####################################### # # # # # ======== =\ = ====== # # == = \ = = # # == = \ = ====== # # == = \ = = # # == = \= ====== # # # # # # # # ''''''''''''''''''''' # # # # # # > Written by Dr. Hugo P. Tolmes < # # # # # ####################################### Issue Number: 17 Release Date: December 24, 1987 On certain bulletin boards there has been alot of discussion on the security measures at ITT. Here are just a few messages from certain boards. $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ Msg#:30056 *Chronicle Msgs* 12/04/87 10:38:39 (Read 21 Times) From: THE FALCON To: SINGLE SIDEBAND (Rcvd) Subj: ITT I have heard through a very respectable grapevine that ITT will be changing it's format to 13 digits. My guess would be NPA+PRE+SUF+ 3 digit PIN, however we will just have to wait and see. If my guess is correct its not that big of a deal to us, just a matter of scanning 7 digits instead of 6. The Falcon Msg#:30060 *Chronicle Msgs* 12/04/87 22:08:22 (Read 20 Times) From: THE FALCON To: ALL Subj: ITT Everyone pay heed! It seems our trusty favorite, ITT is changing it's format as of the 13th or something. They will be going to 13 digits. Seems everyone is doing that these days. If they do as I expect they will, they will change to the standard NPA+PRE+SUF+3 digit PIN of the person who owns the code. I.E. Someone living in California (805) may have a code like: 8055265421234 where 8055265421 is the person's phone number and 234 is their PIN (Personal Identification Number). If they do this, all it will mean for us hackers of ITT is just change from hacking 6 digits to 7 digits. (We can template the NPA and the PREFIX and just hack the last 7 digits) Difficult, yes, but not impossible. What does everyone think is the safest company? Also, Scan Man, could you post the TMC locations that you think are the safest and whether you think TMC's 800 number is safe? Thanks for your time in reading this. The Falcon Message #: 12 of 45. Title : ITT's From : Cbolt Date : TUE DEC 1 11:55:06 AM I've heard from a few ppl who own legit itt numbers that the company is trying to change to a 9 or possibly even a 13 digit number. I don't know how true this is but those ppl I talked to have no reason to lie to me. Message #: 13 of 45. Title : ITT 9d From : The Trader Date : TUE DEC 1 12:18:05 PM Well, they already have 9 digit codes, but I haven't heard anything yet about 13 digit ones. I think I'll check into that. TRADER Message #: 14 of 45. Title : itt 14digies? From : Codebreaker Date : TUE DEC 1 1:23:19 PM If itt goes 14 digthen there is no reason for them not to have a phiber optic installation put in..So if they go 14 then it could make ITT much clearer and better results : 16 of 45. Title : ITT... From : High Tech Ii Date : TUE DEC 1 6:18:05 PM There is no doubt that they are changing code format... I already posted that (maybe it was on anothe sub... oh well, any way, officials say so, so I am pretty sure of it.) High Tech II Message #: 18 of 45. Title : ITT* From : Master Cracker Date : TUE DEC 1 10:44:14 PM IF ITT GOES 13 OR 14 DIGITS. ITS GOING TO BE VERY DIFFICULT TO HACK ON ITT. BUT I DON'T KNOW BECAUSE THEY HAVE 9 DIGIT CODES THAT ARE WORKING. A SMALL COMPANIE, WHICH I DON'T THINK IS AVAILABLE TO THE WHOLE COUNTRY IS MICROTEL. THEY 5 OR 6 DIGITS. AND WOULD BE FAIRLY EASY TO HACK.MOST OTHERS ARE PRETTY DANGEROUS. MASTER CRACKER Message #: 23 of 45. Title : itt. .. From : Wharf Ratt Date : WED DEC 2 9:33:29 PM I have heard from a source that they are going to go to 14 digits but they are arguing over how to convert the old members. Also the $$ to reprogram their system to accept that input. Will keep u posted... Message #: 24 of 45. Title : Well... From : Apple Core Date : WED DEC 2 11:10:18 PM They already accept some 9 digit codes (Executive's Accounts) but most of them are still 7 so you have something to use for the time being. Hmmm, a 14 digit code.... I think that WOULD be a little bit difficult to say the least. But it would cost money to convert the computer relays and all the customers who need to flip over to 14 digits. And ITT doesn't even have Fiber-optics yet! I have a feeling that they can't afford tracing, so they go to 14 digits to reduce the hackers with less money spent. Oh, well. Maybe this executive code won't go bad too soon....I hope. / )( Message #: 32 of 45. Title : ITT-New Uprisals From : Al Capone Date : TUE DEC 8 3:51:31 PM While trying some things on ITT, I have found that when I get a code that is incorrect I will get a ringing, followed by a carrier and then the error message. They obviously notice that we are there. Al Capone Message #: 33 of 45. Title : Metro-New Uprisals From : The Trader Date : TUE DEC 8 10:31:36 PM Metrophone (MTR) has been doing the same thing for years - just hack for a non-carrier or busy if your modem can differentiate. TRADER Message #: 34 of 45. Title : They Are Aware of Us From : The Traxster Date : WED DEC 9 9:55:51 AM Well guys beings they are putting false carriers in the error messages that must mean we have a new chalange. I mean they are oviously looking for hacker's modems to connect to that carrier. Though Why Metro Phone ever started doing it first I will never figur out. They must have the worsed connections of any long-distance service ever in business. That is if you are refering to Metro Phone not Metro Meedia.