####################################### # # # # # ======== =\ = ====== # # == = \ = = # # == = \ = ====== # # == = \ = = # # == = \= ====== # # # # # # # # ''''''''''''''''''''' # # # # # # > Written by Dr. Hugo P. Tolmes < # # # # # ####################################### Issue Number: 11 Release Date: November 19, 1987 This issue will continue from where it left off in issue #10. Issue #10 detailed the bust of Shadow Hawk. This issue will now continue with more details and explanations of Shadow Hawk's bust. This issue is a continuation of the explanations in issue #10. All of the quoted material in this section of issue #11 comes from the article printed in issue #10. What follows the quoted material from the article is an explanation of that part of the article. ====================================== "a computer break-in at the Bell Labs computer in Naperville was discovered and a record of the intruder's telephone number was spotted"- The computer system at Bell Labs in Naperville, Illinois obviously has CLID (Calling Line Identification) on the line and it made a record of Shadow Hawk's call. The Bell Labs area at Naperville is a three-building complex near Naperville and Warrenville Roads. According to a later article in the Chicago Tribune (the same newspaper that wrote the story of Shadow Hawk's bust), "Research into this technology of routing is essentially what Bell Laboratories in Naperville is all about." ====================================== "Illinois Bell then began using a device known as a dial number recorder to log all calls made from the telephone number"- The DNR (Dialed Number Recorder) was placed on Shadow Hawk's line after his break-in at the Bell Labs computer was detected. ====================================== The computers that the article listed as trying to break into or having broken into are as follows: - Bell Laboratories Facility in Naperville, Illinois - NATO Maintenance and Supply Headquarters in Burlington, N.C. - Robins Air Force Base in Georgia - Washington Post Newspaper (attempted) - A hospital in South Bend, Indiana (attempted) - various attempts at computers in Columbus, Ohio; Rye, N.Y.; and Pipe Creek, Texas $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ This bust was not Shadow Hawk's first. In August of 1986, Shadow Hawk was busted for hacking into an RSTS/E system. His house was raided and they confiscated disks and printouts. Here is the post where he describes his bust. The post comes from Pirate-80 at (304) 744-2253. Msg#:28639 *[Communications]* 08/11/86 20:21:49 (Read 33 Times) From: SHADOW HAWK 1 To: ALL Subj: ALL SORTS OF THINGS Well, you guys are not going to believe this... I got BUSTED... Yep. I dont recall whether or not I posted them here, but thn the 312-454 exchange... They didn't seem to like myself and others playing around in their system... Well, to make a long story short, they really didnt get any useful information out of myself (other than printouts of all my scans, and a dump of a few messages from a local board... nothing serious) Anyway, 2 days later my modem fried, and now I'm using an INMAC 1200 I picked up for $40 at a hamfest (but it doesnt work right, shit.) Well anyway, heres some shit: See if you guys can hack this unix, I cant do any major hacking for a while-- (the cops have some deal with illinois bell now where they can check on all the #'s I call... gay) 930-XXXX-XXXX,XXXX-XXXX,XXXX-XXXX,XXXX-XXXX,XXXX-XXXX,XXXX-XXXX,XXXX-XXXX,XXXX- XXXX,XXXX-XXXX are all this one unix... I cant hack it at all, its gay. Heres a ROLM CBX: 930-XXXX, and an HP-x000: 930-XXXX... this responded with "ESS - HIT RETURN TO LOGIN" after I typed a shitload of ctrl-chars, but I cant get it to do that anymore--930-XXXX... AC-SAT 11.06 - DB 11.05 - AL 87A will be printed if you call 930-XXXX... heres a unix I could get into: 930-XXXX-XXXX, login root login top login oldsh login backup no password for any of them. On all xcept backup, check out the file RSTSHELL... interesting... also README... try 930-XXXX for a weird experience 310-XXXX is another stubborn unix 310-XXXX login guest (those were all (312) area, sorry!!!) 