

				   Freedom

				   ~~~~~~~


		      Freedom Issue 1, December 24, 1992

				   File 1/7

 


				 Introduction

				 ~~~~~~~~~~~~


Well after a bunch of delays, it's finally here... just in time for christmas.


Merry Christmas everyone..


Welcome  to  Freedom  Issue 1. First  let me  begin by explaining  what 

Freedom is. Freedom is an electronic newsletter devoted to the freedom of 

information, we, like many other electronic newsletters, believe that the 

people have the right to know everything, and mostly things that they 

shouldn't (all legal of course). Since we are just starting out, this issue 

will be fairly small but hopefully in the future as our reader population 

grows so will our issues. Freedom is basically a reader supported newsletter.

I will be writing articles as often as I can, whenever I find something 

interesting, but I also ask that if you have an article or an idea which 

would suit the magazine to please contact us. Anything of interest relating 

to the computer underground, hacking, phreaking, anarchy, and other issues 

would be welcomed. Material may be taken from this magazine as long as the 

source, and author are mentioned, and the article remains unchanged.


				 Reaching Us

				 ~~~~~~~~~~~


If you would like to submit an article, or just drop us a note, you can either

call up our support board (204.669.7983). There is a new user password, to get

on the system, login to the public USENet system first (waffle), and leave me

mail asking for it. I'm in the process of hooking up UUCP feeds to the system, 

so in the next issue i'll include the address.


Thanks to ElZorro for proof reading and editing this entire issue.


				 till next time....

