³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÚÄÄ°±²ÛÛÛ²±°Ä°±²ÛÛÛÛÜÄÛ²±°Ä°±²ÛÛÛÛÛ²±°Ä°±²ÛÛÛÛÛÛÛ²±°Ä°±²ÛÛÛ²±°ÄÄ¿ ÚÄÄ°±²ÛÛÛ²±°Ä°±²ÛÛÄÛÛÛÄÛÛ²±°Ä°±²ÛÛÛ²±°Ä°±²ÛÛÛßÄßÛÛÛ²±°Ä°±²ÛÛÛ²±°ÄÄ¿ ÄÄÄ°±²ÛÛÛ²±°Ä°±²ÛÛÛÄÛÛÛÄÛÛÛ²±°Ä°±²Û²±°Ä°±²ÛÛÛÄÄÄÄÄÄÄÄÄÄÄÄ°±²ÛÛÛ²±°ÄÄÄ ÀÄÄ°±²ÛÛÛ²±°Ä°±²ÛÛÄÛÛÛÄÛÛ²±°Ä°±²ÛÛÛ²±°Ä°±²ÛÛÛÜÄÜÛÛÛ²±°Ä°±²ÛÛÛ²±°ÄÄÙ ÀÄÄ°±²ÛÛÛ²±°Ä°±²ÛÄßÛÛÛÛ²±°Ä°±²ÛÛÛÛÛ²±°Ä°±²ÛÛÛÛÛÛÛ²±°Ä°±²ÛÛÛ²±°ÄÄÙ ³ "Know you can't fool, children of the revolution" ³ ÀÅÙ NeuroCactus Bulletin Number Seven ÀÅÙ - BLaDe - FRaCTaL iNSaNiTY - RiPMaX - DaTa KiNG - ³ ³ ³ N ³ E ³ U ³ R ³ O ³ ³ ³ C ³ A ³ C ³ T ³ U ³ S ³ ³ ³ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ [7.1] - Contents and Disclaimer ÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ [7.1] - Contents and Disclaimer ................... Fractal Insanity [7.2] - Neurocactus News .................................... Ripmax [7.3] - VoiceMail, The Next Generation ... Fractal Insanity & Ripmax [7.4] - RIM Remote System ......................... Fractal Insanity [7.5] - Interesting Easycall features ............. Fractal Insanity [7.6] - Optic Surfer - The Truth is in here .............. Data King [7.7] - Optic Surfer - The aftermath ........................ Ripmax [7.8] - EACS Upgrade .............................. Fractal Insanity [7.9] - Phreaking Laws ................................... Data King [7.10] - Greets and Contacting us .................. Neurocactus Team Attached Files ÍÍÍÍÍÍÍÍÍÍÍÍÍÍ [Nc-Index] - Index to first 7 Issues of NC Bulletin .......... Ripmax [TelcoJam] - Mod File with numerous Telecom Samples ........ The Pick Disclaimer: The content of this magazine (NC-007) isfor informational purposes only and the articles described below cannot be condoned by NeuroCactus and NeuroCactus does not partake in any of the succeeding activities. The authors accept no responsibility for loss of friends, loss of freedom or loss of life due to the illegal use of the activities described beyond. We do NOT do ANYTHING ILLEGAL!!! If you think you have malicious intentions towards the law or any other establishment, please do not read this file. This magazine in its electronic form can not be sold without prior permission from the authors. It also may not be spread via any sort of Public Domain, Shareware or CD-ROM package. ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ - [7.2] - NeuroCactus News - [7.2] - - Written by Ripmax - ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ As the sands fall through the hour glass so does issue seven of the Neurocactus magazine. Welcome back to the not so informational light hearted H/P magazine. We apologize for the lateness of this release but with certain legal matters going ahead (Skeeve) and Datakings article we thought we better wait and see what happens. We've plenty of news for this Issue so time to enlighten you. As we have promised, NC-003 we would track down and our search is almost complete. We have managed to contact The Pick who informs us that Scourge sysop of Chiba City has sold his computer but kept his hard drive so there is hope yet. We have also recovered The Picks 'TELCOJAM' mod file. Those of you from a few years back will probably recognise the samples. We have included it in this issue. Around the place we have been reading a few flames at the NC Team for the lack of HOW-TO information in our magazine. Well let us say this, 1. Some of the members of NC have been busted allready and others are probably being watched and to release information that would surely jepordise ourselves is pointless. 2. If we did have such information, surely releasing it in such a electronic medium would only kill it within a few weeks if not sooner How many times have we seen things like the SCENEINFO Line being run for months hassle free and as soon as posted in NC, killed. 3. The purpose of this magazine isnt to pass on information that any person could use, but rather give you ideas on which a person may wish to follow up on for themselfs ie active people. Anyways enough of that. We wont give names as thats childish but Im sure the people in WA know who we are talking about anyways. If you guys are so worried why not make your own magazine? Lets see all of your 'Elite' information. On another note, we are looking to expand the magazine with feedback from users either anonmously (not preferred) or alias's. Flames wont be published but constructive criticism is ok. As you would have seen in the last issue aswell we accept anonymous articles if there good enough. Post a message on any of the boards located in the last article or call DS2 and login as name:NC p/w:NC. Once logged on send all mail via Ripmax only. All three Perth VMB hackers who were busted have finished their cases SIN : 150 Community Service Hours EXCEL : 9 Months Probation UNIQUE-1 : 50 Comminity Service Hours - Childrens Court One Perth guy was also done for AT&T Calling cards so BECAREFUL! Okay thats enough ramblings from me for this issue. ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ - [7.3] - VoiceMail... the Next Generation - [7.3] - - Written by Fractal Insanity and Ripmax - ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ADMIRALS LOG: Stardate 19950807. The coronation service was one week ago and Im now travelling to Starbase 2624 to meet up with the crew of the R2 on some R&R. The R2 is also being put into spacedock for some much needed repairs to the Cabling systems. All systems will be upgraded to fibre optics soon. The new Galaxy class starship LSD is awaiting us for a testrun before we decide on its crew. "Captain FRaC you have the bridge, I'll be in my quaters", commanded Admiral Ripmax. "This is Captain FRaC aboard the LSD requesting clearance", says Captain FRaC. "Confirmed", replied Base Commander Anubis. "Best of luck out there boys, kick some fed butt." A smirk across FRaC's face was the last he saw before the image faded "Ensign Dataking, Plot a course for the Linux Galaxy, 9 Bogomips", commanded FRaC," Engage!" "Now entering sector 1.2.11 Captain", yelled Ensign Dataking. "I bags the first 10 bugs in it...", shouted Officer Blade "Nah they are MINE", exclaimed Captain FRaC, "Engage the ftp exec protocol ensign" "Too late Captain... the system is ummm gone!",sighed Ensign Dataking The crew of the LSD were unaware of optic trashers who had beaten them to the post and had devistated the whole system leaving but a few peices of debree left in the /tmp directory. "Get me a traceroute on the last incoming packets", yelled Captain FRaC frantically. "Engaging Packet sniffer Captain", came a muffled voice from below the console. "Yes i think ive found the source of the destruction, Captain, it appears to be coming from...", said Officer Blade **** ALERT **** ALERT **** Red alert is sounded upon the LSD "What is wrong ensign?", shouted the Captain "Umm we appear to be getting bombarded with incoming packets!!! The contents appear to be... WAREZ!!!", screamed ensign Dataking "Engage the Firewall!" commanded Captain FRac. "Too late sir," replied Officer Blade, "The forward device array is too badly damaged." "Quick plot a course back to starbase 2624 urgently before we sustain any more damage from the warez!", said Captain FRaC. The LSD's maiden voyage was cut short due to the work of a optic pirate and his 'elite' warez, and the ship returns home with the dazed and angered look upon the crew. ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ - [7.4] - RIM Remote System- [7.4] - - Written by Fractal Insanity - ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ This is a preliminary introduction to RIM, a system discovered during a recent trashing run by the perth Neurocactus team. If anyone has any information about RIM, NC would appreciate the help working this system out. RIM appears to be a remotely placeable semi exchange which can offer all the features of the parent (AXE or Sys12). The official Acronym has not yet been discovered but I beleive it to be Remote Internal Multiplexor. The obvious use of the RIM is to provide telephone services remotely without the need for a full exchange ie AXE or SYS12. The RIM unit establishes a connection to the parent exchange in one of three ways. 1.1: Non-Integrated Mode -- Interface to parenting switch (AXE/S12) at VF -- Supports all services currently supported by parenting switch 1.2: Integrated Mode -- Interfaces to parenting switch directly at 2Mbit/s -- Supports a number of services provided they are available at the switch. 1.3: Mixed Mode -- Interface to parenting switch at VF and 2Mbit/s -- Supports all services as per 1.1 and 1.2 The features available at the RIM as a subset of the parent switch are related to the protocol of transmission used. The best protocol and no doubt the most secure is due for use in Dec 1996 which will allow all services including easycall to be available at the RIM end. Here is a field diagram of the COMNET in which the RIM will be connected to access the remote parenting switch. Comnet Workstation ---X28--. SULTAN .