..........]Cardiff 2600, -=809=- and the NEW RETRO COLLECTIVE[.............
			    [ PRESENT ]
		 _____ _____ __    ____   __  _______   __
             >--/ ___//  __// /_  / ___/ / / /    /  \ / /---->
           >---/  ___/ /__ / _  \/  ___// /_/_ X / /||/ /--->
         >----/______/___//_/ /_/______/_____/__/_/ \__/-->
              +-=  E C H E L O N - M A G A Z I N E  =-+
     "The government denies all reports of such a system being used"
                . .::;;$$[THE H/P Bi-MoNTHLY]$$;;::..
                 <----------[..ISSUE--4..]----------> 
			    [ Early 2000 ]
                  Editor: dynamics [inno6@hotmail.com]


..:Introduction to Issue-4

Well, we're 3 months into 2000 and the bug still hasn't bitten. I 
suppose you could say that is good news, although I was quite looking
forward to mass destruction and mayhem. Ah well, there's always next
year. The real Y2K bug is the poor regard paid to computer security,
with the website 0wnings and the DoS attacks evidence of this.

On the subject of NynexPhreak's recent legal strife, they have now 
dropped all charges against him and Shadoh. Unfortunately, the trial
continues for the other bloke *accused* of this. We'll see how things
go.

On the news front, Replicator will be our new news reporter. He has 
more time than I do for this section, so it should be much better.

Well, as ever, we're stocked on the usual telecomms and switching docs.
Our c5 docs are here, delving deeper into the system than ever before.
We've got a US blueboxing doc for.. well... the US readers. It 
discusses boxing c5 from the US via home directs, stuff people in the
UK have been doing for ages, but has yet to get popular in the US -
(you had it soo easy with 2600hz for soo long, and now you lost your
ninjas) but don't pheer, there will be global phj33r.

Also, I've written-up an article on Digital C5, yes, digital, and its
applications worldwide. NynexPhreak has included an article on
Verification Trunks on c5-R1 circuits, check that out for more details
on how these work, it may be new to a lot of you. 

MuFtaK has submitted an article on GSM Cloning, something which is
becoming more and more of an issue since the algorithms for COMP128
were released. It goes into depth on the cloning method of duplicating
SIM cards. We hope to get more cellular info for the zine.

-dynamics

	[ .gov hit of the month:	legion.dera.gov.uk ]


<------------------------------=809=---------------------------------->
|..: dynamics		->	"sOcOtEl sHaDoWbOxIn tEkNeeQ"
|..: nynexphreak	->	"bOw dOwN" 
|..: redblade		->	"tHiS iS tHe dEpT oF dEfEnSe nZ"	
|..: pyke		->	"eVeRyBoDy hAtEs TSTT"
|..: gamma/c0	->	"bLaSt 2600hz fOr sOmE sEcOnDs"		
		  "0wning joo wit da powa of jah"
<------------------------------=809=---------------------------------->


		  ...: CONTENTS OF THIS ISSUE :...
		      ISSUE-4 03/2000
----------------------------------------------------------------------
Article:...		 =ECHELON MAGAZINE=		...:SECTION
----------------------------------------------------------------------
-]Indroduction to Issue-4                                        1]..

-]News								 2]..
....]replicator

-]International Submarine Cables: Atlantic Region		 3]..
-][Atlantic.jpg]

-]Boxing from the US works, and this is (was) '99 
-] - a guide to blueboxing from the US, it works. 		 4]..
....]dynamics

-]BUSTED! Update on the legal proceedings			 5]..
....]dynamics

-]A guide to digital c5 and its applications 
....]dynamics							 6]..

-]Verification Trunks on C5 Circuits				 7]..
....]NynexPhreak

-]An Introduction to Cable Company Telephone Networks				  			 	 8]..
....]dynamics

-]0800 056 9xxx (000 - 300) Scan				9]..

-]GSM Cloning							10]..
....]MuFtAk

-]The case for hacker intervention				11]..
....]dynamics

----------------------------------------------------------------------		
			WRITING ON THE WALL....

				-=809=- 
			   UK-NZ-and beyond...
				www.809.cjb.net			   	

		Cardiff 2600:
		www.cardiff2600.cjb.net
	
				The New Retro Collective
				www.roe.overloaded.org

Kudos to: D4rkcyde, f41th, polymorph, psyclone, hybrid, gr1p, kp, c0
[JaSuN], dave_, Cold-Fire, b00ger, darkcyde, defiant, xio, Dr.Fonk,
pyroteknik, Mark Tabas, Phrack, jaqu, iNFeRno, NeonDreamer/dan, clarus,
substance, rockman-, Coronus, skyper, is-, abattis coolwave/rob, murder 
02/2000
----------------------------------------------------------------------

========================================================
...: 2: NEWS 
========================================================

DeCSS SAGA CONTINUES
====================

Evan Prodromou has coded a utility called `DeCSS' which strips
Cascading Style Sheet (CSS) tags from an HTML document. Once
distributed it is hoped that this will act as a form of decoy.

The purpose behind this is to stop lawyers being able to easily find
the real code on the web and simply sue that particular site. One
site already a victim of this has been 2600.com when a January
ruling ordered the site and two others to remove the code.

Linux users are particularly affected by the actions of the film
industry and makers of DVD players as using the DeCSS code is the
only way for Linux users to play DVD-ROMs.

Even though this is a short term solution, if there are many
hundreds of sites using the decoy code it will definitely slow down
the lawyers and hopefully put them off continuing their attacks on
sites distributing DeCSS.

 "GILC Releases Statement Opposing DVD Suit. Twenty-three GILC
  member organizations have signed onto a statement opposing the DVD
  Copy Control Association's (CCA) suit against people who have
  posted information about the DVD Content Scrambling System (CSS).
  The suit claims to protect trade secrets surrounding DVD CSS, but
  the letter points out that the controversial DeCSS software is
  legal reverse-engineering needed to provide interoperability of
  DVDs on different computer systems. The statement also explains
  that DeCSS does not enable the practical duplication DVDs and that
  DVDs can already be copied through other available means."

	- http://www.gilc.org/

News Source(s):
	http://www.salon.com/tech/log/2000/02/22/decss/index.html

Related Sites:
        http://www.opendvd.org/
	http://www.dvd.reviewer.co.uk/info/multiregion/
	http://www.twi.ch/~i7eberha/eng/haupteng.htm
	http://linuxtoday.com/stories/15655.html
	http://www.eff.org/ip/Video/

Pigdog Journal DeCSS Distribution Center
	http://www.totse.com/DeCSS/

Motion Picture Association of America (the lawyers)
	http://www.mpaa.org/


AGAIN THE BRITISH GOVERNMENT IS TRYING TO INVADE CITIZENS PRIVACY
=================================================================

Another plan is at hand to make is possible for law enforcement
agencies to be able to tap into all private communications carried
out over the internet.

Already rejected from July's Electronic Commerce Bill, fears over
the government trying to introduce similar plans at a later date
have been realised.

Under the new proposals it would make refusing to hand over your
private encryption keys an imprisonable offence and excuses such
as you lost you keys won't make a bit of difference.

Pager, mobile, satellite, and in house communications will also be
affected. It will be possible to 'tap' all of these but, what's
more worrying is that all of this will be done without the need for
a warrant.

The usual plans for forcing ISPs etc to also give up any information
on it's members will be included as well as having "reasonable
interception capabilities" built into their systems.

The government on many occasions now have used the old "how would
you like it if someone broke into your house and looked though your
draws" line when trying to make even ethical hackers look bad. Yet
on the other hand they want the keys to your house... that's
hypocrisy in action for you.

Mr. Yaman Akdeniz - Director, Cyber-Rights & Cyber-Liberties (UK)
comments in response to a request from echelon magazine:

 "I was hoping that we would be witnessing a new human rights
  culture with the beginning of the new Millennium. However, the RIP
  proved me wrong and the UK Government introduced the most complex
  and most intrusive Bill that will have a major impact on civil
  liberties. If enacted, we will certainly be more closer to an
  Orwellian State. Cyber-Rights & Cyber-Liberties (UK) believe that,
  the Bill will infringe human rights and is not compatible with the
  European Convention on Human Rights and with the Human Rights Act
  1998."

Your strongly recommended to check out: http://www.cyber-rights.org/

Voice your opinion and insure that this also fails. The government
are hoping to get the so called "Regulation of Investigatory Powers
(RIP) Bill" though by October.

 "Campaigners for civil liberties online were horrified by the
  proposals. "This is a clear breach of Human Rights. A Court
  challenge is inevitable" said Malcolm Hutty, Director of CACIB,
  "The DTI learnt their lesson, but the Home Office wants to spy
  on nearly the whole population. These proposals go beyond
  legitimate police needs and extend to a capacity for mass
  automated surveillance. This cannot be tolerated by any free
  society.""

	- http://www.liberty.org.uk/cacib/

News Source(s):
	http://www.wired.com/news/politics/0,1283,34350,00.html
        Network News Magazine - www.networknews.vnunet.com
	http://news.bbc.co.uk/hi/english/sci/tech/newsid_638000/638041.stm

Related Sites:
	http://www.homeoffice.gov.uk/oicd/ripbill.htm
	http://www.cyber-rights.org/


RUSSIAN ISPS BATTLE WITH AUTHORITES
===================================

ISPs in Russia are being pressurised into installing a 'bug' which
gives agents unlimited access to user information. When approached
Bayard-Slavia Communications refused to co-operate and thus had
their primary communication line cut. Although they later won a
court battle and had the line re-installed.

Although it's more than likely that all countries are now using
these types of systems unofficially, the problem lies in automating
the systems as it would be hard for operators to sift though the
masses of information.