						       ICEMAN


Index

~~~~~

I.   Introduction and Index by ICEMAN.

II.  How to lock up TAG 2.6 boards by Thunder/ICEMAN.

III. IBM's Voice Mail System by ICEMAN.

IV.  Air Frequency's For Manitoba by Thunder.

V.   How to make crystalline methylamphetamine (ICE) by Vox Populii.

VI.  How to make a miniature pipe bomb by Lazarus Long.

VII. Hackers in Winnipeg? by ICEMAN.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


		      Freedom Issue 1, December 24, 1992

				   File 2/7


			 How to lock up TAG 2.6 boards

			      by Thunder/ICEMAN



	This was discovered by a friend of mine (Thunder) so I don't take

credit for finding this but since he didn't want to write up the article I

decided to since it was an interesting bug.


	This is extremely simple so if you don't understand this you will need

help. Basically, what you have to do is write a message containing the 

required character sequence and then quote it. Now, if you want to write a 

public message or a private message to yourself is completely up to you

but post a message. The first step is to write the message. What you have to 

do is hold down the up/down/left/right key (pick one of them) enough times to

enter at least 85 or more escape sequences (considering of course your using

a terminal program that supports arrow key ANSI movements). Don't bother 

counting them, if you hold your arrow key down for at least 15 seconds

thats more than enough. We haven't bothered to test this with any other 

escape sequences but the arrow keys work nicely. This will fill the message 

with the chosen ANSI sequence. Hit enter after doing this for about 15 

seconds and save your message. Now all you have to do is read the message

you just wrote, reply to it, and when you attempt to quote it, it will lock 

up the system instantly. Pretty simple actually..


	We predict that the reason this locks up the system has something to

do with the 255 character string constant. Since each ANSI sequence (for the

arrow keys) is 3 characters, 3*85=255.


ICEMAN


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


		      Freedom Issue 1, December 24, 1992

				   File 3/7


			   IBM's Voice Mail System

				  By ICEMAN



				  Disclaimer

				  ~~~~~~~~~~


As the author of this article, I am not responsible for any actions that may

result from the information in this article. This file is for informational

and educational purposes only, detailing the features of this particular

VMB system. None of this information should not be used without the permission

of the authorized people in charge.



				 Introduction

				 ~~~~~~~~~~~~


I haven't encountered a VMB system such as the one IBM is using in our area

yet, so i've decided to write an article on it. The specific system in this

case is only a local system, and I'm not at all sure if IBM is using it on

any 1-800's that they run. I have heard something about ROLM in the past while

but I haven't been able to get any info on it in time for this issue... maybe

there'll be a part ][ in the next one.


				  

				  First steps

				  ~~~~~~~~~~~


Once you have called up the IBM VMB system, a high quality voice will answer

and give you the following options:


o Press 1 if you are using a touchtone phone

o Hold the line if you are using a rotary dial phone


Note that you want to select 1. If you are using a rotary dial phone, get a

touch tone phone. If you hold the line you will be connected to a live

operator, and this defeats the purpose.


Next you will be presented with the following options:


o Press 1 if you know the name of the person you are trying to call

o Press 2 if you want to make a service call

o Press 3 if you would like information on IBM's products or services

o Press 4 if you want to leave a comment about the automated phone system


Now you want to pick option 1, since the whole purpose of your call is to get

into the actual Voice Mail section.



			       Finding Valid VMB's

			       ~~~~~~~~~~~~~~~~~~~


After choosing 1, you are prompted to enter the persons name of who you want

to reach. You enter the name by using your touch-tone keypad corresponding to

the first 3 letters of the persons last name. If you want to reach someone 

with a last name of Doe, you would enter 363 (DOE). Since the letters Q and Z 

don't appear on standard keypads, use the 7 key for Q and the 9 key for Z.


It will probably be difficult to actually find a valid mail-box, so it may

help by actually calling up the local IBM service department and using some

social engineering skills to get some of the employee names out of the 

operator. Or you could go as far as dumpster diving, but this is probably 

far too much trouble to get a person's name.


After finding 1 valid Mailbox it is easier to scan for others as well. When

the voice asks you to enter the mailbox number, after 2 invalid attempts,

enter one the valid ones which you have found. This will prevent the system

from hanging up on you and you can keep on scanning from there.


Once you have entered a valid name, the system will say something like this: 

'You dialed ', then an actual recording of the persons voice will be 

played, saying his own name, so the result will be 'You have reached John 

Doe'. It sounds a little silly mind you, but at least you've found a valid

Mailbox. It will then ask you if this is correct.


o Press # if it is the correct person.

o Press * if it is incorrect.



			     After You've Found One

			     ~~~~~~~~~~~~~~~~~~~


Now the persons greeting will play, and you will be prompted to enter a

message for them. During the greeting, or during message entry if you press