- Mediation Device - RIMS \ | / | \ | X25 `-Modem >< Modem - RIMS \ | / Comnet Workstation --LAN--X25---DCN/DDN---------. / | \ \ X25 X28 Backup \ \ / | X25 X28 Backup / | \ \ Comnet Database ----- Network Management Group ` After Hours Centre The reason for COMNET is to be able to access the RIMS units from anywhere on the Digital Communications Network (Austpac) via DDN. As you can see, the RIM units can be either directly connected to the network through a mediation device (protocol translater) or by dial up modem. This leaves open the oppertunity for someone with protocol emulation, to dial into the mediation device and emulating a RIM. The power gained here would be the same as having 'root' on a local exchange... Naturally if you can get yourself onto COMNET from either a workstation on the net or getting in from remote through austpac, you can attempt to hack the RIM unit and of course any of the other things on the COMNET network. Now is the perfect time to start attacking such a system as it is still in testing and i have inches thick of pages of bugs and problems in the system that might be exploited and the system doesnt appear to be anywhere near fully operational untill Dec 1996. The only information gathered so far into the operating system vulribilities are the account groups which will be on the system. NMG,NSS,EMG,COC INSTALLER and MONITOR. The default UserID on the system is STARTUP and is in the INSTALLER group. Although it may be in vein to attack such a default account, you never know it may still be there as the system is still being installed B-) This is all the information im prepared to publish about the system which is apparently 'Telecom Confidential'. If you want any more information please contact Neurocactus directly. ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ - [7.5] - New interesting easycall features - [7.5] - - Written by FRaCTaL iNSaNiTY - ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ For those who are behind the times (and the internal inconfidence paperwork) here are some of the new easycall features which may or may not be available already. Some of these features lead me to beleive that the abilities of the exchanges as far as privacy is concerned is being compromised. Package 3 ~~~~~~~~~ Selective ring: Allows the user to define a CLI scrrening list of full or partial national numbers that will cause a distinctive ring cadance when calls are received from these numbers. Up to 3 selective rind screening lists are provided per line each one generating a seperate distinctive ring. Selective call diversion: Diverts calls selectively based on a CLI screening list. The customer creates, and has control over, the contents of the screening list. Multiple Subscriber number: Allows multiple numbers to terminate on the same device (L12). Calls to each number will generate seperate distinctive ring cadences. Charging applys per number, except for charges related to the physical access. Remote control (RCSS): Allows the customer to control features remotely by calling a given number at the customers home exchange. The customer is guided through the procedure by a series of RVAs. Access is controlled by a password. (ehehehehehehe where there is a password there is a way in) Automatic Callback (CCBS): This feature allows a calling customer encountering busy to have the network notify him/her with a distinctive ring cadence when the called customer becomes free, and automatically connect the call. Up to five callbacks can be queued at any time. Some of the above utilise feature tools. Password control: Allows the customer to change their password Distinctive Dial tone: Provides different dial tones as required by various features. An example is facility tone recieved while call diversion is active. Distinctive ring: Provides different ring cadence depending on the characteristics of the incoming call. Examples are for CCBS recall, the different MSNs or for selective ring according to the screening lists. Screen list editing: Allows the customer to edit and interrogate the screening lists used by various features. ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ - [7.6] - Optic Surfer - The truth is in Here - [7.6] - - Written by Data King - ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ I have noticed that there is a lot of confusion and mis-information on the Ausnet breakin by Optik Surfer. Since I became involved in this saga I have learned quite a bit about it and now is the time to let you, the readers, find out the truth, or as much of the truth as I can tell you safely. This article was written on 18/06/95, and has been updated to be more accurate for the release of NeuroCactus Issue 7. As you are probably aware, Mr. Skeeve Stevens was recently charged with several hacking charges, (and also 1 Kiddie Porn) I make no claims to the validity of information contained in this article, to the best of my knowledge everything is fact, however circumstances prevent me from verifying everything as 100% correct. How it was done ~~~~~~~~~~~~~~~ The following is purely an educated guess on my part, I believe that this is how it was done, but I do not know for certain. Ausnet provide