BT ARE NOT ALONE
================

It seems that were not alone in the UK, France Telecom seems to also
be abusing their position in the market. Both companies are delaying
the opening up of the market to other telecom companies. What this
means is that high speed technologies such as ADSL will not be
available at any reasonable rate for some time now.

Especially in the UK we seem to be paying way over the odds, while
our American counterparts have the luxury of free local phone calls.

News Source(s):
	http://www.theregister.co.uk/000222-000026.html


FBI CONTINUES HUNT FOR DoS'ERS
==============================

The FBI are stepping up there investigation for the people behind
the recent mass DoS attacks on some of the world's largest sites.
Some of the servers that were flooded include CNN.com, Yahoo and
eBay.

In the mean time a list of high profile companies have made an
'alliance' to tackle this sort of attack. Members of the alliance
include Cable One, Cable & Wireless, Digex, Global Crossing and
its subsidiary GlobalCenter, GTE Internetworking, Level 3
Communications, and Sprint Communications.

On February 16th, FBI Director Louis J. Freeh said that the bureau
has "fast-developing leads", but it now seems that they have too
many leads which are crippling the investigation.

These were not hackers just script kiddies, whilst this is true
(it was not hacking in the true sense) the prejudice against younger
hackers seems to be growing. 'Young' seems to be the linked with
any sort of un-skilled attack by the so called 'old school'.

Although many veteran hackers say the hacks were lame, they will
serve as a wake up call for the industry - security is a myth.
Also they will highlight the lack of technical skill of the FBI and
other agencies when dealing with these attacks.

The FBI also confirmed that they were the victim of a DoS attack
which forced them offline for several hours. The American
government is trying to blame 'anonymous' services as the reason
for the time it's taking to find perpetrators of cyber-attacks.
Claiming that using them, can make a person almost untraceable.


News Source(s):
	http://www.techweb.com/wire/story/TWB20000225S0003
	http://www.ecommercetimes.com/news/articles2000/000225-6.shtml
	http://www.forbes.com/tool/html/00/feb/0229/MU3.htm
	http://www.wired.com/news/politics/0,1283,34617,00.html
	http://www.hackernews.com/
	http://www.wired.com/news/business/0,1367,34341,00.html
	http://www.sjmercury.com/svtech/news/breaking/ap/docs/252799l.htm
	http://www.wired.com/news/politics/0,1283,34659,00.html

--------------------------------------------------------------------

That's it for this bi-month's news, I had about a week to compile
this so I apologise if it's not that good. I quoted a little to bEEf
up the content.

Please submit news for next issue - credit will be given.


News compiled by: Replicator - replicator_uk@bigfoot.com
                  RoE Member - http://roe.overloaded.org


* Special thanks to Mr. Yaman Akdeniz for his comments to echelon
  magazine.  http://www.cyber-rights.org/

* Also thanks to anonymous for proof reading this.

--------------------------------------------------------------------

========================================================
...: 3: International Submarine Cables - Atlantic
========================================================
--> See atlantic.jpg



========================================================
...: 4: Boxing from the US works, and this is (was) '99
========================================================


    /-------------------------------------------------------\
			       8-0-9
  	     809 INTERNATIONAL COMMUNICATIONS PRESENTS....
    \-------------------------------------------------------/
     greetz to: Intersputnik satellites, westar satellites,
     the ANZCAN coaxial submarine cable, the eastern 
     caribbean microwave system, and all MF trunks everywhere.

    more greetz to:
      _dave, Psyclone, Polymorph, hybrid, Shadow, b00ger, cf
    Saman, Darkcyde, gamma_, c0, pyke, hopye, Keltic Phr0st
    Jasun, backa, Mister-X, zomba, ptek, xio, Dr.Fonk, xohs
    michella, substance, dr_phace, Rockman, Guru Josh (heh),
    defiant, ganjaman, deginge, everyone at LoK... 
    groups: Darkcyde, Ground Phloor Industries, MeD, GBH, 
		and OlderGeneration (OG)
    ---------------------------------------------------------

       BLUEBOXING FROM THE U.S IS POSSIBLE, AND THIS IS '99
			Version 1.2 [NEW AND IMPROVED: More Numbers]
    ---------------------------------------------------------

"lOsEnTiMoS! es de nUmErO nO eSt a iN serfisios, pOr fAvOrE pEr eFiCiO
eT tRaPo eNuEbO - CODETEL"

BACKGROUND
==========
Now, a long time ago, and to some extent nowadays, system R1 was the
system that linked the US. It used a single frequency 2600hz tone for
controlling the status of trunks, using a tone-on (free) and a tone-off
(in use) system.

It used interregister signals comprised of MF (multifrequency) tones
which were compound tones and were used to route calls between trunk
exchanges.

It was a pretty basic system, and can be found in some VERY remote
parts of the US/Canada, and is used to some extent in the Caribbean
region. It may be found in other parts of the world too, especially
in poorer countries, and in some parts of Eastern Europe. I heard from
a friend that Italy uses R1 as the signalling system in some rural
towns. A similar system is used by the French, called Socotel, which
uses MF and single frequency tones. The UK once used a single freqency
system, CCITT 3, although every digit was prefixed with a Code14 while
routing.

In addition, R1 is used as an interim system for interworking with 
other systems due to its versitility and simplicity.

People used to bluebox the R1 system, by sending the 2600hz tone to
tell the trunk the call had hung up, when in fact it hadn't, meaning
that they had an open trunk to dial out of using the MF dialset. This
is theoretically achievable, but the US is mainly SS7, and muting of
forward audio can be a problem.

This is NOT the system this guide will describe.

I aim to inform the reader how blueboxing FROM the U.S is achievable
using international toll-free numbers, which are toll-free numbers that
terminate in foreign countries. The main set of numbers being used in
this guide will be the HOME COUNTRY DIRECT numbers, and are used for
collect calls by tourists of these countries to call home, and for
calling card services.


CCITT SYSTEM No. 5 - KNOW THY ADVERSARY!
========================================

CCITT System No. 5, was specified in 1964 by the CCITT for use as an
intercontinental signalling system - to link continents. The first
application of CCITT5 (C5), was in the TAT-1 system, that linked the
United Kingdom with the U.S.

It is similar to R1 in many ways:

a) It has a near identical dialset.
b) It uses INBAND (within the band of the phone line) tones for
control. This is what makes it blueboxable.
c) Routing using C5 is the same as routing with R1, except that there
is a new signal with C5, Kp2 (transit KP).

In short, CCITT 5 could be described as: International R1, although
that is really only a rather tongue-in-cheek definition as 'R' stands
for "regional" anyway, meaning it's a contradiction...

CCITT 5 is used on cable, satellite, microwave and radio connections
world-wide. It would be fair to say that just under half the world uses
this system, because it is used extensively by a large number of
countries. Unfortunately, most developed countries are mostly digitally
switched, using system 7/SS7/CCIS7.

Thankfully, AT&T/MCI/SPRINT and other carriers have devised a system
whereby people in other countries can get US toll-free numbers. These
numbers terminate in these countries, and many foreign telcos have
developed Home Country Direct services for their citizens to call home
from the US at cheaper rates.

As said before, many countries use CCITT 5 as their international
switching system. Therefore a new type of blueboxing has arisen,
blueboxing home directs on CCITT 5 is the GLOBAL blueboxing method.

CCITT 5 CONTROL TONES AND DIALSET
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Dialset:
- Digits 0 - 9
- Control tones, Code11, Code12, Kp1, Kp2, ST

Forward Trunk Tones:
- Clear Forward/Ahead	-->	2600hz+2400hz
- Seize			-->	2400hz


This is how a call is set up using CCITT 5....

STEP 1

	YOU------------------LOCAL C.O--------------INT GATEWAY-1
Dial number using------>Digits translated------>Digital routing
DTMF digits		to digital routing	translated, you are
011 505 864 444		"0110110101010"		calling a C5 connection
						therefore translated to
						MF digits....
						Kp2-505-1-864444-ST

STEP 2

------------------INT GATEWAY-2----------------LOCAL C.O--------HIM
MF tones sent--->MF translated to------------->Call setup------>Answer
		dialset for that
		country


Kp1	- Terminal Kp (i.e calls inside the called country)
Kp2	- Transit Kp (international calls from that country)


In CCITT 5, address information is comprised:

-* LOCAL/NATIONAL IN THE TERMINATING COUNTRY:

			Kp1-dd-ac-number-ST

"Key Pulse One, discriminating digit, area code, number, Start"


-* TRANSIT INTERNATIONAL CALLS FROM THE COUNTRY:

			Kp2-cc-dd-ac-number-ST

"Key Pulse Two, country code, discriminating digit, area code, number
Start"

ac	--->	area code (NPA) of the place your calling
cc	--->	country code
dd	---> 	descriminating digit tells the trunk HOW to route


Descriminating Digits...
		CABLE		-	0
		SATELLITE	-	1
		OPERATOR	-	2
		MIL		-	3
		MICROWAVE/RADIO	-	9


The signalling is sent as:

It is assumed that this communication is purely between gateways, and
leaves the subscriber out of the picture....

]U.S[						]Nicaragua[
OUTGOING INT GATEWAY----------------------------INCOMING INT GATEWAY
[ DMS / 5ESS ]	   |				[DMS / ESS / XBAR ]
		   | seizure f1			|
		   |--------------------------->|
		   | proceed-to-send f2		|
		   |<---------------------------|
		   | address info (MF)		|
		   |--------------------------->|-TRANSLATED AND ROUTED
		   | answer f1			|
		   |<---------------------------|
		   | acknowledgement f1		|
		   |--------------------------->|
		   |				|
		   | 	   S P E E C H		|
		   |				|
		   | clear back f2		|
		   |<---------------------------|
		   | acknowledgement f1		|
		   |--------------------------->|
		   | clear forward f1/f2	|
		   |--------------------------->|
		   | release guard f1/f2	|
		   |<---------------------------|
		   |				|

In short, blueboxing is simply emulating the tones that are used to
hang-up the call to an extent that the call you are on will clear but
the equipment back home will think you are still online to the 800
number you called. This means you now have an open trunk to play with
and route as you wish....