the 0 key, you will be presented with the following options:


o Press # if you would like to talk to someone taking calls for John Doe

o Press 0 to talk to an operator

o Press * to enter another persons name (VMB)

o Or enter an extension number, to transfer to another extension.


You probably won't need to use any of these functions, so just continue

listening to the greeting. Now it's time to try and get into it by hacking

out the persons personal password. To do this you must first enter a message

to the person, enter a completely blank message, unless you want to harrass

an IBM employee or something (not suggested since you dont want to leave

traces of your visit and this would be very unethical). Once the time has

elapsed, you will be presented with the following options:


o Press 7 then 3 to replay the message

o Press 1 to re-record the message

o Press # to accept and save the message

o Press 6 to erase the message

o Press 7 to disconnect


You now want to delete the message since you don't want to leave any traces 

whatsoever of your visit. When selecting 6 you'll be presented with:


o Press # to continue deletion

o Press 1 to re-record the message


Select # to delete the message and proceed. You will then be presented with

the following options:


o Press 0 to transfer to another extension

o Press # to access the phone mail features


Now we want to access the phone mail features so press #. You will now once

again be prompted to enter an extension or name, once again enter the same

name that you are currently hacking. You now have the following options:


o Press * if this is the incorrect person (Obviously not)

o Enter the password for this Mailbox, then press #


Ah-Hah. We have finally reached the password entry prompt. You now have your

chance to try to enter the correct password try every combination of the VMB

number that you can think of or any other information about the employee that

could be relevant.


These systems are incredibly secure (This is IBM we're dealing with here), and

after 3 invalid password entries, you will be unable to get to the password

entry prompt again. This is a major drawback and will deter all but the 

patient, determined individual. You must wait for the person who owns the

mailbox to talk to the system administrator to 'unlock' the mailbox and then try 

again the next day. The person will probably become extremely paranoid due to

people trying to hack into their mailbox every day, and change their password

often. I'm currently not sure of the length of the password since you are 

able to enter as many digits as you like before pressing the pound key.


The fact that you are only allowed 3 attempts to enter the correct password

seems quite stupid in my opinion since even though you are locked out from

attempting to access the VMB so is the owner of the mailbox. This means that

the owner is unable to read their mail or do anything about it. This could 

become very annoying to them if done repeatedly and would be one way to 

really get on their nerves. There's no telling what IBM can or will do. This

is wasting their time, they could go as far as installing traces since 

this is probably considered mischief. So it may be a good idea to do it from 

a payphone, if you must.



				    Summary

				    ~~~~~~~


Here is a simplified rundown of what to do:


o Call the VMB system

o Press 1 since you have a touch-tone phone

o Press 1 to enter a persons VMB number

o Press # if it's the correct person

o Wait for the greeting to finish, and enter the blank message

o Press 6 to erase the message

o Press # to verify deletion

o Press # to access phone mail features

o Enter the Mailbox number again

o Enter the password then # to complete


After this you are on your own. We have been unable to enter ANY boxes to

date due to the tight security involved.


If you are able to actually get into one of these mailboxes please let us

know or write up a text file explaining the options availible from within.

Considering the options availible on other similar systems, these could range

from Forwarding Messages, Mass Messages, Creating Guest Accounts, Placing

outgoing calls (an outdial), Listening to your Messages (obviously), 

Programming Mailboxes to Call certain phone numbers, and play certain 

messages at specified times, plus may other possible features.


ICEMAN


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


		       Freedom Issue 1, December 24, 1992

				   File 4/7


			  DOC Frequencies for Manitoba

				  by Thunder

			 


What follows are various frequencies for the province of Manitoba, most of

them can be received with a scanner, depending on the quality. Having these

frequencies is by no means illegal, but it is considered illegal to listen

to them.



Freq(khz)  Name                                Area            Service

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

46.610     MTS Cordless Phones                 Provincial      Phones

46.970     MTS Cordless Phones                 Provincial      Phones

118.000    Air Centre                          Provincial      Aircraft

118.300    Tower                               Provincial      Aircraft

119.000    Radar                               Provincial      Aircraft

119.500    Arrival                             Provincial      Aircraft

119.900    Departure                           Provincial      Aircraft

121.000    VFR Advisory                        Provincial      Aircraft

121.300    Clearance                           Provincial      Aircraft

121.500    Emergency                           Provincial      Aircraft