dial in access via a 131 number (131494), or of course you can telnet/rlogin into their terminal server. Ausnet does not allow shell access to their machines, when you telnet to their machines and login you get asked if you want to change you password, and after this you get logged out. I believe that the person who committed the breakin simply gained access to a shell on the machine and then copied the newuser database. Most probably this was done via the "newuser" account and one of the many ways you can execute another shell other than the standard one. Curiosity Value: For a time you could dial into their terminal server and login as "newuser", now from here you were expected to start the registration procedure, however if you decided to do something like: ppp /compressed 38400 default You would start up a ppp session with global access. However they have fixed this since the Optik Surfer episode. So much for Ausnet having the best security of any ISP in Australia! (Their sendmail was also a vulnerable version) This as I said is purely an estimated guess on my behalf, I have not had and probably will never have the opportunity to examine the logs of the machine(s) in question to find out for certain. Who is the Optik Surfer ~~~~~~~~~~~~~~~~~~~~~~~ It is my belief, and after reading this article, probably yours also, that the person who first did this and the Optik Surfer are two different people. The reason I believe this is simply because the person I believe is the Optik Surfer has absolutely no skill when it comes to computer security. Before I come out and say who I believe the Optik Surfer is, I will give you the facts and then you can decide if you agree with my analysis. 1. Several Weeks prior to the Ausnet breakin, Skeeve spent several days here in Melbourne, staying at Monash Uni Halls of Residence with a "friend" (From what I hear she couldn't stand him after she met him in person). 2. Tuesday, 18th April 1995, Approximately 6am, Optik Surfer posted a message with the from address of ernst@world.net (world.net = Ausnet). The contents of this message is fairly well known but for completeness it is included at the end of this article. 2a. This message was addressed to Journalists who have email addresses and also several ISP's. Interestingly enough most of the non-national service providers are sydney based ones. 2b. Several hours before this email was posted, Rewt2 was on the net and was offered 1000+ credit cards that were "virgin" and offered by the person who "hacked them out". Rewt2 was offered these cards in exchange for information pertaining to root level holes on ozemail, he refused the cards for 2 reasons, the first being he didn't trust the source, the second being he had a better use for the hole. The person offering the card details was none other than Skeeve. Skeeve told him he wanted the information so that he could tell ozemail and repair his status with them, they were annoyed with him as he was constantly connected to them and ran up the equivelant of an $18,000 bill on a free account, which he was apparently given after telling them about another security hole on their system. 3. Tuesday, 18th April 1995, 4.30am-6.30am, I was on the net talking to Skeeve. 4. During this conversation Skeeve wished to know how to exit from EMACS. 5. I have yet to check, but I suspect ernst@world.net uses EMACS as his email editor. 6. Wednesday, 19th April 1995, Approximately 5.30pm, The Australian Federal Police raid Skeeve's home and confiscate his equipment. 7. Skeeve refuses to supply the Federal Police with his encryption key for his MAC hard drive, when asked about this Skeeve told me: "There is Kiddie Porn on there.....I was working on an article for the Sydney Morning Herald". 8. Skeeve is a publicity freak, and considering he was telling me before the Ausnet break in occurred that he needed more exposure, I have no doubts as to him being willing to pull a stunt such as this. 9. Skeeve at one stage was telling people that 5 or 6 other people told him that I did it, when questioned about this Skeeve told me "Frank told me that", I had someone I know ask Frank if this was true, Frank said "no". 10. When Skeeve was again confronted about him saying it was me, he started saying that he had heard it was SPiN-DoC had done it (I know Spin fairly well - this is NOT his style). 11. This is unconfirmed, however I believe the source: Whilst Skeeve was in Melbourne, he was using a friends ex-girlfriends account at monash uni for access to the net (Whether she knew or not I don't know). Apparently this person has been speaking to the AFP and will now be appearing in court for them as a witness. 