==Phrack Inc.== Volume Four, Issue Forty-One, File 1 of 13 Issue 41 Index ___________________ P H R A C K 4 1 December 31, 1992 ___________________ ~ We've Had A Rest, We're Still The Best ~ You've been waiting for this for a while and it's finally here. A lot has happened since the last issue. I guess I should start off with the most important thing as far as the administration of Phrack is concerned: Phrack 41 is the last issue for which I will serve as editor. Why? Well for one, I was in a motorcycle wreck about a month ago and lost the use of my right arm for a while and, due to the related financial difficulties, I was forced to sell my computers and some other stuff. Secondly, due to my lack of being a rich boy and having access to a nice machine, I found it necessary to allow others to help me in putting out the past several issues and that has resulted in some things being released that I really wasn't happy with. However, don't get me wrong. I'm not gonna sit here and dis my friends just because we differ in opinion about some things. I think that the overall quality of the issues has been pretty good and anyone who says it's not can basically suck my dick, because I don't give a fuck about your opinion anyway. Thirdly, and the most important reason why I am resigning as editor of Phrack, is a general lack of desire on my part. I mean the whole reason I even got involved with doing this was because of hacking -- partly for curiosity and partly for being able to thumb my nose at the powers that be and other intellectual types that say, "You can't do/learn about that because we don't think blah blah blah." Like I'm supposed to give a fuck what anyone else thinks. The type of public service that I think hackers provide is not showing security holes to whomever has denied their existence, but to merely embarrass the hell out of those so-called computer security experts and other purveyors of snake oil. This is a service that is truly unappreciated and is what keeps me motivated. ANYWAY...if you wanna hear me rant some more, maybe I'll get to do my own Eleeeeet3 Pro-Phile in the future. Heh! But really, since my acquisition of Phrack, my play time has been hampered and consequently, I have started to become bored with it. It was great to meet a lot of cool people and I learned some things. It's now time for me to go back to doing what I like best. For anyone who's interested in corresponding, I'm focusing my time on radio communications, HAM radio, scanning, and cellular telephones. If you are interested in talking about these things to me or whatever, feel free to write me at dispater@stormking.com. Aside from all that, I feel that Phrack can be better. That's why issue 42 will have a new editor and administrative staff. I'm not saying who, but you may be surprised. NO, it's not KL or TK either. And with that, I'm saying adios and, as Adam Grant said, "Don't get caught." Now onto the issue: In this issue's Loopback, Phrack responds to the numerous letters it has received over the past several months, including the return of Shit Kickin' Jim and a message from Rop, editor of Hack-Tic. The Racketeer (Rack of The Hellfire Club) continues his Network Miscellany column with plenty of new information about fake mail. Phrack Pro-Phile focuses on one of the hacking community's most mysterious figures: Supernigger. SN was somewhat involved with the infamous DPAK and has some words of wisdom to the eleets and other folks who enjoy boasting about their number of years in "the hacker scene." DISPATER, Phrack Editor Editor-In-Chief : Dispater Eleet Founders : Taran King and Knight Lightning Technical Consultant : Mind Mage Network Miscellany : The Racketeer [HFC] News : Datastream Cowboy Make-up : Hair Club for Men Photography : Restricted Data Transmissions Publicity : AT&T, BellSouth, and the United States Secret Service Creative Stimulus : Camel Cool, Jolt Cola, and Taco Bell Other Helpers : Scott Simpson, Zibby, The Weazel, The Fed, El1teZ Everywhere. "For the record, we're hackers who believe information should be free. All information. The world is full of phunky electronic gadgets and networks and we want to share our information with the hacker community." -- Restricted Data Transmissions "They are satisfying their own appetite to know something that is not theirs to know." -- Assistant District Attorney, Don Ingraham "The notion that how things work is a big secret is simply wrong." -- Hacking/Cracking conference on The WELL -= Phrack 41 =- Table Of Contents ~~~~~~~~~~~~~~~~~ 1. Introduction by Dispater 07K 2. Phrack Loopback by Dispater and Mind Mage 52K 3. Phrack Pro-Phile on Supernigger 10K 4. Network Miscellany by The Racketeer [HFC] 35K 5. Pirates Cove by Rambone 32K 6 Hacking AT&T System 75 by Scott Simpson 20K 7. How To Build a DMS-10 Switch by The Cavalier 23K 8. TTY Spoofing by VaxBuster 20K 9. Security Shortcomings of AppleShare Networks by Bobby Zero 16K 10. Mall Cop Frequencies by Caligula XXI 11K 11. PWN/Part 1 by Datastream Cowboy 46K 12. PWN/Part 2 by Datastream Cowboy 49K 13. PWN/Part 3 by Datastream Cowboy 43K Total: 364K There is no America. There is no democracy. There is only IBM and ITT and AT&T. -- Consolidated _______________________________________________________________________________ ==Phrack Inc.== Volume Four, Issue Forty-One, File 2 of 13 [-=:< Phrack Loopback >:=-] By Dispater & Mind Mage Phrack Loopback is a forum for you, the reader, to ask questions, air problems, and talk about what ever topic you would like to discuss. This is also the place Phrack Staff will make suggestions to you by reviewing various items of note; books, magazines, software, catalogs, hardware, etc. In this issue: Comments on Phrack 40 : Rop Gonggrijp Fine Art of Telephony (re: Phrack 40) : Inhuman Question & Comment (BT Tymnet/AS400) : Otto Synch BT Tymnet article in Phrack 40 : Anonymous Phrack fraud? : Doctor Pizz Remarks & Warning! : Synaps/Clone1/Feyd One Ron Hults (re: Phrack 38 Loopback) : Ken Martin Hacking In Czecho-Slovakia : Stalker Phrack 40 is Sexist! : Ground Zero Phrack 40 is Sexist!? (PC Phrack) : Shit Kickin' Jim Misunderstood Hackers Get No Respect : The Cruiser Hackers Should Land In Jail, Not In Press : Alan Falk Anonymous Usenet Posting? : Anonymous Anonymous Mail Poster : Sir Hackalot Phrack On The Move : Andy Panda-Bear Computer Underground Publications Index : Amadeus Pirates v. AT&T: Posters : Legacy Irreverent Ultrix 4.2 Bug : Krynn PumpCon Hosed : Phil "The Outlander" 2600 Meeting Disrupted by Law Enforcement : Emmanuel Goldstein Two New Hardcovers : Alan J. Rothman _______________________________________________________________________________ Letters to the Editors ~~~~~~~~~~~~~~~~~~~~~~ From: rop@hacktic.nl (Rop Gonggrijp) (Editor of Hack-Tic Magazine) Date: August 14, 1992 Subject: Comments on Phrack 40 My compliments! You've put out one of the best issues to date. If you keep this up I'll have to get jealous! Rop Gonggrijp (rop@hacktic.nl) Dangerous and capable of making fax: +31 20 6900968 considerable trouble. ---------- From: Inhuman (Sysop of Pentavia BBS) Date: August 18, 1992 Subject: Fine Art of Telephony I just wanted to let you guys know that the article titled "The Fine Art of Telephony" was one of the best articles I've seen in Phrack in a long time. I hope to see more information on switching and general telephony in the future. Thanks, Inhuman ---------- Date: October 22, 1992 From: Otto Synch Subject: Question & Comment Hello, Reading your (huge) Phrack issue #40, and noticing that you were accepting comments and questions, I decided to post mine. First of all, please forgive the English. I'm French and can't help it :-) My comment: When I saw in the index that this issue was dealing with BT Tymnet, I felt very happy because I was looking for such information. And when I read it, I felt really disappointed. Toucan Jones could have reduced his whole article with the following lines: -> Find any Tymnet number. -> Dial and wait for the "Please log-in:" prompt. -> Log as user "help", no password required. -> Capture everything you want, it's free public information. I must say I was a bit surprised to find this kind of article in a high-quality magazine such as yours... My question: I'm currently trying to find out everything about a neat AS/400 I've "found," but I never saw any "hack report" on it. Do you know if there are any available? OK - Let's see if you answer. We feel somewhat lonely here in the Old Continent...but Phrack is here to keep the challenge up! Regards, > Otto Sync < ---------- From: Anonymous Date: August 19, 1992 Subject: BT Tymnet article in Phrack 40 Dear Phrack Staff, The BT Tymnet article in the 40th issue of Phrack was totally lame. I hate it when people enter Telenet or Tymnet's information facility and just buffer all the sh*t that's in there. Then they have the audacity to slap their name on the data as if they had made a major network discovery. That's so f*ck*ng lame! Phrack should make a policy not to accept such lame sh*t for their fine magazine. Is Phrack *that* desperate for articles? Crap like commercial dial- up lists is about as lame as posting a few random pages from the front of the white pages. The information is quickly outdated and easily available at any time to anyone. You don't hack this sh*t. Regards, Anonymous (anonymous because I don't want to hear any lame flames) [Editor's Response: We agree that buffering some dialup list is not hacking, however, in this specific case, a decision was made that not everyone had ready access to the information or even knew of its existence. Furthermore and more relevant to why the article appeared in Phrack, an article on Tymnet was appropriate when considering the recent events with the MOD case in New York. In the future, you may ask that your letter be printed anonymously, but don't send us anonymous mail.] ---------- From: Doctor Pizz Date: October 12, 1992 Subject: Phrack fraud? I recently received an ad from someone who was selling the full set of Phrack back issues for $100.00. I do believe that this is a violation of your rights to Phrack, as he is obviously selling your work for profit! The address I received to order these disks was: R.E. Jones 21067 Jones-Mill Long Beach, MS 39560 It seems he is also selling the set of NIA files for $50, a set of "Hacking Programs" for $40, LOD Tech Journals for $25, and lots of viruses. It sounds like some sort of copyright violation, or fraud, as he is selling public domain stuff for personal profit. At least you should be aware of this. Anyway, I look forward to receiving future volumes of Phrack! Keep up the good work. Good luck in stopping this guy! Thank you, --Doctor Pizz-- [Editor's Note: We look forward to hearing what our Phrack readers think about people selling hardcopies of Phrack for their own personal profit.] ---------- From: Synaps a/k/a Clone1 a/k/a Feyd Date: September 2, 1992 Subject: Remarks & Warning! Hi, I've been a regular reader of Phrack for two years now and I approve fully the way you continue Phrack. It's really a wonderful magazine and if I can help its development in France, I'll do as much as I can! Anyway, this is not really the goal of my letter and excuse me for my English, which isn't very good. My remarks are about the way you distribute Phrack. Sometimes, I don't receive it fully. I know this is not your fault and I understand that (this net sometimes has some problems!). But I think you could provide a mail server like NETSERV where we could get back issues by mail and just by MAIL (no FTP). Some people (a lot in France) don't have any access to international FTP and there are no FTP sites in France which have ANY issues of Phrack. I did use some LISTSERV mailers with the send/get facility. Could you install it on your LISTSERV? My warning is about a "group" (I should say a pseudo-group) founded by Jean Bernard Condat and called CCCF. In fact, the JBC have spread his name through the net to a lot of people in the Underground. As the Underground place in France is weak (the D.S.T, anti-hacker staff is very active here and very efficient), people tend to trust JBC. He seems (I said SEEMS) to have a good knowledge in computing, looks kind, and has a lot of resources. The only problem is that he makes some "sting" (as you called it some years ago) operation and uses the information he spied to track hackers. He organized a game last year which was "le prix du chaos" (the amount of chaos) where he asked hackers to prove their capabilities. It was not the real goal of this challenge. He used all the materials hackers send him to harass some people and now he "plays" with the normal police and the secret police (DST) and installs like a trade between himself and them. It's really scary for the hacking scene in France because a lot of people trust him (even the television which has no basis to prove if he is really a hacker as he claims to be or if he is a hacker-tracker as he IS!). Journalists take him as a serious source for he says he leads a group of computer enthusiasts. But we discovered that his group doesn't exist. There is nobody in his group except his brother and some other weird people (2 or 3) whereas he says there is 73 people in his club/group. You should spread this warning to everybody in the underground because we must show that "stings" are not only for USA! I know he already has a database with a lot of information like addresses and other stuff like that about hackers and then he "plays" with those hackers. Be very careful with this guy. Too many trust him. Now it's time to be "objective" about him and his group! Thanks a lot and goodbye. Synaps a/k/a Clone1 a/k/a Feyd ---------- From: Ken Martin <70712.760@compuserve.com> Date: November 17, 1992 Subject: One Ron Hults...