody ended up in computer chat rooms. "People started sending child pornography, which I really didn't even think about until it happened," he said. "I did receive pictures that were obviously of very, very young, from age 1 up. It pretty much shocked me. I deleted it right away because there was no doubt in my mind it was illegal." He saved some pictures of older children, but he said they were on ones that "at the time, I didn't know if they were strictly wrong." He also was introduced to hacking. "One day someone I was chatting with hacked my computer," Moody said. The correspondent used NetBus and instructed Moody on how it worked. The correspondent let Moody hack him in return. "It allowed me to open CD trays and move his mouse," Moody said. Moody wanted to see how far he could go with the hacking software, so he loaded it onto two computers at work, then accessed them from his home computer. That's when he got caught. When investigators seized his computer, Moody told them they would probably find child pornography on his hard drive. They did. Moody asked the judge for leniency. His attorney, Rich Curtner, pointed out that Moody suffered from depression and found "refuge in the strange world of the Internet." Cooper told the judge that Moody has had his chance. At age 19, Moody got into trouble for a credit card scam in which he got ahold of credit card numbers and used them to purchase electronic goods. He agreed to enter a program for youthful offenders that allowed the charges to eventually be erased from his record. Moody also has two letters in his Air Force file for infractions. "He's not been a law-abiding citizen," Cooper said. Moody said, "I know what I did was wrong, and I accept responsibility. If I have to serve two years, that is very small compared to what I have to live with the rest of my life: the shame I have caused my family." * Reporter Natalie Phillips can be reached at 257-4461 or nphillips@adn.com @HWA 14.0 NOAA Website Hacked ~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ "HNN.. the voice of reason" - MSNBC contributed by nos nam NOAA's Center for Operational Oceanographic Products and Services web site was defaced around midnight last night. Cracked Pages Archive http://www.hackernews.com/archive/crackarch.html @HWA 15.0 U.S not the only ones to have high profile sites hacked ... ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ US Not Alone, Governments Around World Suffer Computer Break Ins From HNN http://www.hackernews.com/ "HNN.. the voice of reason" - MSNBC contributed by Weld Pond The United States is not the only government to suffer embarrassing break ins of its computer systems. Brazil has suffered from embarrassing attacks against The Ministry of Science and Technology as well as its Supreme Court web page. CNN http://cnn.com/WORLD/americas/9907/03/BC-Brazil-Hackers.ap/index.html Hackers invade government computers for second time in two weeks July 3, 1999 Web posted at: 5:22 PM EDT (2122 GMT) RIO DE JANEIRO, Brazil (AP) -- Computer hackers broke into a government Internet site for the second time in two weeks, a news agency reported Saturday. The hackers, calling themselves "Resistence 500," gained access to the homepage of the Ministry of Science and Technology. They then redirected users to a site filled with criticisms of the government of President Fernando Henrique Cardoso. On June 17, the same group hacked its way into the Internet site of Brazil's Supreme Court and the presidential palace, urging users to protest against Cardoso's economic policies. On both occasions, they did not damage systems or databases and their message was quickly removed. Experts here say Brazilian hackers are typically young males who revel in the challenge of breaking into a government or corporate Web site protected by an expensive security system. Government officials say they are trying to identify the hackers. To date, there have been no serious breeches like the one in neighboring Argentina when a 23-year-old computer science student broke into a Harvard University computer to gain access to U.S. military and NASA documents. Last year, U.S. federal agents for the first time used a court order wiretap of a computer network to track down Julio Cesar Ardita, the son of a former Argentine military officer. Ardita, who voluntarily flew to the United States to stand trial, was sentenced to three years of probation in Argentina and fined dlrs 5,000. @HWA 16.0 Social Engineering Alive and Well ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ "HNN.. the voice of reason" - MSNBC contributed by Carole While corporations and governments spend millions on the technological side of computer security many are forgetting the human equation. SunWorld takes an interesting look at how your employees may be the weakest link in your network security policy. SunWorld http://www.sunworld.com/sunworldonline/swol-07-1999/swol-07-security.html The human side of computer security What are the effects of social engineering on Internet security? July 1999 Abstract Usually, this column focuses on the technical side of computer security. In fact, people generally seek technical solutions for security problems. This month, Carole considers the human side to the computer security equation. After all -- what's the point of setting up secure firewalls and e-commerce sites if your help desk opens up a hole? (3,000 words) hat is the weakest link of your computer system security? Your network connections? Dial-up lines? Firewalls? What about your people? Social engineering is still the most effective method for circumventing obstacles. My kids are geniuses at it. So, apparently, is Kevin Mitnick. Why would someone considered by many to be the world's greatest computer hacker, resort to social engineering techniques rather than technical skills? Because they work. Technical security vulnerabilities may be patched, but humans are always vulnerable. What is social engineering? Social engineering is the art of manipulating people into actions they would not normally take. Sometimes, this is quite necessary and serves a good purpose. Ambassadors use their knowledge of a particular culture to facilitate good relations. An effective manager learns the personality traits of her group to keep them motivated and productive. Children usually try to manipulate their parents -- and good parents are even better at it. Top salespeople use social engineering skills to discover a client's needs and the best way to present a product to that client. A skilled social engineer can manipulate people without them being aware of the manipulation. People don't like to be manipulated. Just observe the reactions many people have when approached by a member of a door-to-door religious group or salesperson. Often, people from these groups use such obvious and aggressive techniques that the people they are targeting tune out everything they have to say. It isn't that the message or product is bad. It's just that no one wants to be sold to. Basic human characteristics Theologians have attempted to define human characteristics as the Seven Deadly Sins (pride, envy, gluttony, lust, anger, covetousness and sloth) and the Seven Virtues (faith, hope, charity, fortitude, justice, temperance, and prudence). A good understanding of these human characteristics is fundamental to human manipulation. Immunity factor While stereotyping isn't really fair, it is true that city people are often exposed to sales pitches and scams. How many of us have given money to someone who approached us on the street with a sob story only to see the same "desperate" person telling a similar story to someone else a couple of months later? Like anything else received in high doses over time, social engineering is vulnerable to progressive immunity. Social engineering and the Internet Spam Spam is the door-to-door salesman of the Internet. With a rather crude sales pitch, it succeeds mostly in annoying people. However, because of the sheer volume of targets, it's successful enough to be used. I recently got spam with an interesting social engineering approach: according to its pitch, I have a secret admirer who purchased a gift certificate just for me (see "E-gift certificate"). Virus 'hoaxes' You can always tell when a friend or relative has bought his or her first computer. Suddenly, your mailbox is full of "virus warnings" and chain letters that have gone around the Net a few thousand times. Why do newbies fall for this? Usually, it's because they haven't seen enough of this garbage to develop an immunity to it. I tend to feel obligated to educate the sender and everyone else in the mail header. I find it useful to reply with a standard "rant" (see "Stop the insanity"). I don't know who wrote it, but it's humorous as well as informative. I have another response for chain letters, but it's pretty rude. If profanity doesn't offend you, send me mail, and I'll pass it on. Real viruses For some strange reason, it seems that the same people who send out all the faux virus warnings are the most likely to download a real virus. Clearly, the authors of viruses are also social engineers. Privacy Anyone who plays poker knows that the most important technique in the game is to observe the other players to determine their weaknesses while not betraying your own. On the Internet, information about a person or company can betray potential weaknesses to be exploited. Most security audits caution companies to protect internal network topology. While "security through obscurity" isn't a solution, the best practice is to not release any more information about your company (or yourself) than is necessary. Unfortunately, the individual doesn't always have a choice. My parents, who live in Florida, found themselves inundated with ads specifically targeting Mercedes owners. Since they did not purchase their car from a dealer, they wondered how these companies discovered that they own a Mercedes. It turns out that the state of Florida was providing registration data to a third party (see http://www.hackernews.com/archive.html?012699.html). As e-commerce grows, privacy protection will become a major issue. While individuals may demand that their personal information be protected and private, they often voluntarily give the same information away. Just offer something for "free" in return for a survey and see what people will tell you. What's alarming is that children, who are more susceptible to manipulation, may blindly provide personal information to anyone who asks. Not too long ago, I caught my son's friends completing a survey to send to everyone on its header list (see "Re: read and do it"). A master at work... Kevin Mitnick is certainly not the only person to have used social engineering techniques to get into computer systems, but he is probably the most famous and was apparently very good at it. The following true story was relayed to me by Brian Martin, a security consultant assisting Kevin Mitnick in his defense. Kevin worked in an office in Denver doing basic computer admin stuff. During