201-265-XXXX login sys 914-945-XXXX login Uback password idontcare thats the gay uucp login, see what you can do with it... I would have more, but, what the fuck, I'M BUSTED. Oh yeah, the peoples who's rsts's I ravaged arent gonnapress harges. goodie. Don't worry, youre safe, (_>Sh1<_) P.s. anyone know the # for INMAC? oh yeah, one more thing, at the hamfest where I got the modem, i got a diverter for $10... pulse... oh well, it sucks. As you might have noticed, Shadow Hawk remarked how the police had some sorta deal "with illinois bell now where they can check on all the #'s I call" which might refer to an earlier DNR that was placed on his line all the way back in June of 1986. Of course, this isn't the same DNR (Dialed Number Recorder) that was on his line (which is apparent in the article). The numbers listed in the post have been edited out and replaced with x's. The "xxxx" is actually the suffix (x-ed out). The people whose system Shadow Hawk hacked into did not press charges and nothing really ever happened because of this bust. $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ As a result of all the publicity on Phreak Klass, it issued a disclaimer before logging on. The following disclaimer was posted after the news on Shadow Hawk's bust was printed by the news media: DISCLAIMER: THIS BBS IS A PRIVATE SYSTEM. ANY UNAUTHORIZED ACCESS ATTEMPTS CONSTITUTE A VIOLATION OF THE 1986 FED COMPUTER CRIME LAW AND ARE PUNISHABLE BY BOTH CIVIL AND CRIMINAL REMEDIES. THE INFORMATION MADE AVAILABLE ON THIS BBS IS FOR INFORMATIONAL AND EDUCATIONAL USES ONLY. WNSIBLE FOR ANY MISUSE OF SAID CONTAINED INFORMATION. ANY WILLFUL MISUSE OR CRIMINAL ACTS ARE THE RESPONSIBILITY SOLELY OF THE USER AND WE ASSUME NO LIABILITY FOR ANY ACTIONS OF THE USER. ALL INFORMATION CONTAINED HEREIN THIS COMPUTER BULLETIN-BOARD SYSTEM IS COPYRIGHTED AND PROTECTED BY THE LAWS OF THE UNITED STATES. ANY UNAUTHORIZED ACQUISITION, COPYING, DUPLICATING, DISTRIBUTION, REPRODUCTION, DISPLAY, IMAGE, DIPICITION, STORAGE IN ANY MEDIUM, IN VIDEO, AUDIO, ELECTRONIC, OR PAPER CONSTITUTES A VIOLATION OF BOTH CRIMINAL AND CIVIL COPYRIGHT INFRINGEMENT LAWS AND WILL SUBJECT THE UNAUTHORIZED USER TO BOTH CIVIL AND CRIMINAL PENALTIES, PUNISHABLE BY LAW. WITH USE OF SYSTEM PASSWORD YOU HEREBY AGREE TO THE TERMS OF THIS CONTRACT AND SHALL BE HELD LIABLE FOR ANY MISUSE OF SAID CONTAINED INFORMATION AND WILL EXPOSE YOU TO BOTH CIVIL AND CRIMINAL PENALTIES UNDER THE LAW. ANY UNAUTHORIZED OR MISUSE OF VALID LOGON AND PASSWORDS CONSTITUTES BOTH CIVIL AND CRIMINAL VIOLATIONS AND ARE PUNISHABLE UNDER LAW. @1987 PHREAK KLASS 2600 BBS PK2600 AND PHREAK KLASS 2600 ARE COPYRIGHT OF RICH LEVENSON (SYSOP) DO YOU FULLY AGREE TO THE TERMS STATED ABOVE [Y/N]: Y LOGIN: EDUCATE ENTER PASSWORD [OR 'NEW']: ------- Although this might slightly deter any security agents from calling, the bulletin board is still very public and will allow new users. Please feel free to call. Phreak Klass is meant to be a place for people to learn more about the world of phreaking and hacking. If you want to learn, call Phreak Klass. (806) 799-0016 LOGIN: EDUCATE Now this issue will continue with another article cocerning Shadow Hawk's bust. $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ CHICAGO (AP)- Federal investigators are wading through piles of printouts to assess damage caused by "Shadow Hawk," a teen-age computer buff who used AT&T systems to tap into NATO and Air Force telephone networks, a prosecutor said Thursday. Secret Service agents who raided the North Side home of the 17-year-old "hacker" confiscated three computers and software stolen through telephone company systems, said William J. Cook, an assistant U.S. attorney. He would not speculate on any motive for the teen-ager, who used "Shadow Hawk" as a code name, but said some hackers like to see how far they can go with their machines. A decision on whether to charge the teen-ager will be made after the stolen materials are analyzed, Cook said. Agents have been working full-time since the Sept. 4 raid printing out "the enormous quantity of material stored in his computers," he said. National security was not seriously jeopardized by the theft of material from an AT&T computer at NATO Maintenance and Supply Headquarters in Burlington, N.C., Cook said. But he declined to comment on the nature of information taken from Robins Air Force Base in Georgia. AT&T put the value of its stolen software, some of which is not yet on the market, at more than $1 million, Cook said. The teenager