So...

In order to bluebox a call, for example:

"BUZZZZZZZ....WOO...WOO....WOO...PLEEP! PLEEP! "Aloha Nicaragua..."
SEND CLEAR FORWARD (2600hz+2400hz)
PLEEP!
SEND SEIZE (2400hz)
ROUTE CALL


In some cases, it will pleep after the Clear Forward and again after
the Seize. In other cases, it will make a double-pleep after sending
of the two tones.

As for generating the tones... If you have a PC, then I'd recommend
using TLO (THE LITTLE OPERATOR), Bluebeep, or Bluedial. As for Amiga
users, a friend of mine recommends Arested Dialer Workshop or The
Dialer.

A typical set of tones for seizing a trunk would be:

		TONE1		TONE2		DUR		DEL
CLR FRW		2600		2400		180		50
SEIZE		2400		2400		200		--


In some cases, a GUARD TONE, is required. The guard tone is a device
used in the filtering process and is supposed to make signalling more
acurate and minimise false release. The guard tone may be added to the
Clear Forward and Seize or played at the end or beginning of the
sequence.

SOME GUARD TONES: 2100hz, 280hz, 1800hz, 500hz, 210hz, 440hz, 3825hz
AND THEN SOME MORE: 1004hz, 1204hz, 1754hz, 1804hz, 2004hz, 2713hz,
2804hz, 3004hz, 3204hz, 3850hz, 4804hz.

Of those, the 2100hz is the most popular. Bear in mind that the use
of some guard tones can result in interesting "function seizes" these
are seizes that have a function, such as, resetting all trunks, or
dropping you onto special control and verification trunks (see the 809
doc on verification)...

A working example of this is the NICARAGUA DIRECT seize (from UK):

	TONE1	TONE2	GUARD	DUR	DEL
CLR FRW	2600	2400	2100	130	800
SEIZE	2400		2100	330	---

Although blueboxing this one a lot is _not_ reccomended as the reason
why the that seize is still functional, even after a file written about
2 years ago on the subject, is that British Telecom (BT) monitor the
line in conjunction with Nicaragua Telecom in order to catch
blueboxers, :(

It's important to try "normal" sequences for seizing first and then 
when all else fails, to then use the guard tones. 

Delay can also be important, increase delay if it hangs up, decrease
if it times out after you send the first tone. Nowhere has used a delay
of over 1000ms before, and many newer C5 systems need short delays.
Afterall, long delays mean long times to route calls.


COUNTRY DIRECT NUMBERS
======================

Why not try out your new found knowledge on these....?

Note that most of these will probably be SS7 switched, but an inband
trunk is always indentifiable by the PLEEP made on answer and/or
hangup. On occasions this may be a click, but the general rule is that
a pleep is made.

I didn't scan these myself, and therefore I can only speculate as to
what switching system these use...

Service:		Number:		System:
Australia Direct        800-682-2878	SS7
Austria Direct          800-624-0043	SS7
Belgium Direct          800-472-0032	SS7
Belize Direct           800-235-1154	C5
Bermuda Direct          800-232-2067	C5/SS7
Brazil Direct           800-344-1055	SS7/R2/C5
Brunei Direct (AT&T)	888-673-0673	SS7/C5
Brunei Direct (MCI)	888-897-6217	C5
Brunei Direct (Am Tech)	888 285 9903	C5
Brunei Direct (Bell At)	888 285 9902	C5
Brunei Direct (Bell So)	888 285 9901	C5
British VI Direct       800-248-6585	SS7/C5
Cayman Direct           800-852-3653	SS7
Chile Direct            800-552-0056	C5/SS7/SS7-R2
China Direct            800-532-4462	C5 or in RARE occasions SS7
Costa Rica Direct       800-252-5114	C5/SS7/R2
Denmark Direct          800-762-0045	SS7
El Salvador Direct      800-422-2425	C5/SS7
Finland Direct          800-232-0358	SS7
France Direct           800-537-2623	SS7
Germany Direct          800-292-0049	SS7
Greece Direct           800-443-5527	C5/SS7
Guam Direct             800-367-4826	SS7
HK Direct               800-992-2323	SS7
Hungary Direct          800-352-9469	C5/SS7/R2
Indonesia Direct        800-242-4757	C5 (IndoSAT) SS7/C5 (Satelindo)
Ireland Direct          800-562-6262	SS7
Italy Direct            800-543-7662	SS7
Japan Direct            800-543-0051	SS7
Korea Direct            800-822-8256	SS7
Macau Direct            800-622-2821	SS7/C5
Malasia Direct          800-772-7369	SS7/C5
Netherlands Direct      800-432-0031	SS7
Norway Direct           800-292-0047	SS7
New Zealand Direct      800-248-0064	SS7
Portugal Direct         800-822-2776	C5 some SS7
Panama Direct           800-872-6106	SS7
Philippines Direct      800-336-7445	C5/SS7
"				800-632-7445	C5/SS7 
"				800-877-7445	C5/SS7
Singapore Direct        800-822-6588	C5/SS7
Spain Direct            800-247-7246	C4-R2/SS7/C5
St Kitts (Casino)		888-714-9770	C5	
Sweden Direct           800-345-0046	SS7 you can find C5 :)
Taiwan Direct           800-626-0979	SS7/C5
Thailand Direct         800-342-0066	SS7/C5
Turkey Direct           800-828-2646	SS7/C5/R2-C4
UK Direct               800-445-5667	SS7 :(
Uruguay Direct          800-245-8411	SS7 :( "WTF??? SS7? Uruguay?!"
Venezuela (Citibank)	800-418-9893	C5 after answer	
Yugoslavia Direct       800-367-9841/9842 C4-R2/C5/SS7

* Also: Telegroup Calling Cards: 800-393-1000
This number is c5 from international locations, may be R1 signalled
in the US. Worth checking out. Also accessable from the American
Noveau-Empire, i.e Hawaii, Alaska, Puerto Rico and US Virgin Islands.

* New(ish): UIFN - Universal International Freephone Numbers
These use Country-Code: 800. I.e you'd dial 011 800 and then the 8
digit number for the toll free. These ARE free from the US.
-Argentina Direct	: 011-800-5454-5454
-Portugal Direct	: 011-800-0351-0351
-Telegroup Cards	: 011-800-8881-1888
-Argentina Direct	: 011-800-0054-0054

The guesses I made are based on what the home directs are from the UK
and other countries where we have contacts in. The UK is a bit of an
exception, because BT generally select the SS7 routes due to the 
"fraud" that goes on via C5 lines... Some of the HCDs I checked myself.

China is an excellent example of this. From nearly every country, China
is C5, because C5 is the main signalling system used. BUT the UK 0800
to China is SS7. The reason behind this is that BT had problems with
"fraud" via China, most probably. They most probably pay a premium
price for the SS7 trunks in China...

As for the "xxx-R2" notation, that means that it may be R2 (digital or
analogue out-band [3825hz]). Because R2 is a REGIONAL system, it needs
to be interworked with an INTERCONTINENTAL system, and if the R2 is
analogue-switched-R2, then it is generally interworked with C4/C5/SS7.
R2 is complex, and it really needs another file to explain. In short,
it can be signalled using up to 6 different methods, broadly either
digital, analogue outband or on occasions hybrid-C4 connections using
some CCITT 4 tones. I really recommend reading the CCITT-4 and R2
manuals to get a better idea of these systems.
[check www.echelon1.cjb.net -> see FILEBASE]

CONCLUSION
==========

This guide is by no means the definitive guide to this method of 
blueboxing. I hope that it has given you a basic grounding in this and 
has got you to do some experimenting. The best way of getting into this
is by experimentation and by pooling knowledge with other blueboxers.

This guide also won't make you a ninja. The only way to get to that 
level is to experiment and read-up. Consider other stuff too, such
as other switching systems, Socotel, CCITT4 (found in Guiana ;) ) and
other systems such as R2 (European but found elsewhere). 

This method is pretty new to a lot of you in the U.S, and I hope that 
this doc will better inform you of this.

dynamics

-=809=-
07/12/1999
17:52 (UK TIME)


		"tHaNk-yOu, aNd gOoDbYe!....PLEEP"


========================================================
...: 5: BUSTED! Update on the legal proceedings
========================================================

I reported in the last issue on the legal proceedings being taken
against NynexPhreak, Shadoh and Tony. During the time between these
two issues, all charges against NynexPhreak and Shadow have now been 
dropped. This is of course good news, but unfortunately, they have
decided to proceed with the action against Tony.

Because of the legal proceedings, and not wanting to subjudiciate or
implicate anyone involved, I will not go into details on the case or
proceedings. We just have to remember that these are _accusations_ and
people are innocent until proven guilty, just because someone has a 
handle and takes an interest in H/P does not mean that they are 
breaking law. This is something telcos and the police fail to 
understand. Also, telephone logs can proove misleading, what looks 
suspicious to the average person is normal activity for technically
literate and net savvy people. For instance, BT's "Sheriff" system
logs calls over 8hours long, well with the advent of 0800 access to
the net, and some ISPs without cutoffs, this sort of system could end
up implicating people who are perfectly innocent of any crime.

This system fails to understand is that calling an 0800 number is not
a crime. They have SS7 monitoring systems that detect scans. Scanning
in itself is not illegal, although the legality of it may come under
the Computer Misuse Act, IF they can proove that the intent was to
find carriers and "break into" the systems on the end of them.