\ Message #: 35 of 45. Title : Ok... From : High Tech Ii Date : WED DEC 9 5:19:42 PM Someone said that the false carriers are a "new" challenge.... Well... in my area, they have been lurking fonow... and as for beating it... try this: 1) Not all carriers are created equal.... hack at 1200 and it is easier or 2) Try changing the set up on your modem so that it waits for a longer carrier... I doubt that it last for 5 min. [_or so... High Tech II Message #: 36 of 45. Title : No...do this... From : The Ronz Date : WED DEC 9 6:34:47 PM Write your modem program so that it marks good codes that DON't HAVE A CARRIER. Be sure that the number you're dialing to doesn't give a carrier, like a time/weather info line, or shorten the amount of time your modem hangs on after it doesn't detect a carrier...no problem. Gee, thanks ITT for making it easier to hack you with an Apple-cat modem and some programming... Laterness... Ronz Message #: 37 of 45. Title : yepp From : The Leftist Date : WED DEC 9 7:40:12 PM hacking for no carrier is much faster anyway... Message #: 40 of 45. Title : A Tiny Flaw in That From : Al Capone Date : THU DEC 10 6:47:22 PM There is a tiny flaw in the method that Ronz tells of when applied to ITT. Correct me if I am wrong but as far as I know the carriers are in random. Why not program the modem to listen for line noise. Usually when a code is good it takes some time for the call to be completed, therefore if you programmed your modem to search for line noise regardless of what they put in your way you could weed out the good codes from the bad. Al Capone Message #: 41 of 45. Title : You see.... From : The Ronz Date : THU DEC 10 8:42:44 PM With the apple-cat modem, you can program it to detect carrier noises, or voice range noises. In other words there is a byte you set to tell it the frequency range to "listen" for, and when it gets that, another location in the modem changes to indicate that that frequency is present on the line. When there is no noise, or a different freq than what you tell the modem to look for, the location gives another number, not the one you're looking for. ANYWAYYY....Is it true that the 800-ITT # does not ALWAYS give a carrier when you put in a bad code? It is my experience that it does. The local dialup to me does not give the carrier though, so the program would only work with the 800 dialup, and ONLY if it ALWAYS gives the carrier noise for bad codes. Writing code-hack programs is fun..... Laterness... Ronz Message #: 42 of 45. Title : me and ITT From : Druidic Death Date : FRI DEC 11 6:36:05 AM I have never been given a carrier with a bad code on ITT, I always get a message telling me that "service restrictions are in effect". Dru' Message #: 43 of 45. Title : try.... From : The Ronz Date : FRI DEC 11 9:18:18 AM Try -1800-327-9488 for ITT and see what happens when you put in a bad code...it should either ring and ring and ring and never answer or it will answer with its tone and you do your thing, then if the codes bad then it will beep with a carrier noise then a lady will come on sayinnd something about Atlanta.... And then it might have a carrier noise again... -Ronz Message #: 44 of 45. Title : ITT Software Changes From : The Traxster Date : FRI DEC 11 10:40:27 AM I know ITT has changed their sofftware, but is the longer codes the only thing that is going to change or is there going to be some others? ITT hasn't done much in the way of security but it is going to be interesting to see hhow they plan to take any steps. As for the carrier I've only had it happen on one executive code. Message #38 of 65 Subject: ITT From : Sgt. Pepper [Level 50] To: ALL Time: 12/14/87 at 6:20 am I did not mean to imply that ITT going 13 digits is the end of the world... I am melancholy about it.. It gets rid of the leeches, but I have to actually concentrate to phreak... Sorry if anyone thought I worshipped ITT or something, but I will admit that ITT is the primary service which I use, just out of laziness.....Sgt. Pepper.. Message #44 of 65 Subject: ITT 9 digits From : The Ranger [Level 50] To: ALL Time: 12/15/87 at 2:56 pm On the ITT 9 digits... Since ITT has switched to 13 digits what about the 'Executive Codes' that are 9 digits? Does anybody know if they are going uto 13, or higher, or staying the same? ' Ranger Message #64 of 65 Subject: R) Well From : Dr. Doomsday [Level 60] To: Argos Time: 12/21/87 at 8:49 am Wait a MINUTE! Whats the HELL is going on?!?!?!??! Is ITT officialy 11 or 13 DIGITS? Cause for me ITT is GREAT....Perfect 9600 Baud CONNECTIONS (with my HST), so I want to start hacking them babes again, (I have been using 9500963, XXXXXX).....So PLEASE either give me a VALID 11 or 13 DIGIT code so I can startt from there..... $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 13 or 14 digit codes will be nearly impossible to hack. It's just too difficult and would take too long. The change in the code format will make things so difficult that switching to another alternate carrier would make more sense. On the subject of a fake carrier: Metro has had a fake carrier on their ports (950-FGB ports) for some time. If people would like to hack around ITT's fake carrier, I will provide some info on the various ways to do it. Allnet recently also introduced a fake carrier and then took it off for a while. It is unknown whether or not Allnet's fake carrier is only being used in certain areas. Hacking around a fake carrier: With the increased interest in the fake carrier and getting around it, here are a few ways to hack around it. You should remember that some code-hacking programs have options for systems with fake carriers. 1) Most good code-hacking programs have a way to stop hacking and continue with the next code attempt during hacking. This is usually just a button pressed when the code-hacker is listening on the phone. To get around the fake carrier, a hacker could just listen on the phone and when he hears the ringing (that will mean an error mesust continue on the next code. This requires that the code hacker be present when hacking (and listening on the phone). 2) Another way to get around the fake carrier is to set your hacker to dial for a phone that will not produce a carrier (payphone, constant busy, or even your own phone). Set the hacker to record whenever no carrier is received. When you don't get a carrier, you'll know that you have a code. 3) I suppose you could set up your hacker to hack sequentially and then go through the list of good codes. When you find a number missing, that's a good code. Providing you hack with a destination that gives no carrier. 4) The fake carrier is usually 300 baud, set your program to get around the fake carrier by listening for only a 1200 baud carrier. 5) Fake carriers on AC's (Alternate Carriers) only last for a few seconds because the error message has to be stated in the recording. Set the hacker to receive any carrier that lasts atleast 20 seconds. 6) The fake carrier also come on quickly after you dial since it is the alternate carrier's recording. Set up a hacking program that will only record codes when the carrier is received after 15 seconds. Dial for a long distance Compuserve port (so that it takes a while to connect the call) and if the carrier comes on after 5 seconds, the program should reject the code. 7) One other way to get around the fake carrier is to set up a simple delay in your program so that you wait 15 seconds before listening for a carrier. The fake carrier would be gone and the message would be speaking by the time that the program would start listening for a carrier. A real carrier would atleast last for 30 seconds. I hope that these ways will be helpful to hackers in their attempts to put down the increasing security of long-distance services. $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ @ Capt. Zap's Defense @ ----------------------- The following are a series of messages and responses from Phreak Klass Room 2600. They involve Capt. Zap and his defense to an article written in the WSJ (Wall Street Journal). The information on Capt. Zap is in TNS Issue #13. $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ Numb: 2 Subj: Wall Street Journal From: CAPT ZAP Date: THU NOV 5 11:30:11 AM Well as one of the older members of this board and hobby, I have taken my so-called talents and now put them to work. The job, Hacking systems for people and testing the security of the machines. Now there is a lot of money out there and the systems owners are paranoid from the insiders than from the outsiders! Now there is a good possibility of taking all the combined talents of us and marketing them to the different owners and make some good money doing what we all love to do in the first place! \/ Capt. Zap \/ ** --------- ** Numb: 5 Subj: Whats up? From: CAPT ZAP Date: FRI NOV 6 11:19:51 PM Well it seems to very quiet these days with all the hoopl article written about me in the Wall Street Journal. Does anyone read out there? CZ Numb: 6 Subj: WSJ From: THE STRYPER Date: SAT NOV 7 7:37:06 PM Must be quite an honor (a dubious one, perhaps?) to be in the Wall St. Journal. What's the date on the article, I'd like to read it.... -+The Stryper+- Numb: 7 Subj: The Date! From: CAPT ZAP Date: SUN NOV 8 