-=- United Phreaker's Incorporated Magazine -=- Volume Two, Issue Six, File 1 of 11 Released Date May 23, 1992 Well UPi has finally made its return to the scene. We have gotten back some of the old members and quite a new ones as well. As you have probably noticed while you were you downloading it took considerably more time then any of the previous issues. In the previous issues they only contained one or possibly two articles, this is issue size has greatly increased over our pre- vious issues. The file size of the previous issue only ranged from about 20-25k which is quite small, but this is no more, as this issue is approximately 250k we hope to keep up this quantity and quality of the UPi magazine while having it much larger than the previous issues. In this issue you will see many changes we have followed examples of some of the larger magazines and newsletters out there. Along with adding ideas of our own, such as the 'busts' cloumn which will cover stories of peoples unfortunate encounters with the law. Look for the return of The Lost Avenger's Datapac for Beginners of which he has improved greatly upon. Also in next future issue we hope to have an article by Black Flag on how to build a device to modulate the frequency that your voice travels over the phone so you can make use of loops with voice filters, or whatever other use you might come up for it. For details on how to get in contact with, become a member, or write a freelance article for UPi see the end of this issue. Now on with Issue #6! YOU CAN CONTACT THE EDITORS OF UPI AT Voice Mail Box: 416-402-0788 Telex:6505271625MCI MCI Mail: 5271625 Internet E-Mail: tla@maria.wustl.edu Article Article Name Writer(s) Size Number =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= 6.1 Introduction To UPi Magazine Arch Bishop (2k) 6.2 Card A PBX Arch Bishop (6k) 6.3 A Not-So-Editorial Hardwire (3k) 6.4 ALLIANCE Teleconferencing Services The Lost Avenger (40k) Boost Business Efficiency 6.5 Anarchy Times Silicon Phreaker (12k) Last Week Of School 6.6 How To Make A Million Dollars In Your VC Hacker (7k) Own Basement! 6.7 The Beginner's Guide To Hacking On The Lost Avenger (75k) On Datapac 1992 Update 6.8 The Lost Avenger/Wiz Kid Bust Black Manta (35k) The Lost Avenger Wiz Kid 6.9 UPi Underground Newsline Arch Bishop (69k) The Lost Avenger 6.10 Member & Site Application Form UPi Editorial Staff (2k) 6.11 Member & Site Listing UPi Editorial Staff (3k) ------------------------------------------------------------------------------- -=- United Phreaker's Incorporated Magazine -=- Volume Two, Issue Six, File 2 of 11 ________________________________________ | Card A PBX | | By: Arch Bishop | |________________________________________| Have PBX accounts been dry to long in your area? Are you tired of leaving your hacker on all night and coming up with nothing in the morning. Why not try an alternative way of acquiring an account, why not card an account? Materials ~~~~~~~~~~ 1 Credit Card Number 1 Drop-Site 1 Newspaper The credit card is best to get virgin with the all the owners information. Which can be done by either trashing, or getting a CBI account. If you go trashing. I would highly recommend Budget Rent-A-Car or some other place where they would require much information about the customer. At budget the carbons are full size like a regular piece of paper and contain almost everything you could possibly want to know about the owner of the card. You will also need to find a drop-site if you live in a house take a drive around you neighborhood for houses that are up for sale and not occupied currently, or if you know someone that is on vacation for a long enough period of time. Now if you live in an apartment building you can usually just have the drop-site be another apartment in your building. Most people in apartment buildings will just put mail that is not for them in the lobby which you can then easily pickup. You can also try your mailbox key in other peoples mailbox's they will usually fit more than just yours a friend of mine has a key that fits 3 other box's besides his own. If you still have not found a place to mail to you can rent a mailbox very cheaply at most variety stores, also money marts and they don't tend to care if you use your real information or not. After you have your credit card number, and your drop site, start looking through your local newspaper in the classified section. Look for ad's that are advertising Private Branch Exchanges, or 'Alternative long distance carriers' and preferably ones that do not have 1800 numbers because you are looking for small businesses. If there is more than one ad advertising long distance carriers, or private branch exchanges, copy all the numbers and names of the companies down. Then call up the companies and tell them you are interested in acquiring an account on their system, they will sometimes ask where you heard about it, if you found it in the paper then just say that. You should plan what you are going to say before you call, make it sound good without any "Uhmm" or "Hmm" words in it, which shows that you are thinking about the answer. Which is always a tip-off that you are up to something, so try to polish it as much as possible, the main thing is just stay relaxed. You should integrate the card information with the drop-site information to look something like this e.g. [ This is only Sample information and does not represent actual credit card information. ] Visa < - Type of Card George Brown < - Owners Name 4517 288 921 612 715 < - Card Number 08/92 < - Expiration Date 672 Baker St, Hilton. < - Address [Use Drop-Site Address] L4C2B5 < - Postal Code [Use Drop-Site Postal Code] 419-761-2529 < - Home Phone Number 419-892-1842 < - Work Phone Number Attorney General < - Place of Employment General Manager < - Job Position If you have this information in-front of you while you are calling the company it should prepare you for any questions they might ask you. If they throw you a question that you are not expecting answer it to the best of your ability and don't say "Uhmm" before you answer. You might not have that much information on the owner of the credit card, the address and postal code are not really necessary since you replthose with the drop-site address and postal code anyways. You should have the home phone number but if not just get a local direct dial VMB and set it up as an answering machine, do the same for the work number the message should sound something like this. "Hi you have reached George Brown General Manager at Attorney General please leave a detailed message about why you are calling and I will get back to you." Some companies may ask if you want your pin number mailed to you or for them to call you and tell you your pin number, I have never asked them to phone me but it might be possible to have them leave the pin number on a voice mailbox if they thought it was your answering machine. Sometimes it is even possible to do this without a credit card, depending on how new/stupid the company is. A friend of mine once called up just to get information from a company offering long distance service and they started asking him lots of questions then they asked him for a credit card number. Now this guy had never carded anything in his life so he just gave them a bogus card number and expiration date, and an apartment in his building, and they sent the pin number too! Although this company had only been up and running for two days but seeing as how my friend rang up a $45 000 bill in a period of 2 months I'm sure its a lesson they won't forget soon. Anyways that should be enough information to card yourself an account so start looking through the classifieds! ------------------------------------------------------------------------------ -=- United Phreaker's Incorporated Magazine -=- Volume Two, Issue Six, File 3 of 11 A Not-So-Editorial by Hardwire Well the first(?) issue of UPi is here and I've been found lacking! Originally scheduled for this space was an interview with the FBI about hackers, phreakers, and pirates (oh my!), but they are NEVER in their office! I called consistently for the better part of 3 weeks but I always go a message informing me that regretfully "all agents are currently out of the office" and not wanting to leave a message I promptly hung up. So our FBI coverage failed miserably... but wait the CIA handles this stuff to right?? Yup, indeed they do, but they just wouldn't talk! I ran the interesting channels to get the number (Hello information? can I have the number for the Central Intelligence Agency? Thank You) and called them up. I get some air-head with an accent and she says, "I'm sure someone here can help you... hold on.." I get an interlude of silence at wich point I'm undoubtably being traced.. and five minutes later "Hello, what can I do for you sir?" Hwire:I'm doing a school project on computer crimes, methods, and punishments I was wondering if I could ask you a few questions... CIA:Well I'm not too sure if I can help but sure Hwire:OK,thanks, uhhmmm... what are some of the more typical methods used by yourselves for catching computer hackers? CIA:That's a really good question, but I'm afraid we can't tell you, most of our information isn't available for public access. Hwire:Can you tell me some of the most common things that trip up computer criminals? CIA:Actually you know who deals more with hackers and such? the FBI... Hwire:Really? CIA:Yes, you should try calling them. Hwire:Oh, ok thanks All of this took place in the space of three minutes... enough time to trace and get rid of me no doubt... Now to me this seems like a little bit of a violation to our freedom of information. Granted Canada's Bill of rights may differ slightly, it still guarantees freedom of information. So I call and get the boot, this from a branch of the government belonging to "The Education" President, I was denied a chance to aid my education (like I care hahahaha) So I figure maybe it just wasn't meant to be, All us phreakers/hackers/ anarchists and even pirates are destined to charge blindly ahead heedless of what may become of us. ------------------------------------------------------------------------------ -=- United Phreaker's Incorporated Magazine -=- Volume Two, Issue Six, File 4 of 11 ALLIANCE Teleconferencing Services Boost Business Efficiency By The Lost Avenger Editor's Note: OK, guys I found this article in a magazine in my school's library called AT&T Technology. The article is from an old magazine but it interesting because it explains how AT&T ALLIANCE Teleconferences work when you are called by someone who set up one or when you try to set up one yourself. Hope you guys learn a lot about AT&T ALLIANCE Teleconferences from this file. Audio and audiographics teleconferencing can help business raise productivity, save time, and reduce travel expenses. For over 25 years AT&T has offered Operator Handled Conference Service, which allows