As the result, people are becoming implicated just for calling 0800s.
BT want us to call these, they make money from them, and then they
slap their customers in the face by sending police to arrest them 
because of their small minded suspicions.

We'll be following the case with interest, and we'll be more free to
comment at the end of this.


MISTER-X 
========

The alleged hacker of the railtrack and Lloyds of London sites has
been arrested in connection with this. He was raided at 6am on Friday 
3rd of March, then released on bail pending trial.

digital_darklord@hotmail.com

CURADOR
=======

Front page news was made when 18 year old Raphael Gray was arrested by
the FBI in conjunction with Dyfed-Powys police at his home in
Clynderwen, Pembrokeshire. A friend who happened to be at the house
was also arrested. 

Further report by westar [westar3@email.com]

Curador, "the saint of e-commerce" was busted Thursday the 23rd. 
Curador, the hacker who allegedly attacked 8 e-commerce sites, was 
arrested by the FBI on Thursday morning at his home in Clynderwen, 
Pembrokshire West-Wales. 

The main fault in the hacks that curador was doing was that he was 
targetting systems running UNIX which keep better logs than NT 
systems. Curador apparently had gained 250,000 credit card numbers 
and caused $3 million of "damage". On his website first at Geocites 
he allegedly posted a large number of these and others on 
news-groups and IRC channels.

His site (www.curador.com) was pulled down by the FBI on the Sunday
before the bust. The site was being hosted on Angelfire. Agencies 
which included the FBI, Canadian government and the secret service 
persued Curador with the help of HexEdit Inc computer security. The 
secret service initially belived that curador lived in texas (!), 
but later found out that he lived in West Wales. Raphael Gray 
(curador), claimed that he was attempting to show how vulnerable
e-commerce sites were. 

"Eight police officers, and a man from the FBI came knocking on my door 
at 8 in the moring", he said. Curador was arrested under the Computer 
Misuse Act of 1990, and has now been released on bail.



========================================================
...: 6: A guide to digital c5 and its applications
========================================================

   /-------------------------------------------------------\			
			     8-0-9	
  	   809 INTERNATIONAL COMMUNICATIONS PRESENTS....
   \-------------------------------------------------------/
   greetz to: PTT Gabon, Chennai Telephones (heh), Sovintel,
   Mongolise Telecom, Swaziland Posts and Telegraphs, France
   Telecom, Telephone Services of Trinidad and Tobago (TSTT),
   	Myanmar Posts, Telegraphs and Telephones 
   	(Run by Brigadier General Win Tin...LOL)
	
   more greetz to:
      _dave, Psyclone, Polymorph, hybrid, Shadow, b00ger, cf
    Saman, Darkcyde, gamma_, c0, pyke, hopye, Keltic Phr0st
    Jasun, backa, Mister-X, zomba, ptek, xio, Dr.Fonk, xohs
    michella, substance, dr_phace, Rockman, Guru Josh (heh),
    defiant, ganjaman, deginge, everyone at LoK... 
    groups: Darkcyde, Ground Phloor Industries, MeD, GBH, 
		and OlderGeneration (OG)
   ---------------------------------------------------------	
			
       AN OVERVIEW OF DIGITAL CCITT SYSTEM 5 AND ITS USES
				
   ---------------------------------------------------------
	  	  UK    NZ    USA    TRINIDAD
   ---------------------------------------------------------
   	dynamics, NynexPhreak, RedBlade, Lucky225, pyke
   ---------------------------------------------------------

	    "sHinInG hApPy pHrEaKeRs sHaRiNg k0Dez"

A fairly recent development in signalling has been the digitisation
of CCITT 5, allowing faster connections and a cost effective switching
solution with the robust nature of System 5 and the advantages of a 
digital switching system.

It's not surprising therefore that so many countries now use digital c5
to switch their international traffic.

Digital c5 is in essence, CCITT 5, but with the tones encoded into 
digital format. Addition proceedures for this system have to be set-up
meaning that each trunk is alloted a timeslice for signalling. Similar
to SS7, a signalling link is operational, and digital c5 is common 
channel signalled.

All system 5 signalls are present in this system, and the signalling
cycle is the same for the most part. For those of you who are 
unfamiliar with system 5, a typical simplified signalling cycle would
look like this:
						
OUTGOING INT GATEWAY----------------------------INCOMING INT GATEWAY
[ DMS / xESS ]	   |				| [DMS / xESS ]
		   | seizure f1			|
		   |--------------------------->|
		   | proceed-to-send f2		|
		   |<---------------------------|
		   | address info		|
		   |--------------------------->|-TRANSLATED AND ROUTED
		   | answer f1			|
		   |<---------------------------|
		   | acknowledgement f1		|
		   |--------------------------->|
		   |				|
		   | 	   S P E E C H		|
		   |				|
		   | clear back f2		|
		   |<---------------------------|
		   | acknowledgement f1		|
		   |--------------------------->|
		   | clear forward f1/f2	|
		   |--------------------------->|
		   | release guard f1/f2	|
		   |<---------------------------|
		   |				|

		   f1 = 2400 Hz	  f2 = 2600 Hz

The cycle above is based on the analogue inband version, but the 
digital cycle is identical, only the tones are data packets and are
transmitted on a seperate signalling link.


ADVANTAGES AND DISADVANTAGES
============================

	"tEll mE wHaT's sO gOoD aBoUt tHis..."

The system has many advantages, post-dialling delay is shorter using 
digital system 5 as compared to the analogue-inband version. Digital 
multiplexing can be used, and the system is far less susceptable to 
tone-imitation fraud [blueboxing to me and you ;) ]. Links can be 
monitored with great ease, and digital switches are used with the 
system, allowing all the advantages of these switches to telephone 
companies.

In addition to the many advantages, it's much cheaper to install that
SS7. A typical digital c5 system would require a digital switch, DCME
equipment and E1 trunks for the encoded links. SS7 requires more 
equipment such as line cards, and the ITU/CCITT reccomendations for
SS7 are very flexible meaning that compatibility issues can be a 
problem. The system 5 specs are much more rigid, meaning greater 
compatibility between networks.

One downside of system 5 digital is that it cannot carry ANI/CLI at
present. This is due to the absence of this reccomendation from the 
System 5 spec to date. I'm sure at a later stage, this could be 
included, allowing ANI/CLI to be passed via digital-c5 links. This 
would be extremely advantageous, because one of the main international
ANI/CLI passing "hurdles" with SS7 is compatibility of the various
"flavours" of SS7, whereas digital c5 is a far more tightly spec'd 
system, allowing ANI/CLI to be passed easily if it were specified in
the system.


TYPICAL STRUCTURE OF A SMALL NETWORK USING DIGITAL SYSTEM 5 FOR 
===============================================================
INTERNATIONAL CONNECTIONS
=========================

 "dIgItaL c5? iT's kIndA lIkE mIcRoSofT uNix (bUt wItHouT tHe bUgs)"

One disadvantage of digital-c5 is that interworking the system using a 
single stage of conversion is difficult. As a result, the interworking
process between the international gateway and the national network is
generally done in 2 stages.

Typically, stage 1 converts the digital c5 signals into an MF based
regional system such as R2 or R1 (North American/Bell System MF), R1
is favoured generally because it is comparatively basic and very 
compatible with most national systems. The second stage converts the
R1 routing into the national system, this being SS7, SS6, R2 etc.


- Conversion Diagram

		C5 converted to R1	R1 converted to SS7
		/---------------\	/---------------\
		|INTERNATIONAL	|	|NATIONAL	| On to the
===DIGITAL C5==>|GATEWAY SWITCH |--R1-->|GATEWAY SWITCH	|-----SS7---->
		|(Digital)	|	|(Digital)	| national net
		\---------------/	\---------------/

In theory, it could be left as North American MF-R1 or the intermediate
system used in stage 1 of the conversion for countries whose national 
networks are analogue based on that system. This would generally be
unusual, as SS7 holds many advantages for national networks and these
are generally modernised first.

There are a lot of examples of this method of interworking. For 
example, Cable&Wireless St Kitts and Nevis (Skantel)...


		ST KITTS
	/-----------------------\
	|			|Eastern Caribbean Microwave System
	|	    /------\....|....................................
	|	    |5-ESS |D-C5|Eastern Caribbean Fibre System [D-C5]
	|	    \------/----|------------------------------------
	|		|	|
	|		R1	|		NEVIS
	|	     /------\	|	/---------------\
	|	     |DMS100|	| SS7	|  /------\	|
	|	     \------/...|.......|..|DMS100|	|
	|	ST KITTS SWITCH	|	|  \------/	|
	|			|	| NEVIS SWITCH	|
	\-----------------------/	|		|
					|		|
					|		|
					|		|
					|		|
					\---------------/

As you can see, the digital c5 link is first converted to R1, then 
converting the R1 routing to SS7. A 5ESS forms the international 
gateway, with the St Kitts switch being the national network gateway as
well as serving St Kitts. On calls to this island, clear background 
dialling is audible (a tell tale sign of R1), but call set-up times are
top-speed and quality of calls is excellent due to the digital nature
of the systems used. An acknowledging "pleep" is heard from the R1 
portion on answer, and the call path set-up.

This pattern is similar in Belize too, where Belize telecom use digital
c5 for links to the US, and then have an R1 link between their 
international 5ESS switch gateway and their national gateway. In both
examples, the national network is SS7 signalled. Belize telecom use 
system R2 for PBX links.