(Phrack 38 Loopback) Dear Phrack Staff: This letter is concerning the letter in the Phrack Loopback column (#38, April 20, 1992) written by one Ron Hults. It suggests that all children should be disallowed access to a computer with a modem. The news release to which it is attached attempts to put an idea in the reader's mind that everything out there (on bulletin boards) is bad. Anyone who can read messages from "satanic cultists, pedophile, and rapists" can also read a typical disclaimer found on most bulletin boards which have adult material and communication areas available to their users, and should be able to tell the SysOp of a BBS how old he/she is. A child who is intelligent enough to operate a computer and modem should also be able to decide what is appropriate for him/her to read, and should have the sense enough to avoid areas of the BBS that could lead to trouble, and not to give their address and home phone number to the Charles Manson idols. (It is a fact that all adolescents have thoughts about sex; nothing can change that. The operator of a BBS also has the moral responsibility to keep little kids out of the XXX-Rated GIF downloading area.) One problem with that is BBSes run by the underground type (hack/phreak, these usually consist of people from 15-30 years of age). The operators of these let practically anyone into their system, from my experiences. These types of BBSes often have credit card numbers, telephone calling card numbers, access codes to credit reporting services, etc., usually along with text-file documents about mischievous topics. Mr. Hults makes no mention of these in his letter and press release. It is my belief that these types of systems are the real problem. The kids are fascinated that, all of a sudden, they know how to make explosives and can get lots of anything for free. I believe that the parents of children should have the sense enough to watch what they are doing. If they don't like the kind of information that they're getting or the kind of messages that they're sending to other users, then that is the time to restrict access to the modem. I am fifteen years old, and I can say that I have gotten into more than my share of trouble with the law as a result of information that I have obtained from BBSes and public communications services like CompuServe. The computer is a tool, and it always will be. Whether it is put to good use or not depends on its user. I have put my computer/modem to use in positive applications more than destructive ones. I would like Mr. Hults to think about his little idea of banning children from modem use, and to think about the impact it would have on their education. Many schools use computers/modems in their science and English curriculums for research purposes. Banning children from telecommunications is like taking away connection to the outside world and all forms of publication whatsoever when one takes a look around a large information service like CompuServe or GEnie, and sees all of the information that a service like this is capable of providing to this nation. Thanks, Ken Martin (70712.760@compuserve.com) a.k.a. Scorpion, The Omega Concern, Dr. Scott ---------- From: Stalker Date: October 14, 1992 Subject: Hacking In Czecho-Slovakia Hi there! I'm student from Czecho-Slovakia (for some stupid person who doesn't know, it's in middle Europe). Call me Stalker (if there is other guy with this name, call me what you want). If you think that computers, networks, hacking and other interesting things are not in Eastern Europe, you're WRONG. I won't talk about politicians. They really make me (and other men from computers) sick! I'll tell you what is interesting here right now. Our university campus is based on two main systems, VMS and ULTRIX. There's VAX 6000, VAX 4000, MicroVAX, VAXStation and some oldtimer machines which run under VMS. As for hacking, there's nothing interesting. You can't do some tricks with /etc/passwd, there's no main bug in utilities and commands. But, as I know, VMS doesn't crypt the packets across the network so you can take some PC and Netwatch (or any other useful software ) and try to see what is interesting on the cable. You can grab anything that you want (usernames, passwords, etc.). Generally, students hate VMS and love UNIX-like systems. Other machines are based on ULTRIX. We have DECstations (some 3100, some 5000) and one SM 52-12 which is something on VAX-11 :-(. It is a really slow machine, but it has Internet access! There's many users so you can relatively easily run Crack (excellent program) since passwd is not shadowed. Another useful thing is tftp (see some other Crack issues). There was a machine with enabled tftp, but after one incident, it was disabled. I would like to tell you more about this incident but sysadmins are still suspecting (they probably read my mail). Maybe after some months in other articles. Now I can tell you that I'm not a real UNIX-GURU-HACKER, but the sysadmins thought that I was. Someone (man or girl, who knows) has hacked one (or two) machines on our campus. Administrators thought that I was this mysterious hacker but I am not! He/she is much better than I and my friends. Today no one knows who the hacker is. The administrator had talked to him/her and after some weeks, gave him/her an account. He/she probably had root privileges for some time and maybe has these today. He/she uses a modem to connect. His/her login name is nemo (Jules Verne is a popular hero). I will try to send mail to him/her about Phrack and maybe he/she will write interesting articles about himself. And some tips. Phrack is very interesting, but there's other interesting official files on cert.org (192.88.209.9) available via anonymous FTP. This is the Computer Emergency Response Team (CERT) FTP server. You can find interesting information here about bugs in actual software, but you will see only which command or utility has the bug, not how to exploit it. If you are smart enough, there's nothing to say. If you are not, you must read Phrack! :-) Bye, Stalker ---------- From: Ground Zero Date: August 25, 1992 Subject: Phrack 40 is Sexist! Hi, just a quick comment about Phrack's account of SummerCon: I don't think your readers need to know or are really interested in hearing about the fact that Doc Holiday was busy trying to pick up girls or that there were some unbalanced teeny-boppers there offering themselves to some of the SummerCon participants. Also, as a woman I don't care for your characterizations of females in that file. I'm not trying to nitpick or be politically correct (I hate PC), I'm just writing because I felt strongly enough about it. Ciao. Ground Zero (Editor of Activist Times, Inc./ATI) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - From: Shit Kickin' Jim Date: September 11, 1992 Subject: Phrack 40 is Sexist!? (PC Phrack) Listen here woman. I don't know whut yer big fat butt thinks Phrack wuz tryin' to insinuate. Lemme tell yew a thang er two. First of all, Phrack ain't run by some little pip-squeek faggot ass pansies. Ah mean wut are you sum kinda hOmOsexual? Here's what ah mean. NOW here iz a real story 'bout me and one a my bestest friends: 4x4 Phreaker. See 4x4 Phreaker come down to Texas fur a little hackin adventure. Even though he lives up there in Yankee-land, 4x4 Phreaker iz a pretty good ol' boy. Whuddya think real manly hackers do when they get together? Go stop by Radio Shack and buy shrink wrap? HELL NO! We fuckin' went to Caligula XXI. Fur yew ol' boys that ain't from 'round here er yer a fauygut out there that might be readin this, Caligula XXI specializes in enertainmunt fer gennelmen. Now, me and 4x4 Phreaker didn't go to hawk at some fat nasty sluts like you might see at your typical Ho-Ho Con. We went with the purpose in mind of seein a real movie star. Yup Christy Canyon was in the house that night. 4x4 Phreaker and me sat down at a table near the front. At that point I decided that I'd start trollin for babes. Yep that's right I whipped out an American Express Corporate Gold card. And I'll be damned if it weren't 3 minutes later me and 4x4 Phreaker had us 2 new found friends for the evening. So anywayz, yew can see we treated these two fine ladies real nice and they returned the favor. We even took em to Waffle House the next mornin'. So I dunno where yew git off by callin us sexist. Yer just some Yankee snob big city high horse woman who expects to be a takin care of. God bless George Bush and his mistress Jennifer whutz her name. :Shit Kickin' Jim (Madder than a bramer bull fightin a mess of wet hornets) _______________________________________________________________________________ Misunderstood Hackers Get No Respect August 10, 1992 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ by The Cruiser (ComputerWorld)(Page 24)(Letters to the Editor) I just read the replies to Chris Goggans' "Hackers aren't the real enemy" [ComputerWorld, June 29], and I thought I'd address a few of the points brought up. I'm a hacker -- which means that I'm every system administrator's nightmare. Hardly. Many hackers are politically aware activists. Besides being fueled by an obsession for mastering technology (I call it a blatant disregard for such), true hackers live and obey a strict moral code. All this talk about the differences between voyeurism and crime: Please, let's stop comparing information access to breaking into someone's house. The government can seize computers and equipment from suspected hackers, never to return it, without even charging a crime. I will not sit back and let Big Brother control me. The Cruiser _______________________________________________________________________________ Hackers Should Land In Jail, Not In Press October 19, 1992 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ by Alan Falk (ComputerWorld)(Page 32)(Letters to the Editor) The letters you get from avowed hackers seem to glorify the virtues of hacking. I find this very disturbing for a simple reason: It completely ignores the issue of private property. The computer systems they hack into (pun intended) and the databases they try to access, as well as the data in the databases, are private property. An analogous argument might be that breaking and entering a jewelry store and taking off with some valuables is really a way of testing the security controls at the jeweler's establishment. They're really just doing it for the excitement and challenge. Would they promote voyeurism based on the "logic" that "after all, if they didn't want me to look, they'd have pulled the drapes closer together?" The fact that there's challenge or excitement involved (or even commitment, intellect or whatever) does not change the issue. I suggest that hackers who gain entry to systems against the wishes of the systems' owners should be treated according to the laws regarding unlawful entry, theft, etc. Alan Falk Cupertino, California _______________________________________________________________________________ Anonymous Usenet Posting? ~~~~~~~~~~~~~~~~~~~~~~~~~ Date: August 19, 1992 From: Anonymous I've read in Phrack all about the different ways to send fake mail, but do any of the readers (or Mind Mage) know anything about anonymous newsgroup posting? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Anonymous Mail Poster August 4, 1992 ~~~~~~~~~~~~~~~~~~~~~ by Sir Hackalot Here is some C source to a simple "anonymous" mail poster that I wrote a LONG time ago. It's just one of many pieces of code I never gave to anyone before. You may find it useful. Basically, it will connect to the SMTP port and automate the sending. It will allow for multiple recipients on the "To:" line, and multiple "To:" lines. From: sirh@sirh.com ------ Cut here for fm.c ----- #include #include #include #include #include #include #include #include #include #include int openSock(name,port) char *name; int port; { int mysock,opt=1; struct sockaddr_in sin; struct hostent *he; he = gethostbyname(name); if (he == NULL) { printf("No host found..\n"); exit(0); } memcpy((caddr_t)&sin.sin_addr,he->h_addr_list[0],he->h_length); sin.sin_port = port; sin.sin_family = AF_INET; mysock = socket(AF_INET,SOCK_STREAM,0); opt = connect(mysock,(struct sockaddr *)&sin,sizeof(sin)); return mysock; } /* This allows us to have many people on one TO line, seperated by commas or spaces. */ process(s,d) int d; char *s; { char *tmp; char buf[120]; tmp = strtok(s," ,"); while (tmp != NULL) { sprintf(buf,"RCPT TO: %s\n",tmp); write(d,buf,strlen(buf)); tmp = strtok(NULL," ,"); } } getAndSendFrom(fd) int fd; { char from[100]; char outbound[200]; printf("You must should specify a From address now.\nFrom: "); gets(from); sprintf(outbound,"MAIL FROM: %s\n",from); write(fd,outbound,strlen(outbound)); } getAndSendTo(fd) int fd; { char addrs[100]; printf("Enter Recipients, with a blank line to end.\n"); addrs[0] = '_'; while (addrs[0] != '\0') { printf("To: "); gets(addrs); process(addrs,fd); } } getAndSendMsg(fd) int fd; { char textline[90]; char outbound[103]; sprintf(textline,"DATA\n"); write(fd,textline,strlen(textline)); printf("You may now enter your message. End with a period\n\n"); printf("[---------------------------------------------------------]\n"); textline[0] = '_'; while (textline[0] != '.') { gets(textline); sprintf(outbound,"%s\n",textline); write(fd,outbound,strlen(outbound)); } } main(argc,argv) int argc; char *argv[]; { char text[200]; int file_d; /* Get ready to connect to host. */ printf("SMTP Host: "); gets(text); /* Connect to standard SMTP port. */ file_d = openSock(text,25); if (file_d < 0) { printf("Error connecting to SMTP host.\n"); perror("smtp_connect"); exit(0); } printf("\n\n[+ Connected to SMTP host %s +]\n",text); sleep(1); getAndSendFrom(file_d); getAndSendTo(file_d); getAndSendMsg(file_d); sprintf(text,"QUIT\n"); write(file_d,text,strlen(text)); /* Here we just print out all the text we got from the SMTP Host. Since this is a simple program, we didnt need to do anything with it. */ printf("[Session Message dump]:\n"); while(read(file_d,text,78) > 0) printf("%s\n",text); close(file_d); } ----- End file fm.c _______________________________________________________________________________ From: Andy Panda-Bear Date: September 25, 1992 Subject: Phrack on the move To Whom It May Concern: I love reading your Phrack articles and find them very, very informative as well as helpful. I was wondering in you've ever or plan to put together a compendium of related articles. For instance, you could make a Phrack guide to telephony and include all telephone/telecommunications articles. Perhaps a "Phrack Guide to UNIX" or "Phrack Guide to Internet" could be produced. It could have reprints of past articles along with commentaries by individuals who care to share their knowledge. Anyway it's just something to think about. Thanks for many megabytes of useful info and keep it coming. Later, Andy Panda-Bear ---------- Computer Underground Publications Index ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ by Amadeus I just finished the new edition of the Phrack Index, now called the Computer Underground Publications Index since it now includes the issues of the Legion of Doom Tech Journals and Informatik. You can get it from ftp.uu.net as /tmp/CUPindex I have already sent it to da folks at CUD so that they may enter it into their archives. The CUP has been updated to included all the Phracks up to 40. C'ya Amadeus _______________________________________________________________________________ Pirates v. AT&T: Posters August 8, 1992 ~~~~~~~~~~~~~~~~~~~~~~~~ by Legacy Irreverent (legacy@cpu.cyberpnk1.sai.com) On May 24 1992, two lone Pirates, Legacy of CyberPunk System, and Captain Picard of Holodeck, had finally had enough of AT&T. Together, they traveled to the AT&T Maintenance Facility, just west of Goddard, Kansas, and claimed the property in the name of Pirates and Hackers everywhere. They hoisted the Jolly Roger skull and crossbones high on the AT&T flagpole, where it stayed for 2 days until it was taken down by security. This event was photographed and videotaped by EGATOBAS Productions, to preserve this landmark in history. And now you can witness the event. For a limited time we are offering a 11" x 17" full color poster of the Jolly Roger Pirate flag flying high over AT&T, with the AT&T logo in plain view, with the caption; "WE CAME, WE SAW, WE CONQUERED." These are $5.50 each and are laminated. Also available, by request is a 20" x 30" full color photograph, and a cotton T-shirt with the same full color picture on the front, for $20 each. If you are interested in