operators to set up conference calls. Recently AT&T introduced new state-of-the-art conferencing services: ALLIANCE 1000/2000/3000 Teleconferencing Services and ALLIANCE Dedicated Teleconferencing Service (ADTS). The former is a public conferencing service that, for the first time, allows anyone with a touch-tone phone to set up his or her own audio or audiographics conference calls. The use of digital technology gives conferees the same high quality, full-duplex connections they'd normally get with one-to-one phone calls. ADTS, on the other hand, uses analog technology and also provides exceptional audio quality. ADTS is dedicated to one customer whose attendants control connections from a terminal on their premises. ADTS also can connect to such AT&T services as the long-distance network, WATS, and 800 Service. This article describes the customer advantages, design rationale, technology, and applications of these state-of-the-art services. Teleconferencing is changing the ways we manage our business. It lets us attend meetings wherever a touch-tone phone is available. By means of a variety of telephone, terminals, and networks, teleconferencing enable more people to get involved in making or influencing decisions - and making them faster. Teleconferencing also results in better planned and shorter meetings, reduced travel expenses improved relations between business locations and, above all, significant improvements in management efficiency. AT&T now offers two new state-of-the-art multipoint conferencing services - in additional to the long-standing Operator Handled Conferencing Service (OHCS) - that are easy to use, provide a high-quality connection with good speech volume levels from all locations, permit users to interact fully, are very reliable, and are low in cost. The first service, ALLIANCE Teleconferencing, is available to everyone in the United States via any touch-tone phone. The originator of the calls must be in the United States, but calls can be made to conferees that can be reached by international direct distance dialing (DDD). Users can set up their own conference calls, with up to 58 other parties, or have an attendant set them up. The second service is call ALLIANCE Dedicated Teleconferencing Service (ADTS). With ADTS each bridge (24 to 56 ports - or parties - per bridge) is dedicated to one customer. (A bridge is an electronic device that connects many conferencing transmission paths.) AT&T expects that heavy users with users large volumes of teleconferencing will prefer this feature-rich services. The bridge is located in the AT&T network; however, the customer controls it remotely via dedicated voice and data lines and a computer terminal such as an AT&T 5420, a PC 6300, or equivalent. AT&T original audio teleconferencing service, OHCS has been meeting the teleconferencing needs of customers for over 25 years. It appeals to those who prefer the convenience of place a single call to an AT&T conference operator. The operator then sets up and controls the call based on the customer's needs and instructions. OHCS currently uses the same state-of-the-art technology as ADTS The bridges for all services are on AT&T premises and are connected high in the network hierarchy, providing significant transmission advantages over customer-premises or local phone-company based bridges. (See figure 1.) The primary advantage of this elimination of the added noise and transmission loss caused by signals going back and forth to the network, as would happen with a customer-premises based bridge. Other advantages of having the bridge located in an AT&T central office are high reliability, battery back up, prompt repairs, and no need for customers to allocate their floor space for equipment. ALLIANCE TELECONFERENCING SERVICE This service permits anyone with a touch-tone phone and access to the AT&T public switched network to make ALLIANCE Teleconferencing calls. The connections are superior to any alternative, and automatic gain control, echo cancellation, and noise suppression make the conference calls sound as good as conventional two-party calls. Other features include: o User setup and control or set-up by an attendant and control by the user. o Conference setup guided by computer-stored voice prompts with dialing possible during most of the announcements. o Ability to include both domestic and IDDD parties on the conference. o Full-duplex digital voice conferencing, which allows all conferees to speak and be heard simultaneously. o Unique tones to identify parties added to or dropped from the conference. The service is being offered as ALLIANCE 1000 for audio, as ALLIANCE 2000 for voiceband-data graphics, and ALLIANCE 3000 for digital-protocol graphics at 4.8 kilobits per second (kb/s), with 56 kb/s planned for the future. ALLIANCE 1000 Service Users establish conference calls by dialing 0-700-456-1000. If access isn't available via the 700 number - because of an intervening independent phone company - the conferee can dial 1-800-544-6363. This will get an operator who will initiate the conference; that is, dial the bridge to connect the caller to it. For an additional charge the operator will set up the call by calling all the conferees. If most of the conferees are clustered in one area, charges can be reduced by dialing 0-700-456-100X to reach a specific bridge location. The X = 1 for Reno; 2 for Chicago; 3 for White Plains, NY; 4 for Dallas. (See Billing Information at the end of this file.) An example of the regular use of ALLIANCE 1000 service is the daily teleconference held by the operations department of a major trunk airline. At 9 a.m., ten domestic and five European operations locations are bridged to discuss the previous day's performance, cancellations, departure delays, load factors, and to establish the causes of problems and plan corrective action. This immediate feedback allows all parties to be aware of the circumstances affecting each operations center and to talk about items of mutual, immediate interest that would be impossible to discuss with any other kind of meeting. An example of a unique (but infrequent) applications of ALLIANCE 1000 service was its use by the board of directors of a major manufacturer that was the target of a hostile takeover bid. As developments unfolded, quick-response decisions by the board were required. Even though the directors were geographically dispersed, ALLIANCE teleconferencing allowed immediate discussion in an environment that reasonably approximated an across-the-table meeting. This was due to the high-quality, full-duplex transmission offered by the ALLIANCE bridge. ALLIANCE 2000 Service This service is intended for conferencing data terminals. It uses the same equipment as ALLIANCE 1000 service. But unlike that service, ALLIANCE 2000 allows only one conferee to transmit at a time so that data won't be scrambled. The service would be used for conferencing non-protocol voiceband data/graphics devices such as AT&T's PC Conferencing system using the OVERVIEW scanner with SCANWARE software, the Gemini 100 Electronic Blackboard System or freeze-frame video equipment. The dialing codes are 0-700-456-2000 for the nearest bridge, or 0-700-456-200X for a particular bridge location. An ALLIANCE 2000 service application is the weekly production meeting of a division of an automobile manufacturer. A concurrent audio and graphics conference is established among the six plant locations in the midwest. Formal presentations are made by each plant location and the graphics (charts, PERT diagrams, graphs) at the presenting location are shown to all other locations simultaneously. ALLIANCE 3000 Service This service allows high-quality graphics conferencing at 4.8 kb/s using terminals that provide the CCITT Telematic Services Protocol (previously the Group 4 Facsimile Protocol.) ALLIANCE 3000 connections to Accunet Switched 56 service are planned for the future. Initially the only bridge location will be Chicago. Separate bridge conference leg connections are required for the audio and graphics portions of ALLIANCE 3000 audiographics conference calls. Both are established and controlled from one touch-tone phone. Using ALLIANCE 3000 service, a large manufacturer will have the ability to bridge PC workstations at the headquarters, computer design center, and manufacturing locations to review computer-aided design images developed by the deign center. Engineers, designers, and marketers will have the ability to view, comment on, and modify these images on an interactive, real-time basis. Using scanning devices, people at workstations at up to 59 locations also can view the actual parts. BEHIND THE SCENES All ALLIANCE bridging and control equipment is located in the Network Services Complex - NSCX. (See figure 2.) The NSCX is located with and connected to selected 4ESS switches (toll) via five T1 transmission lines and two signaling links that carry, respectively, the conference connections and signaling. A user establishes a conference call by dialing 0-700-456-1000. (See figure 3.) The "0" prefix routes the call via the end office to the AT&T Traffic Service Position System (TSPS), which recognizes the 700 + 456 numbers as a request for ALLIANCE Teleconferencing service. The "0" prefix is ignored and the call is handled without an operator. After the TSPS obtains the originating line number via automatic number ID, or operator number ID, the TSPS performs a six-digit translation of 700 + 456 to 800-XXX. The 800-XXX is prefixed to the original line number and outpulsed to the office serving the TSPS. This number will then be sent to a WATS originating screening office that accesses a data base to derive the telephone number of the ALLIANCE bridge. The bridge number and calling number ID are sent to the toll office, and the connection is then established to the bridge in the NSCX. The TSPS will screen out switchhook flashes for operator service or requests for service from either coin phones or hotels since billing can't be done. Under control of the NSCX processor, the announcement system welcomes the originator/controller and asks the person how many conference ports are required. It then connects a register and waits for touch-tone digits. The person then touch-tone dials the number of total conference ports required, including one for him or herself. The announcement system verifies the number of ports and then gives instructions on how to dial all conference locations. Through a sequence of dialing and announcements, the conference is established and the parties are added to a common time-slot connection on the audio (Type I) bridge. (See The ALLIANCE 1000/2000 (Type I) bridge at the end of this file.) All connections from the bridge are established over the five T1 lines to the 4ESS switch and out into the network. DEDICATED TELECONFERENCING SERVICE ALLIANCE Dedicated Teleconferencing Service (ADTS) provides high-quality audio teleconferencing to