	---------
	|COROZAL|
	|DMS 100|
	---------
	    |
	    |SS7
	    |
	-------------
	|ORANGE WALK|
	|  DMS 100  |
	-------------
		\
		 \SS7
		  \ 
		   \		    		
	         -------------		
		 |BELIZE CITY|  
		 |  DMS 100  |   
	         -------------
		    /				
		   /
		  /
		 /			  
	        /SS7		Digitally Encoded C5 
	       /		   AT&T	 MCI  TELMEX	} E1s	
	   -------------	   |	  |	|	}	
	   | NAT GATEWY|	   --------------------	      
OPERATORS--| BELMOPAN  |...........|5ESS [Dig Enc C5] |    
	   | DMS100    |   R1 	   |INT GATEWAY SWITCH|	   			 		 
	   /------------\	   -------------------- 
	   |SS7		 \	         
-------------		  \		 
|SAN IGNACIO|		   \ SS7		 
|  DMS 100  |		    \		 
-------------	  	     \		 
			      \	 	 
			       \__-------------
			          | DANGRIGA  |
				  |  DMS 100  |
				  -------------
					/
				       /
				      /
				     /
				    /
				   /
				  /SS7   
				 /
				/
			       /
			      /
			     /
			-------------
			|PUNTA GORDA|
			|  DMS 100  |
			------------- 

The diagram above is very simplified, there are many more switches
than those shown, but I think you get the idea that they are all 
DMS100s and the national network is SS7.

All international calls go via the appropriate carriers on Digital C5
switched trunks, acknowledgment "cheeps" are sent on answer of incoming
transit calls, these are from the R1 link between gateways.

All calls are muted until an answer signal is recieved, as standard
with the DMS100 switch. The reason that the International Gateway is a
5ESS is because no DMS250/300 was available at the time, as with the 
St Kitts example.

Both countries are relatively small, and signalling times for 
digital-c5 connections are generally marginally longer, it would be 
interesting to see the performance of digital-c5 with busier routes
in a larger switching environment. The c5 signalling cycle seems to
be rather long, although when packetised as with digital-c5 it is of
course a lot quicker. I think the main delaying portion of the journey
is in the interworking stage when 2 stages are used in the process.
In theory, digital-c5 could perform well even on the busiest routes
and might be a viable solution for busier international switching
environments that still have not digitised fully as of yet.

In fact, while on the subject, system 5 is still the most popular
world system in use. As I have mentioned before, due to its sheer
versitility and different types, it can be found to some in extent
in most countries. For instance, CCITT5bis, an early MF compelled
system (i.e forward and backward dialling as with R2) was specified
and Denmark ordered some 5bis equipment in the 80s. With the addition
of the digital version, it makes CCITT5 one of the most widely adopted
standards in the world today.


CONCLUSION
==========

	"hE's gOiNg tO bLab aBoUt hOw aMazIng iT is"

All in all, digital C5 forms an excellent system for switching transit
calls. Despite some minor disadvantages, many of which could be 
resolved by "patching" the system with additions, it lives up to the
robust and dependable reputation which System 5 enjoys, and combines
the simplicity and dependability of time-proven switching methods with
modern, digital methods. This results in an efficient and 
cost-effective switching system, and is finding application globally.
(Wow, I do really love c5... Obsessed? Understatement.)


- dynamics
Darkcyde/809

		"tHanK-yOu aNd gOodByE...."
		  wtf?? no pleep?!?!?



========================================================
...: 7: Verification trunks on c5 circuits
========================================================

Verifaction trunks are used to verify(VFY) a call that gives a BY(Busy) Signal
on C5 Connections.All that means basically is that it is used to Listen to
another person's phone line from any Standard Telephone.Verifaction has been
shrouded in myth for a long time now and is known under a variety of names in
phreakdom land.The only file I could find on it was from the 80's by TAP
magazine.
So without much ado here is my discovery about Verifaction trunks.This assumes
you have some skill in the art of blueboxing(see www.echelon1.cjb.net to see
Dynamics guide to Blue Boxing in the Late 90's) or (www.809.cjb.net)

For a long time verifaction trunks have been believed to be a routing code that
elavates you upto the trunk.This is not true.To get onto a verifaction trunk
you usally have to send the standard sieze for the country you are boxing
(2600hz or 2400hz) and add the VFY tone(I have had tones at 280hz and 240hz).
You should then hear a plip and if the call is being routed through a PBX as
on some HCD's you may get dropped into the middle of a conversation on somone
using the other line(s).


YOU----------TRUNK------------HCD Operator(MooMoo direct)At c5 Exchange
-------------VFY TRUNK-------------------------------------------------

When you send the VFY tone along with the standard sieze the c5 exchange
recognise's it and elavates you to the VFY TRUNK as the sieze is talking to
the trunk which signals the exchange,when the VFY tone is added it signals the
exchange to elavate you to the Verification trunk.Now an operator can Verify a
call by ringing the number that is BY and pressing the AutoVFY button on their
keypad,this merely sends the tone to put them onto the verifaction trunk,they
will be on the line that is BY as it defualts to VFY the line you called.
Basically you can now ring any BY number and Verify it.So what if you want to
Verify a BY overseas or Verify a line that isn't Busy yet but it will be?
Simple send your standard C5 routing codes in the format of,

For Local and National Calls(Land and roaming)
KP1-8-NUMBER-ST (Note it might not be 8 but that is the only one besides 0
that seems to work)

For International Calls(Land Lines)
KP2-Country Code-0-Number-ST

For International Calls(Cellular or RadioBased)
KP2-9-Country Code-Number-ST

You send your C5 tones with thier normal frequencies however the durations for
the tones are different,don't know why,they just are!So for Supervisery tones
(STart and KeyPulse) send them at 110ms-120ms.And for the digits you send at
90ms-95ms.

I hope that explains it a little bit better for those intrested in
Verification. This file is merely an 'plug-in' that advanced boxers should
refer to as a guideline.If you don't understand it,go get sk00led on CCITT-5
first :P

Please take a note that I have only found one to be able to kp2 VFY all the
others would only VFY kp1,even after extensive experimentation.Also some
people claim to have used 280hz as a filter from a country.
As far as I know it works from the UK as for other countries,you will just
have to experiment but i believe some of them use a CALLINTERCEPT TONE that
is 440hz for tapping a BY connection :P

Laters all and remember if you want to laugh,DON'T ring the Church of Jesus
Christ on +1 (1)-8009091300 and ask if you can be a 'moron' too and if they
will send you a bible to sk1n up with as you have no cigerette papers left,
that would be wrong ;)

|\
|.\__oooo__
|..      |_\  <---BT SECURITY PERSONNEL'S FAVOURITE PAST-TIME NUMBER 1
|. ___O__|_/
|./  | |
|/   | | "oooHhhH CCU Give me more 0h-day catch-criminalz tekniq"

    This has been a 809 International Communications Production

(c)A77 r1ghtz r 7u5t!?!


========================================================
...: 8: Introduction to Cable Co. telephone networks
========================================================

    /-------------------------------------------------------\			
			      8-0-9		
  	    809 INTERNATIONAL COMMUNICATIONS PRESENTS....
    \-------------------------------------------------------/
    bono estente: WinTin, PTT Gabon, Chennai Telephones (heh)
    Swaziland Posts and Telegraphs, Entel Chile, Simmin, 
    Cable and Wireless (West Indies), Turk Telecom, Sovintel,
    Asbatta Telekom, Ocho Ocho Telefonica, ChileSAT.
	
   more greetz to:
      _dave, Psyclone, Polymorph, hybrid, Shadow, b00ger,cf
    Saman, Darkcyde, gamma_, c0, pyke, hopye, Keltic Phr0st
    backa, Mister-X, zomba, ptek, xio, Dr.Fonk, xohs,abattis
    michella, substance, dr_phace, Rockman, Guru Josh (heh),
    defiant, ganjaman, deginge, everyone at LoK... 
    groups: Darkcyde, Ground Phloor Industries, MeD, GBH, 
    and OlderGeneration (OG - now deceased).
    ---------------------------------------------------------
	
        NTL AND CABLE-COMPANY TELEPHONE NETWORKS IN THE UK

    ---------------------------------------------------------
	  UK    NZ    USA    TRINIDAD    DOMINICAN REP
    ---------------------------------------------------------
    	dynamics, NynexPhreak, RedBlade, Lucky225, pyke
    ---------------------------------------------------------

		"sOcOtEl sHaDoWboXiN tEkNeeq"

There seems to be a general lack of information on the workings and
structure of cable-company telephony networks in the UK. We've had
cable here for a few years now, and there seems to still be a lack of
credible and substantial information on their systems.

With this brief overview, I hope to get the ball rolling and inspire
a few people to go out there and learn more about these.

Throughout this brief overview, I will refer to the NTL network 
primarily, as that is the network I have most knowledge on. Most of
the content will apply to other networks, such as TeleWest and 
Cable&Wireless-Communications.


THE BASICS - THE LOCAL LEVEL NETWORK
====================================

	"sUbUrBaN nInJaS bEigE bOx, pHrEak lOcAlly, sAvE pEtRol"

Even on cable networks, there is an analogue portion of the call. From
a typical house connected to the cable company network, through the
local PCPs, the path is DC signalled and on copper pairs. Television is
carried on coaxial copper cables. 