5:06:18 PM For all of those interested in the article and the date, it is tuesday Nov 3. All in all it was a good article with the exception of pointing out that I am not the best housekeeper in town and the wife and I fight all the time. But a least it states that I am not a fed or turn anyone in for anything! After all, we are all entitled to read what we want and pocess information that some would consider to be of a dangerous subject. But what is education for? \/ Capt. Zap \/ ** --------- ** Numb: 9 Subj: Zap From: THE CHAMELION Date: SUN NOV 8 8:38:14 PM Zap: Regardless of what the Journal says (yes, I read it, and do almost every day), most people are calling you a nark, a fed, and ssomething I can't quite remember, but it did contain the word "shit". There seems to be a general consordium against you and your presence, but I'm not passing judgements on anyone. Numb: 12 Subj: My response to it all! From: CAPT ZAP Date: TUE NOV 10 1:46:47 AM Well as far as I am concerned, the article was good and bad! The one major point that was made clear at all times is that I am not a fed or whatever. Yes there have been a number of different responses from the community and it has be going 60/40 in favor of the story. The people who know me around the country and have called and said their piece about the whole thing! If any are in other places I inhabit, you will see what I mean. There have been threats and counter-threats since it came out and others with reps that are considered to be realiable in the community have stood with me on my credentials! Since I have Class 3 Felony already against me and it keeps me from doing alot of things it also keeps me from working with law enforcement due to my crimminal stature and conviction! AS far as I am concerned, I feel that I have nothing to dto the facts presented in black and white. I also do not have the ability to perform such services as Mr. Maxfield does. I perform security evaluations and rviews! That entails the testing of a areas of security protective bubbles. It is a good job when you work, and thats not much! But all in all, I am happy whit the article and the response. To those who do not know me, you can kiss my s! To those who do and see the idea behind the firm, Thank you for your support! \/ Capt. Zap \/ ** --------- ** Numb: 13 Subj: Zap From: THE CHAMELION Date: WED NOV 11 1:24:10 PM Althought you are not an immediate threat to hackers, and you, as the article explains, will not help catch others; there is one problem. If you keep plugging holoing to be able to get a drink. Understand what I'm saying, dutch boy? Numb: 16 Subj: Zap From: THE STRYPER Date: SAT NOV 14 1:38:38 AM Zap, I believe, does security consulting for individual companies, so the holes are just gone on those companies. Zap: Are most of the holes you plug to prevent outside (us) hacking, or inside jobs? -+The Stryper+- Numb: 18 Subj: Systems Protection! From: CAPT ZAP Date: SUN NOV 22 11:18:53 PM The holes as you put them are for the internal stuff. Most of the internal stuff by reason of wwhole design protects the outside more and does the inside by reason of default. If you have any questions, you coulld call me at 215-634-5749. That is all! \/ Capt. Zap \/ ** --------- ** Damm, for no messages, it was very busy for hours at times. Is there something wrong with the BBS or is it the phone company? Numb: 20 Subj: Wow, Zap...you man. From: FRANKEN GIBE Date: THU NOV 26 6:03:57 PM I was still away at school when a friend phoned and mentioned that Zap had made the journal...so I scurried down to the library, and there he was. Black and white. Zap a nark? I don't think so...I hope not. From my conversations with him., I think the government would be in far more jeopardy with him working WITH them. Alack. Too much suspicion. Sigh. What's the story behind PK's resident fed? More rumor, or is there something to this one? I'm kinda behind on things... I have to admit, PWN 14 confused me. Were you guys aware that Dan was recording and stuff b'fore the damn con? I mean, did you have some suspicion? And why didn't you ever just confront him? Or did you? But, Zap, congratulations. I'm impressed, I gotta admit. Phone sometime. Numb: 21 Subj: Wow... From: THE ALCHEMIST Date: FRI NOV 27 12:18:27 PM A lot has happened since I was away. I'm going to have to pick up a copy of the Journal to find out what all this is about. Yeah, it does look like the board is dying. Only 35 messages in almost a month. Oh well, that's life I guess... The Alchemist $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ I thought his defense should be printed. As stated in Issue #13, Capt. Zap is NOT a fed/nark/informant/whatever. Atleast that is the common consensus. I highly doubt that he is and no action should be taken against him. All the details on the events surrounding the WSJ article are in TNS Issue #13.