his time there he was poking around the Net, but more so he was calling various companies -- testing the limits of what he could do. One night he left work while it was beginning to snow and had to walk five or so blocks to get home. Using a cellphone, he called a directory-listed 800 number to a large cellular company. By the first block, he had obtained an unlisted 800 number to the engineering department of this company. Just after the second block he was talking to one of their engineers about source code to a cellphone. By the third block he was giving this engineer the login and password to an account at an ISP near him (in order to FTP files to him). He passed the fourth block and hung up with the engineer, confident he was receiving proprietary source. When he arrived at home, cold and damp from the light snow, he found the full proprietary source to a cellphone made by one of the largest electronics companies in the world. Five blocks, a cellphone, and a directory-listed 800 number. Countering social engineering attacks Education and policy Social engineering attacks are very hard to counter. In fact, I've had audit agreements that specifically stated that social engineering attacks weren't to be used. The problem with countering social engineering attacks is that it requires establishing appropriate policies and educating people -- two difficult tasks. Most people learn best from first-hand experience. Once it has been demonstrated that they are susceptible, people tend to be more wary. It is possible to make people more immune to social attacks by providing a forum for discussion of other people's experiences. Not every New Yorker has to be mugged to know to be street smart. Stories about other people's misfortunes are enough to generate wariness. A good way to provide a forum is to establish an internal Web site with safety tips and information. Amusing stories tend to get the point across better and, of course, people love to hear about someone else's misfortune. This forum could also be used to report on virus hoaxes and real viruses. In fact, if you have this forum, you can make a policy statement that information about viruses is only to be distributed through this forum. Technical solutions There actually are some technical solutions to the social engineering problem. The key is to limit the amount of information that is available -- just as a poker player would. Here are some things you can do to maintain the corporate "poker face": Use an encryption package such as PGP for important documents or e-mail. Do not advertise your internal network addresses. Often, sites configure their firewalls to hide internal addresses, but a simple bounced mail displays the internal addresses in the header. Make sure your DNS configuration does not display internal systems to an external query. If possible, upgrade to BIND version 8, available from http://www.isc.org/view.cgi?/products/BIND/index.phtml Disclaimer: The information and software in this article are provided as-is and should be used with caution. Each environment is unique and the reader is cautioned to investigate with his or her company as to the feasibility of using the information and software in the article. No warranties, implied or actual, are granted for any use of the information and software in this article and neither author nor publisher is responsible for any damages, either consequential or incidental, with respect to use of the information and software contained herein. Resources Seven Deadly Sins: http://www.deadlysins.com/ Bell Atlantic page on social engineering scams: http://www.bell-atl.com/security/fraud/social.htm "Cult hero: Social Engineering Your Way In." The possible scenario for a social engineering attack described here has only one problem: the engineer could potentially be identified later. Provided, of course, it ever occurred to anyone to ask the receptionist: http://www.landfield.com/isn/mail-archive/1999/Apr/0053.html The Fugitive Game: Online with Kevin Mitnick, Jonathan Littman (out of print): http://www.amazon.com/exec/obidos/ASIN/0316528587/sunworldonlineA The Kevin Mitnick home page: http://www.kevinmitnick.com Pretty Good Privacy (PGP): http://www.nai.com/products/security/commercial.asp The Electronic Frontier Foundation: http://www.eff.org PageVault home page: http://www.pagevault.com/products.htm The Hacker News Network: http://www.hackernews.com Other SunWorld resources Network security-related articles listed in the SunWorld Topical Index: http://www.sunworld.com/common/swol-siteindex.html#netsec Web server security-related articles listed in the SunWorld Topical Index: http://www.sunworld.com/common/swol-siteindex.html#websec Full listing of previous Security columns in SunWorld: http://www.sunworld.com/common/swol-backissues-columns.html#security Peter Galvin's Solaris Security FAQ (recently updated!): http://www.sunworld.com/sunworldonline/common/security-faq.html Peter Galvin's Unix Secure Programming FAQ: http://www.sunworld.com/swol-08-1998/swol-08-security.html The SunWorld Topical Index -- a comprehensive listing of all SunWorld articles by subject: http://www.sunworld.com/common/swol-siteindex.html Take a look at sunWHERE, launchpad to hundreds of online resources for Sun users: http://www.sunworld.com/sunworldonline/sunwhere.html Check out SunWorld's back issues: http://www.sunworld.com/common/swol-backissues.html IDG.net, your one-stop IT resource: http://www.idg.net About the author Carole Fennelly is a partner in Wizard's Keys Corporation, a company specializing in computer security consulting. She has been a Unix system administrator for more than 15 years on various platforms and has particularly focused on sendmail configurations of late. Carole provides security consultation to several financial institutions in the New York City area. @HWA 17.0 Snooping OK on Pager Numbers? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ "HNN.. the voice of reason" - MSNBC contributed by Silicosis A new bill passing through congress will make it legal for the police to snoop on your pager without needing a judge to issue a court order. They will only be able to get at the numeric pager info which law enforcement argues is analogous to the billing info or "pen register" info they can now access without a court order. They say it is not a "wiretap" so the rules for unlawful search do not apply. It seems just a few months ago congress was passing laws saying that pager and other data passing over the radio spectrum was protected. Congress wants it both ways. They want you to have privacy from everyone but the government. Wired News http://www.wired.com/news/news/politics/story/20597.html Snooping OK on Pager Numbers? by Declan McCullagh 3:00 a.m. 7.Jul.99.PDT WASHINGTON -- Police can easily "eavesdrop" on pagers if a bill approved by the US Senate becomes law. The bill says law enforcement officials can monitor all messages sent to targeted pagers without having to convince a judge that the information can be found only in that way. "Congress is trying to do an end run around the Constitution and gut the privacy of millions of pager owners," said David Banisar, author of The Electronic Privacy Papers. The measure is part of a sprawling juvenile crime bill, which passed the Senate overwhelmingly after the Littleton, Colorado shootings. It isn't in the House version of the bill, and leaders from both chambers are scheduled to appoint conference committee members after the Fourth of July recess. According to the legislation, judges will be required to approve police surveillance of numeric pager data without subjecting law enforcement requests to the more exacting current requirements of search warrants or wiretap orders. The rules governing alphanumeric pager monitoring are left unchanged. "It makes the court into nothing more than a clerk," said Dave Kopel, a lawyer at the Independence Institute and a former assistant attorney general of Colorado. "The judge must issue the order based on a law enforcement officials' representation." Devices to monitor whom Americans call and receive calls from already fit into this warrantless category and are frequently used by police. Government statistics say 7,323 units -- called pen registers and trap-and-trace devices -- were used in 1998. The US Supreme Court ruled in 1979 that police didn't need a warrant to record what numbers a person dialed. "The installation and use of a pen register, consequently, was not a 'search,' and no warrant was required," the five-justice majority concluded. The proposal's backers intend it to grant additional authority to law enforcement officials but, oddly enough, the US Justice Department has called it unnecessary. "We are unaware of any law enforcement need for such authorization and believe that the proposal is unwise as a policy matter. The bill also raises significant constitutional concerns under the Fourth Amendment," says a May 1998 letter from the DOJ Office of Legislative Affairs. Another reason the DOJ gave was that criminals might simply switch to alphanumeric pagers, which the bill doesn't cover.Then how did this plan end up in a juvenile crime proposal? Senator Mike DeWine (R-Ohio) had previously introduced the pager interception proposal in 1997 and submitted it again this year as a stand-alone measure called the Clone Pager Authorization Act of 1999. DeWine couldn't be reached for comment during the recess. During floor debate, the Senate started hanging irrelevant amendments on the juvenile justice bill as if it were a Christmas tree badly in need of some serious decoration. One amendment creates a "national animal terrorism and ecoterrorism incident clearinghouse." Another requires Internet service providers to offer filtering software. DeWine's plan soon joined them. "This legislation is yet another occasion where Congress responds to tragedy by uncritically passing anything and everything that has an anticrime label stuck on it," said Solveig Singleton, director of information studies at the Cato Institute. Some links referenced in the article; http://www.cato.org/ http://www.wiley.com/compbooks/catalog/12297-1.htm http://thomas.loc.gov/cgi-bin/bdquery/z?d106:s.00254: http://i2i.org @HWA 18.0 Fed Servers Face Severe Security Shortfall ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ "HNN.. the voice of reason" - MSNBC contributed by Space Rogue The government and military has taken a fancy to the Lotus product Notes and is putting servers up on the internet for their employees to do their work. Many of the servers have not been properly locked down and a lot of information is available to anonymous web surfers if they can find the servers and know the right URLs to use. The L0pht has written several advisories on the problem and Weld Pond from the L0pht is interviewed in an iDefense news report. iDefense http://www.ipartnership.com/topstory.asp iPARTNERSHIP Top Story Illegal Communications Interception Equipment Was Destined for Vietnam 7/9/99 iDEFENSE By Bill Pietrucha Vietnam was the intended final