large customers. The service is provided by dedicating an entire bridge to one customer. Its features complement other AT&T teleconferencing services, such as Operator Handled Conferencing Service and ALLIANCE 1000, 2000, and 3000 Teleconferencing Services. ADTS is intended for customers with 30 or more teleconferences per month, or whose teleconferencing needs can best be accommodated by the many special ADTS features. ADTS is now provided by the microprocessor controlled, remotely programmable conference arranger, which is located in an AT&T central office. The many ADTS features are under direct control of the customer's attendants. Each of up to three independent attendant positions uses both a voice and data connection, via private lines to the ADTS, to control the 24 to 56 conferee ports. The port capacity can be installed in increments of eight ports, based on customer needs. Conference ports are assigned in any order on an individual port basis based on the connection arrangement for each. Half the ports, for example, may be designated for AT&T 800 Service while the other half are designated for AT&T Long Distance service. ADTS provides domestic and international teleconferencing capabilities in a variety of modes that are under total customer control. These include: o Blast-up preset conferences. In these conferences, ADTS dials all conferees at the same time. When people answer they're first connected to a voice announcement and then are added to the conference. o Attendant assisted preset conferences, where the attendant adds one party at a time. o Meet-me conferences. The attendant reserves these, and all conferees are required to call into the conference directly on an assigned phone number at the designated time. Once the ADTS voice announcement responds, each conferee must enter a security code to join the conference. o Combinations of the above conferences are possible. o Conference ports can be assigned in any order on a port-by-port basis. Based on the customer's desire, however, some ports may be committed to special connections, such as normal DDD, WATS, 800 Service, or private line. o Unique voice announcement capability, with six system announcements, such as "Please enter you touch-tone code for your conference," or "Please hold for your ADTS call." o The ability to connect private-line circuits to message (DDD) lines. o An attendant's directory of 1500 names and phone numbers. o Up to 100 preset conferences of any size (up to the 56-port capacity) that the attendant can recall and set up quickly. o Conferees may be added or dropped, and can be placed in interactive or listen only mode. o Conferences may be divided into subconferences and then recombined later under attendant control. The ADTS has the technical ability to operate with other switching arrangements such as the Common-Control Switching Arrangement (CCSA) and Enhanced Private Switched Communication Service (EPSCS) switches, and 4ESS switches. (See Figure 5.) ADTS Operation The customer's attendant puts conference information into the ADTS with a data terminal that's connected by a private data channel. (See Figure 6.) The attendant controls the conference directly, and call processing functions, such as dialing and call supervision, and performed by the ADTS microprocessor. Conversations between the attendant and the conferees and carried on a dedicated private-line phone that's connected directly to the same ADTS attendant port circuit as the private-line data channel. High-quality audio is achieved with a four-wire transmission path and a level-compensating circuit that reduces noise, cancels echos, and automatically controls gain. Analog data-bridging transmission is possible at up to 4.8 kb/s Customized Applications Each ADTS bridge is installed in the AT&T office nearest to the customer's switching network for connections to CCSA, Centrex, EPSCS or some other company-based switching system. In the case of DDD, WATS, or 800 Service, the bridge is generally put in the 4ESS switch office nearest to the customer's attendants. Other customer alternatives included placing the bridge nearest the point of the largest number of conferees or at a location where time-of-day discounts have a significant impact on the conference leg charges. ADTS In Action One ADTS application is in a New York City stock brokerage office that makes heavy use of a 56-port ADTS bridge that's also in the city. Bridge connections permit use of WATS, 800 Service, as well as Message Telecommunications Service (MTS) connections for normal teleconferencing involving combinations of Meet-Me and Preset conferences. In addition, the customer has a twelve-location private-line network that's used during trading hours. The network has open microphones that allow people to talk at any time without having to dial a number or push a button. By connecting the private-line network to ADTS, the customer easily can add parties. The attendant does not receive any signaling information from the private-line networks; therefore, specific time arrangements have to be made to insure that the additional conferees are added and dropped at the correct time. Another ADTS applications is for a business customer that does a lot of teletraining. The customer has a 56-port bridge connected directly to the 4ESS switch where all connections are MTS. This customer uses the preset conference blast-up feature for virtually all of its conferences. All conferees are automatically called at the scheduled time and asked to please stand by for their conference call. A LOOK AHEAD Reservations and Meet-Me enrichments were made available with ALLIANCE 1000 and 2000 teleconferencing service in late 1987. (Tariffs became effective in December, 1987). This will permit customers to reserve their conference facilities up to two months in advance. Using Meet-Me, the conference host may have conferees dial directly into the conference using special access numbers supplied when the Meet-Me reservation is made. The host also may call the conferees directly from the bridge and add them to the conference. Other Meet-Me options include screening of each conferee by a customer-provided attendant; the ability for conferees to call from hotels, motels, or coin phones; and shared billing of transport costs. Multimedia PC-based terminals (these include a PC, phone, modem, and a high-speed digital interface) will open a wide range of conferencing, applications for businesses, allowing them to use any combination of voice, data, graphics, and video. It is anticipated that these terminals will be equipped with Automatic Machine Interface, which will permit totally automatic conference setup. Conference control and status information will be transmitted over a separate Integrated Services Digital Network (ISDN) signaling channel, thereby improving throughput for data, graphics, and video. This will also greatly enhance the management of a teleconferencing call by allowing the use of terminals that display the status of each location participating in the conference. The development of and adherence to international standards will ensure a truly multinational capability for the full spectrum of network and conference services in the relatively near future. As price and performance improve for both network access and terminal equipment, it is also anticipated that applications will be expanded to meet the needs of residential customers. FIGURE 1: Losses Transmission differences between network bridges and customer-premises bridges: (A) normal two-party DDD call, (B) conferencing call using a customer-premises bridge, and (C) conference call using a network bridge such as ALLIANCE. Network bridging has a significant transmission advantages over customer-premises bridges. A: Normal Two-Party DDD call. ZDDDDDDDDDDD? ZDDDDDDDDDDD? ZDDDDDDDDDDD? ZDDDDDDDDDDD? ZDDDDDDDDDDD? 3Station 3 3End 3 3AT&T 3 3End 3 3Station 3 31 3 3Office 3 3Network 3 3Office 3 32 3 3 CDD4 CDD4 CDD4 CDD4 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 @DDDDDDDDDDDY @DDDDDDDDDDDY @DDDDDDDDDDDY @DDDDDDDDDDDY @DDDDDDDDDDDY Loss from Station 1 to Station 2 = 14dB. B: Conference call using a customer-premises bridge. ZDDDDDDDDDDD? ZDDDDDDDDDDD? ZDDDDDDDDDDD? AT&T Network 3Switching 3 3End 3 3Station 3 3Point 3 3Office 3 31 3 ZDDDDDDDD4 CDD4 CDD4 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 @DDDDDDDDDDDY @DDDDDDDDDDDY @DDDDDDDDDDDY ZDDDDDADDDDD? ZDDDDDDDDDDD? ZDDDDDDDDDDD? ZDDDDDDDDDDD? 34ESS 3 3Switching 3 3End 3 3Station 3 3Switch 3 3Point 3 3Office 3 32 3 3 CDD4 CDD4 CDD4 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 @DDDDBBBBDDDY @DDDDDDDDDDDY @DDDDDDDDDDDY @DDDDDDDDDDDY 3333 ZDDDDDDDDDDD? ZDDDDDDDDDDD? ZDDDDDDDDDDD? 333@DDDDDD4Switching 3 3End 3 3Station 3 33@DDDDDDD4Point 3 3Office 3 33 3 3@DDDDDDDD4 CDD4 CDD4 3 @DDDDDDDDD4 3 3 3 3 3 3 3 3 3 3 3 @DDDDBBBDDDDY @DDDDDDDDDDDY @DDDDDDDDDDDY ZDDDDDDDDDDD? ZDDDDAAADDDD? 3Customer- 3 3End 3 3Premises CDD4Office 3 3Bridge CDD4 3 3 CDD4 3 3 3 3 3 @DDDDDDDDDDDY @DDDDDDDDDDDY Losses: 1 to 2, 2 to 3, 1 to 3 = 28dB. C: Conference call using ALLIANCE bridging service. ZDDDDDDDDDDD? ZDDDDDDDDDDD? ZDDDDDDDDDDD? AT&T Network 3Switching 3 3End 3 3Station 3 3Point 3 3Office 3 31 3 ZDDDDDDDD4 CDD4 CDD4 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 @DDDDDDDDDDDY @DDDDDDDDDDDY @DDDDDDDDDDDY ZDDDDDDDDDDD? ZDDDDDADDDDD? ZDDDDDDDDDDD? ZDDDDDDDDDDD? ZDDDDDDDDDDD? 3ALLIANCE 3 34ESS 3 3Switching 3 3End 3 3Station 3 3Bridge CDD4Switch 3 3Point 3 3Office 3 32 3 3 CDD4 CDD4 CDD4 CDD4 3 3 CDD4 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 @DDDDDDDDDDDY @DDDDDBDDDDDY @DDDDDDDDDDDY @DDDDDDDDDDDY @DDDDDDDDDDDY 3 ZDDDDDDDDDDD? ZDDDDDDDDDDD? ZDDDDDDDDDDD? 3 3Switching 3 3End 3 3Station 3 3 3Point 3 3Office 3 33 3 @DDDDDDDD4 CDD4 CDD4 3 3 3 3 3 3 3 3 3 3 3 3 3 @DDDDDDDDDDDY @DDDDDDDDDDDY @DDDDDDDDDDDY Losses: 1 to 2, 2 to 3, 1 to 3 = 14dB. FIGURE 2: Network Services Complex The Network Services Complex (NSCX) is the heart of ALLIANCE teleconferencing, providing control, announcements, tones and bridging (both audio and graphics). 3 ZDDDDDDDDDDD? ZDDDDDDDDDDD? ZDDDDDDDDDDD? 3 3Signaling 3 3Main 3 3Micro- 3 3 3Terminal 3 3Processor 3 3Processor 3 CDDDDDDDDDDDD4 CDD4 CDD4 CDDDDD? CDDDDDDDDDDDD4 3 3 3 3 3 3Serial 3 3 3 3 3 3 3 3Control To 3 @DDDDDDDDDDDY @DDDDDDDDDDDY @DDDDDDDDDDDY 3Bus 3 3 Host 3 3 3 3 Switch3 ZDDDDDDDDDDD? ZDDDDDDDDDDD? ZDDDDDDDDDDD? 3 3 T1 Lines 3DS1 3 3Time Slot 3 3Announce- 3 3 CDDDDDDDDDDDD4Interface 3 3Interchange3 3ment 3 3 CDDDDDDDDDDDD4 CDD4Unit CDDBDD4System CDD4 CDDDDDDDDDDDD4 3 3 3 3 3 3 3 CDDDDDDDDDDDD4 3 3 3 3 3 3 3 3 @DDDDDDDDDDDY @DDDDDDDDDDDY 3 @DDDDDDDDDDDY 3 3 ZDDDDDDDDDDD? 3 3 3Tone 3 3 3 3Receiver 3 3 CDD4Bridge CDD4 3 3 3 3 3 3 3 3 3 @DDDDDDDDDDDY 3 3 ZDDDDDDDDDDD? 3 3 3Type I 3 3 3 3Bridge 3 3 CDD4 CDD4 3 3 3 3 Time3 3 3 3 Multiplexed3 @DDDDDDDDDDDY 3 Data Bus3 ZDDDDDDDDDDD? 