121.900    Ground                              Provincial      Aircraft

122.400    Weather - Aircraft                  Provincial      Aircraft

122.800    Unicom                              Provincial      Aircraft

123.000    Unicom                              Provincial      Aircraft

123.500    Unicom                              Provincial      Aircraft

124.300    Pagers                              Provincial      Aircraft

131.775    Air Canada Dispatch                 Winnipeg        Aircraft

131.950    Perimeter Aviation Dispatch         St. Andrews     Aircraft

142.750    Mobile Phone YR                     Provincial      Aircraft

143.415    Bison Electronics Repeater          Provincial      Business

148.685    Emergency Measures Org.             Winnipeg        Emergency

150.605    United Towing                       Winnipeg        Towing

151.025    Unicity Taxi                        Winnipeg        Taxi

151.145    Selkirk Works & Operations          Selkirk         Town

151.325    Selkirk Parks & Recreation          Selkirk         Town

151.350    Stoney Mountain Penitentiary        Stoney Mtn      Police

151.480    Mobile Phone JJ                     Provincial      Phones

152.510    Mobile Phone JL                     Provincial      Phones

152.540    Mobile Phone YL                     Provincial      Phones

152.570    Mobile Phone JP                     Provincial      Phones

152.600    Mobile Phone YP                     Provincial      Phones

152.630    Mobile Phone YJ                     Provincial      Phones

152.660    Mobile Phone YK                     Provincial      Phones

152.690    Mobile Phone JS                     Provincial      Phones

152.720    Mobile Phone YS                     Provincial      Phones

152.780    Mobile Phone JK                     Provincial      Phones

152.810    Mobile Phone JR                     Provincial      Phones

152.840    Mobile Phone JW                     Provincial      Phones

154.980    Winnipeg Transit                    Winnipeg        Bus

155.220    Selkirk Mental Hospital             Selkirk         Crazy

155.310    R.C.M.P. Local                      Selkirk         Police

155.550    R.C.M.P. Channel A                  Provincial      Police

155.580    R.C.M.P. Channel B                  Provincial      Police

155.640    R.C.M.P. Channel D                  Provincial      Police

155.700    R.C.M.P. Channel C                  Provincial      Police

155.760    R.C.M.P. Car to Car                 Provincial      Police

157.530    Unicity Taxi                        Winnipeg        Taxi

157.680    Unicity Taxi                        Winnipeg        Taxi

157.740    Mobile Phone JJ                     Provincial      Phones

157.770    Mobile Phone JL                     Provincial      Phones

157.800    Mobile Phone YL                     Provincial      Phones

157.830    Mobile Phone JP                     Provincial      Phones

157.860    Mobile Phone YP                     Provincial      Phones

157.890    Mobile Phone YL                     Provincial      Phones

157.920    Mobile Phone YK                     Provincial      Phones

157.950    Mobile Phone JS                     Provincial      Phones

157.980    Mobile Phone YS                     Provincial      Phones

158.070    Mobile Phone JR                     Provincial      Phones

158.100    Mobile Phone JW                     Provincial      Phones

158.340    MacArthurs Towing                   Winnipeg        Towing

158.760    Selkirk Ambulance                   Selkirk         Hospital

158.880    Selkirk Volunteer Fire Dept.        Selkirk         Fire

158.925    Provincial Fire Commissioner        Provincial      Fire

159.500    R.C.M.P. East St. Paul              E. St. Paul     Police

159.810    CNR - Symington Yard                Winnipeg        Railway

160.485    CNR - Symington Yard                Winnipeg        Railway

160.905    CNR - Symington Yard                Winnipeg        Railway

161.415    CNR - Police                        Winnipeg        Police

161.870    Unicity Taxi                        Winnipeg        Taxi

162.150    Selkirk Taxi                        Selkirk         Taxi

162.400    USA National Weather Service        Fargo ND        Weather

162.550    Canadian Weather Service            Provincial      Weather

163.230    Unicity Taxi                        Winnipeg        Taxi

164.460    South End Towing                    Winnipeg        Towing

165.990    Manitoba Motor League Towing        Provincial      Towing

168.990    Brandon Jail                        Brandon         Police

236.000    ATC Winnipeg Tower                  Winnipeg        Aircraft

243.000    ATC Country Emergency               Provincial      Aircraft

275.800    ATC Winnipeg Ground                 Winnipeg        Aircraft

282.700    ATC Winnipeg Radar                  Winnipeg        Aircraft

283.500    ATC Winnipeg Clear/Delay            Winnipeg        Aircraft

291.400    ATC Winnipeg                        Winnipeg        Aircraft

294.500    ATC Winnipeg Centre                 Winnipeg        Aircraft

308.800    ATC Pilot to Metro                  Winnipeg        Aircraft

325.900    Winnipeg Tower Radar                Winnipeg        Aircraft

341.300    VFR Advisory Service                Winnipeg        Aircraft

349.600    Winnipeg Centre                     Winnipeg        Aircraft

356.600    Winnipeg Arrival                    Winnipeg        Aircraft

363.800    Winnipeg Departure                  Winnipeg        Aircraft

412.562    Winnipeg Transit                    Winnipeg        Bus