12. There is a video tape floating around of the Ausnet breakin, Optik Surfer mentions it in his email, I have heard from someone who has this tape, and apparently the tape was supplied to them by Skeeve. As you can see I believe that it was Skeeve, however as I said earlier I do not think he did the original hack, I believe someone told him how to do it. Statement ~~~~~~~~~ This statement is addressed to any people in the media who happen to come by this file. I, Data King, on behalf of all Hackers and Phreakers here in Australia say the following: 1. We believe that the Optik Surfer Incident, is not an accurate representation of what we do or our moral and ethical standards. 2. The person calling himself Optik Surfer, should in our opinion get the maximum punishment applicable under Australian Law. As always I am happy to talk to the media on Hacking and Phreaking, I am also prepared to make statements concerning Carding and Credit Cards, provided it is made clear to the readers/viewers that I am talking from a technical viewpoint and not as a representative of people involved in credit card fraud on the internet. Contact Details ~~~~~~~~~~~~~~~ I (Data King) can be contacted at any of the following places: Internet: dking@suburbia.apana.org.au BBS: ReWTed loGik as Data King BBS: Destiny Stone II as Data King Optik Surfer's Email ~~~~~~~~~~~~~~~~~~~~ This is a copy of Optik Surfer's email message, minus the credit card details and edited to fit in 80 columns. Interestingly enough, Skeeve is also known for his bad spelling..... From ernst@world.net Tue Apr 18 06:06:16 1995
Received: from world.net (sydney2.ausnet.net.au [192.190.215.5]) by oznet02.ozemail.com.au (8.6.10/8.6.5) with ESMTP id GAA12354; Tue, 18 Apr 1995 06:06:13 +1000 From: ernst@world.net Received: (from ernst@localhost) by world.net (8.6.8.1/8.6.6) id GAA15253; Tue, 18 Apr 1995 06:04:01 +1000 Date: Tue, 18 Apr 1995 06:04:01 +1000 Message-Id: <199504172004.GAA15253@world.net> To: davidson@ozemail.com.au, dhiggins@ozemail.com.au, jhorey@ozemail.com.au, julierob@ozemail.com.au, postmaster@apana.org.au, postmaster@dialix.com.au, postmaster@geko.com.au, postmaster@magna.com.au, postmaster@mpx.com.au, postmaster@next.com.au, postmaster@onthenet.com.au, postmaster@ozemail.com.au, postmaster@ozonline.com.au, rod@theage.com.au, sstevens@ozemail.com.au, sue@smh.com.au, tgl@ozemail.com.au, tsarno@smh.com.au Subject: ****** URGENT - PLEASE READ ******* Content-Length: 5148 Status: OR The mail you are now reading, is from an account at Ausnet, that has been hacked. This mail contains details of Ausnets lack security, and the way they left the credit card details of all their users, out on the open which anyone could have picked them up. This is the stages of the Ausnet hack. * registered fake account at Ausnet * logged into melbourne.world.net shell server. * sydney2.world.net (main fileserver) was mounted on the melbourne machine for complete access to any user. * the 'newuser' account which was used to register the credit details and make peopels accounts, was wide open. In that directory contained a number of files which contained the credit card details of all 1 thousand or more clients of Ausnet. * this file has been accessed, and distributed by hackers, and CCers all over the world. * in an attempt to alert people to this crime of stupidity by Ausnet I contacted some people I thought may be able to assist in getting it publicized, and Ausnet brought to be responsible for their screw up. I let a journalist film my access into Ausnet and some other sites, to prove it, incase, like many other times, the company has denied it. I will leave it up to the journalist concerned to decide what he will do with that film. * The afternoon of the easter monday, i hacked Ausnets web server, in an attempt to alert their clients myself... it seems thou, they were quick to find and fix the situation. Below is an extract of the Credit card log on Ausnet. The list of credit card deleted. well thats a sample. there is 1 thousand or more details, and almost all of those will be use for carding. Ausnet has a lot to answer for. I cannot be contacted for futher information about this. I hope you will make proper use of this information. If more informatio is needed.. please post a message to the aus.org.efa newgroup with the subject "Help needed" and no body. and if I think it is worth it, I will contact the author. Remeber - Too Many Secrets for the sake of it. You can refer to me as 'Optik Surfer' bye for now. . -==- ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ - [7.7] - Optik Surfer - The aftermath - [7.7] - - Typed by Ripmax - ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ Hacker Charged Over AUSnet credit Breach Taken from West Australian October 17. A television station sponsored