purchasing any of the above items, simply send check or money order for the amount to: CyberPunk System P.O. Box 771027 Wichita, KS 67277-1072 A GIF of this is also available from CyberPunk System, 1:291/19, 23:316/0, 72:708/316, 69:2316/0. FREQ magicname PIRATE Any questions, send them to Legacy@cpu.cyberpnk1.sai.com _______________________________________________________________________________ Ultrix 4.2 Bug ~~~~~~~~~~~~~~ By Krynn A bug was discovered in Ultrix 4.2 upgrade version. It involves npasswd, and root. It is quite simple, and a patch/fix is available. Here is a description of the hole: Sys Admin's username: mradmin Any user's username : mruser Okay, mruser has forgotten his password, which isn't good. Mruser goes to mradmin and asks mradmin to change his password to newpass. Mradmin does so. Mradmin now will su to root, and npasswd mruser. He will enter mruser's new password, newpasswd. It will appear in the /etc/passwd that mruser's password is a "*" (shadowed), and that it has been changed, but it hasn't. The password changed was root's, meaning root's password is now newuser. A fix is available via anonymous ftp at: black.ox.ac.uk /src/npasswd.enhanced.shar.Z The original is there as /src/npasswd jpl.tar.Z _______________________________________________________________________________ PumpCon Hosed November 5, 1992 ~~~~~~~~~~~~~ by Phil "The Outlander" PumpCon '92 was held this past weekend at the Westchester Courtyard by Marriott, and was shut down in spades. It began like any typical hacker/phreak/cyberpunk's convention, with lots of beer, lots of shooting the bull, and lots of people from around the country, except that the guests got sloppy, stupid, noisy, and overconfident. The manager of the hotel, accompanied by three town of Greenborough police officers, entered the room at approximately 10pm on Saturday. The manager had received complaints about noise and vandalism from some of the hotel's other guests. She claims to have tried to call the room several times before physically entering, but the room's telephone line was consistently busy. The police officers noticed the multiple open (and empty) beer bottles scattered around the room and were gearing up to make some arrests for "Unlawful Possession of Alcoholic Beverages by Underage Persons" when one of the policemen spotted an Amiga, connected to a US Robotics modem, which was in turn connected to the suite's phone line. The "stolen" calling card was all the probable cause necessary to upgrade the charges to "Wire Fraud." Everyone in the suite was detained for questioning. Standard investigation procedure was followed. The entire case was handled by local authorities, including the Westchester County DA. To my knowledge, the FBI and Bell Security people were not called in (or if they were, it was after I was released). Each detainee was body-searched for diskettes, hand-written notes about credit and computer services, autodialers, and the like. The suite where PumpCon had taken place was also searched. Hardware seized includes at least two Amigas with monitors, modems, and diskettes, and one AT&T dumb terminal with modem. Each of the detainees was interviewed in turn. Just before dawn on the morning of Sunday, November 1st, the police began making the actual arrests. Four to eight people were arrested and taken to the local jail. The rest of the detainees were released with no charges or arrests filed. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - And now on a personal note to anybody who is new to the world of hacking: Many of the attendees to PumpCon '92 were just like me. I was aware of the possible consequences of an arrest, but the full enormity of the possibilities hadn't sunk in. Getting busted can really ruin your life, and I am unwilling to sacrifice my liberty and get a criminal record just for the thrill of hanging out with the "eleet." I was personally terrified out of my skull and went right off any dreams I had of being some kind of big-time cyberpunk. The law had us outgunned ten to one (literally and figuratively) and I as I write this on Monday night I still haven't stopped shaking. To anyone who hasn't considered what it would be like to get seriously busted, I want you to try and picture the scene that night, and comes the dawn, a lot of the people you were partying with just twelve hours earlier are carted away in handcuffs to face an uncertain future. The attendees of PumpCon, including myself and with few exceptions, were utter and complete fools. They thought that they could act like jerks, bust up the hotel, and phreak off the room lines without bringing down the heat like a jet of molten lava. They thought they were too smart to get caught. They thought that they were immortal. They thought wrong, and now some of them are going to pay for it. I got lucky. I was released, and I learned some invaluable lessons. I can't stress enough to anybody out there who is treating the state of the Hack like it's a big game: You aren't going to get your marbles back when the night is over. The stakes are real. Ask yourself if you can deal with the possibilities of ruining your life before it's even begun. Everyone must make their own decision. You are only given this one chance to bail out now; any others that come along are blessings from on high. If you do decide to live in the computer underground, I can only offer this advice: Cover your a$$. Do not act foolishly. Do not associate with fools. Remember that you are not immortal, and that ultimately there are no safety nets. Intelligence can't always save you. Do not, in your arrogance, believe that it will. My time as a cyberpunk has been short and undistinguished but it has taught me this much. I'm not saying that you should not become a hacker. If that is truly your wish, then I'm not one to stop you. I'm just warning you that when the fall comes, it can come hard, and there's nobody who can help you when you've gone far enough past the line. Phil "The Outlander" _______________________________________________________________________________ 2600 Meeting Disrupted by Law Enforcement December 12, 1992 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ by Emmanuel Goldstein (Editor of 2600 Magazine) The following is a letter I wrote to the Washington Post in response to their article about the incidents at the Pentagon City Mall on November 6, entitled, "Hackers Allege Harassment at Mall" (dated November 13, page A1). Their article failed to focus on the startling revelation of federal government involvement and the ominous implications of such an action. The article also does little to lessen the near hysteria that is pumped into the general public every time the word "hacker" is mentioned. Let us take a good look at what has been confirmed so far. A group of computer hackers gathered at a local mall as they do once a month. Similar meetings have been going on in other cities for years without incident. This gathering was not for the purposes of causing trouble and nobody has accused the hackers of doing anything wrong. Rather, the gathering was simply a place to meet and socialize. This is what people seem to do in food courts and it was the hackers' intention to do nothing more. When mall security personnel surrounded the group and demanded that they all submit to a search, it became very clear that something bizarre was happening. Those who resisted were threatened with arrest. Everyone's names were written down, everyone's bags gone through. One person attempted to write down the badge numbers of the people doing this. The list was snatched out of his hand and ripped to pieces. Another hacker attempted to catch the episode on film. He was apprehended and the film was ripped from his camera. School books, notepads, and personal property were seized. Much of it has still not been returned. The group was held for close to an hour and then told to stay out of the mall or be arrested. This kind of treatment is enough to shock most people, particularly when coupled with the overwhelming evidence and eyewitness accounts confirming no unusual or disruptive behavior on the part of the group. It is against everything that our society stands for to subject people to random searches and official intimidation, simply because of their interests, lifestyles, or the way they look. This occurrence alone would warrant condemnation of a blatant abuse of power. But the story doesn't end there. The harassment of the hackers by the mall police was only the most obvious element. Where the most attention should be focused at this point is on the United States Secret Service which, according to Al Johnson, head of mall security, "ramrodded" the whole thing. Other media sources, such as the industry newsletter Communications Daily, were told by Johnson that the Secret Service was all over the mall that day and that they had, in effect, ordered the harassment. Arlington police confirm that the Secret Service was at the mall that day. It is understood that the Secret Service, as a branch of the Treasury Department, investigates credit card fraud. Credit card fraud, in turn, can be accomplished through computer crime. Some computer hackers could conceivably use their talents to accomplish computer crime. Thus we arrive at the current Secret Service policy, which appears to treat everybody in the hacker world as if they were a proven counterfeiter. This feeling is grounded in misperceptions and an apprehension that borders on panic. Not helping the situation any is the ever-present generation gap -- most hackers are young and most government officials are not. Apart from being disturbed by the gross generalizations that comprise their policy, it seems a tremendous waste of resources to use our Secret Service to spy on public gatherings in shopping malls. It seems certain to be a violation of our rights to allow them to disrupt these meetings and intimidate the participants, albeit indirectly. Like any other governmental agency, it is expected that the Secret Service follow the rules and not violate the constitutional rights of citizens. If such actions are not publicly condemned, we will in effect be granting a license for their continuance and expansion. The incident above sounds like something from the darkest days of the Soviet Union when human rights activists were intimidated by government agents and their subordinates. True, these are technology enthusiasts, not activists. But who they are is not the issue. We cannot permit governmental abuse of any person or group simply because they may be controversial. Why do hackers evoke such controversy? Their mere presence is an inconvenience to those who want so desperately to believe the emperor is wearing clothes. Hackers have a tendency of pointing out the obvious inadequacies of the computer systems we entrust with such a large and growing part of our lives. Many people don't want to be told how flimsily these various systems are held together and how so much personal data is readily available to so many. Because hackers manage to demonstrate how simple it is to get and manipulate this information, they are held fully responsible for the security holes themselves. But, contrary to most media perceptions, hackers have very little interest in looking at other people's personal files. Ironically, they tend to value privacy more than the rest of us because they know firsthand how vulnerable it is. Over the years, hackers have gone to the media to expose weaknesses in our credit reporting agencies, the grading system for New York City public schools, military computer systems, voice mail systems, and even commonly used push button locks that give a false sense of security. Not one of these examples resulted in significant media attention and, consequently, adequate security was either delayed or not implemented at all. Conversely, whenever the government chooses to prosecute a hacker, most media attention focuses on what the hacker "could have done" had he been malicious. This reinforces the inaccurate depiction of hackers as the major threat to our privacy and completely ignores the failure of the system itself. By coming out publicly and meeting with other hackers and non-hackers in an open atmosphere, we have dispelled many of the myths and helped foster an environment conducive to learning. But the message we received at the Pentagon City Mall tells us to hide, be secretive, and not trust anybody. Perhaps that's how the Secret Service wants hackers to behave. But we are not criminals and we refuse to act as such simply because we are perceived that way by uninformed bureaucrats. Regardless of our individual outlooks on the hacker issue, we should be outraged and extremely frightened to see the Secret Service act as they did. Whether or not we believe that hackers are decent people, we must agree that they are entitled to the same constitutional freedoms the rest of us take for granted. Any less is tantamount to a very dangerous and ill-advised precedent. Emmanuel Goldstein Editor, 2600 Magazine -- The Hacker Quarterly (516)751-2600 (NOTE: 2600 Magazine coordinates monthly hacker meetings throughout the country.) _______________________________________________________________________________ Two New Hardcovers November 24, 1992 ~~~~~~~~~~~~~~~~~~ by Alan J. Rothman (New York Law Journal)(Page 5) During the opening sequence of the classic English television series "The Prisoner," the lead character known only as Number 6 (brilliantly played by Patrick McGoohan) is abducted and taken to a secret location called "The Village." He desperately pleads with his captors "What do you want?" Their grim response is "Information." Through 17 thrilling episodes, his kidnappers staged elaborate high-tech ruses to find out why he quit work as a spy. Had this story been set in the 1990s rather than the 1960s, all The Village's proprietors would have needed was a PC and a modem. They could have assembled a composite of Number 6's movements by cross-referencing records from any of the commercial data bases containing the details of nearly everyone's daily activities. Then with a bit of ingenuity, they could have tried to steal even more information by hacking into other restricted data systems. No longer fiction, but common fact, the billowing growth in the computers and telecommunications networks everywhere is generating urgent legal issues regarding the content, usage and ownership of the data coursing through them. Dilemmas have also surfaced concerning the responsibilities of the businesses which gather, sift and repackage such information. Indeed, a critical juncture has now been reached where the basic constitutional rights of privacy and expression are colliding with the ever-expanding reach of modern technology. Two well-crafted books have recently been published which together frame the spectrum of relevant individual rights issues in these areas with uncanny symmetry. Fortunately, neither degenerates into a "computers are bad" jeremiad. Rather, they portray an appropriate balance between the virtues of computerization and disturbing cases of technological misuse for wrongful commercial and governmental