3 3 3Type II 3 3 3 3Bridge 3 3 @DD4 CDDY 3 3 3 3 @DDDDDDDDDDDY FIGURE 3: Call Setup ALLIANCE calls use TSPS for Automatic Number Identification (ANI) and the 800 database to get the Network Services Complex (NTSX). All parties are connected to the NSCX bridge and out into the network via the serving AT&T 4ESS Switch. ZDDDDDDDDDDD? 3Database 3 3 3 ANI = Automatic Number Identification 3 3 3 3 ONI = Operator Number Identification 3 3 @DDDDBDDDDDDY ZDDDDADDDDDD? ZDDDDDDDDDDD? ZDDDDDDDDDDD? 3Signal 3 34ESS 3 3Network 3 3Transfer 3 3Switch 3 3Services 3 3Point CDDDDDDDD?ZDDDDDDD4Office CDD4Complex 3 3 3 33 3 3 3 3 3 3 33 3 3 3 3 @DDDDDDDDDDDY ZDDDDDAADDDD? @DDDDDDDDDDDY @DDDDDDDDDDDY 3Originating3 3Screening 3 3Office 3 3 3 ZDDDDDDDDDDD? 3 3 3Traffic 3 @DDDDDBDDDDDY 3Services 3ADDS 3 3Position CDDDDDDD>3 3System 3ANI/ONI 3 3 3 ZDDDDDADDDDD? ZDDDDDDDDDDD? @DDDDDDDDDDDY 3End 3 3Station 3 3Office 3 0-700-456-1000 3 3 3 CDDDDDDDDDDDDDDDD4 3 3 3 3 3 3 3 3 3 @DDDDDDDDDDDY @DDDDDDDDDDDY FIGURE 4: Type I Bridge Type I bridge permits a fully interactive multipoint audio connection. This bridge provides for noise suppression, automatic gain control, and echo control. To Main Processor ZDDDDDDDDDDD? 3Control 3 3Interface 3 Control ZDDDDDDDDDDD? 3D4 CD44ESS 3 Voice3 31 3Dedicated 32 3Channel CD4Switch 3 DDDDD4 CDD4Telecon- 33Bank CD4 3 DDDDD4 3 3ferencing 3 3 CD4 3 Data 3 3 3Service 33 CD4 3 @DDDDDDDDDDDY 3 3 @DDDDDDDDDDDY 3 3 To Customer 2 3 3 CDDDDDDDDDDD4 ZDDDDDDDDDDD? Premises Via DDDDDD4 CDD> To Other 3 MTS33AT&T 3 2001 And 3001 3 3 CDD> Networks CDDDDDDDDDDD4 3Network 3 Private Lines DDDDDD4 CDD> CCSA, EPSCS, 3 WATSCDD>3 3 3 3 CTX CDDDDDDDDDDD4 3 3 3 3 3800 Service3 Private @DDDDDDDDDDDY @DDDDDDDDDDDY 3 3 Line 3 3 3 CDD> To End 3 CDD> Office 3 CDD> (Class 5) 3 3 @DDDDDDDDDDDY56 CCSA = Common Control Switching Arrangement EPSCS = Enhanced Private-Switched Communications Service CTX = Centrex MTS = Message Telecommunications Service FIGURE 6: ADTS Dedicated Attendant Connections Each attendant position requires a separate private line for voice and another for data. Local Exchange ZDDDDDDDDDDD?3 3 34-Wire Talk33 3 3Battery Via33 3 Voice 3Telephone C4from terminals to transmit, then performs contention resolution, allowing terminals to transmit in an orderly and equitable way. The type II bridge also performs capability negotiations and flow control to differ differences in terminal operating speed (4.8 kb/s or 56 kb/s), error control and recovery, and transmission. Billing Information There are no recurring monthly or installation charges for ALLIANCE Teleconferencing Services. Calls are billed as follows: o Regular AT&T long-distance charges apply between the ALLIANCE Services Access Center (White Plains, Chicago, Dallas, Reno) and each location on the conference call (including your own). A charge of 25 cents per minute also applies for each location on the call. o If the ALLIANCE Services operator is asked to set up the conference call, there's an additional charge of $3 per location. RENO, NEVADA WHITE PLAINS, NEW YORK 0-700-456-1001 Audio 0-700-456-1003 Audio 0-700-456-2001 Graphics 0-700-456-2003 Graphics CHICAGO, ILLINOIS DALLAS, TEXAS 0-700-456-1002 Audio 0-700-456-1004 Audio 0-700-456-2002 Graphics 0-700-456-2004 Graphics Editor's Note: Well that's the end of the this file. Hope you learned a lot about how AT&T ALLIANCE Teleconferences really work. I hope you have enjoyed reading this file as I had typing it. (Yeah right...hehe.) next time you are on an AT&T ALLIANCE Teleconference you'll now exactly how they work. ------------------------------------------------------------------------------ -=- United Phreaker's Incorporated Magazine -=- Volume Two, Issue Six, File 5 of 11 DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD ANARCHY TiMES DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD All Rights Reserved Released on 04/92 Property of UPi DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD Last Week of School Ok you're one week away from your two month trippin' period... BUT! You don't want the bunch of fuckers to forget about you hehe? Well here are a few way of making sure you'll have the best days of your life next year. First : A few things are in and many are totally out. IN : Bombing Vandalism Assassination Black Mailing OUT: Kiddie stuff like : "I'm going to kill your wife... Sir..." Stupid prank of the Full-Of-Shit-Paper Bag-Caught-On-Fire-That-The -Teacher-Will-Try-To-Extinguish-By-Jumping-On-It. Anyhow you get the idea of what TO do and what NOT to do. - Bombing - I won't go over the various explosives substances, because their are many good text philes on these babies. Get you hands on "The Anarchist Cookbook" published by God-Know-Who, it explains how to make various explosives. What to bomb ?? Easy Teacher's Restroom, Cafeteria's garbage can, janitor's bin, and other school property. To blow the teacher's rest room, I would not advise using a Light Activated bomb that'll blow up when the teacher lift the lid of the bowl. I'd rather suggest a good ol' plastic based explosive placed right in the tank [Scheme 1] VDDDDDDDDDDDD[ Scheme Number 1 ]DDDDDDDDDDD7 This explain where to place : _____ : the bomb. If you can, wrap : |Z? | Z? : the explosive in a plastic : |@# | / @Y= Plastic Charge : bag to avoid water damage on : | | / # = Timer Fuse : the timer. You wouldn't want : |____|/_ _ : it to go off right under a : 33 3 ---- ) : teachers ass would you ? : 33 3 / : : DDDDDY@DD/DDDDD\ : : : SDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD= - Vandalism - This, I'm sure everybody has performed at least once in his life. Either by painting a complete wall, or only by writing his name on a desk. Well why don't you combine the two of them ? PAINT your NAME on a DESK nailed to a WALL ??? NOT! Here it goes... Usually, school invest in cheap art pieces. Sometime, it's a statue of the school's funder, or painting of some smart-ass dope weirdo, that made big bucks by painting little fucked up square in puke colors. Well the statue is pretty easy to wreck, just saw the heads off the rest of the body. Or glue a Dick and two balls just in the right place. If you're daring enough, remove the statue from one school, and switch the two of them. Only problem here is transportation. Another neat trick is to offer an haircut to the jerk. Make him a red, white and blue mohawk, or paint it in more living colors, smear artificial blood everywhere. Okie painting? Use some sort of thinner to fix these up. Fill a squirt gun with some Varsol (tm) and spray-n-wash (tm) the thing... It's just gonna look a bit more psychadelic... WHO GIVES A SHIT ?!??!? Break-In and Entering a school. Easy if the school is cheap, just enter by breaking a window. If not, try the roof, or pick some lock, get to the principal's office. Make some re-decoration thing. Take the previous mentioned statue and allow him to sit in the principal's chair... Or HANG the statue in the principal's office... What else ? Hang the PRINCIPAL'S in his office. Paint some devilish signs in the office, and use the desk as a ceremonial table... Spill some sheep blood everywhere, and leave a sheep's dead carcass lying around. Now... Something that work all the time, is to connect the phone to the intercom. If you're smart 'nuff you will figure out a way to make the intercom go online as the fucker lift the receiver. Sure... It may take some time to fix, but hey! Who said pranking was easy ? - Various Fraud - Ok, lock pick your way inside the teacher's wardrobe. In there you will most probably find some various shit as Kleenex (tm), Kotex (tm), and you might even find some useful thing... Cash, Credit Card, Calling Card, agenda, driver's license, and various paper (Which we'll use later, to blackmail the subject). Also, rule #1 of Break-In, is PUT BACK EVERYTHING IN IT'S PLACE ! You don't want them to notice that someone browsed through their possessions. Cash is always useful, but be sure not to get your ass jailed. I'm sure that if you find cash you'll know what to do with it. Credit Card, well again here, you probably know what to do with it, but one thing : DO NOT STEAL THE CARD... Note the Number, Expiration Date, and every information you can, but for god sake, leave the card in place... If the card is missing, the asshole will cancel it in the following 24 hrs. Calling Cards, must I remind you that THESE are FUCKEN' UNSAFE ?? I got nailed for nearly 450$ once, and promised myself not to ever use one of these on my own line. Use them for pay-phone transactions. It's pretty useful and can save you lotsa bucks. Agenda's are mostly used to pick up owner's street address, phone number birth date, and various information ranging from friend's phone, password on the school net, and shit like that. The driver's license, you can take. No one will care, beside him, perfect when you need false ID, and shit like that. Papers, who said there was nothing interesting in the phone, gas, electricity and other kind of bills? phone bill can supply you phone number and sometimes, Calling Card numbers, and Gas bills, well, these are not as useful as phone bill, but still, you can rip off address and phone number. Electricity bills are the same as gas bill. One thing you should look for is the receipt that the subject collects from various sources. I know for one that gas stations emit receipts when you pay by Credit Card. Seek them out. - Blackmailing - If you really want to piss off you mark, this is the way to go first, let me tell you that sticking newspaper letter on a piece of paper is not the best way. It's long and it's dirty too, I'd rather suggest that you use some of the modern ways of blackmailing, phone and Typewriter. If you're good at that, you can fool around with pictures, sending your favorite teacher a letter containing pictures of him and another chick in a whorehouse, or a picture of him in a gay bar. If you prefer the old way, ask him to give you 500$ if he wants his dog back alive...Include a picture of the dog hanging to a rope. Then, you'll have to plan for a collect site ... Again, Public park garbage can are NOT recommended... You would prefer a dark alley which you've sweeped out completely for cops and various unwanted people... Clearly state in your letter that if cops are warned, or that if he's not alone, the animal will be tortured and the mutilated before being killed. Ok...Enough bullshitting... Blackmailing is useful, because you can get almost everybody to do whatever you want, and whenever you want them to do it. This, I hope will keep you busy until the end of the school year. - Assassination - Yeah, I know, I wasn't supposed to cover this in, but what the heck. I feel like it today (Rainy Day, Bad Day at school etc). One of the best way to kill or seriously harm somebody with the less chances of you getting caught, is your mark's car... A gas tank could easily catch on fire while he's driving the car. Follow the next simple steps to clean assassination. 1. Find out where the asshole lives. 