	TELEPHONE - COPPER PAIRS
[HOUSE]....................|---------|
[HOUSE]....................|LOCAL PCP|
[HOUSE]....................|---------|

The next major stage of the journey to the switch is the Nodal Cabinet,
the Nodal Cabinet serves approximately 500 - 600 homes, and in this
segment, the telephone calls are digitally encoded and sampled onto
fibre-optic cables. Digital Subscriber Signalling System (DSS) is used
to signal calls from this point until reaching the switch. In some
areas, a MAX unit may be used in place of a Nodal Cabinet, MAXs are 
small telephone switches used for switching local traffic and 
multiplexing. An SDH network is used for routing traffic to the main 
switch. On average, 2Mbits of bandwidth is allocated for traffic 
between the Nodal Cabinets and the "Head-end" (main switch).

|---------|			|---------|
|LOCAL PCP| Copper Pairs [DC]	|NODAL CAB| 2Mbit Fibre	[DSS signalled]
|---------|.....................|---------|-------------->TO THE SWITCH


From this Node, traffic then travels to:


THE HEAD END - (MAIN SWITCH)
============================

"A mYrIaD oF fIbre, liGhTs fLasHing, sIleNce, tHe sWitCH hUms tHrOugH
tHe niGht. NTL - tEcHnOlOgY, tAmEd. jUsT lEt tHeM tRy..."

These, as mentioned before, are System-X or DMS100 units. NTL and other
companies generally use fewer switches than BT, and it's not uncommon
to have just one switch for a city. At present, most switches 
accomodate up to 50,000 subscribers. For instance Cardiff is served by
a single switch located in the Bay area. 

On the software side, they are equilent to BT, according to various 
sources, although I doubt they have as much subscriber monitoring. 
Despite various theories that Monolog call loggers can't be used, they
are compatible (confirmed) and have been used before in fraud cases. 
The Monolog units have to be fitted at the local PCP onto the copper 
pairs due to their old-fashioned design. From there, a spare line is 
attached for the logger to be dialed into and data collected.

At the "head-end", all traffic entering the switch is carried on 2Mbit
fibre optic cables meaning fully digital head-end switching. 

From the head-end (equilivant to a DMSU perhaps) traffic then either 
gets routed to the local destination or onto:


THE TRUNK NETWORK	
=================

		"nEllY tHe eLePhAnt pAcKeD hIs tRuNk"

NTL has its own national network of long-distance trunks and switches.
All calls are carried via fibre-optic cables that actually belong to
NTL between its switches. For areas that are un-served by NTL, calls
go via BT or the local cable company.

NTL operate 90 public exchanges. Interlinking these has become 
complicated and inefficient, therefore, they are now building a core 
voice network based on 9 DMS100 transit switches. All interswitch 
traffic will be carried along this backbone network. Each of the 90 
switches will connect to two backbone DMS100s. The project is about 
70% complete, and will be fully completed by March this year. 

For extra capacity, leased circuits are sometimes used. Although NTL
prides itself on using its own trunks and switching network. NTLs new
international switching network is 50% complete, and will utilise 2
Siemens ESW switches located in their Eastern Region. They will use
various international carriers for the calls, based on a cost and 
bandwidth criteria.

As for other companies, Cable&Wireless uses its own extensive national 
and international network for routing these calls. TeleWest and the 
others most probably use a combination of their own networks and/or the
Cable&Wireless and BT networks.

All of NTLs switches are monitored 24hrs a day by specialist monitoring
centres. The main centre is located in Corley Court, in Winchester.
A secondary centre is located in Reading and used as a backup to the
main centre. The centres monitor the switches via a combination of X.25
links and MMI dialins for other functions. I predict that the 
monitoring is fairly high-tech and extensive, and may apply to 
detecting minor activity such as MMI dialins being accessed and network
traffic behaviour and peaks.


VALUE-ADDED SERVICES, 0800 NUMBERS AND PERMENANT CONNECTIONS
============================================================

		"fLaT rAte... yeah!"

NTL maintain a value added services package, with all the "Star 
Services" that BT offer, although the "Call-back" service was released
fairly recently.

NTL also maintain an 0800 switch for their 0800 ranges, 0800 052 xxxx
is an example. At present, NTL don't carry international 0800s, 
although they do state that their service is able to carry such 
services easily, should any companies require it.

NTL offers ISDN-1, but doesen't offer any other flavours. For higher
bandwidth telephone lines, Cable-Modems were in the process of being
rolled out although they have been delayed.

Another development is cable-ADSL, which offers higher speeds than the
BT version. The cable ADSL speed varies from 2mbit/sec - 6mbits/sec and
is being trialled in Guildford at present (wtf? why the hell is 
EVERYTHING trialled in bloody Guildford...)


CONCLUSION
==========

	"aLl iN aLL, iT's jUsT a... 'nOtHeR fIbrE iN tHe cAblE"
	[Que MF dialling for the old code for London....  :)]

All in all, the cable-company networks appear to be more advanced than
those run by BT. Digital switching is far more extensive, although 
it's unfortunate that they saw it fit to use copper-pairs to homes
which are all but obsolete in this day and age.

Despite this, the local network is far less archaic than BTs "loop"
and offers greater possibilities for high-bandwidth internet access,
although NTL has shelved the cable-modem rollout.

Perhaps BT could learn a few lessons from the cable companies, and move
their local network to a more up-to-date structure. The efficiency 
savings that a modern local network brings are obvious, NTL require a 
very small number of engineers for the maintenance side of the network
and primarily concentrate on new-installations - such is the demand for
cheaper calls as compared to BTs extorsionate rates.


CABLE COMPANY TERMS:...
CONVERTER BOX	-	The box that converts digital coax cable 
			signals into analogue TV signals.
DSS		-	Digital Subscriber Signalling System. A digital
			signalling system for the local level network.
HEAD END	-	The main switch for the area, i.e where the
			2Mbit fibres terminate. Serves approx 50,000
			subscribers and equivilent to a DMSU. Sys-X
			and DMS100 are the switch types used.
MAX		-	Alternative to the NODAL CABINET, the MAX is a
			an switch that serves approx 500 subscribers
			and can route local level calls using DSS. 
			These have MMI dialins for remote access...
NODAL CABINET	-	The cabinet that switches the copper pairs for	
			telephone calls onto fibre. Serves approx 
			500 - 600 subscribers.

The end, but there's more to come (hopefully)...


========================================================
...: 9: GSM Cloning - by MuFtAk
========================================================

GSM, the Global System for Mobile communications, is the most widely 
used standard for digital cell phones, used in over 100 countries 
around the world by over 200 service providers. In the undisclosed 
8000 pages of the GSM recommendations two cryptographic algorithms are 
specified. One is used to authenticate subscribers to their GSM 
carrier, to ensure that the subscriber is a valid customer. The other 
algorithm is used to protect the subscriber's conversation from passive
eavesdroppers, a large privacy problem with older analogue cell phone 
networks. 

The GSM fraud-prevention framework relies on these cryptographic 
algorithms to authenticate customers and bill them appropriately. A 
personalised smartcard (called a SIM) in the cell phone stores a secret
key which is used to authenticate the customer; knowledge of the key is
sufficient to make calls billed to that customer. The tamper-resistant 
smartcard is supposed to protect the key from disclosure (even against 
adversaries that may have physical access to the SIM); authentication 
is done with a cryptographic protocol that allows the SIM to "prove" 
knowledge of the key to the service provider, thus authorising a call.

As a result of mathematical analysis, it has been discovered that the 
cryptographic codes used for authentication are not strong enough to 
resist attack. To exploit this vulnerability, an individual would 
interact with the SIM repeatedly; with enough queries, the attacker 
can use some mathematical techniques to learn the supposedly secret 
key. Once the key is compromised, it is possible to make fraudulent 
calls that will be billed to the victim.

It has only been demonstrated that a phone can be cloned if given 
physical access to the phone (or its SIM chip). Many of you will 
probably be interested in the question of whether these attacks can be 
performed "over the air" (i.e. by accessing the target cell phone 
remotely with specialised radio equipment). While it can't be ruled out
that someone may learn how to perform "over the air" cloning, to my 
knowledge such an attack has not been publicly demonstrated, although 
GSM experts have confirmed that it should be possible and practical to 
do so. They have reported that a number of aspects of the GSM protocols
combine to make it possible to mount the mathematical chosen-input 
attack on COMP128, if one can build a fake base station. Such a fake 
base station does not need to support the full GSM protocol, and it 
may be possible to build one with an investment of approximately $10k.

It has been shown how to break the COMP128 authentication algorithm; 
an instantiation of A3/A8 widely used by providers. The attack is a 
chosen-challenge attack. A number of specially chosen challenges are 
formed and the SIM is queried for each one; the SIM applies COMP128 to 
its secret key and the chosen challenge, returning a response. By 
analysing the responses, it is possible to determine the value of the 
secret key Ki.

Mounting this attack requires physical access to the target SIM, an 
off-the-shelf smartcard reader, and a computer to direct the operation.
The attack requires one to query the smartcard about 150,000 times. 
Very little extra computation is required to analyse the responses.

Though the COMP128 algorithm is supposed to be a secret, information 
has been pieced together on its internal details from public documents,
leaked information, and from SIMs people have managed to reverse 
engineer. After a theoretical analysis uncovered a potential 
vulnerability in the algorithm, it was confirmed that the 
reconstruction of the COMP128 algorithm was correct by comparing a 
software implementation to responses computed by a SIM known to 
implement COMP128.

Authentication is initiated by the fixed network, and is based upon a 
simple challenge-response  protocol. When a mobile subscriber attempts 
to access the system, the network issues it a random challenge RAND. 
The mobile subscriber computes a response SRES to RAND using a one-way 
function A3 under control of a subscriber authentication key Ki. The 
key Ki is unique to the subscriber, and is shared only by the 
subscriber and an authentication centre, which serves the subscriber's 
home network. The value SRES computed by the mobile subscriber is 
signalled to the network, where it is compared with a pre-computed 
value. If the two values of SRES agree, the mobile subscriber has been 
authenticated, and the call is allowed to proceed. If the number sent 
by the mobile subscriber is the same as the one calculated by the 
authentication center, the subscriber is authenticated. 