ends. Presenting array of new forms of electronic encroachment on personal privacy is Jeffrey Rothfeder's alarming new book, "Privacy for Sale: How Computerization Has Made Everyone's Private Life an Open Secret" (Simon & Schuster, 224 pages, $22). He offers the chilling thesis that anyone can find out nearly anything regarding anybody and there is nowhere left to hide. He convincingly states his case in a concise and insightful exploration of the trends and abuses in the mass processing of personal data. The fascinating mechanics of how and where information about virtually every aspect of our lives is gathered and then computerized are extensively described. The most productive fonts include medical records, credit histories, mortgage applications, subscription lists, phone records, driver's licenses and insurance forms. Yet notwithstanding the legitimate commercial and regulatory reasons for providing these facts, the author carefully documents another more deeply hidden and troubling consequence of volunteering such information: It is constantly resold, combined with other sources and reused without your knowledge or permission for purposes entirely different from those you first intended. Mr. Rothfeder alleges the most perilous result of these activities is the growing and highly organized sales, integration and cross-matching of databases. Businesses and government entities now have sophisticated software to generate complex demographic profiles about individuals, populations and geographic areas. In turn, these computer-generated syntheses are increasingly used for invasive and discriminatory purposes. Numerous examples of such misuse are cited, ranging from slightly annoying to purely horrifying. The astonishing breadth of this roster includes the sale of driver's license information with height weight specifications to clothes marketers for tall men and thin women, purchases of credit histories and workmen's compensation claims reports by prospective employers who believe this material is indicative of a job applicant's character, and the creation of "propensity files" by federal agencies to identify people who have not committed any offense but might likely be criminals. Two additional problems pervade the trafficking of intimate information. First, there is little or no federal legislation to effectively protect people from certain problems presented in the book. For example, the release of medical records thought to be "confidential" is virtually unprotected. Second, it can be extremely difficult to have false entries corrected before they have a ripple effect on your other data. Beyond the common tales of frustration at clearing up a faulty credit report, Mr. Rothfeder relates the case of a man denied any health insurance because his medical records contained an erroneous report he was HIV positive. JOURNEY IN CYBERSPACE Turning to a much more accurate account, author Bruce Sterling takes readers into the ethereal realm of "cyberspace" where computers, networks, and electronic bulletin boards systems (BBS) are linked together by phone. In his first non-fiction work, "The Hacker Crackdown: Law and Disorder on the Electronic Frontier" (Bantam, 328 pages, $23), he chronicles the U.S. government's highly visible efforts in 1990 to prosecute "hackers" it suspected of committing crimes by PC and modem. However, Mr. Sterling distinguishes this term as being more about active computer enthusiasts, most of whom have never committed any wrongdoing. The writer's other credits include some highly regarded "cyberpunk" science fiction, where computer technology is central to the plots and characters. The "crackdown" detailed by the author began with the crash of AT&T's long- distance phone system on January 15, 1990. Although it has never been proven that hackers were responsible, this event served as the final catalyst to spur federal law enforcement agencies into concerted action against a suspected underground of computer criminals. A variety of counter-operations were executed. Most notable was Operation Sundevil the following May when agents around the country seized 42 computer systems, 23,000 diskettes, and halted 25 BBS's where the government believed hackers were exchanging tips of the trade. Some of the government's resulting prosecutions through their nationwide efforts were moderately successful. However, the book's dramatic centerpiece is the trial of Craig Neidorf (a.k.a. Knight Lightning). Mr. Neidorf was a contributor to Phrack, an electronic magazine catering to hackers, available on various BBS's. In January 1989, another hacker named "Prophet" transmitted a document he pilfered from BellSouth's computers regarding the 911 emergency system to Neidorf. Together they edited the text, which Neidorf then published in Phrack. In July 1990, he was placed on trial for federal charges of entering a fraudulent scheme with Prophet to steal this document. The government alleged it was worth $79,499 and that its publication threatened emergency operations. To the prosecutor's dismay, the case was dropped when the defense proved the same material was publicly available for only $13. With insight and style, Mr. Sterling uses this and other events to cast intriguing new spins on applicable civil liberties issues. Are the constitutional guarantees of freedom of expression and assembly fully extended to BBS dialogs and gatherings? What degree of privacy can be expected for personal data on systems which may be subject to surreptitious entry? Are hackers really breaking any laws when merely exploring new systems? Is posting a message or document on a BBS considered a "publication"? Should all BBS's be monitored just because of their potential for illegal activity? What are the responsibilities of BBS operators for the contents of, and access to, their systems? The efforts of Mitchell Kapor, the co-developer of Lotus 123 and now chairman of ONtechnology, are depicted as a direct response to such issues raised by the crackdown. Mr. Kapor assembled a prominent group of fellow computer professionals to establish the Electronic Frontier Foundation (EFF), dedicated to education and lobbying for free speech and expression in electronic media. As well, EFF has provided support to Craig Neidorf and others they consider wrongly charged with computer crime. Weighty legal matters aside, the author also embellishes his story with some colorful hacker lore. These denizens of cyberspace are mostly young men in their late teens or early twenties, often fueled by junk food and propelled by macho. Perhaps their most amusing trait is the monikers they adopt -- Bloodaxe, Shadowhawk, and of course, Phiber Optik. Someone else, a non-hacker involuntary given the pseudonym "Number 6," knew his every act was continually being monitored and recorded against his will. As a manifestation of resistance to this relentless surveillance, he often bid farewell to other citizens of the Village with a sarcastic "Be seeing you." Today, the offerings of authors Rothfeder and Sterling provide a resounding "And you" as a form of rejoinder (often uttered by The Village's citizens as well), to publicize the ironic diversity threats wrought by information technology. Number 6 cleverly managed to escape his fictional captivity in The Village during the final (and mind-boggling) episode of The Prisoner. However, based on the compelling evidence presented in these two books, the protection of individual rights in the reality of today's evolving "global village" of computer networks and telecommunications may not be so neatly resolved. _______________________________________________________________________________ ==Phrack Inc.== Volume Four, Issue Forty-One, File 3 of 13 ==Phrack Pro-Phile== Created by Taran King (1986) _______________________________________________________________________________ Welcome to Phrack Pro-Phile. Phrack Pro-Phile is created to bring info to you, the users, about old or highly important/controversial people. This month, we bring to you certainly one of the most controversial people (and handles) to ever emerge in the computer underground... Supernigger ~~~~~~~~~~~ _______________________________________________________________________________ Personal ~~~~~~~~ Handle: Supernigger Call him: SN Date of Birth: Years ago Age: Getting along in the years. Height: Medium Weight: Medium Computers owned: Commodore Vic-20, C64, Amiga, 386 Compatible How did this handle originate? Back in 1985, I had blueboxed to a bridge. Someone on there, for some reason, decided that he didn't like me, and shouted, "Get off, nigger!" He then proceeded to knock me off with a 2600 Hz tone. I immediately called back with something "un-2600 hz-able" and, when he shouted, "Get off nigger!" and blew 2600 hz, I then said, "I'm SUPERnigger, you can't knock me off, I've got the POWER!!" Fun, eh? How I Got Started ~~~~~~~~~~~~~~~~~ Back in '82 or '83, I got a wonderful computer called a Commodore Vic-20. With that, I wrote a few irrelevant programs and played "Gorf!" a lot. Then, a friend suggested that I get a Commodore C-64 and disk drive for all the RAD WhErEz! it had. Needless to say, I was not disappointed. Then a friend showed me a 5-digit number you could put in after calling an access number, and it would put a call through for you! Imagine that! This, I thought, was the key to UNLIMITED WARES! Then, the new ware scene became tiresome and boring REAL quick. I had them all. New ones. Old ones. Middle-aged ones. I had wares coming out of my ass. Just when I was about to drop out of the scene, I saw a number posted on a board for InterCHAT (201), a multi-line chat system. That's where the cavalcade of fun and interesting endeavors began. That's where I met Sharp Remob, Lord_foul (DP), Dark Wanderer and other members of DPAK. Speaking of DPAK, the group was created when we found a glitch in the MCI access # that allowed any 14-digit code to work. We then made up the joke, "Today at 2:00 PM, DPAK Agents cornered an MCI official and said, 'You WILL give these people free calls!'" and proceeded to tell people about the glitch ("DPAK" came from Mad Hacker 312, who, when asked about obtaining non-published numbers, said, "Oh, you'd have to be a DPAK Agent to get that."). After that, DPAK was tracing people before Caller ID came out, finding and creating bridges, setting up an 800 # for InterCHAT (actually 2 if you were quick enough to catch the second one), putting out Sharp Remob's Social Engineering file, and other things that I had better not mention (I would go on, but I think I might frighten you.). I would have to say that I feel negatively toward "elite posers," people who claim to know things with the sole purpose of trying to seem "cool." These are the people you see boasting about how long they have been around (which is irrelevant), spurting out random acronyms when they have no idea how they are actually used, and trying to make something complicated and mysterious out of something mundane and simple. For example: "Hey dude, watch out, I may be listening in on your line right now with a DAMT," or "Oh, I'll just use the DRT trunk multiplexor to do a Random Interphase-seizure of the tandemized trunk." (Barf!) Also, I think this government crackdown really sucks. What sucks is the fact that the government is going after big NAMES instead of big -CRIMES-. Rather than stopping crimes, they just want to "show who's boss." A lot of innocent lives are being ruined. In fact, after this issue of Phrack comes out, I plan to lay VERY low because they will probably want to get me now that my handle was in a phreak/hack publication. Interests ~~~~~~~~~ Women: Fast Cars: Fast (VWs) Food: Fast Music: All kinds (Rap, Rock, Metal, you name it) Favorite performers: 2 Live Crew Favorite author: Lord Digital (the father of ELITE!ness) Favorite Book: Nat!onal Enl!ghtener Most Memorable Experiences ~~~~~~~~~~~~~~~~~~~~~~~~~~ "It works! It works!!" -- when the 800 # for InterCHAT actually worked. If you called it, you remember. That took a lot of work... Also, at one point in time, every chat system in New Jersey was forwarded to InterCHAT.. That was truly hilarious. I strongly suggest, at this point, that everyone refrain from attempting these things. The consequences are a bit more serious now. But if you must, be VERY very careful. ...And, I would like to take this opportunity to clear up the "Free World II Incident" and other vague and unclear statements chronicled in Phrack 28. First of all, I -DID NOT- crash Black Ice BBS. In fact, some hick from Texas already stated to me that he wrote my name on the BBS when it was crashed. The same hick tends to lie and spread rumors a lot, so I don't actually know if it was him that wrote my name. Suffice to say that I didn't crash it. Secondly, and most important, Free World II BBS was forwarded to InterCHAT because Major Havoc was a complete and total ASSHOLE. I called his system and applied for access. When I tried to get back on, I found that my application had been deleted without so much as a notification, so I thought that the BBS hadn't saved it correctly and applied again. I found the BBS hadn't saved it correctly a second time, and when I tried to fill out the application once more, Major Havoc broke in and typed things like "Get the fuck off here" and "Hang the fuck up." I typed "Fine, have it your way" and proceeded to forward his BBS # to InterCHAT. You can't just treat people like that and expect nothing to happen. The opening message on InterCHAT said: "Until Major Havoc learns the meaning of the word TACT (dealing with people in a non-offensive manner), his BBS has been put to better use." (I had called the BBS in the first place to try to clear up wild rumors that The Blade had said were being tossed about on there). I hope this has cleared things up. Some People To Mention ~~~~~~~~~~~~~~~~~~~~~~ Sharp Remob : He showed me the wonders of Social Engineering. He is making the big dollars now. Lord_foul : I never realized how many people he was in contact with. Some pretty heavy hitters. He never let on how much he knew. Applehead : The best DJ in the phreak/hack world. Truly, in mixing records, no one is his equal. Seems to be able to mesmerize phone company employees into doing his bidding as well. Could these two things be related? Meat Puppet : "Money for nuthin, EVERYTHING for free." Why anyone would want 800 watts in their car I will never know. Lung C00kiez : He had the best conference ideas, like Want-Ad Fun and Operator Frenzy. *DETH*-2-*J00Z* : So much for political correctness. First person I know to theorize how to trace people before Caller ID came out. Dark Wanderer : Works for Sun Microsystems now. One of the few hackers I know that has a technical computer-oriented career. Krak Dealer : Takes consciousness-altering to the level of an art form. Squashed Pumpkin : The enforcer. DeeDee : The only cool bridge chick. Dr. Mike : Cool guy when he's not threatening his girlfriend with a knife. Gatsby : Gets the award for quick learner. orpheus : One of the true devotees of InterCHAT, and one of the few people I know who is actually interested in HP-3000. The whole InterCHAT crowd... Made modeming fun. I should also mention a group of NYC individuals at this time. I would mention their names, but certain legal situations preclude that. They showed me what someone can REALLY do with an in-depth understanding of many systems. Suffice to say that they are the creme de la creme, probably the only group up to par with DPAK. Oh, and I cannot, I MUST NOT forget to mention The Blade, who is truly a legend in his own mind. The Future ~~~~~~~~~~ I see the future for hacking/phreaking as pretty bleak. Big Brother is watching. System Administrators are finally realizing that it is better to make your system impenetrable than to prosecute kids (I wish the government would realize this). If you combine these two things, there is not much to look forward to. In Closing... ~~~~~~~~~~~~~ As for the standard Pro-Phile question (are most of the phreaks and hackers that I've met computer geeks?), I have not met any phreakers or hackers, so I can't say if they are geeks or not. From phone conversations, some seem like geeks, some don't. _______________________________________________________________________________ ==Phrack Inc.