2. If the car is in a garage, forget it, and wait 'till the car is out. 3. Always do this at night, you don't wanna be seen. 4. Open the tank and check if it's full, you don't want him to see you messed with the tank. 5. VDDDDDDDDDD[Scheme Number 2]DDDDDDDDDDDD7 Ok. Remove the back light cover : \_______ : on the gas tank side, and just : _ _.---._) : hook a wire on the red wire that :(_[o] /__| <- Break Light. : is supposed to be there. Hook : __ | _ _ : another on the black wire. : _ \ | (_[o] = Opened Gas Tank : Discreetly tape the wire with : _) ]___/ : transparent tape the closest : ___/ .---. = Wiring : possible to the car, and open SDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD= the gas tank. now, twist the wires together, and work them the deeper you can in the tank. You may need a screwdriver to pierce a hole through the small metal net that stop thieves from suckin' the gas from the tank. Now, just stick the cover back in place and close the tank. If your thing is too obvious, the guy will probably check it and remove it, but if it's concealed enough, he's cooked the next time he'll hit the break... 'Cuz if you have not yet figured out what is gonna happen, well... The two wires will induce a short circuit, which will most likely produce a spark, which will ignite the fumes, and BAM! - Basic Anarchy - This is a `Say Everything that is nasty and comes out of your head' section. In here, I will give you a few tips, and let your brain do the hard work. Which is : Gathering the material and putting the thing in place... 1. Light the neighbor's tree(s) on fire. Simple. Make some napalm ( Gas and Palmolive in a can + an ammonia tablet which is to fall into it...), and put it under the tree...You'll have about 5 sec to run away, before the things transform into a fireball. You can light various things with napalm... Skunks, Rats, Skin Heads, Dog, Krishna, or your favorite ethnic minority specimen. 2. Smoke Show... Take about 4 gal. of Gas, pour it into a sewer and light the things out... The sewer will catch on fire and everything in it (Shit,Dead rats,dead skunks,dead skin heads, dead krishna...) will catch on fire too... Emitting a large amount of smoke, which will be grey, and will stink like a living-dead congress in Brazil. 3. Kar Krash... For that one, you will need a few screw drivers, 6" nails, a hammer and lotsa guts. Go out at night spot your favorite neighbors car. nail is tire valves, so when he removes the nails, the tires will flat out. Then, take a flat screwdriver, and push it through the car locks. Take a Phillip's one, and make the hole bigger, being sure that the lock will be useless... On certain car, you can even unscrew the back windows (Honda, Hyundai) and then, you can slash the entire car interior. Well... This wrap it up for this issue. Greets are out to : TLA, Arch Bishop The Darkman, Frozen Tormentor, Dark Angel, The Black Legend, LTD, Mind Bomb, Prince of Thieves, and to all Anarchist out there. ____ / /\ \ --(-/__\-)-- X____X narchy Rules. Call NDC (514)899-5435 and leave me mail. / \ - Disclaimer - This file is intended to various illegal use. The author here by is not to be involved in these activities. (Well, somebody must have tried these out hehe?) And you pigs can't fucken' do anything about it. God Bless the 1st Ammendment! Silicon Phreaker ------------------------------------------------------------------------------ -=- United Phreaker's Incorporated Magazine -=- Volume Two, Issue Six, File 6 of 11 How to make a million dollars in your own basement! By VC Hacker How do you make a million dollars in your own basement? EASY! Grow Marijuana! It is possible to grow a higher quality product indoors than those normally available on the street! The most important step is choosing your "strain". Try to pick some seeds >from the best pot you ever smoked. Or if possible get some "clones" from someone already growing. Follow these simple rules and you can achieve yields anywhere from 3 to 8 ounces of dry bud marijuana (with no seeds!) per plant! Step 1 ------ Location. Choose a site which has easy access to water and hydro, yet is somewhat discreet, and will facilitate ventilation ducts leading directly outdoors. Surround Growing Area with a heavy reflective material. This will keep bright lights from shining out, make the area airtight, and reflect the excess light back onto the plants. A flat white plastic (available at some garden centers) is ideal. Next, run a water hose into the room. It is best to have a Y type connector hooked up to the hot and cold so you can make the water lukewarm. It is time to get some Hydro. Using minimum of 14 gauge wire, run power directly from source. It is not advisable to use the wall outlets unless you know for sure there is nothing else on the cir- cuit. Remember, you will need 1 15 Amp circuit for every light. Now you are ready for ventilation. Run an intake fan into the area using duct work. This air must come from outdoors. The intake should enter the room near the floor, and have a damper on it to prevent air from leaking in while the fan is off. An exhaust fan will need to be located on the opposite wall, near the ceil- ing and leading directly outdoors. The ventilation system must be able to clear the entire area in 5 minutes. To figure out what size of fans and duct work, calculate the total cubic footage of the area. Then, divide it by 5. That result is the approximate rating of the fans in CFM. Find the closest to that rating with out going under it, and use the corresponding size duct work. Both fans should be run using a thermostat. The proper temperatures will be discussed later. Although the ventilation is probably the most intense part of setting up your grow-room, it is also one of the most overlooked parts. IT CAN MAKE OR BREAK YOUR SUCCESS! Step 2 ------ Now, choose how many lights you want to run. One 1 000 watt light will light approx. a 10 by 10 area, while in vegetative state. Go to a Hydroponic store or Electrical wholesaler and purchase 1 000 Metal Malide lamps. Later, when your plants are in flowering, you will need an equal number of High Pressure Sodium lamps. Remember to run only one light per 15 amp. circuit. You still have enough room to run fans on a circuit with one 1 000 watt light. Hang the lights on chains so they can be raised or lowered. Now, start your seeds or clones. It is most advisable to start them under fluorescent tubes until you see roots coming out of the bottom of the pots. Then, transplant them into 4 to 5 gallon pots with PRO-MIX BX (available at garden centers) and place them in the grow room. Limit yourself to 6 to 8 plants per light.This may not seem like much at first, but they grow quick! Lower the lights so they are 6 or so inches away. It is important to keep the lights as close as possible to the plants without burning them. Run the lights on Timers, so they operate 18 hours per day. It is usually easier to control the temperature if you run the lights at night. After about a week it is time to start fertilizing. Get some 18-9-27 fertilizer (any garden center) and mix according to the directions. When the plants are dry about 3 to 4 inches under the top of the soil, it is time to water. Water one time with fertil- izer, one time without. Every 2 weeks flush out each plant fully with 5 gallons of pure water. This will clean out all unused nutrient and keep plants healthy. During this whole time the thermostat should be set to keep the room temperature at 80 degrees. Step 3 ------ After 4 weeks of vigorous growth your plants should be ready to flower. Usually they should be 36 inches in height. It is time to add the High Pressure Sodium lights. Change the light cycle to 12 hours. This will trigger the plants into flower production (buds!!!). Obtain 10-52-10 fertilizer. This will stimulate the maximum flower growth. Mix as to directions, and apply the same as above. As above, flush plants out every 2 weeks. Thermostat should be set a little higher during flowering. Usually 80 to 85 degrees, depending on the strain. After about 2 weeks of flowering the gender of the plants will start to show. Female plants will have little white hairs at every branch node, and male plants will have 2 little balls hanging underneath. Remove and destroy all the male plants. They do not produce any buds, and will cause you to have seeds in your crop. Now, let your remaining female plants flourish for 6 more weeks. For the last 4 to 5 days it is a good idea to use only fresh water with no fertilizer in order to clean the nutrient out of the plant and allow the true taste of the strain to prevail. This will allow in sweet, flowery tasting buds. Step 3 ------ When your buds are nice and big and fluffy, it's time to cut 'em down. Plant by plant remove all bud material and separate all the leaves from the bud. Throw out the leaves. The remaining bud may be dried on screens, or even on newspapers spread on the floor. It is most advisable to dry it in a cool, dark place as THC's biggest enemies are heat and light. This will keep your pot fresh and potent. Normal drying time is 3 to 4 days. Now, obtain 4 things: 1) Zip-Loc bags 2) Scale 3) Zig Zag White Rolling Papers 4) Matches. Roll a big reefer, get stoned, weigh out some dope, and make some money! P.S. Aluminum briefcases are very handy for burying money. They are air and watertight, and can hold twenty-thousand dollars worth of 20's! Have Phun ------------------------------------------------------------------------------ -=- United Phreaker's Incorporated Magazine -=- Volume Two, Issue Six, File 7 of 11 The Beginner's Guide To Hacking On Datapac 1992 Update Written By The Lost Avenger Welcome to once again to the first return issue of the UPi newsletter. This file was originally released for Spectrum Issue #1, and then re-released in the very first UPi Newsletter (Volume 1, Issue 1) and from there I have now decided that the public's positive reaction to this file was still so tremendous that it made me decide to re-release the file again and also re-write and update it to the 1992 specifications for Datapac. Hope you enjoy reading this file as I did writing it. After reading through my large collection of g-files. I have found that there hasn't been a good text file for beginner about hacking the Datapac network. This guide will give a general incite on how to identity different types of operating systems when you are hacking about Datapac, and on generally basic information about Datapac. I hope this will give you more knowledge about the Datapac network to help get you started. Hope you learn a lot about Datapac and enjoy reading it at the same time. I have released this file in UPi Issue Number 1 but I have updated it and re-releasing it. These are the ten rules of hacking that I go by when I hack around on systems. These rules are important in order maintain from being caught or discovered illegally hacking on a system. I. Do not intentionally