412.637    Winnipeg Transit                    Winnipeg        Bus

412.662    Winnipeg Transit                    Winnipeg        Bus

413.012    Winnipeg Fire Department            Winnipeg        Fire

413.062    R.C.M.P. Airport Security           Winnipeg        Police

413.125    Winnipeg Police District 3,4,5      Winnipeg        Police

413.162    Winnipeg Fire Dept. City Wide       Winnipeg        Fire

418.225    Winnipeg Police District 1,2,6      Winnipeg        Police

418.362    Winnipeg Ambulance Ch 2             Winnipeg        Ambulance

418.412    Winnipeg Fire Department Ch 3       Winnipeg        Fire

418.575    Winnipeg Police - Vice              Winnipeg        Police

418.587    Winnipeg Ambulance Ch 4             Winnipeg        Ambulance

418.625    Winnipeg Fire Department Ch 4       Winnipeg        Fire

418.650    Winnipeg Police - Detective Uplink  Winnipeg        Police

418.737    Winnipeg Police - Mobile Cell       Winnipeg        Police

418.787    Winnipeg Police - Uplink            Winnipeg        Police

418.902    Winnipeg Ambulance - Dispatch       Winnipeg        Ambulance

418.975    Winnipeg Police - Uplink            Winnipeg        Police

420.012    Mobile Phone ACT                    Winnipeg        Phones

420.037    Mobile Phone ACT                    Winnipeg        Phones

451.237    Auto-Route Towing                   Winnipeg        Towing

460.212    R.C.M.P. Winnipeg Airport           Winnipeg        Police

461.787    R.C.M.P. Winnipeg Airport           Winnipeg        Police

464.762    Buchanan Towing                     Winnipeg        Towing

800.000+   MTS Cellular Phones                 Provincial      Phones

			   

Thunder


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

		       

		       Freedom Issue 1, December 24, 1992

				   File 5/7


		How to make crystalline methylamphetamine (ICE)

				by Vox Populii

				  

				  

				  Disclaimer

				  ~~~~~~~~~~


  I'm a firm believer in the concept of evolution and natural selection; 

basically, the strong survive and the weak get shit upon. I also believe 

that reality tends to punish those who are stupid. If you DON'T thoroughly 

understand working with ALL of these concepts, please don't try this...well, 

if you kill yourself, the IQ of the average human being will be that much

greater.


				  Forward We Go

				  ~~~~~~~~~~~~~


Materials: 95-100% ethanol, Sodium Borohydride, 250 ml round bottom glass 

flask, reflux condenser, rubber tubing, Sudafed nasal decongestant capsules

( VERY IMPORTANT ), glass extraction funnel, 1 molar Sodium Hydroxide, 

anhydrous Sodium Sulfate, diethyl ether, Safety goggles(!!!!), Safety shield

( plexiglass...1-2" thick ), Safety apron and gloves. It's also advisable to 

have a dry chemical fire extinguisher available at all times. Blue and red 

litmus paper, and about a litre of saturated salt solution (1 gram per 23 

mls).


Where do I get all this shit? Steal it from your high school, or buy it at a

laboratory supply house (none of these materials are prohibited or restricted

in any way!)


Why make this stuff?: Because it's an illegal drug. You can get really wacked 

on the stuff if you're stupid enough to use it. It's probably quite fun if 

you're into death and that kinda shit.


Theory: You will perform a catalytic dehydrogenolysis on pseudoephedrine, 

converting it into methylamphetamine (speed, ice, or glass are common names).


	 C-----C

	//     \\

       C         CH2-CHCH3          

	\ _____ /    |

	 C-----C     NH2

	 


Structure of synthesis: This procedure is broken up into two parts; 

1) the production and purification of pseudoephedrine free base.

2) the production and purification of methylamphetamine free base.


  

	The production and purification of pseudoepehdrine free base 

	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Buy sudafed capsules; the more the merrier!

 

Method: Take 10 sudafed capsules apart, and place the little round granules 

into a clean dish. These granules contain the pseudoephedrine hydrochloride 

and inorganic filler. Crush the granules until they are no more than a very 

fine powder. I suggest using the 100 milligram capsules at this point. 

Approximate end yield will be roughly 1 gram of product.


	Place 100 mls of room temperature water into the extraction funnel, 

and CAREFULLY add all of the powdder into the funnel. Place a cap on the 

funnel, invert, and open the stopcock. MAKE SURE YOU ARE WEARING YOUR SAFETY 

GOGGLES AT THIS POINT! Swirl the funnel around to dissolve the material. 

There will be a significant amount of undissolved white powder; do not be

concerned, this is inorganic filler. After 10 mins of shaking, dip a glass 

rod into the liquid and touch the drop on the tip of the stirring rod to a 

piece of moist BLUE litmus paper. The litmus paper should turn red where it 

has been touched. This means that the solution is acidic, and that a 

significant proportion of the pseudoephedrine hydrochloride has in fact 

dissolved in the water. If the litmus paper has turned red, you can go on to 

the next step. If not, repeat he shaking 5 more minutes until the litmus 

paper does turn red. 


Add 50 mls of diethyl ether to the separation funnel. BE VERY CAREFUL AT THIS

STAGE. MAKE SURE YOU ARE WORKING IN A WELL VENTILATED AREA AND PLEASE DON'T 

DO SOMETHING FUCKING STUPID LIKE SMOKE CIGARETTES OR YOU DESERVE WHAT WILL 

HAPPEN! YOU DESERVE TO GET LUNG CANCER OR HAVE YOUR FUCKING FACE BLOWN OFF! 

The diethyl ether is less dense than the water solution and will float on top.

Add 10 mls of the 1 molar sodium hydroxide, cap the funnel, invert and 