shipping point for restricted U.S. communications intercept equipment, iPARTNERSHIP has learned. Shalom Shaphyr, arrested earlier this week for allegedly possessing and selling Tempest computer intercept equipment, planned to first falsify the nature of the equipment in export papers, ship it to a U.S. NATO ally, then to Israel, and finally to Vietnam. The Tempest computer intercept equipment, also known as a video intercept receiver, is considered a defense article under the International Traffic in Arms Regulations (ITAR), and cannot be shipped to Vietnam without an export license. In the U.S. District Court in the Eastern District Virginia late yesterday, Shaphyr, an Israeli citizen living in the U.S. under a business visa, requested his detention hearing be postponed until July 20, to give his lawyers "time to review the charges against me." Shaphyr will continue to be held in the City of Alexandria, Va. detention center until the July 20 detention hearing date. In papers filed with the court, FBI Special Agent Christian Zajac testified Shaphyr was "looking for a Tempest monitoring system" capable of remotely capturing computer emanations. The reason for the equipment, Shaphyr had said, was to view what was on a computer monitor from a distance of "a few tens of feet maybe to a few hundred feet" away. Zajac, an FBI Special Agent for the past two years, told the court Shaphyr indicated the equipment would be used by the Vietnamese government "in a joint venture." Along with the equipment, Zajac told the court, Shaphyr also asked for a syllabus outlining the training that would be provided on the Tempest equipment, indicating the trainees would be Vietnamese. Shaphyr, iPARTNERSHIP learned, operates a business with offices in Vietnam and England, and is an FAA certified pilot, flight engineer and navigator listing his address in Ho Chi Minh City, Viet Nam. Zajac said the joint FBI-U.S. Customs Service investigation, which began in November 1998, led to Shaphyr's arrest this past Wednesday after Shaphyr paid an FBI undercover agent $2,000 in U.S. currency to export the Tempest equipment to Israel without a license. The total price Shaphyr allegedly agreed to pay for the Tempest equipment was $30,000, Zajac testified. Zajac said the investigation did not end with Shaphyr's arrest, and is continuing. @HWA 19.0 Mitnick in the News ~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ "HNN.. the voice of reason" - MSNBC contributed by Weld Pond Mitnick's accomplice seeks distance as the "super hacker's" sentencing moves closer. Lewis DePayne wants his court date to be as far away from Mitnick sentencing as possible. ZDNet http://www.zdnet.com/zdnn/stories/news/0,4586,2289194,00.html?chkpt=hpqs014 Mitnick will have flamboyant San Francisco criminal lawyer Tony Serra as his attorney for the California charges he faces. SF Gate http://www.sfgate.com/cgi-bin/article.cgi?file=/examiner/hotnews/stories/07/mitnick.dtl Free Kevin Website http://www.freekevin.com/home.html Hacker has S.F. attorney By Matt Beer OF THE EXAMINER STAFF Wednesday, July 7, 1999 Serra to represent Mitnick on state computer charges The Internet's super hacker, Kevin Mitnick, will be defended by flamboyant San Francisco criminal lawyer Tony Serra. A master computer hacker, Mitnick has been been imprisoned since his 1995 arrest on federal and state computer-crime charges following an international manhunt. Mitnick pleaded guilty to federal charges in April. He had been accused of breaking into computers, stealing software and computer passwords. With time served, he could be freed after his sentencing on the federal charges by the end of this year, said Serra associate Omar Figueroa. Figueroa said Serra will be defending Mitnick against 1992 state charges that Mitnick violated California's computer crime law. Mitnick is accused of duping Department of Motor Vehicles workers into faxing confidential driving records to a copy shop in Los Angeles. Figueroa said Serra would appear in Los Angeles Superior Court on Wednesday to ask a judge to reduce Mitnick's $1 million bond. At the time of his 1995 arrest in North Carolina, Mitnick was on the FBI's Most Wanted List. Mitnick has been the subject of several books. A movie about his exploits is due in theaters later this year. Serra was the inspiration for the 1988 film "True Believer," starring James Wood. He has defended a number of high-profile clients, including Black Panther leader Huey Newton. Figueroa said Mitnick chose Serra after the attorney won an acquittal for Eugene "Bear" Lincoln, a Native American charged with killing a Mendocino County sssheriff's deputy in 1995. ©1999 San Francisco Examiner @HWA 20.0 Home PC Next Target for Hackers ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ "HNN.. the voice of reason" - MSNBC contributed by Elvis Duke This article questions whether or not vendors writing shoddy code or users not being diligent enough is to blame for systems being vulnerable. But there is no answer only users lamenting how complex the solution is. Of course vendors should be made accountable and are to blame. Why should users have to keep up on patches. As software moves into the home there is less security expertise and diligence, hence vendors need to improve if they want to sell into the home market. AP http://www.azcentral.com/business/0708HACKER08.shtml Home PCs next target for hackers 'Always on' high-speed lines ripe for mischief By Ted Bridis Associated Press July 8, 1999 WASHINGTON - Kevin Kelleher arrived for work at 8 a.m. one day to find a disturbingly familiar high-tech headache for the federal government: Hackers had vandalized the national weather Internet site he manages in Oklahoma. The hackers replaced important information about storms and tornadoes threatening the Midwest with a smirky taunt for Kelleher addressed to "mister admin person nice guy." So far, victims of these types of high-profile electronic assaults have included government agencies, the military and large companies on the Web. In a flurry of activity, hackers in recent weeks struck the White House, FBI, U.S. Senate (twice) and the Army's main Web site. And experts warn of an emerging threat to consumers from the next generation of technology: new high-speed connections to the Internet over cable TV or new digital phone lines that are permanently logged on. Higher speeds carry higher risks: Hackers even thousands of miles away could anonymously probe household computers over the Internet and rummage through private e-mail, documents and bank records. "It vastly and immediately multiplies the amount of poorly protected computers on the Internet ripe for the picking," said Lucas Graves, an analyst with Jupiter Communications, a research company in New York. Using these continuous Internet connections and "server" software included free on most new computers, families can publish up-to-the-minute photo albums online or retrieve computer files while traveling. Server software allows computers to "serve up" Web pages requested by other users. But they may not realize the risks of leaving their digital doors unlocked. A Web site that tracks hackers, Attrition.Org, has recorded more than 1,465 cases of vandalism this year. "As you get these machines in people's homes that are always on with a server, with pictures of their cat for grandma to see, that could be an issue," said Cormac Foster, another Jupiter analyst. Scott Culp, Microsoft Corp.'s security manager for its Windows NT Server software, agreed that the industry needs to "educate consumers . . . and make sure they understand the risks associated with having a direct connection to the Internet." Hackers victimized Danny Sun of Walnut Creek, Calif., when they raided one of his continuously connected computers in May. They vandalized a Web site he runs as a hobby, but they also stumbled across - then published on the Internet - personal financial information that included his account number and balances. Sun later determined that hackers exploited a flaw in Internet software from the Allaire Corp. of Cambridge, Mass. The company warned customers about the problem months earlier on its Web site and in e-mail that Sun admits he ignored. "I get lots of mails from these manufacturers," Sun said. "Sometimes, I don't bother to read it." The Army apparently left the same vulnerability unrepaired - also despite warnings from the same software vendor - on its Web site, which a hacker vandalized last week. "It is very, very easy and takes very little time," a person who acknowledged being the hacker said in an online interview with the Associated Press. "Under five minutes if you don't poke around." "I couldn't believe it. I was just going through to check vulnerabilities and was like, wow!" Army spokesman Jim Stueve said only that a criminal investigation was under way. Experts argue whether to blame software companies for designing vulnerable products or victims who aren't diligent about installing patches and upgrades. Kelleher blamed his weather site's vulnerability on a faulty patch from a software maker. "The situation is getting so complex," he said. The dilemma for software makers, who usually send customers e-mail when they discover flaws, is made worse by hackers monitoring the warnings. Experts predict that software of the future will periodically check with its manufacturer, using the Internet for important upgrades. That type of technology could be a remedy for victims like Kelleher. It took 52 hours, with only brief periods for sleep and food, to restore the government's weather site. "This ranks on the high-annoyance scale," Kelleher said after last week's repairs. "There's a lot of people spending a lot of energy trying to hack these systems. It's difficult to spend an equal amount of energy to protect them." 21.0 LSA can be crashed ~~~~~~~~~~~~~~~~~~ From http://www,403-security,org, contributed by D----Y [ LSA Can be Crashed ] By Stea|_th : 4/06/99 4:56GMT We have discovered that Windows NT LSA can be crashed by a remote attacker. The attack described below crashes Windows NT by hitting the LSA(Local Security Authority) system, and makes the target machine unusable after some period of time. The problem is caused due a vulnerability in verifying LsaLookupNames tag. It is made worse by the fact that it can be anonymously exploited. Btw, the RestrictAnonymous (1) registry key does not prevent this problem from being exploited. :) LSA Overview : [ The LSA is the system component responsible for authenticating users to the system, and deciding what access and privilege the users are entitled to. The same process that contains the LSA also contains the SAM (Security Accounts Manager), as well as elements of the RPC subsystem, particularly those responsible for launching DCOM servers. Those components will also be unavailable as a result of the crash. Once the LSA has died, new authentication tokens can no longer be created. Anything that requires creating new authentication tokens will no longer function. ] There are some cases where the exploit results