an attack on a Sydney Internet service provider last April that nearly sent it out of business, according to representitives of AUSnet computer services. These allegatations were made as federal police computer crime experts arrested and charged a hacker last Thursday who allegedly compromised credit card records at AUSnet computer services. AUSnet's media relations spokesman, Peter Sertori, said the hack undermined the integrity of future development of communications infrastucture in Australia. He would not identify the Television station. "Hacking is not an activity that should be treated lightly (by the courts) - its not a hobby, its a commercial crime", he said. "For a television station to be sponsoring this sort of activity is reprehensible. He claims the attack virtually crippled the provider, with thousands of people cancelling their accounts because of the publicity that surrounded the security breach. It is likely that AUSnet will seek civil compensation from the station in the near future, he said. The attack on AUSnet allegedly cost the company $2 million in lost contracts and forced banks to reissue scores of credit cards whose numbers the hacker claimed to have published on the Internet. Officers from the AFP's computer crime unit charged the 23-year-old self proclaimed Internet consultant with a dozen offences at Sydney Police Centre including six counts of unlawful access to data in a computer and a count of possesing child pornography, a federal police spokesman said. He was released on bail and is due to appear at ST James local court on October 30. The charges followed a six month investigation. A hacker known as the Optik Surfer gained access to AUSnet world wide web server in mid April,cracked the password of a system operator and stole up to 1400 credit card numbers. Optik Surfer then copied AUSnet subscriber information, including credit card details, and claimed to have distributed it on the Internet. Mr Sertori said AUSnet shared the some of the blame for the incursion as technicians had copied files between the company's Sydney and Melbourne offices. The hacker's message "Remember too many secrets" appeared on the AUSnets home page. The quote comes from the 1993 hacker cult movie Sneakers starring Robert Redford. Electronic graffiti left by the Hacker first drew attention to the secuirty breach on the AUSnet site. "Did you know that AUSnet clients credit card details are all sitting readable on their system?!?!?!, " the message read, " We have the credit card numbers, and it has allready been distributed to many other hackers and carders around the world." Police inquiries are continuing and further charges are expected. ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ - [7.8] - EACS Upgrade - [7.8] - - Written by Fractal Insanity - ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ Here is some information which some members of the scene may find useful and worrying. This source of this information remains classified to NC. Subject: Electronic Access Control System (E.A.C.S) Conversion of Exchnage access from Abbloy keys to E.A.C.S is under- way with front door access to Exchanges now being by E.A.C.S card (and phone) and rear door access by card only. By the end of today Mullaloo will only have access by card and phone. At the end of the Total conversion all phones will have been removed and a sign left to contact hamersley for entry. If you dont have a card or mobile you wont get in. AFM's and the Fire brigade will key access for emergencies. --------------------------------------------------------------------- For those of you who dont understand the above, Telstra is worried about people wandering around inside their exchanges at night (heheh) and is upgrading the already high security abbloy locks with swipe magnetic card locks and also the user must use his/her mobile phone to call inside to gain access... It now looks like the rear door will be the only entry point assuming the EACS can be broken (of course it can). Although this bulletin only mentions two exchanges, it is most likely that all the metro exchanges will be getting this upgrade. This information made me wonder after I thought of some mates in melbourne who used to go into exchanges at night and whoomp them B-) ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ - [7.9] - Phreaking Laws - [7.9] - - Written by DataKing - ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ PART VIIB - OFFENCES RELATING TO TELECOMMUNICATIONS SERVICES Interpretation - definitions ---------------------------- 85ZB. In this Part, unless the contrary intention appears: "carrier" means" (a) a general carrier; or (b) a mobile carrier; or (c) a person who supplies eligible services