IMMEDIATELY release the stopcock to vent off the gas that forms. Point the 

end of the funnel AWAY from your eyes! Periodically swirl and vent the funnel 

to release any gas. When no more gas is given off after venting, draw off a 

little of the liquid from the lower layer into a thimble. Test it with a piece

of moist RED litmus paper. If it stays red, add 10 more mls of the sodium 

hydroxide solution, invert funnel, swirl and vent until no more gas is given 

off. Repeat this UNTIL the red litmus paper turns blue. At this stage, the 

water solution is basic, the pseudoephedrine hydrochloride is in the free base

form, and is located entirely within the diethyl ether layer.


	  Draw off the lower water layer and discard it. Pour off the ether 

layer into a beaker with 10 grams of anhydrous sodium sulfate. The sodium 

sulfate is a drying agent and will remove most of the water that is in the 

ether solution (very little really since ether is non polar and water is very 

polar). Cap the beaker with a piece of saran wrap and let it sit in a well 

ventilated COOL area overnite (not the fridge). Don't smoke within 2 miles of 

this. Ether is FLAMMABLE and forms EXPLOSIVE peroxides which tend to 

spontaneously detonate.


	  Decant off the ether into a dry round bottom flask. Heat this flask

over a pot of very hot water. This will take only a few minutes to evaporate. 

You will be left with a clear syrupy liquid that looks like childrens tylenol 

drops. This is the pure pseudoephedrine free base. If you have a death wish, 

you can try some now (scoop it up with a spoon, a toothpick, etc). Swallow 

it, or put it on a cigarette and smoke it. I don't care. You're stupid if you 

do.


		   

		   Production of methylamphetamine free base

		   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


	  Add the 95% ethanol or everclear drop by drop until the sludge is 

dissolved. It should go into solution very easily. I doubt it if many people 

will be able to get 100% ethanol, but the purer the better, since trace 

amounts of water inhibit the next step in the preparation.


	  Total volume should not exceed 50 mls at this point. You can make 

the solution up to 50 mls if you wish. VERY carefully add 1 gram of sodium 

borohydride to the solution, add the relux condensor to the top of the round 

bottom flask, and start to boil the mixture (eg, on a hot plate...NOT on an 

open flame. The cold water going thru the reflux condensor will keep the 

ethanol from evaporating, yet the high temperature of the reaction vessel will

allow the reaction to go forward as desired. Let this go for about 4 hours. 

Take away from the hot plate and let cool slowly to room temperature. 


	  AFTER the solution has cooled to room temperature, add 50 mls of 

saturated salt solution. At this point, you should see little oil drops 

floating on the surface of the liquid. This is methylamphetamine. Add 50 mls 

of diethyl ether to the COOLED flask( room temperature is ok ). Transfer the 

contents to a separatory funnel, cap, invert, and IMMEDIATELY open the 

stopcock. Some gas will escape. Close the stopcock, gently swirl, and open to 

vent off and gas. Repeat until no more pressure developes after 5-10 seconds 

of gentle agitation.  


	  Draw off the lower layer and set aside for a moment. Drain the upper

ether layer into a beaker containing 10 grams of sodium sulfate. Add the layer

that you had set aside BACK to the separatory funnel, and add another 50 mls 

of ether. Cap, invert, vent, etc until NO more pressure developes. Drain off 

the lower water layer and discard. Drain the ether layer into the beaker with 

the first portion of ether. Cover this with saran wrap and let sit over nite.


	  Decant the ether solution into a clean beaker and gently heat this 

over very hot water. As the ether evaporates( please use good ventilation ), 

you will be left with a beige sludge. This beige sludge is methylamphetamine. 

You can do two things at this stage; i) Prepare 'glass' for smoking or 

freebasing (very fucking stupid), or prepare crystal meth for shooting up 

(very very fucking stupid). 

     

     i) if you want to prepare solid ice, stick the beaker in the freezer, 

       and hope that crystal formation starts. If it doesn't, take 5 or 6 

       chemistry course and you'll learn where you fucked up.


     ii) if you want to prepare `crystal' for shooting up, dissolve the beige 

	ice in about 10 mls of anhydrous (very dry) diethyl ether. Add ethereal

	HCL drop by drop. After each drop, you'll see a little white suspension

	form. This is methylamphetamine hydrochloride. Add ethereal HCL until 

	no more white powder forms. You could then decant off any ether, and 

	let the powder dry on tinfoil or whatever. This should be 90% pure.


Reliabilty of this synthetic method: It works, and in a lab, you can go from 

starting material to finished product in about 8 hours IF you know what 

you're doing (and you probably don't). To the best of my knowledge, this has 

never been published, but the general reaction scheme of catalyic 

hydrogenolysis is well documented. At ALL stages, glassware should be kept 

very dry.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

	 

		       Freedom Issue 1, December 24, 1992

				   File 6/7


		       How to make a Miniature Pipe Bomb

				By Lazarus Long



	This device is not a weapon of terrorism like a genuine pipe bomb.  

It is essentially just a firecracker, a very loud firecracker, that can 

mangle a finger or two if you aren't careful. First, I will advise you to go 

out and buy a pound of Pyrodex. This is a smokeless powder sold at most 