also is suspected of revealing vices over a computer network in Texas that is used as a kind of bulletin board for hackers, he said. The network, called "Phreak Class-2600," exists only "to educate computer enthusiasts ... to penetrate industrial and government sector computer systems," said Cook. Authorities said they were led to the teen-ager partly through messages he left on the Texas network, bragging of having gained access to the AT&T computer files. Kathryn Clark, a spokeswoman for AT&T, said the company's security systems were triggered by Shadow Hawk's computer break-ins. There was no physical break-in, Cook said. The computer programs and other information were obtained by tapping into systems by telephone, using another computer. Shadow Hawk penetrated AT&T computers by disguising his own computer as a telephone company computer, he said. "Once entering the system, he would have his computer talk to the phone company computers and cause the computer at some remote spot to transfer files to ... Bell Labs in Naperville," a Chicago suburb, Cook said. Then the youth would transfer the information in the Bell computer into his own computer, said the prosecutor. An analysis of long-distance calls made from the youth's telephone indicates he also tried to enter computers at the accounts-payable department of The Washington Post and and other businesses, the prosecutor said. A 17-year-old is considered a juvenile, Cook said, and if investigators believe charges are warranted, the Justice Department would be petitioned for permission or the case could be turned over to local officials for prosecution under state law. $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ NOTA: This article just explains some more on the bust of Shadow Hawk. The newspaper put in the details on how Shadow Hawk received the files for the average reader who would not know of such things. The article gave a little more info on the raid on Shadow Hawk's house. As stated the the article, the SS (Secret Service) confiscated three computers along with disks and printed material. It is likely to assume that they confiscated disks containing hack/phreak information and the stolen software. Shadow Hawk was known to have hundreds of K worth of unixes. They most likely also obtained his passwords to all boards and other such materials. Any further updates on Shadow Hawk's bust will be noted in later issues of TNS. $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ TITLE: US Sprint Sues "Ring" of Hackers for $20 Million FROM: Los Angeles Times DATE: US Sprint said Friday that it has filed three lawsuits seeking more than $20 Million for losses from a multistate ring of commputer hackers who allegedly stole long-distance telephone service using illegally obtained authorization codes. The complaints, filed Thursday in U. S. courts in Los Angeles, Seattle and Kansas City, Mor., are evidence of yet more woes plaguing the fast-growing long-distance telephone company. Kaprint, a joint venture of GTE Corp. and United Telecommunications Inc., has been plagued by thousands of customer-billing problems that contributed to a $76-million loss in its second quarter and the departure of the firm's president. Sprint spokesman Syd Courson said the alleged ring used computer equipment to identify Sprint long-distance authorization codes, the numbers that customers dial in some circumstances use the long distance system. $20 MILLION IN CALLS Once the ring obtained the codes, Courson said, it placed more than $20 million worth of long-distance calls on the sprint network, with the calls billed to the parties actuallly assigned the codes. Some of the stolen codes were sold to business users through elaborate marketing programs, he said. Defendants named in the lawsuits include: Gyan P. Syal and Karlheinz Mueller of Los Angeles area; Paul Lindahl, Ralph Purdy III and Kenneth J. Sheridan, all of the San Fransisco area, and Frederick M. Deneffe III and Burton Leroy Andrews of Portland, Ore., area, Sprint said. The defendants allegedly conducted business under varrious company names, including United Systems, California Discalland Hello America, the suit charged. Criminal charges previously were filed against some of the defendants by federal authorities, Sprint said. $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$