The same mechanism is also used to establish a cipher key Kc for 
encrypting user and signalling data on the radio path. This procedure 
is called cipher key setting. The key is computed by the mobile 
subscriber using a one-way function A8, again under control of the 
subscriber authentication key Ki, and is pre-computed for the network 
by the authentication centre which serves the subscriber's home 
network. Thus at the end of a successful authentication exchange, both 
parties possess a fresh cipher key Kc.

The pre-computed triples (RAND, SRES, Kc), held by the fixed networks 
for a particular subscriber, are passed from the home network's 
authentication centre to visited networks upon demand. The challenges 
are used just once. Thus the authentication centre never sends the 
same triple to two distinct networks, and a network never re-uses a 
challenge.

In the telecommunications security field, openness is critical to good 
design. Instead, the GSM design committee kept all security 
specifications secret, which made the information just secret enough 
to prevent others from identifying flaws in time to fix them, but not 
secret enough to protect the system against eventual scrutiny. With 80
million GSM users, fixing flaws in such a widely fielded system is 
likely to be quite costly. A new authentication algorithm would have 
to be selected. Then new SIMs would have to be programmed with the new 
algorithm, and distributed to the 80 million end users. Finally, a 
software upgrade may be required for all authentication centres.


========================================================
...: 10: 0800 056 9xxx Scan
========================================================

HAND-SCAN OF 0800 056 9xxx (part1)

This 0800 range is operated by Cable&Wireless and is allocated 
primarily for international numbers.

A couple of c5s turned up, most were just busy tones. Except for that,
a lot of PBXs and VMBs and quite a few interesting carriers - maybe
for banks, X25 pads, ISPs etc and definately worth a good look. 


000 - c5, then busy tone
001 - Busy
004 - Error, USA (111-T)
005 - KDD
006 - Fax
007 - US business
008 - US business
009 - Fax
011 - Fax
012 - Busy
014 - Error, US (973-785-8880 has been disconnected)
015 - US, Fax
016 - US, goes thru diverter. MD Tech, PBX system.
017 - US, PBX diverted
019 - Crossworld Software PBX, (2 for VMB, Meridian mail - 4 did)
020 - US - 2BM
021 - Fault
022 - Fault
023 - Global One, calling facility for India (prepay cards)
024 - Service cannot be connected
026 - NZ
027 - Carrier
028 - US - 2CH
029 - US - 2BM
030 - Telecom Italia chargecard assistance
033 - NZ "Hello"
034 - Nordic/Scandinavian voice?
035 - Russia, answerphone
036 - US, Deltech, PBX (1did extensions?, 9 for outside line?) 
037 - US, Omachron Electronics (3 did extensions)
038 - Fax
039 - "Please enter account number" 
040 - US - 2BM
041 - Eulogic, Malborough, Mass
042,043 - NU
044 - Japan, fax
045 - [phone: 362-7523], answerphone
046 to 050 - NU
051 - Carrier
052 - 2BM
053 - Australia, T&J Company, answerphone
054 - US, non working toll-free no.
055 - US, very faint, "Helpdesk, Pam speaking"
056 - Fault
057 - US, Baltimore Convention and Visitors Centre (automated)
058 - "Bienvenue, may I help you?"
059 - PBX/strange engaged tone
060 - 062 - NU
063 - TeleBermuda Calling Card Network (:!*809*!:)
064 - Carrier
065 - Number not recognised
066 - US, Clarice customer service centre
067 - French company 
068 - US, JM Stuart Corp
069 - NU
070 - US, Voice messaging system (3 did extensions)
071 - Carrier, then hangs-up immediately (dodgy, maybe CLI required?)
072 - US, "Hello?"
073 - NU
074 - Waits ages, then NU
075-077 - NU
078 - "Body Shop, can I help you?"
079 - Fax 
080 - Please enter your PIN
081 - ITNS Helpdesk (PBX) 
082-084 - NU
085 - NZ "Hello?"
086,087 - NU
088 - Strange beeps... Beep-beep-beep (PBX error?)
089 - Fax
090 - NU
091 - Gates TelephoneCard, Nordic
092 - Cable&Wireless HKT 
093 - NU
094 - Carrier
095 - Accerated Networks, PBX/voicemail (2/3 did mailboxes?)
096 - Fault
097 - Fault 
098 - UK engaged tone 
099 - US, Corning Optical Fibre Information Centre 
100 - US, Office 
101 - "Hello?" 
102,103 - NU
104 - 2BM
105 - NU
106 - US ring 
107 - Carrier
108 - Japan, Carrier then changes to fax?
109 - NZ, answerphone
110 - Fault
111 - NU
112 - US rings
113 - Hungarian Telecomms customer services (not c5 :( R2 maybe)
114 - "Cable sweaters?"  
115 - Sweden
116 - Carrier
117 - Fault 
118 - Ring... ring(different)... "Vegzen catarina vegs zie heh" 
119 - US, Executive Office
120 - US, "Government" 
121 - US, disconnected number 
122 - NU
123 - US, "Emeq Fleshfoil, good afternoon"
124 - US, DCMC Customer Response centre
125 - US, Welles Trade Service, "Enter account number"
126 - US, Fax (sounds like they're on an old switch tho) 
127 - US, Summit Lodge 
128 - NU 
129 - NZ, "Hello?"
130 - NZ
131 - NU
132 - beep-beep-beep-beep, beep-beep-beep-beep (not c5, weird PBX)
133 - NU 
134 - US double ring, Fax
135 - NU 
136 - "Welcome to central station of the Suvemann Group"
137 - [1st attempt, the other person has cleared, 2nd - fault)
138 - North American busy
139 - Call could not be connected, Aus/NZ? "CDNA"
140 - North American busy
141 - "Good afternoon, Shove hotels"
142 - NZ 
143 - Please enter your PIN
144 - Baltimore Area Convetions
145-148 - NU
149 - US, "Good Morning"
150 - Carrier
151 - Fault
152 - NZ? "Hello?" 
153-155 - NU
157 - Please enter PIN
158 - NU
159 - US, Fax
161 - NU
162 - Weird beeps (not c5)
163 - Long pause... then "Number you have dialled has been recognised"
164 - Japan 
165 - US, Credit USA Securities
166 - NZ "The number you have dialled in not in service" then fault
167 - NU
168 - US, fax 
169 - US, 2BM
170 - Baysole Express PBX (keeps you on hold with adverts for bats) 
171 - Benley Western Drug Company (allows you to access cust a/c's)
172 - Please enter PIN
173 - Aus, Global Call Card, 2 bad attempts and it goes to op
174 - NU
175 - French?  
176 - US, no answer
177 - US, Sunhealth Care Group (*6 to input "extension")
178 - US, Sunhealth Care Group benefits department
179 - US, Sunhealth Care Group MIS Helpdesk
180 - US, "Good Morning Sun Health Care"
181 - US, Sunhealth Care Group benefits elligibility dept. 
182,183 - NU
184 - Zebedy Charles Group 
185 - Please Enter PIN
186 - NZ, Residential (answerphone, but the woman picked up heheheh)
187 - NZ, "Hello?"
188 - NU
189 - US, Mana Software
190 - Disconnected or out of service, US
191 - US, Eleron
192 - "Hello?" - France/Norway somewhere 
193 - US, "Hello?" residential (the person was VERY tired)
194 - US fast busy
195 - US, "Hello?"
196-198 - NU
199 - "Irling State Bank, my name is Laura"
200,201 - NU 
202 - Carrier *
203,204 - NU 
205 - 2BM
206 - NU
207 - Carrier *
208 - Carrier *   --> Close proximity to that bank number
209-212 - NU
213 - Ride Air Express
214 - Tollfree no. cannot be accessed
215 - US (static)... Caribbean? (no answer)  
216 - Carrier 
217 - Japan, Carrier
218 - US, rings, no reply 
219-221 - NU
222 - Gary Kelly's answerphone
223 - Korea Direct Calling Cards (bad line quality - static)
224 - Carrier
225 - Engaged
226 - NT&T Japan? (advertising ntt.com?)
227 - Fault
228 - US, HP Customer Care
229 - US, Talent Automotive Group (has VMB, 5 dids) 
230 - US style busy tone.. delay.. busy then again.. then silence (R1?)
231-236 - NU
237 - Circuits busied out
238 - US slow-busy tone
239 - US slow-busy tone
240 - US slow-busy tone
241 - Modified British style ring... mobile?
243 - "Aloh?" Russia? (R2/C7?) 
244 - Circuits busy tone   
245,246 - as above
247 - Fax (asia?)
248 - same ring tone... no answer
249 - "
250 - busy tone
251 - US, Optica America Pharmaceutical VMB (4-did)
252 - US, Pulmonery Data Service (ppl in CLINICAL TRIALS :))
253 - as above
254 - US, (being diverted around?), CARRIER
255 - same as above
256 - KDD Japan
257 - long tone... then CARRIER
258 - Fault
259 - Internet helpdesk
260 - Carrier (related?) [similar to telephone switch/pbx dialin]
261 - US ringing
262 - as above 
264 - Please enter PIN
265 - Ring, buuuuuuup....buuuuup
266 - Engaged
267 - Fault
269 - Japan
270 - Please enter PIN
271 - as above
273 - as above
274 - Colt Systems 
276 - Fax (c5) 
280 - New Zealand
281 - Fault
282 - Rings...
283 - US? Postdialling delay
284 - US, residential? 
286 - New Zealand
287 - Carrier
288 - Carrier
289 - US, Fax
290 - EDS Customer Service Centre
291 - 877-SBC-INFO, stock info 
292 - Fax (c5) 
293 - busy tone
294 - Fault
295 - Fault 
296 - Fault
297 - US, Disconnected Number
298 - Not available from calling area (loads of crosstalk)
299 - US, fax
300 - Telekort Norway

The rest of the scan will be in Issue 5.