== Volume Four, Issue Forty-One, File 4 of 13 Network Miscellany ******************************************************* < The POWER of Electronic Mail > ******************************************************* Compiled from Internet Sources by The Racketeer of The Hellfire Club Network Miscellany created by Taran King First of all, this guide is more than using fakemail. It literally explains the interfaces used with SMTP in detail enough that you should gain a stronger awareness of what is going on across the multitude of networks which make up the worldwide e-mail connections. It also contains my usual crude remarks and grim hacker humor (assuming it hasn't again been edited out, but I'm somewhat proud of the fact that Phrack heavily edited my "language" in last issue's article. Oh well.). There are two objectives in this file: first, I will attempt to show that by using fakemail and SMTP, you can cause an amazing number of useful, hacker related stunts; second, I shall attempt to be the first hacker to ever send a piece of electronic mail completely around the world, ushering in a new age of computerdom! I suggest that, unless you don't want everyone lynching you, don't try to fuck up anything that can't be repaired offhand. I've experimented with fakemail beyond this article and the results were both impressive and disastrous. Therefore, let's examine risks first, and then go onto the good stuff. Basic philosophy -- use your brain if you've got one. RISKS: Getting caught doing this can be labeled as computer vandalism; it may violate trespassing laws; it probably violates hundreds of NFS, Bitnet and private company guidelines and ethics policies; and finally, it will no doubt piss someone off to the point of intended revenge. Networks have fairly good tracing abilities. If you are logged, your host may be disconnected due to disciplinary referral by network authorities (I don't think this has happened yet). Your account will almost definitely be taken away, and if you are a member of the source or target computer's company/organization, you can expect to face some sort of political shit that could result in suspension, expulsion, firing, or otherwise getting the short end of the stick for awhile. Finally, if the government catches you attempting to vandalize another computer system, you will probably get some sort of heavy fine, community service, or both. Odds of any of this happening if you are smart: < 1%. PRECAUTIONS SUGGESTED: If you have a bogus computer account (standard issue hacker necessity) then for crissake use that. Don't let "them" know who really is hacking around. (Point of clarification, I refer to "them" an awful lot in RL and in philes. "They" are the boneheadded "do-gooders" who try to blame their own lack of productivity or creativity on your committing of pseudo-crimes with a computer. FBI, SS, administrators, accountants, SPA "Don't Copy that Floppy" fucks, religious quacks, stupid rednecks, right wing conservative Republican activists, pigs, NSA, politicians who still THINK they can control us, city officials, judges, lame jurors that think a "hacker" only gets slap-in-the-wrist punishments, lobbyists who want to blame their own failed software on kids, bankers, investors, and probably every last appalled person in Stifino's Italian Restaurant when the Colorado 2600 meeting was held there last month. Enough of the paranoid Illuminati shit, back to the phile.) Make sure that you delete history files, logs, etc. if you have access to them. Try using computers that don't keep logs. Check /usr/adm, /etc/logs to see what logs are kept. If you can avoid using your local host (since you value network connections in general), do so. It can avert suspicion that your host contains "hackers." IF YOU EVER ARE CONFRONTED: "They must have broken into that account from some other site!" "Hackers? Around here? I never check 'who' when I log in." "They could have been super-user -- keep an eye out to see if the scum comes back." "Come on, they are probably making a big deal out of nothing. What could be in e-mail that would be so bad?" "Just delete the account and the culprit will be in your office tomorrow morning." (Of course, you used a bogus account.) PART ONE: ELECTRONIC MAIL Basically, electronic mail has become the new medium of choice for delivering thoughts in a hurry. It is faster than the post office, cheaper than the post office, doesn't take vacations all the time like the post office, and is completely free so it doesn't have unions. Of course, you know all that and would rather spend this time making damn sure you know what SMTP is. To my knowledge, a completely accurate SMTP set of protocols hasn't been published in any hacker journal. The original (at least, the first I've seen) was published in the Legion of Doom Technical Journals and covered the minimum SMTP steps necessary for the program "sendmail," found in a typical Unix software package. When you connect a raw socket to a remote SMTP compatible host, your computer is expected to give a set of commands which will result in having the sender, receiver, and message being transferred. However, unlike people who prefer the speed of compression and security of raw integer data, the folks at DARPA decided that SMTP would be pretty close to English. If you are on the Internet, and you wanted to connect to the SMTP server, type: telnet 25 Port 25 is the standard port for SMTP. I doubt it would be too cool to change this, since many mail servers connect to the target hosts directly. [Editor's Note: All mail and SMTP commands have been offset by a ">" at the beginning of each line in order not to confuse Internet mailers when sending this article through e-mail.] When you connect, you will get a small hostname identifier for whatever SMTP server revision you've got. 220 huggies.colorado.edu Sendmail 2.2/2.5 8/01/88 ready at Tue, 25 Aug 91 03:14:55 edt Now that you are connected, the computer is waiting for commands. First of all, you are expected to explain which computer you are calling in from. This is done with the HELO command. This can be anything at all, but if you fail to give the exact host that you are connecting from, it causes the following line to appear on the e-mail message the recipient gets from you: > Apparently-to: The Racketeer Instead of the classic: > To: The Racketeer This is the secret to great fakemail -- the ability to avoid the "apparently-to" flag. Although it is subtle, it is a pain to avoid. In fact, in some places, there are so many "protections" to SMTP that every outside e-mail is marked with "Apparently-to." Hey, their problem. So, go ahead and type the HELO command: > HELO LYCAEUM.HFC.COM The computer replies: 250 huggies.colorado.edu Hello LYCAEUM.HFC.COM, pleased to meet you Oh, a warm reception. Older sendmail software explains with the HELP command that the computer doesn't care about HELO commands. You can check it upon login with the command "HELP HELO." Now what you will need to do is tell the computer who is supposed to get the letter. From this point, there are all sorts of possibilities. First of all, the format for the recipient would be: > RCPT TO: And *NOTE*, the "<" and ">" symbols should be present! Some computers, especially sticklers like Prime, won't even accept the letters unless they adhere specifically to the protocol! Now, if you give a local address name, such as: > RCPT TO: ...then it will treat the mail as if it were sent locally, even though it was sent through the Internet. Giving a computer its own host name is valid, although there is a chance that it will claim that the machine you are calling from had something to do with it. > RCPT TO: ...will check to see if there is a "smith" at this particular computer. If the computer finds "smith," then it will tell you there is no problem. If you decide to use this computer as a forwarding host (between two other points), you can type: > RCPT TO: This will cause the mail to be forwarded to someotherhost's SMTP port and the letter will no longer be a problem for you. I'll be using this trick to send my letter around the world. Now, after you have given the name of the person who is to receive the letter, you have to tell the computer who is sending it. > MAIL FROM: ; Really from > MAIL FROM: ; Localhost > MAIL FROM: ; Fake -- "3rd party host" > MAIL FROM: ; UUCP Path Essentially, if you claim the letter is from a "3rd party," then the other machine will accept it due to UUCP style routing. This will be explained later on. The next step is actually entering the e-mail message. The first few lines of each message consists of the message title, X-Messages, headers, Forwarding Lines, etc. These are completely up to the individual mail program, but a few simple standards will be printed later, but first let's run through the step-by-step way to send fakemail. You type anything that isn't preceded by a number. 220 hal.gnu.ai.mit.edu Sendmail AIX 3.2/UCB 5.64/4.0 ready at Tue, 21 Jul 1992 22:15:03 -0400 > helo lycaeum.hfc.com 250 hal.gnu.ai.mit.edu Hello lycaeum.hfc.com, pleased to meet you > mail from: 250 ... Sender ok > rcpt to: 250 ... Recipient ok > data 354 Enter mail, end with "." on a line by itself > Yo, C.D. -- mind letting me use this account? > . 250 Ok > quit Now, here are a few more advanced ways of using sendmail. First of all, there is the VRFY command. You can use this for two basic things: checking up on a single user or checking up on a list of users. Anyone with basic knowledge of ANY of the major computer networks knows that there are mailing lists which allow several people to share mail. You can use the VRFY command to view every member on the entire list. > vrfy phrack 250 Phrack Classic Or, to see everyone on a mailing list: > vrfy phrack-staff-list 250 Knight Lightning 250 Dispater Note - this isn't the same thing as a LISTSERV -- like the one that distributes Phrack. LISTSERVs themselves are quite powerful tools because they allow people to sign on and off of lists without human moderation. Alias lists are a serious problem to moderate effectively. This can be useful to just check to see if an account exists. It can be helpful if you suspect a machine has a hacked finger daemon or something to hide the user's identity. Getting a list of users from mailing lists doesn't have a great deal of uses, but if you are trying very hard to learn someone's real identity, and you suspect they are signed up to a list, just check for all users from that particular host site and see if there are any matches. Finally, there is one last section to e-mail -- the actual message itself. In fact, this is the most important area to concentrate on in order to avoid the infamous "Apparently-to:" line. Basically, the data consists of a few lines of title information and then the actual message follows. There is a set of guidelines you must follow in order for the quotes to appear in correct order. You won't want to have a space separate your titles from your name, for example. Here is an example of a real e-mail message: > From: rack@lycaeum.hfc.com > Received: by dockmaster.ncsc.mil (5.12/3.7) id AA10000; Thu, 6 Feb 92 > 12:00:00 > Message-Id: <666.AA10000@dockmaster.ncsc.mil> > To: RMorris@dockmaster.ncsc.mil > Date: Thu, 06 Feb 92 12:00:00 > Title: *wave* Hello, No Such Agency dude! > > NIST sucks. Say "hi" to your kid for me from all of us at Phrack! Likewise, if you try to create a message without an information line, your message would look something like this: > From: rack@lycaeum.hfc.com > Received: by dockmaster.ncsc.mil (5.12/3.7) id AA10000; Thu, 6 Feb 92 > 12:00:00 -0500 > Message-Id: <666.AA10000@dockmaster.ncsc.mil> > Date: Thu, 06 Feb 92 12:00:00 > Apparently-to: RMorris@dockmaster.ncsc.mil > NIST sucks. Say "hi" to your kid for me from all of us at Phrack! Basically, this looks pretty obvious that it's fakemail, not because I altered the numbers necessarily, but because it doesn't have a title line, it doesn't have the "Date:" in the right place, and because the "Apparently-to:" designation was on. To create the "realistic" e-mail, you would enter: > helo lycaeum.hfc.com > mail from: > rcpt to: > data > To: RMorris@dockmaster.ncsc.mil> > Date: Thu, 06 Feb 92 12:00:00 > Title: *wave* Hello, No Such Agency dude! > > NIST sucks. Say "hi" to your kid for me from all of us at Phrack! > . Notice that, even though you are in "data" mode, you are still giving commands to sendmail. All of the lines can (even if only partially) be altered through the data command. This is perfect for sending good fakemail. For example: > helo lycaeum.hfc.com > mail from: > rcpt to: > data > Received: by lycaeum.hfc.com (5.12/3.7) id AA11891; Thu 6 Feb 92 12:00:00 > Message-Id: <230.AA11891@lycaeum.hfc.com> > To: > Date: Thu, 06 Feb 92 12:00:00 > Title: Ohh, sign me up Puuuleeeze. > > subscribe BISEXU-L Dale "Fist Me" Drew > . Now, according to this e-mail path, you are telling the other computer that you received this letter from OPUS.TYMNET.COM, and it is being forwarded by your machine to BROWNVM.BROWN.EDU. Basically, you are stepping into the middle of the line and claiming you've been waiting there all this time. This is a legit method of sending e-mail! Originally, when sendmail was less automated, you had to list every computer that your mail had to move between in order for it to arrive. If you were computer ALPHA, you'd have to send e-mail to account "joe" on computer GAMMA by this address: > mail to: Notice that the account name goes last and the host names "lead" up to that account. The e-mail will be routed directly to each machine until it finally reaches GAMMA. This is still required today, especially between networks like Internet and Bitnet -- where certain hosts are capable of sending mail between networks. This particular style of sending e-mail is called "UUCP Style" routing. Sometimes, hosts will use the forwarding UUCP style mail addresses in case the host has no concept of how to deal with a name address. Your machine simply routes the e-mail to a second host which is