wont appear immediately, i ll try to describe some of the cases . If the host's exception system is not configured to work automatically, then a dialog box will be displayed on the host, and the funny thing about it is that the system will work perfectly until the msg dialog is dismissed !. This configuration is normally only found on developer's machines. The registry key that controls this behavior is HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug, its value is "Auto". Changing this value from the default of "1" to "0" will enable this behavior. As documented in MS Knowledgebase article Q143474, setting the following key value can help restrict many of the anonymous (null) SMB connections.It might sound crazy , but that value on the registry can also restrict many IIS-based FTP attacks to your machine. Hive: HKEY_LOCAL_MACHINE\SYSTEM Key: System\CurrentControlSet\Control\LSA Name: RestrictAnonymous Type: REG_DWORD Value: 1 [ SOLUTION ] You can follow the 2 links below for more details and for correcting the problem also. [ a fix for NT to correct the problem. ] ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40/Hotfixes-PostSP5/LSA3-fix [ Q231457 Get more ditto. ] ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40/Hotfixes-PostSP5/LSA3-fix/Q231457.txt Period. :) @HWA 22.0 [HNC] Hack-Net announces the BURN ANTIONLINE campaign ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From http://www.hack-net.com/antionline/ HNC UPDATE: 06/01/99: 23:40PST HNC was in contact with Jeff Moss, also known as the Dark Tangent, owner of DEF CON and Blackhat International, HNC will be holding an 'ANTI - AntiOnline' and 'BURN JP' rally, Shanners will be speaking out about Antionline at DEF CON, if you have any comments you would like to be read out or if you would like to contact Shanners about this rally then email him at: admin@hack-net.com. If you can't be at DEF CON to see the Fuck and BURN JP protest, then you can see it on HNC's DEF CON Video that is Available Here HNC PROTESTS: This morning we got a mail from Ken Williams of Packet Storm Security who is also betterly known as TatooMan, and is part of EHAP (Ethical Hackers Against Paedophillia), Ken is a Highly respected member of the underground and is one of the nicest people around. Packetstorm is the biggest and most popular Computer Security site on the net and gets well over 400,000 hits daily. Anyway back to the point, we got an email from ken informing us that JP (John Vranesevich) of AntiOnline had filed a LAWSUIT Against Harvard University, (Ken had moved Packetstorm Security from the Genocide2600 Servers to harvard university a few weeks ago) Because content in the jp/ directory of the Packet Storm Security site. John Vranesevich claims that ken was using the server as a platform to harass and threaten him, his family, and his business. Ken is Ruined... Packetstorm is in Ken's own words: "the site known as "Packet Storm Security" is history now"..... HNC Is FURIOUS, we have have emails from alot of PacketStorm supporters orgainising a complete PROTEST aginst AntiOnline and JP. As of the time of writing the Antionline Servers have been taken offline and hopefully they will stay that way. JP (John Vranesevich) and his ass licking girlfreind Carolyn Meinel (also known as the Granny Hacker from Heck) have constantly threatened people who dislike AntiOnline and themselfs with lawsuits and other legal threats, most of which have come to nothing but this time have left Ken with nothing. All of the Packetstorm resources have Been DESTROYED by harvard leaving ken with nothing. PLEASE PLEASE PLEASE support this protest by placing the banner below on your website linking back to here: http://www.hack-net.com/antionline/banner.gif @HWA 23.0 All-Star Online Voting Cheater Nabbed ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ contributed by Weld Pond A Boston Red Sox fan tries to fix the All-Star voting. Writing a perl script to automate web voting is hardly hacking though. AP http://detnews.com/1999/sports/9907/07/07070210.htm Boston Globe http://www.boston.com/dailyglobe2/188/sports/This_hack_tried_but_couldn_t_connect+.shtml AP; Hacker takes on All-Star voting Associated Press BOSTON -- The last All-Star game of the 20th century nearly fell prey to late-millenium technology. Chris Nandor heard in late June that Boston shortstop Nomar Garciaparra was 20,000 votes behind the New York Yankees' Derek Jeter in All-Star voting. So Nandor took advantage of Major League Baseball's newest way of voting -- via the Internet. Nandor, 25, of Carver, Mass., went to work on a program that cast some 25,000 votes for Garciaparra, according to Wednesday editions of The Boston Globe. On Monday, the American League announced its All-Star lineup, as voted on by fans. And sure enough, there was Garciaparra at shortstop, 20,446 ahead of Jeter. As it turned out, Garciaparra won it fair and square. Fans were allowed to vote 22 times on the Internet, the average number of home games for each team during the balloting. Nandor's attempt to vote 25,000 times was detected before it could be added to the tally, according to Alex Tam, director of Major League Baseball's web site. "Between the 25th and 27th of June, 25,259 votes for Garciaparra were rejected," Tam said Tuesday night. "The same person also voted for (Scott) Hatteberg, (John) Valentin, and (Jose) Offerman." It might have worked, but Nandor had attempted the ploy earlier in the voting period. "We know all about him," Tam said, reeling off Nandor's name, address, age, place of employment, and computer number. "On May 19, he voted 14,702 times for Garciaparra. We caught all of them and filtered them out. "Nothing is foolproof. But if you're talking about the average high-end hacker, we think we can catch them." Nandor thought for a time he'd made the difference. "Well, when I first heard he won, I wasn't sure, but I thought it could've been me," Nandor said Tuesday night. "But I also thought it could've been other people in addition to mine." Nandor said he didn't do it just for kicks. "I think in large part I did it just because the All-Star game was going to be in Fenway, so I felt Nomar deserved a start on his home turf, with the incredible season he's had. I still might have done it if the game had been in New York, but it makes me feel good to have this justification for my actions." -=- Boston Globe; This hack tried but couldn't connect By Gordon Edes, Globe Staff, 07/07/99 T. PETERSBURG, Fla. - The worst suspicions harbored by Yankee fans were true. In an attempt to swing the close vote for the American League's All-Star shortstop in Nomar Garciaparra's favor, a 25-year-old computer hacker from Carver, Mass., cast around 25,000 votes on the Internet for the Red Sox star on the last day of balloting. But relax, Red Sox fans, your man apparently beat Derek Jeter of the Yankees fair and square. The computer police entrusted with sniffing out corruption did their job, according to Alex Tam, director of Major League Baseball's web site (mlb.com). Chris Nandor, who used a computer programming language to circumvent limits on how many times a person could vote on the Internet, was caught in the act, Tam said. ''Between the 25th and 27th of June, 25,259 votes for Garciaparra were rejected,'' Tam said last night. ''The same person also voted for [Scott] Hatteberg, [John] Valentin, and [Jose] Offerman.'' Nandor, Tam said, had tried this once before. ''We know all about him,'' Tam said, reeling off Nandor's name, address, age, place of employment, and computer number. ''On May 19, he voted 14,702 times for Garciaparra. We caught all of them and filtered them out. ''Nothing is foolproof. But if you're talking about the average high-end hacker, we think we can catch them.'' Nandor, who didn't know his votes were thrown away until last night, thought he'd done a big favor for Garciaparra, according to Jon Orwant, a doctoral candidate at the MIT Media Lab and editor-in-chief of the Perl Journal, Perl being the computer programming language Nandor used in his attempt at chicanery in cyberspace. Orwant and Nandor are friends. ''I've examined his program and can confirm that it would have stuffed the ballot box,'' Orwant said in an e-mail message to the Globe, to whom he had indirectly provided a tip about Nandor's activities. ''These programs are easy to write with Perl. In broad strokes, the way his program worked is that it pretended to be a human being visiting the All-Star web site, where it would click on the appropriate buttons and fill in nonsense for the different fields (e-mail address, city, state, zip, etc.).'' Major League Baseball rules limited Internet users to 22 votes, which equaled the number of times All-Star ballots were distributed in major-league parks. What prompted Nandor to weigh in with far greater numbers? ''A couple of weeks ago I was at Fenway with some people, watching the Red Sox go through an 11-run first inning against the White Sox, and we were having a great time and talking about all the different players, and the upcoming All-Star game,'' Nandor wrote in an e-mail message. ''Someone mentioned Nomar was falling behind. So I decided I would go home and try to help Nomar win. ''I think in large part I did it just because the All-Star game was going to be in Fenway, so I felt Nomar deserved a start on his home turf, with the incredible season he's had. I still might have done it if the game had been in New York, but it makes me feel good to have this justification for my actions.'' But what apparently did in Nandor was a certain amount of laziness uncharacteristic of his hero, Garciaparra. In his first attempt, in May, Orwant said, Nandor used the same e-mail address. His last attempt, in June, he used the same phone number (111-222-3333) and Zip Code (11111). Nandor wrote that he set his computer to run repeatedly, then went to a barbecue. Because he didn't vary those basic bits of information, the systems administrators at CBS Sportsline, the Internet site that conducted the voting on the Web for Major League Baseball, caught on quickly, Tam said. ''Sportsline developed the ballots with numerous safeguards in place,'' Tam said. ''They look at all the results on any given day and scan for patterns. They also have a way to scan for Perl scripts. They were very well aware of him from Day 1, and blocked him out.'' So instead of what could have been the worst All-Star voting scandal since 1957, when Cincinnati fans voted eight Reds as starters on the National League team, leading commissioner Ford Frick to take the voting away from the fans altogether, MLB claims a clean election. Jeff Gehl is president of The Marketing Center, the counting house that tabulated the All-Star votes for Major League Baseball. TMC is based in Brookfield, Conn., with offices in Weymouth, Mass., and Newport Beach, Calif. Gehl said yesterday the Internet accounted for less than 20 percent of the vote. Most of the ballots counted in the last week were cast at WalMart and Pepsi-Cola outlets. ''There were several million