========================================================
...: 11: The case for hacker-intervention 
========================================================

The next wars will be fought on computers and targetted at
communications and computer infrustructure, or so the powers that be
have theorised. "Info Warfare" and the explosion of the Internet as
a medium for publishing make for an interesting comparison as both may
well result in greater power for individuals and groups. This brings
new possibilities for the fighting of such wars and has already been
demonstrated with the DDoS attacks against various companies. This
sort of "warfare" could mean a simplistic ping-flood against an 
individual right through to a sofisticated an organised attack against
a national government which has failed its people. 

"Info warfare" brings new dilemmas in the field of ethics and empowers
groups such as hackers and phreakers, giving us a greater influence in
the world order and allowing us to perhaps even intervene in
situations which require it.

There is no getting away from the fact that there are many governments
out there which are failing their people, are corrupt, despotic, or
innept and too shameless to hand governance to those who can make it
work. In an ideal world, these administrations would be ousted by the
people alone, or with outside assistance. There are problems, of
course, with this. The first being that this isn't an ideal world, and
governments only ever assist in removing an administration if it can
benefit them financially or politically. An example would be the
removal of Allende in Chile, Allende was a Communist and despite the
flawed nature of his politics, he was democratically elected by his
people, but then removed from office by what many would consider a 
worse choice, General Augusto Pinochet. There is little doubt that the
CIA provided a lot of assistance in this, and the UK and US
governments helped consolidate his reigime.

The real point that I wanted to discuss was that perhaps we could, as
a group, use "info warfare" for the benefit of the world. It may seem
corny and idealistic, but perhaps it's something that could be
achieved. The example I stated about the US and UK intervention in 
Chile is nothing to do with the way we should go about it. An example
of where hacker-intervention was put forward, but not orchestrated,
was with the recent crisis in East Timor where some groups favoured
attacks against Indonesia. Another example was Kosovo, where various
groups were thinking of attacking the infrustructure of Yugoslavia.
This was condemned by zines such as 2600 and other groups, mainly due
to the fact that it was considered morally wrong, especially seeing as
NATO were also involved and that it would affect innocent people. 

The intervention I would advocate would be in situations where there
is a lack of iniative by governments to change things for the better.

Critics would say that what I'm proposing assumes that war is a
vehicle for helping nations, it's important to remember that this
isn't the case in most situations. War is a vehicle for change, and
like it or not, wars have brought most of the significant changes in
the world. The American War of Independance resulted unification of
one of the world's largest countries. The US Civil War brought us improvements in the treating of battle wounds. The First World War
brought us the tetanus vaccine, the Second World War brought us the nuclear bomb and the Cold War. The Cold War brought us the Internet,
and the Internet has given us "cyber warfare". This is just to name
a few. World War 3 will be fought on the same old premise as the Cold
War, mutual annihilation, but this time will be fought in space -
UK-USA are building a space warfare centre at Menwith Hill.

"Cyber-warfare", in my opinion, will be used by groups against other
groups. There is doubt that it has the potential to be destructive
and to threaten economies and the lives of people. Nearly everything
is wired into some form of computer, the telephone system, the
electricity networks, the water and sanitation system, food
distribution, the emergency services, the military, and the economy.
Weapons are targetted at these systems, for instance, the RAF and USAF
bombed the "Yugo" car factory in Serbia - an economic and military
target. But, for the first time ever, any individual with the right
skills and knowledge could cause the devastation that millions of 
pounds of weaponry could. Attacking the entire national infrustructure
of a nation could result in economic, social and political catastrophe
that would blight a nation for years to come. In the wrong hands, that
example could be a reality.

Can you imagine just how much damage a group of 20 dedicated hackers
with the necessary equipment could do, especially if they had a team
of researchers on the ground in the country they were attacking and
a reasonable level of resources. The results could be devastating,
maybe even on a par with low-level conventional warfare. The targets,
as I mentioned before, could be:

-* the telecomms network
In a worst case scenario:
This would result in inability to communicate and damage businesses.
Emergency calls wouldn't be carried either, meaning that casualties
would die before recieving treatment, buildings would burn down before
the fire brigade arrives, crime would become rampant as the criminals
would know that it would take considerably longer for the police to
arrive. This would also affect "linked-in" alarm systems that are
linked to the emergency services via the telecomms network. It might
also affect military communications in some situations as there are
key points in the networks that travel along civilian segments or
at least via shared sites. Not all countries have dedicated military
links, meaning in some situations it would bring military
telecommunications down too. The police, which are also a paramilitary
organisation, would be affected. As more and more entities are wired
in to the telecommunications systems, the affects would become more
and more severe. For instance, water companies, gas and electricity
suppliers have BT lines going to their works and substations for
monitoring and control.

-* the water, gas and electricity systems
In a worst case scenario:
The lack of running water for a few days or so would result in people
using shop-bought bottled water. Supplies of this _may_ last out to
carry people through any water shortages. Toilets would be unable to
flush, meaning that poor sanitation may result in a few minor cases
of disease. People would also be unable to wash, this could also
result in more people falling ill due to the poor hygine. The main
effect would be to annoy ordinary people in the country, perhaps even
enough to start demonstrating, if they could be convinced it is the
fault of the government. The water system is only likely to stay
offline for a couple of days at the most, to allow for technicians
to fix the systems. Attacks on the gas systems would have different
results depending on the climate of the country, for instance,
attacking the gas supply network of Egypt would have less of an effect
than attacking the gas supply network of Iceland, demand is higher
in Iceland for heating than in Egypt - common sense. This would again
have a similar effect to the water attack, general annoyance, although
maybe to less of an extent. 

Bringing down the entire electricity grid of a country for even a
short period of time could cause mayhem. Computers need electricity,
and computers are responsible for undertaking the practical tasks of
running the machines, networks, administration, accounts etc etc
of most countries. The critical systems have backup batteries or
generators, but how often are these checked to make sure they work?
And how long does it take for them to kick-in? Perhaps some can even
be turned off remotely. Let's not forget that even the biggest of
organisations isn't immune to simple failure of backup procedures,
a power cut in Cambridge left BT customers without telephone service
for a few hours due to failure of backup batteries and generators.
The damage to businesses could also be immense. Businesses make the
economy what it is, and outages of a large scale could affect the
economy quite heavily. It's also worth considering how long it would
take for the engineers to get the grid back and up and running, hours?
days? It depends on how the "attack" was done, a simple hack? a system
crash? Some large systems take up to a few hours to reset, a total
outage of power for even a few hours could bring a country to a
standstill. This would result in loss of profits for businesses, loss
of data, reduced services, general anger (i.e protests), lowering of
morale, and reduced productivity. This would be the most devastating
of all the infrustructure attacks.

-* direct attacks on the pillars of the economy

The system that supplies the City of London share dealers with share
price information crashed this week. As a result, traders were left
staring at their screens in bewilderment. Thankfully, it was up and
running by about 4pm, but imagine if it remained down for days?
Imagine if no trading was done for days on the London stock exchange..
Imagine the economic implications of this. Who's to say similar
situations couldn't be brought about deliberately? 

In the right hands, "info warfare" could be a valuable vehicle for
change and improvement. The threat of it may work in producing the
necessary effect, if the target can be convinced of the implications
which are as yet unproven. Attacking a key system could be used to
demonstrate the potential. It's important to keep in mind that if this
is ever used, it should be used for the benefit of mankind in general.
To those who claim no war is necessary, you need only look to the 
Second World War where millions of Jews were killed by the Nazi regime
but millions were also saved through the efforts of the allies. In an
ideal world, a world without the Illuminati, wars would not be 
required, but seeing as they seem to set the rules at this moment we
just have to do what we can to manipulate things by the rules that are
set by them. In other words, war is the vehicle of change despite its
ills, so if we want to change the world for the better, that's the way
we'll have to do it. Let's face it, we can't overthrow corrupt
governments by talking to them. 

The US has a policy of defining certain nations which do not do
everything the US wants them to do, they call these nations "Rogue
States". I think that perhaps we should use this term more carefully,
and in a way closer to its meaning. A rogue state is just that, a
country which is failing its people, is despotic, cruel, innept or
is threatening other peaceful nations with war, without appropriate
cause. In this sense of the word, I condsider the US to be a rogue
state, but I dislike the term because it insinuates that the _people_
of the US are also to blame and that is wrong. A more appropriate word
would be rogue government. We have to exercise some restraint with
applying this term because most countries apply to it in some way or
another. The US is certainly a rogue government, it has imprisoned 
people without trial while it decides what to charge them with, it is
responsible for the murder of its own citizens, it regularly lies to
it's people and in every presidential election since 1789, the
candidate with the most royal genes has won - they elect not on policy
but on bloodline.

On the subject of rogue governments, the UK government may be
considered that too. In fact, because of the world we live in, most
governments are that way, simply because they are only there because
of the way the world works. We live in a corrupt world. But one thing
that can be said is that at least the US, UK and others aren't abusing
human rights on a large scale as with some other countries.

As I said before, the rules of engagement are there despite the fact
that they may be unfair. The truth of the matter is there are 
governments that are innept, corrupt, or inhumane on a large scale.
The situation is hackers have skills that could be used to assist 
people looking to overthrow these governments. Unfortunately, not
everything is as it seems, "don't believe the newspapers" is a wise
statement. But in some cases, "info-war" could help speed-up the 
removal of corrupt governments, and we may see this one day.

It's quite possible, that some day, hackers, not soldiers, will
be the freedom fighters. Let's not forget that knowledge is power,
and the greatest weapon may not be fighting "enemies" but informing
them.



