capable of resolving the rest of the name. Although these machines are going out of style, they still exist. The third reasonable case of where e-mail will be routed between hosts is when, instead of having each computer waste individual time dealing with each piece of e-mail that comes about, the computer gives the mail to a dedicated mailserver which will then deliver the mail. This is quite common all over the network -- especially due to the fact that the Internet is only a few T1 lines in comparison to the multitude of 9600 and 14.4K baud modems that everyone is so protective of people over-using. Of course, this doesn't cause the address to be in UUCP format, but when it reaches the other end of the network, it'll be impossible to tell what method the letter used to get sent. Okay, now we can send fairly reasonable electronic fakemail. This stuff can't easily be distinguished between regular e-mail unless you either really botched it up (say, sending fakemail between two people on the same machine by way of 4 national hosts or something) or really had bad timing. Let's now discuss the POWER of fakemail. Fakemail itself is basically a great way to fool people into thinking you are someone else. You could try to social engineer information out of people on a machine by fakemail, but at the same time, why not just hack the root password and use "root" to do it? This way you can get the reply to the mail as well. It doesn't seem reasonable to social engineer anything while you are root either. Who knows. Maybe a really great opportunity will pop up some day -- but until then, let's forget about dealing person-to-person with fakemail, and instead deal with person-to-machine. There are many places on the Internet that respond to received electronic mail automatically. You have all of the Archie sites that will respond, all of the Internet/Bitnet LISTSERVs, and Bitmail FTP servers. Actually, there are several other servers, too, such as the diplomacy adjudicator. Unfortunately, this isn't anywhere nearly as annoying as what you can do with other servers. First, let's cover LISTSERVs. As you saw above, I created a fakemail message that would sign up Mr. Dale Drew to the BISEXU-L LISTSERV. This means that any of the "netnews" regarding bisexual behavior on the Internet would be sent directly to his mailbox. He would be on this list (which is public and accessible by anyone) and likewise be assumed to be a member of the network bisexual community. This fakemail message would go all the way to the LISTSERV, it would register Mr. Dictator for the BISEXU-L list, >DISCARD< my message, and, because it thinks that Dale Drew sent the message, it will go ahead and sign him up to receive all the bisexual information on the network. And people wonder why I don't even give out my e-mail address. The complete list of all groups on the Internet is available in the file "list_of_lists" which is available almost everywhere so poke around wuarchive.wustl.edu or ftp.uu.net until you find it. You'll notice that there are several groups that are quite fanatic and would freak out nearly anybody who was suddenly signed up to one. Ever notice how big mega-companies like IBM squelch little people who try to make copies of their ideas? Even though you cannot "patent" an "idea," folks like IBM want you to believe they can. They send their "brute" squad of cheap lawyers to "legal-fee-to-death" small firms. If you wanted to "nickel-and-dime" someone out of existence, try considering the following: CompuServe is now taking electronic mail from the Internet. This is good. CompuServe charges for wasting too much of their drive space with stored e-mail. This is bad. You can really freak out someone you don't like on CompuServe by signing them up to the Dungeons and Dragons list, complete with several megabytes of fluff per day. This is cool. They will then get charged hefty fines by CompuServe. That is fucked up. How the hell could they know? CompuServe e-mail addresses are userid@compuserve.com, but as the Internet users realize, they can't send commas (",") as e-mail paths. Therefore, use a period in place of every comma. If your e-mail address was 767,04821 on CompuServe then it would be 767.04821 for the Internet. CompuServe tends to "chop" most of the message headers that Internet creates out of the mail before it reaches the end user. This makes them particularly vulnerable to fakemail. You'll have to check with your individual pay services, but I believe such groups as MCI Mail also have time limitations. Your typical non-Internet- knowing schmuck would never figure out how to sign off of some God-awful fluff contained LISTSERV such as the Advanced Dungeons & Dragons list. The amount of damage you could cause in monetary value alone to an account would be horrendous. Some groups charge for connection time to the Internet -- admittedly, the fees are reasonable -- I've seen the price at about $2 per hour for communications. However, late at night, you could cause massive e-mail traffic on some poor sap's line that they might not catch. They don't have a way to shut this off, so they are basically screwed. Be WARY, though -- this sabotage could land you in deep shit. It isn't actually fraud, but it could be considered "unauthorized usage of equipment" and could get you a serious fine. However, if you are good enough, you won't get caught and the poor fucks will have to pay the fees themselves! Now let's investigate short-term VOLUME damage to an e-mail address. There are several anonymous FTP sites that exist out there with a service known as BIT FTP. This means that a user from Bitnet, or one who just has e-mail and no other network services, can still download files off of an FTP site. The "help" file on this is stored in Appendix C, regarding the usage of Digital's FTP mail server. Basically, if you wanted to fool the FTP Mail Server into bombarding some poor slob with an ungodly huge amount of mail, try doing a regular "fakemail" on the guy, with the enclosed message packet: > helo lycaeum.hfc.com > mail from: > rcpt to: > data > Received: by lycaeum.hfc.com (5.12/3.7) id AA10992; Fri 9 Oct 92 12:00:00 > Message-Id: <230.AA11891@lycaeum.hfc.com> > To: > Date: Fri, 09 Oct 92 12:00:00 > Title: Hey, I don't have THAT nifty program! > > reply dale@opus.tymnet.com > connect wuarchive.wustl.edu anonymous fistme@opus.tymnet.com > binary > get mirrors/gnu/gcc-2.3.2.tar.Z > quit > . What is particularly nasty about this is that somewhere between 15 and 20 megabytes of messages are going to be dumped into this poor guy's account. All of the files will be uuencoded and broken down into separate messages! Instead of deleting just one file, there will be literally hundreds of messages to delete! Obnoxious! Nearly impossible to trace, too! Part 2: E-MAIL AROUND THE WORLD Captain Crunch happened to make a telephone call around the world, which could have ushered in the age of phreak enlightenment -- after all, he proved that, through the telephone, you could "touch someone" anywhere you wanted around the world! Billions of people could be contacted. I undoubtedly pissed off a great number of people trying to do this e-mail trick -- having gotten automated complaints from many hosts. Apparently, every country has some form of NSA. This doesn't surprise me at all, I'm just somewhat amazed that entire HOSTS were disconnected during the times I used them for routers. Fortunately, I was able to switch computers faster than they were able to disconnect them. In order to send the e-mail, I couldn't send it through a direct path. What I had to do was execute UUCP style routing, meaning I told each host in the path to send the e-mail to the next host in the path, etc., until the last machine was done. Unfortunately, the first machine I used for sending the e-mail had a remarkably efficient router and resolved the fact that the target was indeed the destination. Therefore, I re-altered the path to a machine sitting about, oh, two feet away from it. Those two feet are meaningless in this epic journey. The originating host names have been altered as to conceal my identity. However, if we ever meet at a Con, I'll probably have the real print-out of the results somewhere and you can verify its authenticity. Regardless, most of this same shit will work from just about any typical college campus Internet (and even Bitnet) connected machines. In APPENDIX A, I've compiled a list of every foreign country that I could locate on the Internet. I figured it was relatively important to keep with the global program and pick a series of hosts to route through that would presumably require relatively short hops. I did this by using this list and trial and error (most of this information was procured from the Network Information Center, even though they deliberately went way the hell out of their way to make it difficult to get computers associated with foreign countries). My ultimate choice of a path was: lycaeum.hfc.com -- Origin, "middle" America. albert.gnu.ai.mit.edu -- Massachusetts, USA. isgate.is -- Iceland chenas.inria.fr -- France icnucevx.cnuce.cn.it -- Italy sangram.ncst.ernet.in -- India waseda-mail.waseda.ac.jp -- Japan seattleu.edu -- Seattle inferno.hfc.com -- Ultimate Destination The e-mail address came out to be: isgate.is!chenas.inria.fr!icnucevx.cnuce.cn.it!sangram.ncst.ernet.in! waseda-mail.waseda.ac.jp!seattleu.edu!inferno.hfc.com! rack@albert.gnu.ai.mit.edu ...meaning, first e-mail albert.gnu.ai.mit.edu, and let it parse the name down a line, going to Iceland, then to France, etc. until it finally reaches the last host on the list before the name, which is the Inferno, and deposits the e-mail at rack@inferno.hfc.com. This takes a LONG time, folks. Every failure toward the end took on average of 8-10 hours before the e-mail was returned to me with the failure message. In one case, in fact, the e-mail made it shore to shore and then came all the way back because it couldn't resolve the last hostname! That one made it (distance-wise) all the way around the world and half again. Here is the final e-mail that I received (with dates, times, and numbers altered to squelch any attempt to track me): > Return-Path: > Received: from sumax.seattleu.edu [192.48.211.120] by Lyceaum.HFC.Com ; 19 Dec 92 16:23:21 MST > Received: from waseda-mail.waseda.ac.jp by sumax.seattleu.edu with SMTP id > AA28431 (5.65a/IDA-1.4.2 for rack@inferno.hfc.com); Sat, 19 Dec 92 > 14:26:01 -0800 > Received: from relay2.UU.NET by waseda-mail.waseda.ac.jp (5.67+1.6W/2.8Wb) > id AA28431; Sun, 20 Dec 92 07:24:04 JST > Return-Path: > Received: from uunet.uu.net (via LOCALHOST.UU.NET) by relay2.UU.NET with SMTP > (5.61/UUNET-internet-primary) id AA28431; Sat, 19 Dec 92 17:24:08 - > 0500 > Received: from sangam.UUCP by uunet.uu.net with UUCP/RMAIL > (queueing-rmail) id 182330.3000; Sat, 19 Dec 1992 17:23:30 EST > Received: by sangam.ncst.ernet.in (4.1/SMI-4.1-MHS-7.0) > id AA28431; Sun, 20 Dec 92 03:50:19 IST > From: rack@lycaeum.hfc.com > Received: from shakti.ncst.ernet.in by saathi.ncst.ernet.in > (5.61/Ultrix3.0-C) > id AA28431; Sun, 20 Dec 92 03:52:12 +0530 > Received: from saathi.ncst.ernet.in by shakti.ncst.ernet.in with SMTP > (16.6/16.2) id AA09700; Sun, 20 Dec 92 03:51:37 +0530 > Received: by saathi.ncst.ernet.in (5.61/Ultrix3.0-C) > id AA28431; Sun, 20 Dec 92 03:52:09 +0530 > Received: by sangam.ncst.ernet.in (4.1/SMI-4.1-MHS-7.0) > id AA28431; Sun, 20 Dec 92 03:48:24 IST > Received: from ICNUCEVX.CNUCE.CNR.IT by relay1.UU.NET with SMTP > (5.61/UUNET-internet-primary) id AA28431; Sat, 19 Dec 92 17:20:23 > -0500 > Received: from chenas.inria.fr by ICNUCEVX.CNUCE.CNR.IT (PMDF #2961 ) id > <01GSIP122UOW000FBT@ICNUCEVX.CNUCE.CNR.IT>; Sun, 19 Dec 1992 23:14:29 MET > Received: from isgate.is by chenas.inria.fr (5.65c8d/92.02.29) via Fnet-EUnet > id AA28431; Sun, 19 Dec 1992 23:19:58 +0100 (MET) > Received: from albert.gnu.ai.mit.edu by isgate.is (5.65c8/ISnet/14-10-91); > Sat, 19 Dec 1992 22:19:50 GMT > Received: from lycaeum.hfc.com by albert.gnu.ai.mit.edu (5.65/4.0) with > SMTP id ; Sat, 19 Dec 92 17:19:36 -0500 > Received: by lycaeum.hfc.com (5.65/4.0) id ; > Sat, 19 Dec 92 17:19:51 -0501 > Date: 19 Dec 1992 17:19:50 -0500 (EST) > Subject: Global E-Mail > To: rack@inferno.hfc.com > Message-id: <9212192666.AA11368@lycaeum.hfc.com> > Mime-Version: 1.0 > Content-Type: text/plain; charset=US-ASCII > Content-Transfer-Encoding: 7bit > X-Mailer: ELM [version 2.4 PL5] > Content-Length: 94 > X-Charset: ASCII > X-Char-Esc: 29 > > This Electronic Mail has been completely around the world! > > (and isn't even a chain letter.) =============================================================================== APPENDIX A: List of Countries on the Internet by Root Domain (I tried to get a single mail router in each domain. The domains that don't have them are unavailable at my security clearance. The computer is your friend.) .AQ New Zealand .AR Argentina atina.ar .AT Austria pythia.eduz.univie.ac.at .BB Barbados .BE Belgium ub4b.buug.be .BG Bulgaria .BO Bolivia unbol.bo .BR Brazil fpsp.fapesp.br .BS Bahamas .BZ Belize .CA Canada cs.ucb.ca .CH Switzerland switch.ch .CL Chile uchdcc.uchile.cl .CN China ica.beijing.canet.cn .CR Costa Rica huracan.cr .CU Cuba .DE Germany deins.informatik.uni-dortmund.de .DK Denmark dkuug.dk .EC Ecuador ecuanex.ec .EE Estonia kbfi.ee .EG Egypt .FI Finland funet.fi .FJ Fiji .FR France inria.inria.fr .GB England .GR Greece csi.forth.gr .HK Hong Kong hp9000.csc.cuhk.hk .HU Hungary sztaki.hu .IE Ireland nova.ucd.ie .IL Israel relay.huji.ac.il .IN India shakti.ernet.in .IS Iceland isgate.is .IT Italy deccnaf.infn.it .JM Jamaica .JP Japan jp-gate.wide.ad.jp .KR South Korea kum.kaist.ac.kr .LK Sri Lanka cse.mrt.ac.lk .LT Lithuania ma-mii.lt.su .LV Latvia .MX Mexico mtec1.mty.itesm.mx .MY Malaysia rangkom.my .NA Namibia .NI Nicaragua uni.ni .NL Netherlands sering.cwi.nl .NO Norway ifi.uio.no .NZ New Zealand waikato.ac.nz .PE Peru desco.pe .PG New Guinea ee.unitech.ac.pg .PH Philippines .PK Pakistan .PL Poland .PR Puerto Rico sun386-gauss.pr .PT Portugal ptifm2.ifm.rccn.pt .PY Paraguay ledip.py .SE Sweden sunic.sunet.se .SG Singapore nuscc.nus.sg .TH Thailand .TN Tunisia spiky.rsinet.tn .TR Turkey .TT Trinidad & Tobago .TW Taiwan twnmoe10.edu.tw .UK United Kingdom ess.cs.ucl.ac.uk .US United States isi.edu .UY Uruguay seciu.uy .VE Venezuela .ZA South Africa hippo.ru.ac.za .ZW Zimbabwe zimbix.uz.zw =============================================================================== APPENDIX B: Basic SMTP Commands > HELO Tells mail daemon what machine is calling. This will be determined anyway, so omission doesn't mean anonymity. > MAIL FROM: Tells where the mail came from. > RCPT TO: Tells where the mail is going. > DATA Command to start transmitting message. > QUIT Quit mail daemon, disconnects socket. > NOOP No Operation -- used for delays. > HELP Gives list of commands -- sometimes disabled. > VRFY Verifies if a path is valid on that machine. > TICK Number of "ticks" from connection to present ("0001" is a typical straight connection). =============================================================================== APPENDIX C: BIT-FTP Help File ftpmail@decwrl.dec.com (Digital FTP mail server) Commands are: reply Set reply address since headers are usually wrong. connect [HOST [USER [PASS]]] Defaults to gatekeeper.dec.com, anonymous. ascii Files grabbed are printable ASCII. binary Files grabbed are compressed or tar or both. compress Compress binaries using Lempel-Ziv encoding. compact Compress binaries using Huffman encoding. uuencode Binary files will be mailed in uuencoded format. btoa Binary files will be mailed in btoa format. ls (or dir) PLACE Short (long) directory listing. get FILE Get a file and have it mailed to you. quit Terminate script, ignore rest of mail message (use if you have a .signature or are a VMSMAIL user). Notes: -> You must give a "connect" command (default host is gatekeeper.dec.com, default user is anonymous, default password is your mail address). -> Binary files will not be compressed unless "compress" or "compact" command is given; use this if at all possible, it helps a lot. -> Binary files will always be formatted into printable ASCII with "btoa" or "uuencode" (default is "btoa"). -> All retrieved files will be split into 60KB chunks and mailed. -> VMS/DOS/Mac versions of uudecode, atob, compress and compact are available, ask your LOCAL wizard about them. -> It will take ~1-1/2 day for a request to be processed. Once the jobs has been accepted by the FTP daemon, you'll get a mail stating the fact that your job has been accepted and that the result will be mailed to you. _______________________________________________________________________________ ==Phrack Inc.