ballots, and they were sent in one lump sum at the end of the program,'' Gehl said. ''We had three shifts working last weekend, processing the ballots.'' Attention, WalMart shoppers: The brand of choice, evidently, is Garciaparra, who was in third place in the voting until the last batch of votes were counted. Orwant, for one, remains unconvinced that the system can withstand a clever hacker. ''If they claim their system is foolproof, they're wrong,'' he said. ''I'll prove it to them next year.'' This story ran on page F1 of the Boston Globe on 07/07/99. © Copyright 1999 Globe Newspaper Company. @HWA 24.0 Hackernews Now Available on Palm VII ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN contributed by Silicosis For those with Palm VII's HNN is pleased to announce the hackernews PQA. With it, you'll be able to keep up with all the headlines through the PalmVII's built-in wireless networking support. Here's some screenshots of the splash screen and headlines. http://www.hackernews.com/warez/pilot/mainscreen.gif http://www.hackernews.com/warez/pilot/headlines.gif The hackernews PQA can be downloaded here. http://www.hackernews.com/warez/pilot/hackernews.pqa @HWA 25.0 U.S. Vulnerable to Cyber Attack ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ contributed by Weld Pond Jeffrey Hunker spoke at the Black Hat security conference and warned participants that there a a huge vulnerability in US information infrastructure. The visible web site attacks are the least of the governments worry. External threats to the infrastructure done in secret are the big problem. Hunker plans on starting an ROTC-like program to train college students in information security. ZDNet http://www.zdnet.com/zdnn/stories/news/0,4586,2289764,00.html -------------------------------------------------------------- This story was printed from ZDNN, located at http://www.zdnet.com/zdnn. -------------------------------------------------------------- U.S. vulnerable to cyber attack By Robert Lemos, ZDNN July 7, 1999 5:35 PM PT URL: http://www.zdnet.com/zdnn/stories/news/0,4586,2289764,00.html LAS VEGAS -- Officials from the Clinton Administration, the U.S. Army and the U.S. Department of Justice laid out how the United States intends to protect its data from foreign and domestic attacks on Wednesday. While so-called "hackers" have garnered most of the fame for attacking systems in highly visible ways, the officials stressed that external threats were more serious. "We have a world now where several nations that are hostile to the U.S., terrorists that are well financed, and even some organized crime are developing techniques to attack our information infrastructure," said Jeffrey Hunker, senior director for infrastructure protection on the National Security Council. Hunker spoke at the Black Hat Security Conference in Las Vegas to a collection of network administrators, security professionals, law enforcement and military personnel, and a few hackers. Hunker said the administration believes that countries hostile to the United States -- yet, weaker militarily -- will instead attack the nation's information and Internet connections. At present, the systems are to a great degree unprotected. "We depend on systems that were never designed with the protection of data from an organized threat," he said. Phillip Loranger of the Army's Information Assurance Office agreed. "I would like to take all of .mil and make it an intranet," he admitted during a luncheon talk. "Currently, we have trouble keeping people out because we have too many gateways (to the Internet) and undefined backdoors into our systems." Industry must take notice Industry needs to sit up and take notice, said NSC's Hunker. "The truth of the matter is that (the industry is the one that) owns the systems that are going to be the hardest hit -- not the federal government." Hunker outlined a 10-step plan for those companies with an "addiction" to insecure information systems. His recommendations included: Identifying vulnerabilities and fixing them; detecting threats and unauthorized intrusions; better communications between intelligence and law enforcement agencies; sharing warnings and information about intrusions; designing a system of response to information emergencies; enhancing research and development; reaching out to Americans to educate them on the need for cyber security. Also, as part of the program, Hunker intends to start up a ROTC-like program to train college students in information security in return for service after graduation. Finally, the Administration official pushed for better legislation to support security efforts while protecting citizens' civil rights. DOJ's cybercrime boom Michael Sussman, senior attorney with the computer crime/intellectual property section of the Department of Justice, added that the government is also improving its ability to prosecute cyber criminals, both domestically and abroad. "The computer crime office at the DOJ started out with two lawyers in 1991," he said. "Now we are approaching 40 quite fast." Despite the problems, Hunker said the government will not try to regulate the industry into being more security-conscious. "Late at night, I ask myself [whether we should regulate]," he said. "I am impatient. But in the U.S., it has been the insurance industry that has been a driver, and that may be the way [information security will go as well.]" @HWA 26.0 Logging on to cyber-crime ~~~~~~~~~~~~~~~~~~~~~~~~~ contributed by Weld Pond Interesting report on an online banking scam. An attacker set up a mirror site to simulate the banks login screen. In doing so they were able to get the customer's username and password. This is just one of many attacks on online banking. Even though the security of such systems has not been worked out the industry proceeds to move forward signing up customers and putting more of them at risk. Christian Science Monitor http://www.csmonitor.com/durable/1999/07/08/p16s1.htm IDEAS, SCIENCE & TECHNOLOGY Logging on to cyber-crime The old-fashioned bank heist is now just a few key strokes away - and almost invisible Tom Regan Special to The Christian Science Monitor Nothing seemed out of the ordinary when clients of the second largest bank in Holland logged on to the bank's Web site to access their accounts. The first time they entered their username and password, however, they received an error message. When they tried again, they were able to access their account, conduct their business, and leave. What they didn't know was that the first time they were not actually at their bank site but at a mirror site set up by a hacker. The mirror site took their information, e-mailed it to the hacker, then sent the clients to the bank's real site. A few hours later, the hacker went to the bank site and, using the stolen information, took five gilders (about $2.35) from each account - a sum most people would never miss. Doing this, the hacker was able to steal thousands of dollars, without the bank or its customers ever knowing. Luckily, the hacker wasn't a real thief - just someone who wanted to prove that the bank's claims of impenetrable security were nonsense. All the money was returned. But his actions show the new kinds of crimes that are taking place online, especially as many businesses rush to embrace electronic commerce, without making sure their online security is strong enough. "I don't think that we need to be so concerned about cyber-doomsday predictions," says Yael Sachs, president of Aladdin Knowledge Systems's Internet security unit. "But it's petty crimes like this one on a large scale that will impact our economies to a huge extent." ILLUSTRATION BY BOB STAAKE According to the Association of Certified Fraud Examiners, the average bank robbery stole about $14,000, while the average computer theft was more than $2 million. While the exact figure of financial losses due to cyber-crime is not known, most security experts interviewed for this article put it in the billions of dollars. For instance, AT&T and MCI were forced to give 38,000 consumers credits and refunds worth $2.74 million in 1997 for phone charges they unknowingly incurred when Internet scam artists hijacked their computer modems. The scam occurred when the victims visited a porn site and downloaded a plug-in to watch a video. While they were doing this, a vandal program (a rogue application that executes automatically when a user views certain kinds of Web pages or opens an e-mail attachment) logged them off without their knowledge and redialed their modems to connect to a 900 number overseas, for which they were later billed. In fact, cyber-criminals based in nations once a part of the Soviet Union are a growing problem for US businesses. In one recent case, two men from St. Petersburg hacked into a US bank's computer network and transferred $10.5 million from the bank's corporate accounts into accounts they controlled. "There's a lot going on out there right now," Ms. Sachs says. "Many businesses are driving on the information superhighway at 200 miles an hour without a seat belt or an airbag." "When I used to teach, I often told my students that if you want to steal $1 million, use a computer," says Harvey Kushner, chairman of the criminal justice department at Long Island University. "You get more, you're less likely to get caught, and if you are caught, you'll do less time." Professor Kushner says that computers have changed the face of crime. Much crime means some form of physical danger for the thief, and normally doesn't result in much ill-gotten gain. "But computers enable crimes of concealment and deceit. It doesn't require violence. Anyone with a computer and a little skill can become a cyber-criminal. Smart college kids sitting in their university dorms can steal enough money to pay for their education, for instance. Five dollars here, five dollars there. Unfortunately, they don't even think it's really stealing. "And it's a real challenge for the police. For 20 years, we've been training people to fight crime in a certain way. It used to be that bookies would keep all their records on rice paper that burned easily in case of a raid. So police had to barge in before the paper could be burned, and they were taught tactics to do that. But these days, to find that same information, you have to learn how to take apart a computer disk, or follow a vague cyber-trail, often across continents, just for a local crime." Kushner also says that Y2K is a real opportunity for cyber-criminals. The emphasis on solving Y2K problems means that important security concerns are being put on the back burner because of lack of funds, he says. ILLUSTRATION BY BOB STAAKE Another problem for those computer security experts is that many companies that are victims of cyber-criminals either have no idea that they have been robbed or are reluctant to make cyber-crimes public because it might hurt their growing electronic commerce operations. But steps are being taken to combat cyber-crime. In December 1997, US Attorney General Janet Reno and law officers from several