damage *any* system. II. Do not alter any system files other than ones needed to ensure your escape from detection and your future access (Trojan Horses, Altering Logs, and the like are all necessary to your survival for as long as possible.) III. Do not leave your (or anyone else's) real name, real handle, or real phone number on any system that you access illegally. They *can* and will track you down from your handle! IV. Be careful who you share information with. Feds are getting trickier. Generally, if you don't know their voice phone number, name, and occupation or haven't spoken with them voice on non-info trading conversations, be wary. V. Do not leave your real phone number to anyone you don't know. This includes logging on boards, no matter how k-rad they seem. If you don't know the sysop, leave a note telling some trustworthy people that will validate you. VI. Do not hack government computers. Yes, there are government systems that are safe to hack, but they are few and far between. And the government has infinitely more time and resources to track you down than a company who has to make a profit and justify expenses. VII. Don't use codes unless there is *NO* way around it (you don't have a local Telenet or Tymnet outdial and can't connect to anything 800...) You use codes long enough, you will get caught. Period. VIII. Don't be afraid to be paranoid. Remember, you *are* breaking the law. It doesn't hurt to store everything encrypted on your hard disk, or keep your notes buried in the backyard or in the trunk of your car. You may feel a little funny, but you'll feel a lot funnier when you when you meet Bruno, your transvestite cellmate who axed his family to death. IX. Watch what you post on boards. Most of the really great hackers in the country post *nothing* about the system they're currently working except in the broadest sense (I'm working on a UNIX, or a COSMOS, or something generic. Not "I'm hacking into General Electric's Voice Mail System" or something inane and revealing like that.) X. Don't be afraid to ask questions. That's what more experienced hackers are for. Don't expect *everything* you ask to be answered, though. There are some things (LMOS, for instance) that a beginning hacker shouldn't mess with. You'll either get caught, or screw it up for others, or both. I think in my own opinion the best way to find systems is by scanning them out. Getting them off a board or off a friend is not very safe as they may already have been hacked to death. Now you are probably wondering how you scan for systems, well this is what you do. First you select a four digit number representing the area you want to scan, for example 4910 or something like that. What you do from there is when you connect to the Datapac network (See Part V for more details on how to connect to Datapac) you type ".." and press enter. You should get some kind message such as "DATAPAC: XXXX XXXX" (with XXXX XXXX the Datapac node number you are on). Once you get that message you will enter a four digit number (the prefix) that you have selected, but don't press enter yet. After that type in another four digit number (the suffix) your have selected and press enter. Datapac will give respond to that by giving you a Network Message which is discussed later (see Part VII for the Datapac Network Messages). These messages will tell you if the system you are trying to reach is out of service, up, busy, and so on. If you have successfully connected to a system and want to disconnect from if and go back into Datapac type in the following string "-P Clear ". To continue scanning for more systems just keep on adding one to the last digit of the number in the suffix that you entered before and press enter. To keep on scanning just continue this until whatever suits your needs, for example you may start scanning at 4910 0000 and could stop scanning at 4910 1000. Ok now in this section I will discuss on how to connect to the Datapac network. Ok what you do to connect to Datapac is first make sure you computer is on. Then you load your terminal program, next call your local Datapac node. Once connected type to Datapac type in "..". Datapac will respond to this with the following message: DATAPAC: XXXX XXXX The XXXX XXXX is the Datapac node number you are on. If you have a Network User Identifier (NUI) then you can enter it in the following way, if you don't have one then skip this part: NUI you will then see the next message: PASSWORD: XXXXXX If Datapac did not send that message then that means that NUI that you entered is not a valid one. If you did get this message then enter the password assigned and press enter. Datapac will respond with either one of the following messages: DATAPAC: network user identifier active. which means that the password entered is correct or DATAPAC: network user identifier error which means that the password entered is not correct. Take note that if you have the valid NUI and it is on and you want to turn it off then type in the following command: NUI Off >from there Datapac will send: DATAPAC: network user identifier not active which means that you are no longer using the NUI, which also means that won't be able to connect to NUA's that don't accept collect calls. Once you enter in all that information.. you can know enter in a NUA. To enter in a NUA just type in 1+DNIC+NUA (example 1208057040540 for QSD). If you connect to the NUA properly then you will get this message: DATAPAC: Call connected to: XXXX XXXX The XXXX XXXX is the NUA that you have requested to connected to, otherwise it will display a different message which is discussed later on in this document. When a Datapac call is established through the network, a call connected message is received at the originating DTE. All or some of the following messages may be identified depending on the type of call, options used for the call, and the type of destination. Example: [HUNTED] [BACKED UP] [BACKED UP & HUNTED] [i LCN] [P/N PACKETSIZE: (128 OR 256)] [NUI (6 to 8 CHAR)CHARGING] [CUG:(CUG#)] [REVERSE CHARGE] MESSAGE EXPLANATION Call connected to: XXXXXXXX A virtual circuit has been established between an originating DTE and a remote (receiving) DTE. Hunted The remote logical channel is part of a hunt group. Backed Up The call attempt to the remote DTE has failed. The network has re-directed the call to another predetermined DTE that has been optioned as backup. i The call has been placed to an international address. P Priority service. Packet size: 128. N Normal service. Packet size: 128 or 256. DNA Data Network Address of the originating DTE. LCN Logical Channel Number of the recipient DTE. NUI The call will be billed to the 6 to 8 character Network User Identifier. CUG The recipient DTE is part of a closed user group. Reverse Charge The recipient DTE has accepted the charge associated with the established call. There are thirty-three messages which may appear when you are accessing the Datapac network. All of these network-generated messages which are sent to a terminal, are written as "Datapac: text". The "text" will be one of the following messages: ADDRESS This is a Datapac herald message for an SVC terminal. The "address" displayed is your Datapac network address. This message indicates that you are connected to the Datapac network. Proceed with the call request command. {P,R} TERMINAL ADDRESS -- (DESTINATION ADDRESS LOGICAL CHANNEL) This is a Datapac herald message for a PVC terminal. It indicates that you are connected to the network (address and destination address) CLOSED USER GROUP ERROR INVALID ADDRESS, MORE THAN 12 DATA CHARACTERS, or COMMA REQUIRED BEFORE DATA CHARACTERS These messages indicate an error in the call request command--correct and re-enter the command. CALLED BY [P][R] or [N][I] ADDRESS (XXX) This message indicates that a host or terminal has called you. Proceed with sign-on. (Note: P or N denotes grade of service. R specifies the charging option, if applicable. I specifies that it is an international call. (XXX) specifies the logical channel number if it is a national call, and specifies the gateway id if it is an international call. CALL CONNECTED This message indicates that the SVC connection between your terminal and the destination has been established successfully. RE-ENTER This message indicates that a transmission error has occurred in the current input line. Re-enter the line. If the problem persists, report the trouble to Telecom Canada. INPUT DATA LOST This message indicates that a transmission error has occurred. Since part of your input line has already been transmitted to the destination, enter a "line delete" character for your application and a carriage return (CR). When the destination replies, re-enter the line. PARITY ERROR This message indicates that a parity error has occurred in the current input line from a terminal which is operating in echo mode. The character which is in error is not echoed. Re-enter the character and continue normal input. If the problem persists, report the trouble to Telecom Canada. INPUT ERROR This message indicates that there is a network problem, due to overruns. If the problem occurs often, contact Telecom Canada. PVC DISCONNECTED - TEMPORARY NETWORK PROBLEM This message indicates that a network problem is preventing the requested call from continuing. Wait for the Datapac herald message, then continue. If the condition persists, contact Telecom Canada. PVC DISCONNECTED - DESTINATION NOT RESPONDING This message indicates that either the access line to the destination, or the destination itself is down. Try again later. If the condition persists, contact the destination. PVC DISCONNECTED - REMOTE REQUEST This message indicates that the destination has asked that the connection be discontinued. INVALID COMMAND This message indicates that there is a syntax error in the command. Correct it and re-enter the command. COMMAND NOT ALLOWED This message indicates that the command which was entered, although syntactically correct, cannot be implemented either due to the NIM state, or because it violates and/or conflicts with the service options selected --e.g., a call request command, when an SVC is already established. CALL CLEARED -- DESTINATION BUSY This message indicates that the destination computer cannot accept another call. Try again later. CALL CLEARED -- INCOMPATIBLE CALL OPTIONS This message indicates that the call request command includes facilities which are not available at the destination or are incompatible with it. Verify and try the call again. If the problem persists, contact the destination. CALL CLEARED -- TEMPORARY NETWORK PROBLEM This message indicates that a network problem has occurred--try again later. If the problem persists, report it to Telecom Canada. CALL CLEARED -- DESTINATION NOT RESPONDING This message indicates that the destination is either not acknowledging your request to connect or it is inoperable. Try again later. If the problem