== Volume Four, Issue Forty-One, File 5 of 13 Pirates Cove By Rambone Welcome back to Pirates Cove. News about software piracy, its effects, and the efforts of the software companies to put and end to it are now at an all time high. Additionally, there is an added interest among the popular media towards the other goings-on in the piracy underworld. Additionally over the past few months there have been several major crackdowns around the world. Not all of the news is terribly recent, but a lot of people probably didn't hear about it at the time so read on and enjoy. If you appreciate this column in Phrack, then also be sure to send a letter to "phracksub@stormking.com" and let them know. Thanks. _______________________________________________________________________________ More Than $100,000 In Illegal Software Seized ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ WASHINGTON -- (BUSINESS WIRE) -- Illegal software valued in excess of $100,000 was seized from an electronic bulletin board computer system (BBS) headquartered in Baltimore, Maryland, marking the first U.S. case for the Business Software Alliance (BSA) against a BBS for pirating software. The BSA previously initiated an enforcement campaign against illegal bulletin boards in Europe and is investigating illegal boards in Asia. As part of the U.S. seizure, more than $25,000 worth of hardware was confiscated in accordance with the court order, and the BBS, known as the APL, is no longer in operation. Investigations conducted over the past several months found that, through the APL BBS, thousands of illegal copies have been made of various software programs. Plaintiffs in the case include six business software publishers: ALDUS, Autodesk, LOTUS Development, MICROSOFT, NOVELL, and WordPerfect. The action against APL was for allegedly allowing BBS users to upload and download copyrighted programs. Nearly 500 software programs were available for copying through the APL BBS, an infringement of software publishers' copyright. In addition, BSA seized APL's business records which detail members' time on the BBS and programs uploaded and/or copied. BSA is currently reviewing these records for possible additional legal action against system users who may have illegally uploaded or downloaded copyrighted programs. "Electronic bulletin boards create increasingly difficult problems in our efforts to combat piracy," according to Robert Holleyman, president of the BSA. "While bulletin boards are useful tools to enhance communication channels, they also provide easy access for users to illegally copy software," Holleyman explained. Strict federal regulations prohibit the reproduction of copyrighted software. Legislation passed this year by the U.S. Congress contains provisions to increase the penalties against copyright infringers to up to five years imprisonment and a $250,000 fine. The APL investigation, conducted by Software Security International on behalf of the BSA, concluded with a raid by Federal Marshals on October 1, 1992. In addition to the six business software publishers, the BSA action was taken on behalf of Nintendo. Bulletin boards have grown in popularity over the past several years, totaling approximately 2000 in the United States alone. Through a modem, bulletin board users can easily communicate with other members. The BSA has recently stepped up its worldwide efforts to eradicate the illegal copying of software which occurs on some boards. The BSA is an organization devoted to combating software theft. Its worldwide campaign encompasses education, public policy, and enforcement programs in more than 30 countries. The members of the BSA include: ALDUS, APPLE COMPUTER, Autodesk, LOTUS Development, MICROSOFT, NOVELL, and WordPerfect. The BSA operates an Anti-piracy Hotline (800-688-2721) for callers seeking information about software piracy or to report suspected incidents of software theft. CONTACT: Diane Smiroldo, Business Software Alliance, (202)727-7060 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Only The Beginning ~~~~~~~~~~~~~~~~~~ The bust of APL BBS had made unprecedented impacts in the pirate world because of the implications behind the actual arrest. Business Software Alliance (BSA), representing many major business software companies along with Nintendo, joined forces to hit APL very hard. They joined forces to permanently shut down APL and are, for the first time, trying to pursue the users that had an active role in the usage of the BBS. Trying to figure out who had uploaded and downloaded files through this BBS and taking legal recourse against them is a very strong action and has never been done before. One of the major problem I see with this is how do they know if what the records show was the actual user or someone posing as another user? Also, how could they prove that an actual program was downloaded by an actual user and not by someone else using his account? What if one user had logged on one time, never called back, and someone else had hacked their account? I'm also sure a sysop has been known, on occasion, to "doctor" someone's account to not allow them to download when they have been leeching. The points I bring up are valid as far as I am concerned and unless the Secret Service had logs and phone numbers of people actually logged on at the time, I don't see how they have a case. I'm sure they have a great case against the sysop and will pursue the case to the highest degree of the law, but if they attempt to arrest users, I foresee the taxpayers' money going straight down the drain. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - BSA Hits Europe ~~~~~~~~~~~~~~~ The Business Software Alliance reached their arms out across the Atlantic and landed in Germany. Along with Interpol and the local police, they proceeded to take down 80% of the boards in Berlin. One of the contributing factors in these busts was that the majority of the boards busted were also involved in toll fraud. Until recently, blue boxing was the predominate means of communication with the United States and other countries in Europe. When most of these sysops were arrested, they had been actively blue boxing on a regular basis. Unfortunately, many parts of Germany had already upgraded their phone system, and it became very risky to use a blue box. It didn't stop most people and they soon became easy targets for Interpol. The other means of LD usage for Germans was AT&T calling cards which now are very common. The local police along with the phone company gathered months of evidence before the city wide sweep of arrests. The busts made a bigger impact in Europe than anyone would have imagined. Some of the bigger boards in Europe have been taken down by the sysops and many will never go back up. Many sysops have been arrested and fined large amounts of money that they will be paying off for a long time. BSA, along with local police and Interpol, has done enough damage in a few days that will change European Boards for a long time. _______________________________________________________________________________ IBM: Free Disks For The Taking ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In a vain effort to increase sales, IBM decided to send out 21 high density diskettes to anyone who called. On these diskettes was a new beta copy of OS/2 Version 2.1. They were hoping to take a cheap way out by sending a few out to people who would install it and send in beta reports. What they got was thousands of people calling in when they heard the word who were promptly Fed Ex'ed the disks overnight. The beta was not the concern of most, just the diskettes that were in the package. The actual beta copy that was sent out was bug ridden anyway and was not of use on most systems. When IBM finally woke up and figured out what was going on, they had already sent out thousands of copies. Some even requested multiple copies. IBM then proceeded to charge for the shipment and disks, but it was way too late, and they had gone over budget. Way to go IBM, no wonder your stock has plummeted to $55 a share. _______________________________________________________________________________ Users Strike Back At U.S. Robotics ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Since 1987, U.S. Robotics (USR) has been a standard among sysops and many end users. With the loyal following also came terrible customer service and long delays in shipments. Their modems, being in as much demand as they are, soon showed the results of shortcuts in the manufacture of certain parts in some of the more popular modems. The most infamous instance of this happening was the Sportster model which was a V.32bis modem which could be bought at a much lower price than that of the Dual Standard. The catch was that they cut some corners and used that same communication board for both the Sportster and the Dual Standard. They assumed they could save money by using the same board on both modems. Boy were they wrong. All that was done to the Sportster was to disable the HST protocol that would make it into a Dual. With the proper init string, one could turn a Sportster, ROM version 4.1, into a full Dual in the matter of seconds and have spent 1/3 of the price of a full Dual Standard. This outraged USR when they found out. They first denied that it could be done. When they found out that it had gotten too wide-spread and could not be stopped, they then proceeded to tell the public it was a copyright infringement to use the "bogus" init string and threatened to sue anyone who attempted to use it. Most people laughed at that idea and continued to use it while giving "the bird" to USR. Some vendors are now even trying to make a buck and sell Sportsters at a higher price, and some are even selling them as Duals. Obviously, they have now discontinued making the Sportsters the cheap way and are now making two separate boards for both modems. The versions with the ROM 4.1 are still floating around, can be found almost anywhere, and will always have the capabilities to be run as a full Dual. Better watch out though. The USR police might come knocking on your door . _______________________________________________________________________________ Warez Da Scene? ~~~~~~~~~~~~~~~ Over the last 6 months there have been several changing of hands in the major pirate groups. One person who supplies them has bounced to 3 groups in the last four months. One group fell apart because of a lack of support from the major members, but is making a valiant comeback. And yet another has almost split into two like AT&T stock. We'll have to see what comes of that. While only about 15% or so actually doing anything for the scene, the other 85% seem to complain and bitch. Either the crack doesn't work or someone forgot to put in the volume labels. Jesus, how much effort does it take to say, "Hey, thanks for putting this out, but...". The time and effort it takes to acquire the program, check to see if it needs to be cracked, package it, and have it sent out to the boards is time- and money-consuming and gets very little appreciation by the majority of the users around the world. Why not see some users send in donations to the group for the appreciation it takes to send the files out? Why not see more users volunteer to help courier the programs around? Help crack them? Make some cheats, or type of some docs? Be a part of the solution instead of the problem. It would create less headaches and gain more respect from the members who take the time and effort to make this all possible. _______________________________________________________________________________ Review Of The Month ~~~~~~~~~~~~~~~~~~~ I usually type up a review of the best program I have seen since the last issue, but since I was so disappointed with this game, I have to say something about it. ___________________________________________________________________________ | | | RELEASE INFORMATION | |___________________________________________________________________________| | | | Supplied by : ACTION MAN & MUNCHIE ...................................... | | Cracked by : HARD CORE ................................................. | | Protection : Easy Password ............................................. | | Date : 16th December 1992 (Still 14 days left!) .................. | | Graphics : ALL ....................................................... | | Sound : ALL ....................................................... | | Game Size : 5 1.44Mb disks , Installation from floppies ............... | |___________________________________________________________________________| One of the most awaited games of the year showed up at my doorstep, just itching to be installed: F15-]I[. I couldn't wait to get this installed on the hard drive and didn't care how much space it took up. I was informed during installation that the intro would take up over 2 megs of hard drive space, but I didn't care. I wanted to see it all. Once I booted it and saw the intro, I thought the game would be the best I had seen. Too bad the other 8 megs turned out to be a waste of hard drive space. I started out in fast mode, getting right up in the skies. Too bad that's the only thing on the screen that I could recognize. Zooming down towards the coast, I noticed that it looked damn close to the land and, in fact, it might as well have been. The ocean consist of powder blue dots and had almost the same color consistency as the land. Not finding anything in the air to shoot at, I proceeded to shoot a missile at anything that I thought would blow up. This turned out to be just about everything, including bridges. Let a few gunshots