gun/hunting supply stores for roughly $15 (Canadian) per pound.  It is an 

exceptionally versatile explosive as it is less sensitive to friction and 

impact, and it also does not absorb moisture as readily, as other similar

compounds like black powder.  Pyrodex is also exceptionally easy to make into

simple fuses.  A pound will last a long time depending on how you use it.


	What you will need:

	

	o A Papermate Flexgrip pen

	o Pyrodex

	o A couple cotton balls

	o A fuse


	

			   Part 1 - Making Fuses

			   ~~~~~~~~~~~~~~~~~~~~~


	For those of you that don't know how to make fuses out of pyrodex I 

will explain this first.  Mix some pyrodex into a small amount of water until

you have a thin paste, it shouldn't be too thick or too watery.  Take a cotton

ball and stretch it into a long string.  Coat this string with the paste and 

loosely pull it through your fingers to scrape off excess paste (do not 

flatten the fuse).  Place on a cookie pan (use wax paper, or place them on 

the back of the pan), aluminum foil, or other similar surface.  Keep making 

these until you run out of paste, there is no need to let it go to waste.  

Bake in your oven at 250 degrees until the fuse is stiff.  When ready it will 

be both stiff and dry, and have a steel grey appearance.  Try not to bend this 

fuse as areas that incur bends will sometimes fail.

	

	This is the most expedient method I have found and, except for the 

Pyrodex, requires items frequently already in the home.  Using the same 

principles you can also use cotton string, or even toilet paper (toilet paper 

is not recommended).  My last bit of advice: never bake a large amount of 

fuses at once.  Although powders like Pyrodex don't explode unless confined, 

they do burn.  I have never had any problems with the above method, but 

caution should always be used.

	

	

			     Part ][ - The Bomb

			     ~~~~~~~~~~~~~~~~~~


	Now to the mini pipe bomb itself.  The Papermate Flexgrip pen is the 

perfect container for such an explosive.  They are, unfortunately, fairly 

expensive as pens go, so except for one or two experimental bombs you are 

going to want to use them first (fortunately the Flexgrip is also one of the 

best pens out there). The reason it is such a good container is that, like a 

pipe bomb, both ends are screw on, one of which has a hole the perfect size

for a fuse.  The rest of the container has no holes in it, unlike the cheap 

Bic pens.

	

	First take out the ink cartridge, you don't need it anymore. Second, 

unscrew the metal end out of which the writing part formerly jutted.  Insert 

the fuse through the hole starting from the inside and pulling out, remember 

to avoid bending the fuse too much.  Leave enough fuse on the inside to just 

barely reach above the threads on the metal cone.  You should then screw this 

metal end back onto the pen.  Now fill the pen with Pyrodex nearly to the top.  

Tap the pen with your finger to eliminate air pockets.  Fill again if 

necessary.  Finally put some cotton in the top of the pen, and the hollow 

part of the screw on top.  Screw the top back into place.  You now have a 

miniature pipe bomb.  When firing this off you don't want to be nearby, it 

produces a fair amount of shrapnel, and a very loud bang.  Use a long fuse.


	When making this using Pyrodex is advised.  If you choose to use black

powder or match heads (match heads are dumb!) be VERY careful when screwing on 

the top piece that you don't have any powder in the threads.  You should be 

wary of this even when using Pyrodex but it isn't nearly as dangerous.  I've 

made over two dozen of these and had no problems whatsoever, except for the 

occasional failed fuse.  If the fuse fails don't approach the bomb for at

least five to ten minutes.  When you recover it you will have to empty the 

Pyrodex and start over with a new fuse.

	

	This mini pipe bomb with the cap on looks just like a pen without 

alterations and could be rigged into a booby trap if necessary (ie. placing 

the pen cap back on in a way that would light a very short fuse when removed).  

Pen booby traps such as these, although not made in the same fashion, were 

used as antipersonal devices by Germans against the British.  The idea behind

such a booby trap is not usually to kill, but to maim, thus taking the enemy 

personnel out of action and forcing the enemy to expend resources on medical 

care.  To be used for recreational purposes though the fuse should be too 

long to place the cap on properly and therefore doesn't look nearly as 

innocent.


Hopefully this makes it in on time to be a part of the LANDMARK issue one of

Freedom, and furthermore I hope to be a regular contributor.  See you soon...


Lazarus Long (LAZ).

December, 1992.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


		       Freedom Issue 1, December 24, 1992

				   File 7/7

			      

			      Hackers in Winnipeg?

				   by ICEMAN


After hearing about my friend having his computer confiscated for crashing

a board, I was astonished... even more astonishing was what came a few days

later. An article on the FRONT page of our local paper, on his story. A

little extreme in my opinion...


Following is the article which appeared on the front page of the Winnipeg         

Free Press, on November 26, 1992.


- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

	 

	 STAFF THREATENED, FILES RUINED AS TEEN COMPUTER WHIZ STRIKES


				By George Nikides

				 Staff Reporter

     

     A teen hacker uncovered a hole in a downtown software shop's computer 

system and went on a rampage, destroying every file and threatening employees.