persists, contact the destination. CALL CLEARED -- ACCESS BARRED This message indicates that the network has blocked your call because of a Closer User Group violation. Verify the call establishment procedures with the destination. CALL CLEARED -- ADDRESS NOT IN SERVICE This message indicates that the network address in the call request command identifies a non-existent destination-- i.e., the address is not yet (or is no longer) assigned. Verify the address and re-enter the call request command. If the condition persists, contact the destination. CALL CLEARED -- COLLECT CALL REFUSED This message indicates that the destination is not willing to accept the charges for the connection (e.g., it does not accept calls from Datapac public dial ports). Verify the call establishment procedures and try the call again. If the condition persists, contact the destination. (See Part VII and Part VIII for more information. CALL CLEARED -- LOCAL PROCEDURE ERROR This message indicates that a network protocol error has occurred. Try the call again. If the condition persists, report the trouble to Telecom Canada. CALL CLEARED -- REMOTE PROCEDURE ERROR This message indicates that a destination protocol error has occurred. Try the call again. If the condition persists, contact the destination. CALL CLEARED -- LOCAL DIRECTIVE This message indicates that a virtual circuit has been cleared in response to a clear command from a terminal user. CALL CLEARED -- REMOTE DIRECTIVE This message indicates that a virtual circuit has been cleared in response to a clear request packet from the destination. CALL CLEARED -- REMOTE REQUEST This message indicates that a virtual circuit has been cleared in response to an invitation from the destination to clear the call. RESET -- TEMPORARY NETWORK PROBLEM This message indicates that a network problem has occurred on the PVC connection. Wait for the Datapac herald message, then continue. If the condition persists, report the trouble to Telecom Canada. RESET -- DESTINATION NOT RESPONDING This message indicates that the destination end of the PVC connection is not responding-- i.e., either the access line to the destination, or the destination itself, is down. Try again later. If the condition persists, contact the destination. RESET -- LOCAL PROCEDURE ERROR This message indicates that the PVC has been reset because of a network protocol error. Wait for the Datapac herald message, then continue. If the condition persists, report the trouble to Telecom Canada. RESET -- REMOTE PROCEDURE ERROR This message indicates that the PVC has been reset because of the destination protocol error. Wait for the Datapac herald message, then continue. If the condition persists, contact the destination. If the host computer is connected via the ITHI option, this message indicates that data has been disregarded due to the host not reacting to flow control conditions sent by the PAD. RESET -- LOCAL DESTINATION This message is the network's response to a reset command from the terminal user. Continue. RESET -- BY DESTINATION This message indicates that the destination has reset the virtual circuit. Data may have been lost. Continue. If the condition persists; report it to the destination. RESET -- TEMPORARY NETWORK PROBLEM These messages indicate that the network has reset the switched virtual circuit. Data may have been lost. Continue. If the problem persists, report it to Telecom Canada. RESET -- LOCAL PROCEDURE ERROR These messages indicate that the network has reset the switched virtual circuit. Data may have been lost. Continue. If the problem persists, report it to Telecom Canada. Well let me just get back and discuss something that I was talking about before but didn't go into any great detail about. The Network User Identifier (NUI) is a credit card-like system associated with the Datapac Network - similar to a calling card used to bill long distance calls. A NUI is a 6-8 character alphanumeric code which is entered during call set-up to indicate an account to which Datapac calls may be billed. Associated with each NUI is a password which is used as a security check when establishing a connection to the Datapac network. The password is confidential, known only to the user. The purpose of a NUI is to allow a Datapac user to make use of the Datapac network for data communications without the requirement of a dedicated Datapac connection or the need for the destination to accept reverse charge calls. Once the NUI/password pair has been correctly validated, the call is set up to the requested destination and call usage billed to the NUI/Datapac account number. At call set-up time, the user specifies the NUI and password to the network. The password is used by the network to authenticate the use of the NUI. After the NUI/password pair has been correctly validated (process whereby NUI/password is checked by NUI application), the user will be able to bill all subsequent session usage to the specified NUI. There are many useful applications for NUI. NUI, when provided to authorized users, can eliminate the need for host to accept reverse charge calls. NUI is required by users of public dial who are placing calls to a host application with the reverse charge blocking option. NUI permits subscribers of dedicated and private dial Datapac services to "Third Party" usage charges to a NUI account. For example, some users may decide that they do not want usage charged to the dedicated access line which they are using (i.e., if using someone else's line/terminal). By entering the NUI, all usage for subsequent calls during the same session would be billed to the account associated with the specified NUI. NUI permits sender paid calls to domestic Datapac network addresses and to foreign networks. Users can make international calls to overseas networks and charge the call usage to their NUI when using public dial ports. Offshore networks accessed via Teleglobe do not accept collect calls. Users also have the capability of placing sender paid calls to Domestic Datapac addresses, Telenet, Tymnet, Autonet, ACUNET and DASNET in the United Sates. NUI is required to complete calls using Datapac indial/outdial ports (i.e., devices at destination not connected to Datapac). NUI can be used to achieve benefits of departmental accounting. The Datapac bill is itemized to indicate the charges related to each NUI. This will assist in determining which department has generated usage and the associated charges. There are two main components to Datapac billing which is access and usage Both are billed on a monthly basis. These are the monthly recurring charges for dedicated access to the Datapac network. Included in this component are; Service charges - The one time service charge associated with a request for new service or a change to an existing one. Monthly charges - The recurring charge for basic dedicated access to the Datapac network. Other monthly - The additional recurring charges for any optional charges features or enhancements (additional VCs, PVCs, CUGs, etc.) to a dedicated access. These are the charges for the variable amounts of customer data sent to and >from the network. Included in this component are; Hold charges - Per minute. This applies only to Public Dial Port and International calls. Call set-ups (Call Requests) - Per attempt. Does not apply to Permanent Virtual Circuit (PVCs) arrangements. Resets - Per occurrence when generated by the customer. PAD usage - Per segment*. Applies to all services except Datapac 3000. Network usage - Per segment*. Rateant the grade (1,2,3) of the cities involved (DPSAs) and the distance between them. Surcharges - An incremental 5% to 25% surcharge applies to network usage when a premium throughput class is ordered. - A 25% surcharge applies to network usage with customer requested Priority calls. NUI - although this is a recurring monthly charge, it is grouped with usage for billing. Billing of data packets in Datapac is done in segments and commonly referred to as KILOSEGMENTS (1000 segments). In most cases, one segment is equal to one packet containing from one to 256 characters. There are some exceptions; Priority packets - Are a maximum 128 characters and are billed as one segment, surcharge applies. 512 character packets - Are billed as two segments. Packets to/from U.S. networks - Are a maximum 128 characters and are billed as one segment. Packets to/from Overseas networks - The international standard packet size is a maximum 64 characters and is billed as one segment by Datapac. Some overseas networks have 128 character packets but these are billed as two segments. Network User Identifier (NUI) Charges Monthly Service Rate Charge General NUI $2.40 $75.00 Corporate NUI $50.00 $125.00 Sub-NUI $2.40 No charge General Access Rates Monthly Service Rate Charge Closed User Group (CUG) $1.35 $75.00 - no charge for CUG options Reverse Charge Call Feature $1.35 $22.00 Direct Call Feature $4.20 $75.00 Hunt Group $55.00 $22.00 Call Redirection $157.00 $22.00 - additional charge for diversity where available Usage Rates Datapac usage includes the following billable components: Hold Time (1,2) $0.04/min. Public Dial and International ONLY Call Set-up $0.01 each Public Dial/SVCs ONLY Reset $0.01 each Customer initiated ONLY PAD usage (1,2) Datapac 3101 $0.50/kilosegment Datapac 3201 $0.85/kilosegment Datapac 3303 $0.70/kilosegment Network Usage (1) see following table based on distance and grade (1) A 25% discount applies to these components for calls initiated and completed between 7 PM and 7 AM and on weekends and certain holidays. Applies to ** PUBLIC DIAL ONLY**. (2) PAD and Hold Time charges are applied at both the calling and called end, where applicable. M I L E A G E DPSA (city) 1-100 101-400 401-1000 1000+ ----------- ----- ------- -------- ------ 1 to 1 $0.40 $0.65 $1.06 $1.80 1 to 2 $1.01 $1.70 $2.33 $3.50 1 to 3 $1.70 $3.50 $4.13 $4.77 2 to 2 $1.75 $3.34 $4.24 $5.57 2 to 3 $2.44 $4.24 $5.30 $6.41 3 to 3 $3.13 $5.30 $6.36 $7.00 * NOTE : Larger cities are grade 1 Datapac Serving Areas smaller cities are grade 3 DPSA's The Datapac Summary Usage Statement is monthly statement is free of charge. It is a summary of all calls that have been billed to the addresses or NUIs that are part of an account for that billing period Because this is a summary, it is not possible to accurately reconcile the details of any totals on this statement. This is due to the standard accounting practices of rounding rules, minimum charging and taxing procedures that have been applied. If your organization needs this capability, it must be done from a Detailed Usage Statement. There are other options that can be considered to meet these needs such as; reverse charging, NUI, separate accounts or division codes (where available). Please discuss this with the Sales Representative of your local telephone company. In addition to the customers account number, dates of the billing period involved, tax totals and grand