under a class licence issued under section 209 of the Telecommunications Act 1991; "communication" does not include a communication solely by means of radio communication; "communication in the course of telecommunications carriage" means a communication that is being carried by a carrier, and includes a communication that has been collected or received by a carrier for carriage by the carrier, but has not been delivered by the carrier; "telecommunications network" means a system, or a series of systems, for carrying communications by means of guided or unguided electromagnetic energy or both; "telecommunications service" means a service for carrying telecommunications by means of guided or unguided electromagnetic energy or both. Interpretation - person acting for a general or mobile carrier -------------------------------------------------------------- 85ZBA. For the purposes of this Part, a person who does any thing for or on behalf of a person who is, or persons at least one of whom is, a general carrier or a mobile carrier, is, in respect of: (a) the doing by that person of that thing; or (b) any rental, fee or charge payable for or in relation to the doing by that person of that thing; or (c) the operation by that person of a facility in connection with the doing of that thing; or (d) a facility belonging to that person; or (e) the operation by that person of a satellite; taken to be a carrier. Interpretation - expressions used in Telecommunications Act ----------------------------------------------------------- 85ZC. Unless the contrary intention appears, expressions used in this Part, and in the Telecommunications Act 1991, have the same respective meanings as in that Act. Wrongful delivery of communications ----------------------------------- 85ZD. A person shall not knowingly or recklessly cause a communication in the course of telecommunications carriage to be received by a person or telecommunications service other than the person or service to whom it is directed. PENALTY: Imprisonment for 1 year. Improper use of telecommunications services ------------------------------------------- 85ZE. A person shall not knowingly or recklessly: (a) use a telecommunications service supplied by a carrier to menace or harass another person; or (b) use a telecommunications service supplied by a carrier in such a way as would be regarded by reasonable persons as being, in all the circumstances, offensive. PENALTY: Imprisonment for 1 year. Defrauding a carrier -------------------- 85ZF. A person shall not, by means of an apparatus or device or otherwise: (a) defraud a carrier of any rental, fee or charge properly payable for or in relation to a telecommunications service supplied by the carrier; or (b) knowingly or recklessly cause a carrier to supply a telecommunications service to another person without payment by that other person of the proper rental, fee or charge. PENALTY: Imprisonment for 5 years. Interference with telecommunications services --------------------------------------------- 85ZG. (1) A person shall not knowingly or recklessly manipulate, or tamper or interfere with, any facility operated by a carrier in such a way as to hinder the normal operation of a telecommunications service supplied by the carrier. (2) A person shall not knowingly or recklessly use or operate any apparatus or device (whether or not it is comprised in, connected to or used in connection with a telecommunications network) in such a way as to hinder the normal operation of a telecommunications service supplied by a carrier. PENALTY: Imprisonment for 2 years. Sending signals to satellite ---------------------------- 85ZH. A person shall not, without lawful authority or excuse, knowingly or recklessly transmit a signal to a satellite operated by a carrier. PENALTY: 120 penalty units. Interference with carrier facilities ------------------------------------ 85ZJ. A person shall not knowingly or recklessly tamper or interfere with a facility belonging to a carrier. PENALTY: Imprisonment for 1 year. Equipment used for unlawful purposes etc. ----------------------------------------- 85ZK. (1) A person shall not: (a) connect equipment to a telecommunications network with the intention of using it in, or in relation to, the commission of an offence against a law of the Commonwealth or of a State or Territory; or (b) use equipment connected to a telecommunications network in, or relation to, the commission of such an offence. PENALTY: Imprisonment for 5 years. (2) Subsection (1) does not apply in relation to equipment if the connection by a person of the equipment to a telecommunications network would not be in contravention of section 263 of the Telecommunications Act 1991. Unauthorised Call - switching devices prohibited ------------------------------------------------ 85ZKA. <1> A person shall not: (a) manufacture; (b) advertise, display or offer for sale; (c) sell; or (d) use, operate or possess; equipment that the person knows is equipment of a kind that, when connected to a telecommunications network operated by a carrier, enables 2 persons each of whom, by means of different telecommunications services each of which is supplied by a carrier, calls that equipment (whether or not either of the persons is aware that the call the person is making a call to such equipment), to send communications to, and receive communications from, each other, over that network during those calls. PENALTY: Imprisonment for 5 years. <2> Subsection <1> does not apply to equipment: (a) if the connection of the equipment to a telecommunications network by a person would not be in contravention of section 253 of the Telecommunications Act 1991; or (b) if the equipment is used, or intended for use, by a carrier in connection with a telecommunications service or the operation or maintenance of a telecommunications network. <3> For the purposes of establishing a contraventions of subsection (1), if, having regard to: (a) a person's abilities, experience, qualifications and other attributes; and (b) all the circumstances surrounding the alleged contravention of that subsection; The person ought reasonably to have known that equipment is equipment of the of the kind referred to in that subsection, the person shall be taken to have known that the equipment is equipment of that kind. Interception devices prohibited ------------------------------- 85ZKB. <1> A person shall not: (a) manufacture; (b) advertise, display or offer for sale; (c) sell; or (d) possess: an apparatus or device (whether in an assembled or unassembled form) that the person knows is an apparatus or device of a kind that is capable of being used to enable a person to intercept a communication in contravention of subsection 7(1) of the Telecommunications (Interception) Act 1979. PENALTY: Imprisonment for 5 years. <2> Subsection (1) does not apply: (a) to an apparatus or device unless the apparatus or device could reasonably be regarded as having been designed for the purpose, or for purposes including the purpose, of using it in connection with an act that, if not done in any of the circumstances referred to in subsection 7(2) of the Telecommunications (Interception) Act 1979, would contravene subsection 7(1) of that Act; (b) to the possession of an apparatus or device by a person in the course of the person's duties relating to interception of communications passing over a telecommunications system (being a telecommunications system within the meaning of the Telecommunications (Interception) Act 1979), that is interception of communications otherwise than in contravention of subsection 7(1) of that Act; or (c) to the: (i) manufacture; (ii) advertising, displaying or offering for sale; (iii) sale; or (iv) possession; of an apparatus or device of the kind referred to in subsection (1) of this section in circumstances specified in regulations made for the purposes of this subsection. <3> For the purposes of establishing a contravention of subsection (1), if, having regard to: (a) a person's abilities, experience, qualifications and other attributes: and (b) all the circumstances surrounding the alleged contravention of this subsection; the person ought reasonably to have known that an apparatus or device is an apparatus or device of a kind referred to in that subsection, the person shall be taken to have known that the apparatus or device is an apparatus or device of that kind. ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ - [7.10] - Greets and Contacting us - [7.10] - ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ If you would like to contact us call any of the following places : Bulletins Boards ---------------- Destiny Stone II (+61-9) -=- The Temple (+61-8) Euthanasia (+61-7) WWW Homepages ------------- Neurocactus Homepage - http://psinet.net.au/~ripmax Andrews Funnel Web - http://suburbia.suburbia.net/~dking IRC --- #hpaus or #aussies Our Special Regards go out to (In Alphabetical Order) Anubis : Get on the Net more. Anthrax : Good luck with the rest of your case. Cairo : Vanished without Trace Captain Crunch : Your still wierd B-) Enigma : Your the biggest warez lamer Freestyle : See you on the Net again soon! Hook : Mud JUNKY! Jesta : Join the MUD! :) Metabolis : Thanx for the greets in the VLAD Proff : Any year now you may be finished. Slash : Collosus Video is AWESOME. Xstatic : Party Hard! All MUD Junkys : See you in RITUAL SACRIFICE! ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ ÀÅÙ