     " It's an ego thing. 'Boy look what i've accomplished,' " said Sgt. 

Dennis Loupin of the Winnipeg police fraud unit.

     " He's very, very intelligent. He's got a tremendous future in the

computer world. "

     An 18 year-old, who can't be named because he's charged under the Young

Offender's Act, faces fraud charges.

     Police say a hacker discovered a "hole" - an opening that allows a user

to circumvent a computer system's passwords - in the bulletin board program

at Adventure Software Ltd., a Hargrave Street software shop.

     The computer whiz unlocked the program several times, at one point

destroying every file.


				 Bulletin Board


     The hacking is believed to have been carried out with an IBM-style 

computer from a home.

     Adventure Software offers a computer bulletin board where customers can

communicate, read about news products, or leave messages from their home 

systems.

     The system has about 400 users, police say.

     An Adventure Software employee, who asked not to be identified, said

threatening messages were left in the system, some suggesting that selling

software was immoral. Some messages attacked a store employee.

     The system was out of operation at one point for 3 1/2 weeks, he said.

     But the employee said police are overstating the hacker's skills.

     " It doesn't take a genius to hear about a 'hole' in the program," said

the man.

     The system was infiltrated four to six times, he said.

     " It's not crippling. It's just extremely annoying, " the employee said.

     By breaking into the system the computer bandit found home phone numbers

and addresses, he said.

     Police say they are also investigating the teen in connection with 

break-ins at other systems across North America.


				    Mischief


     " He's now going to have to face the consequences of something he 

thought was just a challenge but it's more than that - it's a crime, " said

Loupin.

     A Victor Street teenager was arrested Tuesday night and charged with

using a computer service to commit mischief, an offence that carries a

maximum 10-year sentence.

     The teen is now 18, but police say he was 17 when the alleged crimes 

occured.


- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -



I decided to ask him a few questions about how he fellt about it, and that's

what follows. He didn't want any of his other aliases mentioned, so we

decided to use one which he uses on private boards.


			 FR=Freedom   BL=Big Leacher


FR: Can you give us a brief rundown of the events that happened on November

    24th 1992?


BL: Oh nothing really, just the police department came down and confiscated

    my system, thats about the only thing that happened. I was also taken

    down for questioning.


FR: Do you feel that the Free Press highly exploited your story?


BL: Yes, they seem to want to sell papers, more than tell the truth. The 

    Winnipeg Sun told a more realistic story.


FR: Can you justify Duncan Falconer's (Adventure Software employee) statement

    that it took them 120 hours to setup their system again?


BL: No, and I don't think Duncan could either, he's bullshitting, and even

    lamers know it couldn't take that long.


FR: What do you expect will come out of this? Do you expect to be charged?

    (Just a note that no charges have yet been laid, only a computer was

     confiscated)


BL: I expect to be charged, but it's no sweat, it was a stupid thing to do.

    Better yet, an even stupider thing to get caught for.


FR: Did you learn anything from this experience?


BL: Not really.. just that the police are good at tracing, and that you should

    allways have a failsafe for the data on your computer.


FR: Will you continue hacking after this is all over?


BL: Hack? Naaaaah.. would never get caught doing something as bad as that

    again. :)


FR: What do you think was meant by the statement saying you were being

    investigated in connection with other break-ins across North America?


BL: I had access to many boards through Internet and other LD places. Also

    I was/am in a group which believes in the freedom of expression, so I

    think they are trying to key me as the leader of this group. I didn't

    hack other systems, just Adventure Software, because I had a score to

    settle with an employee there.


FR: What do you mean when you said you 'had a score to settle'?


BL: The sysop of Adventure Software and I had dealings in the past which 

    cause alot of negativity in my family. I no longer hold a grudge.


FR: Do you feel any sympathy towards Adventure Software?


BL: No.. why? Selling software for the prices they do is wrong, since kids

    use games, they'll get them any way they can. There should be a copying

    fee, and that's all. 


FR: What do you think of the fact that this is our city's first computer crime

    investigation?


BL: It's cool, if I was still a youth, I would love the publicity of this,

    but i've turned 18 after the crime, so I can't state how I 'really' 

    feel. :)


FR: Will you continue to BBS after this is over?


BL: Of course, this is nothing, and I'm both amused and suprised of the

    publicity it has received (i.e. Free Press, Sun, Cud) and possibly

    more as the case goes on.


FR: Is there anything else you want to say to ours readers?


BL: Yeah, hacking a bbs sucks, go for new things, and allways watch your ass.

    Damn I need a modem, anyone wanna donate a C64 compatible one? Get in

    touch with ICEMAN. Anyways i'll be back in a few months. 


Well that's all...


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

		End of Freedom Issue 1 - Freedom, Copyright 1992