countries agreed to develop high-tech solutions to combat computer crime and to prosecute criminals who cross borders to rob banks or sell child pornography in cyberspace. Then last November, the International Chamber of Commerce based in Geneva announced it was establishing a special unit to help companies around the world combat cyber-crime. The group works closely with Interpol to fight Internet crime. And the US Federal Bureau of Investigation has also established an elite unit to combat cyber-criminals and cyber-terrorists. But Sachs says the best thing that businesses of all sizes can do is act to protect themselves (see article at right). "People feel they have time. They say, 'We don't know anybody who has been hurt.' Well, I know lots of people who have been hurt," Sachs says. "Coming from a for-profit company, there is always the sense that you're just using scare tactics to promote your product. But people need to be aware of the scope and scale of the kind of activities taking place, or else they'll become victims as well." 27.0 Parts 1 and 2 of the infowar series ran by the Christian Monitor ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ IDEAS CYBER WARS Wars of the future... today The stealth battlefields of information warfare Tom Regan Special to The Christian Science Monitor For the past three generations of Americans, going to war meant images of Robert E. Lee on horseback, front page stories of a sharpshooting Sergeant York, newsreel footage of Marines storming Guadalcanal, Walter Cronkite interviewing American GIs in Vietnam, or CNN's live coverage of military operations during the Gulf War. But the wars of the future may not be so hands-on. Or so visible. Instead, they may be fought by "cyber-knights," young men and women who sit at rows of computers at secret locations in the United States and can launch a barrage of cruise missiles from an unmanned naval vessel in the Mediterranean, or release an Internet virus that will overload the power grid in Pyongyang, North Korea. There will be no news coverage of battlefields, because there may not be battlefields as we now know them. These wars may be more damaging, but they will mean fewer casualties and quicker victories. There is another side to this cyber-scenario, however. As the US moves toward using information warfare, so do its opponents. In fact, many say that the more the US uses cyber-technology as a weapon, the more it exposes itself to cyber-attack by foreign governments, freelance hacker/terrorists and clever cyber-criminals. In terms of conventional weaponry, the US dominates the global battlefield. With Russia reeling from economic and political catastrophes and China years behind in firepower (although recent events have shown that time window is much shorter than originally thought), there are no legitimate contenders for the US title of world superpower. BOB STAAKE It's no wonder then that many foreign government and terrorist organizations view the Internet and other computer network systems as a way to balance the odds quickly and cheaply. Yet there may be no choice but to move forward, as information technology becomes more and more important to the way the US, and the world, does business, relaxes, and defends itself. Forewarned? Normally, forewarned is forearmed. In cyberspace, that isn't always the case. Take the NATO bombing of the Chinese embassy in Belgrade several weeks ago. Rage spread across China and hackers from the mainland attacked the Web sites of the US Departments of Energy and the Interior, and the National Park Service. A subsequent attack brought down the White House Web site for three days. The attacks generated headlines across the country. What the news media didn't report was that the US government had known for a long time that someone had been in its computer systems - they just didn't know who. Then, in a fit of anger, the Chinese hackers caused some real damage - and gave away the hidden "location" of several "backdoors" they had built in US government networks. (See story on page 14 for explanation of "backdoors.") Now that this threat is known, most people might think it can be prevented from happening again. Not quite. It's the foreign hackers who didn't lose their cool, say computer security experts, that everyone needs to worry about. These are the people who, at a time of conflict, will use still-undetected backdoors to gain entrance to government and military computers and corrupt or falsify strategic information. Warfare at the speed of thought "There is a hidden war going on at this very moment to penetrate corporation and government sites," says Ed Roche of The Concours Group, an international firm that studies Internet security issues. Many computer security professionals and academics, such as Dr. Roche, say we are entering a new age of conflict, one that will be fought over networked computer systems like the Internet. And the ways we engage in these conflicts will affect more than soldiers on the battlefield. This new form of conflict could dramatically disrupt daily life in the US - power grids, phone systems, commuter trains, airplane guidance systems, to name a few. The US Government Accounting Office estimates 120 groups or countries have or are developing information-warfare systems. According to a report issued by the Center for Strategic and International Studies, 23 nations have cyber-targeted the US. The National Computer Security Center reported last year that of "520 large US corporations, government agencies, and universities that responded [to their survey], 64 percent reported intrusions, up 16 percent in a year. The Internet was the main point of attack." And while more attention is being paid to developing adequate security for government networks, private commercial networks may prove to be the roads through which an information-warfare attack is launched on the US. Anybody can get you anywhere One reason for the problem is the speed at which the Internet has grown, Roche says. This rapid growth (which includes the rush to create e-commerce options for commercial Web sites and the movement toward just-in-time production that allows outside vendors access to a company's main computer network) has created holes faster than government and industry can close them. These holes can then be exploited by terrorists or foreign governments. If, instead of attacking military systems and databases, an enemy attacked unprotected civilian infrastructure, the economic and military results would be disastrous, warned the 1994 Joint Security Commission's Report on Redefining Security. More than 95 percent of defense and intelligence community voice and data traffic uses the public telephone systems. Attacks are already under way against both government and private computer networks in the US: The US defense department acknowledges that its computer systems are attacked 60 to 80 times a day. Most security experts say that the real number of attacks is higher. A private computer security firm hired by the US government found that a foreign nation had attempted to use computers to change the composition of tensile steel in an American steel-manufacturing plant. The aim was to cause the steel to crack when side stresses were placed on it during freezing conditions. A baby-food manufacturer discovered by accident that one of the standard components in its infant food had been increased 400 fold - to toxic levels. The manufacturer was unable to find out who broke into its system because the attack came through a vendor integrated into the company's network. Also 1997's Operation Eligible Receiver demonstrated the potential vulnerability of the US government's information systems. The National Security Agency hired 35 hackers to launch simulated attacks on the national information structure. The hackers obtained "root access" - the highest level of control - in 36 of the government's 40,000 networks. If the exercise had been real, the attackers would have been able to create power outages across Los Angeles, Chicago, Washington, and New York. They could have disrupted the Department of Defense's communication systems (taking out most of the Pacific Command) and gained access to computer systems aboard US Navy vessels. It was a disturbing exercise. So much so, that several top White House officials have spoken of the possibility of an "electronic Pearl Harbor" attack on the US mainland. Added to these vulnerabilities is the fact that most Americans have no sense of how information warfare will affect them. "When you think of cyber-warfare in terms of conflict, you have to broaden the context," says James Adams, head of Infrastructure Defense and author of 12 books on espionage and terrorism. "In the past, we saw conflict as a range of things that happened terrestrially - terrorism on one end and global nuclear war on the other. That meant soldiers at the high end of conflict and civilians at the lower end. "But in cyberspace," Mr. Adams says, "the front line has changed. All of us are now a part of the front line. The arena of conflict has widened, and it's not just those who are wired who are vulnerable. If a foreign government or a terrorist group takes out the New York power grid, it will affect those without computers as much as it will affect those with them." If we want to see how much cyber-warfare has become a part of a country's arsenal, we need only look at the conflict in Kosovo, according to Adams. Serbia is a technology "have-not," while China is a technology "have." Yet both countries used the Internet to launch attacks on the US and NATO information structures. "There are at least six nations right now who have active groups, paid by their governments, trying to formulate tools and procedures to cause computer terrorism in US corporations," says Jay Valentine, head of Infoglide, a database analysis company that works extensively with the US government. "Those countries are Syria, Iran, China, India, Pakistan and Israel. [Other experts add France and Russia to this group.] Not all of them are bad guys, "Mr. Valentine says. "Some are doing it for defensive reasons, but they all have backdoors into American government computers. We have detected several 'software tools' which are used to erase 'computer fingerprints.' " Not everyone, however, thinks the current situation is so bleak. "Everyone likes to talk about the 'electronic Pearl Harbor' or the 'electronic Waterloo' scenarios," says Wallace Theiss, a specialist in conflict and security issues. "For the time being I would be much more worried about governments and terrorists with bombs than with computers." Meanwhile, the US government is taking information warfare seriously. President Clinton recently announced a $1.46 billion program to improve US government computer security, including the creation of special "Cyber Cop" units to work with both government and industry. Senate Republicans want to give Dartmouth College enough money to create two laboratories to research ways to counter terrorists armed for biological or