loose on one and see a large fireworks display like you dropped a nuclear bomb on it. Close to 3 hours later, I finally found a jet, got it into my sights and shot 3 missiles at it. A large explosion, another one, and then he flew past me without even a dent showing. I shot my last 2 at it, same result. Thus my conclusion: the Russians must have invincible planes. Either that or F-15 ]I[ has some major bugs. I'll take a wild guess and say, hmm, bugs. This game is not worth the box it comes in and I would not suggest anyone, outside of a blind person, from purchasing this. I hate ratings but I'll give it a 2/10. The 2 is for modem play, which is not bad, but not good enough. _______________________________________________________________________________ Piracy's Illegal, But Not The Scourge It's Cracked Up To Be August 9, 1992 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ By T.R. Reid and Brit Hume (Chicago Tribune)(Page 7) The software industry has embarked on one of its periodic public relations campaigns to get people to believe it's being robbed blind by software pirates. Even The New York Times took the claims seriously and ran a front-page story illustrated by a picture of a cheerful computer hacker wearing a Hawaiian shirt sitting in his basement surrounded by PCs and awash in piles of disks, many of them containing bootleg programs. With a straight face, the Times reported the industry's claim that in 1990, the last year for which figures are available, programs worth $2.4 billion were pirated, an amount equal to nearly half the industry's total sales of $5.7 billion. In fact, the software industry has no way of knowing how much it lost to illegal copying, but the $2.4 billion figure is almost certainly rot. Here's why. It is true that it's a snap to make an "illegal" copy of a computer program and equally true that the practice is rampant. You just put a disk in the drive, issue the copy command, and the computer does the rest. But there is simply no way the software industry can estimate accurately how many illegal copies there are, and even if it could, it couldn't possibly determine how many of them represent lost sales. It does not follow that every time somebody makes a bootleg copy, the industry loses a sale. That would be true only if the software pirate would have paid for the program had he or she not been able to get it for free. Indeed, some of those illegal copies undoubtedly lead to actual sales. Once users try a program, particularly a full-scale application such as a word processor or database, and like it, they may decide they need the instruction book and want to be able to phone for help in using the program. The only way to get those things is to buy the software. If that sounds pie-in-the-sky, consider that an entire branch of the industry has developed around just that process. It's called shareware -- software that is offered free to try. If you like it, you are asked to buy it. In return, you get a bound manual and telephone support. The word processor with which this column was written, PC-Write, is such a program. So is the telecommunications program by which it was filed, ProComm. These programs were both developed by talented independent software developers who took advantage of the unprecedented opportunity the personal computer provided them. All they needed was a PC, a desk, a text editor and a special software tool called a "compiler." A compiler translates computer code written in a language such as Basic, C or Pascal into the binary code that the computer can process. Once they had written their programs, they included a set of instructions in a text file and a message asking those who liked the software to pay a fee and get the benefits of being a "registered" user. They then passed out copies to friends, uploaded them to computer bulletin boards and made them available to software libraries. Everyone was encouraged to use the software -- and to pass it on. The ease with which the programs can be copied was, far from a problem for these developers, the very means of distribution. It cost them nothing and they stood to gain if people thought their program good enough to use. And gain they have. Both PC-Write and ProComm have made a lot of money as shareware, and advanced versions have now been released through commercial channels. The point here is not that it's okay to pirate software. It's not, and it's particularly dishonest to use a stolen program for commercial purposes. The practice of buying one copy for an entire office and having everybody copy it and use the same manual is disgraceful. Software may be expensive, but it's a deductible business expense and worth the price. At the same time, it's not such a bad thing to use an unauthorized copy as a way of trying out a program before you buy it. The shareware industry's success has proved that can even help sales. _______________________________________________________________________________ No Hiding From The Software Police October 28, 1992 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ By Elizabeth Weise (The Seattle Times)(Page B9)(Associated Press) One call to the Piracy Hotline is all it takes for the Software Police to come knocking at your computers. Parametrix Inc. of Seattle found that out last year when the Software Police, also known as the Software Publishers Association, showed up with a search warrant and a U.S marshal to audit their computers. The search turned up dozens of copies of unauthorized software programs and meant a penalty of $350,000 for Parametrix. The SPA says too many companies "softlift" -- buying only one copy of a program they need and making copies for as many computers as they have. It seems so easy -- and it's just as easy to get caught. "It only takes one phone call to the 800 number to get the ball rolling. Anyone taking that chance is living on borrowed time," said Peter Beruk, litigation manager for the Washington D.C.-based SPA. "You can run, but you can't hide." And the stakes are getting higher. A bill is before President Bush that would elevate commercial software piracy from a misdemeanor to a felony. The law would impose prison terms of up to five years and fines of up to $250,000 for anyone convicted for stealing at least 10 copies of a program, or more than $2,500 worth of software. Those in the computer industry say softlifting will be hard to prevent unless programmers are better policed. AutoDesk Retail Products in Kirkland has met obstacles in educating its staff on the law. AutoDesk makes computer-assisted drawing programs. "The problem is that you end up employing people who don't want to follow convention," AutoDesk manager John Davison said. "We hire hackers. To them it's not stealing, they just want to play with the programs. "You got a computer, you got a hacker, you got a problem." Bootlegging results in an estimated loss of $2.4 million to U.S. software publishers each year, Beruk said. That's out of annual sales of between $6 billion and $7 billion. "For every legal copy of a program sold, there's an unauthorized copy of it in use on an everyday basis," Beruk said. As SPA and its member companies see it, that's theft, plain and simple. SPA was founded in 1984. One of its purposes: to enforce copyright infringement law for software manufacturers. Since then it has conducted 75 raids and filed about 300 lawsuits, Beruk said. Several of the larger raids have been in the Northwest. The SPA settled a copyright lawsuit against Olympia-based U.S. Intelco for $50,000 in May. Last year, the University of Oregon Continuation Center in Eugene, Oregon, agreed to pay $130,000 and host a national conference on copyright law and software use as part of a negotiated settlement with SPA. The tip-off call often comes to SPA's toll-free Piracy Hotline. It's often disgruntled employees, or ex-employees, reporting that the company is running illegal copies of software programs, Beruk said. At Parametrix, an investigation backed up the initial report and SPA got a search warrant, Beruk said. President Wait Dalrymple said the company now does a quarterly inventory of each computer. The company brings in an independent company once a year to check for unauthorized programs. Softlifting, Dalrymple said, can be an easy tangle to get into. "Our company had had extremely rapid growth coupled with similar growth in the number of computers we use," he said. "We had no policy regarding the use of our software and simply didn't control what was happening." Making bootleg copies of software is copyright infringement, and it's as illegal -- and as easy -- as copying a cassette tape or a video tape. The difference is in magnitude. A cassette costs $8, a video maybe $25, while computer programs can cost hundreds and even thousands of dollars. Audio and video tapes come with FBI warnings of arrest for illegal copying. Software comes with a notice of copyright penalties right on the box. But despite such threats, softlifting isn't taken seriously, said Julie Schaeffer, director of the Washington Software Association. "It's really in the same arena of intellectual property," Schaeffer said. "But people don't think about the hours and hours of work that goes into writing a program." The Boeing Co. in Seattle is one company that tries hard not to break the law. It has a department of Software Accountability, which monitors compliance with software licensing. AutoDesk resorts to a physical inventory of the software manuals that go with a given program. If programmers don't have the manuals in their work cubicles, they can be fined $50. The SPA itself said the problem is more one of education than enforcement. "Because copying software is so easy and because license agreements can be confusing, many people don't realize they're breaking the law," the SPA said. Feigning ignorance of the law doesn't help. With Microsoft products, a user is liable as soon as the seal on a package of software is broken. "At that point you've agreed to Microsoft's licensing agreement under copyright law," Microsoft spokeswoman Katy Erlich said. "It says so right on the package." _______________________________________________________________________________ Teenage Pirates and the Junior Underworld December 11, 1992 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ by Justin Keery (The Independent)(Page 31) "By the end of the year, any schoolboy with a computer who wants Sex will get it." The first print-run of 100,000 copies of Madonna's Sex has sold out. A further 120,000 will be printed before Christmas, and bookshops have ordered every last one. But parents beware... around 5,000 school children have their own copy, and the number is growing rapidly as floppy disks are circulated in playgrounds. Viewing the disk edition on a computer reveals television-quality images from the book -- the text, it seems, is deemed superfluous. In disk form the pictures can be copied and traded for video games, credibility or hard cash in a thriving underground marketplace. By the end of the year, any schoolboy with a computer who wants Sex will get it. The unlucky will catch a sexually transmitted disease in the process -- the Disaster Master virus, found on the Independent's copy. Sex is a special-interest area in the thriving junior underworld of software trading. Circulation of Madonna's pictures among minors with neither the budget nor the facial hair to buy Sex gives Madonna's publishers little cause to fear loss of sales. Neither Secker & Warburg in London nor Time-Warner in New York knew of the unofficial digital edition. But the publishers of computer video games have much to lose from playground transactions. Sex is not doing a roaring trade, said one schoolboy trader. Video games, with price-tags of up to pounds 40, are what every child wants, but few can afford. But who needs to buy, when your classmates will trade copies of the latest titles for another game, a glimpse of Madonna or a humble pound coin? Games disks are usually uncopyable. Skilled programmers "crack" the protection, as an intellectual challenge and a way of gaining respect in an exclusive scene, add "training" options such as extra lives, and post this version on a computer bulletin board -- a computer system attached to a telephone line where people log in to trade their "wares". Most bulletin boards (BBSs) are friendly places where computer freaks exchange tips, messages and "public domain" programs, made available by their authors free of charge. But illegitimate operators, or SysOps, look down on "lame" legal boards, and "nuke" any public domain material submitted to their systems. The larger pirate boards are the headquarters of a cracking group -- often in a 15-year-old's bedroom. There are perhaps 100 in Britain. Cracked games and "demos" publicize phone numbers, and a warning is issued that copyright software should not be posted --a disclaimer of questionable legality. New members are asked if they represent law enforcement agencies. According to a warning message on one board, at least one BBS in the United States is operated by the FBI. Your account at a board may not allow you to download until you upload wares of sufficient quality. Games are considered old after a week, so sexy images, "demos" or lists of use to hackers are an alternative trading commodity. Available this week, as well as Madonna, are: "lamer's guide to hacking PBXs", "Tex" and "Grapevine" -- disk magazines for pirates; and demos -- displays of graphical and sound programming prowess accompanied by bragging messages, verbal assaults on rival factions and advertisements for BBSs. According to a former police officer, the recipes for LSD and high explosives have circulated in the past. The board's "download ratio" determines how many disks are traded for every contribution -- usually two megabytes are returned for every megabyte contributed. "Leech accounts" (unlimited access with no quotas) are there for those foolish enough to spend between pounds 1 and pounds 60 per month. But children can sign on using a pseudonym, upload a "fake" -- garbage data to increase their credit -- then "leech" as much as possible before they get "nuked" from the user list. The "modem trader" is a nocturnal trawler of BBSs, downloading wares, then uploading to other boards. Current modem technology allows users to transfer the contents of a disk in 10 minutes. A "card supplier" can provide a stolen US or European phone credit card number. The scene knows no language barriers or border checks, and international cross-fertilization adds diversity to the software in circulation. Through the unsociable insomniac trader, or the wealthier "lamer" with a paid- up "leech account," games reach the playground. The traders and leeches gain extra pocket money by selling the disks for as little as pounds 1, and from there the trade begins. Some market-traders have realized the profit potential, obtaining cracked software through leech accounts and selling the disks on stalls. Sold at a pocket-money price of pounds 1 per disk, many games reach schools. The trading of copyright software is illegal but the perpetrators stand little chance of getting cau