cyber-warfare. The FBI has created a special unit to deal with acts of computer sabotage and crime committed within the US. And the US has been actively using information-warfare weapons since the early 1990s, primarily as backup for battlefield operations but also to prepare for future wars that may be fought online. (See story on page 16 for more on military's plans for future.) "It is a very serious problem," says Adams. "And it's getting more serious day by day. The structures that we have held constant for many years are disappearing and we need to look at things with new eyes. After all, your defenses are only as good as the single event that takes you down." (part2) IDEAS, SCIENCE & TECHNOLOGY When terrorists turn to the Internet Seemingly unconnected events may have a more sinister source: coordinated cyber-hacker attacks. Tom Regan Special to The Christian Science Monitor It's 8 a.m., morning rush hour in New York. People and cars move slowly and somewhat irritably toward the city. Suddenly, the power goes down and traffic lights cease working. Everything comes to a complete stop. Meanwhile, half a country away, the water system malfunctions in Detroit. Then, in Dallas, air traffic becomes dangerously chaotic as guidance systems go offline. On the surface, it seems like a series of unconnected events. But information security experts say it could also be the sign of a terrorist cyber-attack - well-coordinated, extremely effective, and so anonymous it leaves its targets not quite sure what happened. While the above situation has never taken place, many industry experts say it could. In fact, they're somewhat surprised it hasn't already. The United States government and US businesses know that developing an effective response to cyber-terrorism is essential. This, at least, is the first step, even though they have a long way to go in addressing the problem. This is the new world of cyber-terrorism. No other country or group can approach the US conventional-weapon superiority. This is why many terrorists find information terrorism an attractive alternative to traditional forms of terrorism. Cyber-terrorism allows terrorists - both foreign and domestic - to inflict damage with no harm to themselves and little chance of being caught. It is a way for the "weak" to attack the "strong," particularly to disrupt a stronger force at a key time during an operation. If you want to understand terrorism in the Information Age, you need to understand how it has changed since the 1970s, says Harvey Kushner, chairman of the criminal-justice department at Long Island University and an expert on terrorism. "We have moved away from state-sponsored terrorism," Dr. Kushner says. "The old model of the hierarchical or 'organized crime' group, no longer exists. These days, terrorists move in loose groups, constellations with free-flowing structures. So these days terrorism - both the traditional kind and cyber-terrorism - is more the act of the freelancer or the individual. This is true both internationally and nationally." This doesn't mean states don't play a role in cyber-terrorism, Kushner says. It's just different from the one they played in the past. "States find ways to encourage this behavior. They will use incendiary rhetoric to inflame passions. This will enrage some freelancer, who will then commit an act of cyber-terrorism. The Chinese hacker attacks on US targets after the bombing of the Chinese Embassy in Belgrade are a perfect example. And it comes at no cost to the state, which can say it had nothing to do with the attack," he says. So who is the modern cyber-terrorist? "The popular image is very out of kilter with reality," says James Adams, head of Infrastructure Defense, an organization founded to help governments and businesses deal with cyber-warfare and terrorism. "You know, the image of the 18-year-old with a ponytail who spends 20 out of 24 hours over a computer, hacking into a site because it gives him a rush." In fact, says Mr. Adams, cyber-terrorism is likely to be committed by Russian organized crime, or white supremist groups, or religious cults and extremists, to name a few examples. These groups tend to work in the loose manner Kushner describes, and detailed in a 1999 report on cyber-terrorism, "Countering the New Terrorism," by the Rand Corp. It describes the structure of these new networked organizations as "SPIN": segmented, polycentric, ideologically integrated networks. These SPIN groups are not just using the computers to launch attacks, but also to coordinate their activities. For instance, the Rand report notes that Saudi religious extremist Osama bin Laden's organization "appears to have widely adapted information technology." Egyptian members of Mr. bin Laden's network are said to have helped devise a communications network that relies on the Web, e-mail, and electronic bulletin boards so that members can exchange information without running a major risk of being caught by US counterterrorism organizations. A third way that terrorists use the Internet is to tell their "story" directly to the public. Several terrorists groups have used the Web not only to bypass traditional news media, but also to influence how the media report on a terrorist act. But it may not be long before groups like bin Laden's use their technological expertise to launch a cyber-attack. "With respect to the availability of desirable targets via cyberspace, terrorists are likely to choose to employ electronic attacks only if the reachable assets are attractive targets, and as infrastructure industries continue to modernize their information systems to take advantage of the benefits of [information technology], this situation will become more likely," notes a report in the fall 1997 issue of Survival, "Information Technology and the Terrorist Threat." "Cyber-terrorism really is a result of the Internet," says Ed Roche of The Concours Group, an international firm that studies Internet security issues. "Terrorism certainly existed before the Internet, but in order to do it, you had to be there. With the Internet, a group in, say, Madras, India, can bring down Con-Ed." Dr. Roche, who believes there will be a major cyber-terrorist attack on the US in the next two years, says it is corporate, rather than government, information structures that are most at risk. "There is a very poor sense of security in many of these enterprises. Intranets are also a real security problem. And I don't see these factors changing anytime soon." Also, one of the great difficulties in deterring and defending against terrorist attacks is determining the actual source of the attack, says Prof. Richard Harknett of the University of Cincinnati. The potential for anonymity in cyberspace will only make this problem more vexing. "Two things tend to constrain traditional terrorism: to achieve political ends through terrorism one has to be attributed with the attack, which opens the door to retaliation; second, most terrorist attacks involve destruction," he says. "If the line is crossed, retaliation can be invited. "In cyber-terrorism the main goal will be disruption, rather than destruction," Prof. Harknett says. "In societies highly reliant on information systems, disruption to those systems can cause short-term inconvenience, but more importantly, long-term loss of confidence in the viability of those systems. Will the US retaliate with military means if ATM banking in New York City is disrupted monthly through repeated attacks? At what point will people begin to question the reliability of digitized banking? How many disruptions will it take?" Back to the hackers. But what about the simple hacker? One problem with cyber-terrorism, note computer security experts, is that it's hard to tell if a cyber-attack has been launched by a rogue state, a terrorist, or a couple of kids in their garage. For instance, one of the most damaging cyber-attacks on the US military infrastructure was launched by an Israeli youth with help from some teenagers in California. As a result, computer-security experts and justice organizations like the FBI now treat all cyber-attacks the same, regardless of the source - a situation that has enraged many hackers. Yet part of the reason security experts may be responding this way could be the fear that these "innocent" hackers could turn their talents to more ominous purposes. While the article in Survival notes that terrorism is more extreme and "far more aberrant than prankish hacking," there is no doubt that acts of hacking can have the same consequences as acts of terrorism. "Regarding the question of whether hackers today will be terrorists of tomorrow, one can only point to the fact that some hackers have been willing to act in concert to attack the telecommunications infrastructure, and insofar as an infrastructure attack constitutes terrorism, hacker terrorism has already occurred." A recent example of hacker terrorism (or is it?) is the Internet worm - Worm.ExploreZip - that created havoc in computer e-mail systems around the world, but particularly at corporations such as Microsoft, Intel, and NBC (see worm article page 14). Protecting against hackers also raises other issues, says Ron Moritz, director of the technology office for Finjan Software Inc., which specializes in mobile code security. For instance, how far can the government go to protect itself before it infringes on personal liberties? "It is possible to send a large current down a phone line and wipe out an individual's computer. But can we do that? Is it right to do that? For instance, where is the line 'online' between civil disobedience and terrorism?" Mr. Moritz points to an attempt by the New York-based Electronic Disturbance Theater to "block the entrance" of a number of sites in an effort to support the Zapatista movement in Mexico. When the EDT invited people to "sign" a petition that would attempt to overload the Pentagon's Web site and computers, the Pentagon fired back a Java software program that crashed the machine of the person who had signed the petition on the EDT site. Another problem may be that while news media coverage is needed to raise awareness of cyber-terrorism, it could lead to bad decisionmaking, according to Glenn Buchan in his 1996 report for the Rand Corp., "Information War and the Air Force: Wave of the Future? Current Fad?" Meanwhile, others are attempting to find solutions to cyberterrorism. Sy Goodman, director of the Stanford University Consortium for Research on Information Security and Policy and one of the authors of the Survival article on cyber-terrorism, will host a conference in Palo Alto in early December to try to find international answers to cyber-terrorism and cyber-crime. Goodman hopes the conference will lead to agreements that will fight cyber-attacks in the same way nations now agree on how to fight air hijacking. "There needs to be constant discussion of what the situation is," Kushner says. "In the past, we knew who our enemies were. For instance, on the battlefield, they wore different uniforms than us. But if no one wore uniforms, we wouldn't know who was on our side or who to fight. What our technology has done is make us naked." @HWA 28.0 Novell Cracker Pandora 4.0 Released ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN contributed by Simple Nomad Pandora can test the strength of Netware 4.x and 5.x passwords. It is a must have auditing tool for Netware security people. Bugtraq - Press Release http://www.securityfocus.com/templates/archive.pike?list=1&date=1999-07-1&msg=Pine.LNX.3.96.990706070337.76B-100000@vortex.nmrc.org Nomad Mobile Research Center http://www.nmrc.org Press Release; To:BugTraq Subject:Pandora v4 Announcement Date:Tue Jul 06 1999 07:06:45 Author:Simple Nomad Message-ID: _______________________________________________________________________________ Nomad Mobile Research Centre A N N O U N C E M E N T www.nmrc.org Simple Nomad [thegnome@nmrc.org] 05Jul1999 _______________________________________________________________________________ Product : Pandora v4.0 Platform : Windows 95/98/NT, X Windows on Linux 2.x The long-awaited Pandora v4.0 with "point, click, and attack" GUI interface is now available. Running under Windows 95/98/NT or Linux with X, this security audit tool with full metal jacket ninja kungfu action was compiled with 100% freeware compilers using freeware libraries with no big corporation SDK assistance. In other words, the GUI looks and behaves the same on either Windows or Linux. Old Pandora v3 exploits are back, with Netware 4.x AND Netware 5.x support. We have even updated several attacks to make them easier to use and to take advantage of our GUI. The GUI interface has some important new features: * Offline and Online components. Offline for cracking passwords offline, and Online for direct server attacks. Offline (for Windows and Linux) includes: * Password cracking of Netware 4.x and 5.x passwords. * Reads native NDS files -- as well as maintenance files such as BACKUP.DS and DSREPAIR.DIB -- and extracts password hashes for cracking. * Reads Netware 4.x and 5.x versions of NDS, BACKUP.DS, and DSREPAIR.DIB. * Multiple accounts can be brute forced and dictionary cracked simultaneously. * Preset and user-definable keyspace for brute forcing. * On screen sorting of account listings for easy viewing. * Built-in NDS browser to look at all NDS objects. * Remote Console Decryption using The Ruiner's decryption algorithm. Online (Linux coming soon, hey we're in beta!) includes: * Attach to servers using only the password hash (if you do not wish to crack them). * Dictionary attacks against NDS objects that detect if Intruder Detection was triggered. * Browse for target servers and gather connection info for spoofing attacks. * GameOver spoofing attack against servers not using Level 3 packet signature. * Improved Level3-1 attack which no longer requires using a sniffer to find elusive data for Admin session hijacking, just add in the Admin's MAC address and we do the rest. * Several nasty Denial of Service attacks. Full source code included in case you don't trust our binaries, and for adding your own code. Check out binaries, code, doco, rants, and more at http://www.nmrc.org/pandora/ _______________________________________________________________________________ Simple Nomad // thegnome@nmrc.org // ....no rest for the Wicca'd.... www.nmrc.org // @HWA 29.0 Cypherpunks will hold meeting at DefCon ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN contributed by deepquest SF Bay Area Cypherpunks July 1999 In Two Places At One Time! This July, the Bay Area Cypherpunks begin to challenge the laws of physics by meeting in two places at one time. Our first experiment will be on the campus of Stanford University, extracting quantum slack from the Stanford Linear Accelerator (er, actually Tresidder Union coffee shop) and rematerializing in Las Vegas at Defcon at the Alexis Park hotel. Both events will be open public meetings on US soil. Events: Sat 10 July 1:00 - 5:00 PM Stanford University Campus - Tresidder Union courtyard Spot the Cypherpunk Contest: This will be somewhat easier at Stanford than at Defcon :-) Ian Goldberg - Zer0knowledge Network (zks.net) Using the Internet Pseudonymously: One Year Later ZKS will be releasing Freedom 1.0 Beta 2 Cypherpunks Meetings http://www.freedomfighter.net/cypherpunks/physical.html @HWA 30.0 -=--=--=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=- T E R M U M L H U O R I L -=--=--=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=- Rumours: ~~~~~~~ Send rumours to hwa@press.usmc.net, or join our irc channel and gossip!! tnx .. + www.403-security.org has had a facelift, check out the new look and leave your comments to astral on how you like it... + Help! net-security is changing servers and may be down for a few days while they overcome some new server teething problems (probably dns related).see elsewhere this issue for more details ... + HNN: contributed by Space Rogue, HNN hopes everyone has a fun filled Fourth of July weekend. Note, that there will be no news update on Monday. Be sure to check in next week as we attempt to update the site remotely from Defcon7 in LasVegas. We should be ready to announce the HNN T-shirts that everyone has been asking for on Tuesday. Oh, and SETI@Home released version 1.5 of the SETI software last Wednesday which fixes quite a few bugs. (with all the news lately we forgot to mention it). Be sure to join up with the HNN team as you search for that Aranakin guy. HNN Team for SETI@Home http://setiathome.ssl.berkeley.edu/cgi-bin/cgi?cmd=team_lookup&name=The+Hacker+News+Network AD.S ADVERTI$ING. The HWA black market ADVERTISEMENT$. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ***************************************************************************** * * * ATTRITION.ORG http://www.attrition.org * * ATTRITION.ORG Advisory Archive, Hacked Page Mirror * * ATTRITION.ORG DoS Database, Crypto Archive * * ATTRITION.ORG Sarcasm, Rudeness, and More. * * * ***************************************************************************** www.2600.com www.freekevin.com www.kevinmitnick.com www.2600.com www.freekevi n.com www.kevinmitnick.com www.2600.com www.freekevin.com www.kevinmitnick.co m www.2600.com ########################################ww.2600.com www.freeke vin.com www.kev# Support 2600.com and the Free Kevin #.com www.kevinmitnick. com www.2600.co# defense fund site, visit it now! . # www.2600.com www.free kevin.com www.k# FREE KEVIN! #in.com www.kevinmitnic k.com www.2600.########################################om www.2600.com www.fre ekevin.com www.kevinmitnick.com www.2600.com www.freekevin.com www.kevinmitnic k.com www.2600.com www.freekevin.com www.kevinmitnick.com www.2600.com www.fre www.2600.com One of our sponsers, visit them now www.csoft.net * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * WWW.BIZTECHTV.COM/PARSE WEDNESDAYS AT 4:30PM EST, HACK/PHREAK CALL-IN WEBTV * * JOIN #PARSE FOR LIVE PARTICIPATION IN SHOW CHAT OR THE WEBCHAT, AND WEBBOARD* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * WWW.2600.COM OFF THE HOOK LIVE NETCAST'S TUES SIMULCAST ON WBAI IN NYC @8PM * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * ////////////////////////////////////////////////////////////////////////////// // To place an ad in this section simply type it up and email it to // // hwa@press,usmc.net, put AD! in the subject header please. - Ed // ////////////////////////////////////////////////////////////////////////////// @HWA HA.HA Humour and puzzles ...etc ~~~~~~~~~~~~~~~~~~~~~~~~~ Don't worry. worry a *lot* Send in submissions for this section please! ............. @HWA SITE.1 @HWA H.W Hacked websites ~~~~~~~~~~~~~~~~ Note: The hacked site reports stay, especially with some cool hits by groups like *H.A.R.P, go get em boyz racism is a mugs game! - Ed * Hackers Against Racist Propaganda (See issue #7) Haven't heard from Catharsys in a while for those following their saga visit http://frey.rapidnet.com/~ptah/ for 'the story so far'... From HNN rumours section http://www.hackernews.com/ see the archives section on HNN or attrition.org for copies of many of these sites in their defaced form. http://www.attrition.org/ July 5th Sites list unavailable from HNN due to Def-Con, so these were done manually or from other sources like attrition.org (got attrition?) Cracked July 9th - http://setiathome.ssl.berkeley.edu/ ... Confirmed. Cracked July 10th - http://gldpsp.cr.usgs.gov/ ... Confirmed. Cracked July 7th - ... Confirmed. ------------------------------------------------------------------------- A.0 APPENDICES _________________________________________________________________________ A.1 PHACVW, sekurity, security, cyberwar links ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The links are no longer maintained in this file, there is now a links section on the http://welcome.to/HWA.hax0r.news/ url so check there for current links etc. The hack FAQ (The #hack/alt.2600 faq) http://www-personal.engin.umich.edu/~jgotts/underground/hack-faq.html hack-faq Hacker's Jargon File (The quote file) http://www.lysator.liu.se/hackdict/split2/main_index.html Original jargon file New Hacker's Jargon File. http://www.tuxedo.org/~esr/jargon/ New jargon file HWA.hax0r.news Mirror Sites: ~~~~~~~~~~~~~~~~~~~~~~~~~~~ http://www.csoft.net/~hwa/ http://www.digitalgeeks.com/hwa. http://members.tripod.com/~hwa_2k http://welcome.to/HWA.hax0r.news/ http://www.attrition.org/~modify/texts/zines/HWA/ http://packetstorm.genocide2600.com/hwahaxornews/ http://archives.projectgamma.com/zines/hwa/. http://www.403-security.org/Htmls/hwa.hax0r.news.htm International links:(TBC) ~~~~~~~~~~~~~~~~~~~~~~~~~ Foreign correspondants and others please send in news site links that have security news from foreign countries for inclusion in this list thanks... - Ed Belgium.......: http://bewoner.dma.be/cum/ Go there Brasil........: http://www.psynet.net/ka0z Go there http://www.elementais.cjb.net Go there Canada .......: http://www.hackcanada.com Go there Columbia......: http://www.cascabel.8m.com Go there http://www.intrusos.cjb.net Go there Indonesia.....: http://www.k-elektronik.org/index2.html Go there http://members.xoom.com/neblonica/ Go there http://hackerlink.or.id/ Go there Netherlands...: http://security.pine.nl/ Go there Russia........: http://www.tsu.ru/~eugene/ Go there Singapore.....: http://www.icepoint.com Go there Turkey........: http://www.trscene.org - Turkish Scene is Turkey's first and best security related e-zine. Go there Got a link for this section? email it to hwa@press.usmc.net and i'll review it and post it here if it merits it. @HWA -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=- --EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF-- © 1998, 1999 (c) Cruciphux/HWA.hax0r.news (R) { w00t } -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=- --EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF-- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=- [ 28 63 29 20 31 39 39 39 20 63 72 75 63 69 70 68 75 78 20 68 77 61 ] [45:6E:64]-[28:63:29:31:39:39:38:20:68:77:61:20:73:74:65:76:65]