total, the following information is supplied; Billed Address (or NUI and city); Other Address (or City Code if Public Dial call), # of calls, # of resets, billable units (kilosegments), indication of surcharges (if applicable), duration of calls, hold charges (if applicable), and usage charges; A sub total of all above information for each billed address and Service type of each address This information is sorted in descending numerical/ alphabetical order. This same information is given for the U.S. and Overseas Summary Usage Statements and is grouped by Packet Switching Network name. A new format for the Datapac Summary Usage Statement will begin introduction in mid to late 1991. Improved methods of grouping, sorting and reporting usage have been introduced as well as some additional details. Some major highlights; Title page to display previous 12 months billing history, page break by service type, sub-totals by service type, final page with sub-totals of domestic, overseas and International usage with taxes and a grand total. The information you need from a summary statement will be easier to find and handle. The Datapac Detailed Usage Statement which is chargeable option. It is a monthly statement that details each and every call that has been billed to the addresses or NUIs that are part of an account for that billing period. In addition to the customers account number, the dates of the billing period involved, tax totals and the grand total, the following information is supplied for each call; Billed Address or NUI and city, service type, logical channel (virtual circuit #), throughput class; Other Address and city (only City if Public Dial call), service type, logical channel (virtual circuit #), throughput class; Date, local start time and local stop time; Number of resets (if any); Clear Cause Code; Billable Units (segments) received transmitted; Call Set-up Class; Hold charges (if applicable); Usage charges and Taxing province This same information is given for the U.S. and overseas calls and grouped by Packet Switching Network name. The calls on this statement are grouped by billed address and other address then sorted in descending numerical order. The calls between the Billed and Other Address are sorted in descending chronological order. Each call record on this statement can represent either a portion of or a complete call. Under normal circumstances, an accounting record for a call is generated when a call is cleared, or every 12 hours. If required, accounting records can be generated on a call still in session (for variety of network maintenance reasons). Therefore, a complete accounting record for a particular call may appear on more than one line. Such instances are identified by the Class and Clear Codes. If call total is required, it must be calculated manually. Well up to now I have discussed how to connect to Datapac, what a NUI is and how much it cost for a NUI, summary usage statement, detailed usage statements and usage statement codes. Let me changes topics for a minute and describe the different type of Datapac services available. Datapac 3000 is synchronous, application independent service that allows data terminals (DTE's) and data communicating equipment (DCE) to exchange data in a packet-mode over a public or private packet switching network. The DTE/DCE interface connection, disconnection and transmission rules are defined in a packet switching protocol called X.25 recommendation which is developed and governed by the international telephone and telegraph consultativ committee (CCITT). X.25 protocol is a bit oriented framing structure based on the high level data link control (HDLC). The CCITT recommendations for X.25 are divided into three levels, namely: The Physical Interface (Level 1) - Specifies the use of four-wire, point-to-point synchronous circuit between the DTE and the network (DCE). This circuit includes two modems or datasets (one connected to the DTE and the other connected to the network). Characteristics are: 4-wire point-to-point or dial via a V.22 bis modem; Full duplex via RS232 convention. The Frame Level Logical Interface (Level 2) - Defines the frame level link procedures used to synchronize transmission, initiate the "handshaking" necessary to establish the 'R-U-There'/Yes-I-Am sequence, flow control mechanism and perform error checking of data exchange across the DTE/DCE interface (link). the DTE is usually located at the customer premises and is called host while the DCE is located in the network. the procedures used to control the link are defined as commands and responses. Characteristics are: HDLC; Link access procedure balanced (LAPB) X.25(80) or X.25(84). The Packet Level Logical Interface (Level 3) - Defines the packet formats and control procedures required to establish a logical path (call request), exchange information (data packets) and for removing the logical path (clear request) between the DTE and DCR. Characteristics are: Logical Channels (LCN`s); Packet Size; Window Size; And Throughput Class. The customer's terminal (Host) is connected to a local modem which in turn, is connected to a second modem (Remote) in the central office via by 4 wires which in turn, is connected to a line processing module in the Datapac network. This configuration is called the DTE/DCE link and can be assigned speeds of 1200 bps through 19200 bps. This DTE/DCE link is assigned a unique Datapac network address (DNA) and other link parameters such as line speed, modem type, flow control and security by Telecom Canada. When the electrical signals are in the correct state as specified in level 1, the Datapac line processing module continuously transmits a CCITT command called SBMM (Set Asynchronous Balanced Node) to the customer's terminal (Host) every three seconds. If the host is ready, it responds to the SABM with a CCITT response UA (Unnumbered Acknowledgement). When this occurs, the link is initialized (level 2 ready), the host and Datapac module exchange restarts or restart/restart confirmation commands. When this occurs, the DTE/DCE link generates a transition to the next X.25 level, level 3. The DTE then signals the address it wishes to communicate with in a CCITT defined call request format (8 digits ), 10 digits if using 9th and 10th digit subaddressing on a Logical Channel (LCN) Datapac then routes the call request to the appropriate destination (national or international) and awaits a CCITT defined call accept packet. If this occurs, the accept packet is transmitted back to the originating host and both hosts may now exchange CCITT defined data packets. This is called a Switched Virtual Call (SVC); permanent virtual calls (PVC's) are also offered. At the end of the session, either host can terminate the SVC by transmitting a CCITT defined clear request packet. Up to 255 SVC's may be supported simultaneously. Dial access service is also offered at 2400 bps with a maximum of eight LCN's over the public telephone network Datapac 3000 provides customers with a cost effective service derived from packet switching technology and X.25 protocol. Some benefits are: Simultaneous communication with many (up to 255) different locations, national and international, error free transmission, system expansion flexibility, cost containment through reduced host port connections, 24 hours 7 days-a-week service, lower communication costs, call parameter selection to suit particular applications. Datapac 3101 is a network access service which enables teletypewriter compatible devices, such as time-sharing terminals, to access the Datapac network. Low speed, asynchronous devices are supported through an Interactive Terminal Interface (ITI) in a Packet Assembler/Disassembler (PAD), which allows the devices to access the network over dial-up (DDD) or dedicated access lines. ITI, the end-to-end protocol for Datapac 3101 conforms to the CCITT recommendations X.3, X.28 and X.29 and supports access to the Datapac network for asynchronous, start-stop character mode terminals. X.3 specifies the operation of the pad. It contains the specifications for the twelve international parameters and their operation. Additional domestic parameters are also in place to meet Canadian market requirements. X.28 specifies the command language between the terminal and the PAD. It also specifies the conditions which define the command mode and the data transfer mode. X.29 specifies the procedures to be followed by an X.25 DTE to access and modify the parameters in the pad as well as the data transfer procedure. The user needs no special hardware or software to interface a terminal to the Datapac network. A knowledge of the ITI procedures is the only requirement at the terminal end. The Datapac 3101 service provides for terminal to host (user's computer) and terminal to terminal communication. The host access should conform with the X.25 protocol, using the Datapac 3000 access service, and also support the higher level protocol conventions of ITI. host access may also be provided via the Datapac 3101 service for some applications. The Datapac 3101 service also provides block mode and tape support. The Datapac 3201 Network access service which enables various terminals that are buffered, pollable and operate asynchronously to communicate with host computers through the Datapac network. The Datapac 3201 service is typically used by the general merchandise and specialty sectors of the retail industry in Canada. It provides a cost effective communication solution whenever there is a requirement for sending small amounts of information to a host computer and obtaining a short response. The primary applications are on-line compilation of sales data to help in inventory control, and on-line credit verification to detect fraudulent credit cards. Other emerging applications involve trust companies, credit unions, banks and service stations. Datapac 3201 provides support at the customers' terminal end (for example a retail store) by means of a Packet Assembler/Disassembler (PAD) which is located in a Telecom Canada member company central office. The PAD polls the various devices for information in an on-line real time environment. Devices may communicate to the pad via two options: Shared multipoint multidrop access at 1200 bps, or Dedicated access at 1200, 2400 bps. Communication between the PAD and the terminal conforms to the ANSI (American National Standards Institute) X3.28-1976 ISO (International Standards Organization) poll/select asynchronous protocol. Telecom Canada undertakes to test terminals which support this protocol, prior to connecting them to the Datapac 3201 network. Communication between the customers host computer location and the Datapac network is accomplished by the use of a X.25 (Datapac 3000) interface which supports the Datapac 3201 host to PAD "Point-Of-Sale (POS) end to end protocol" specification. - Data Collection: Average 1.7 to 2.3 seconds in the peak periods. - Inquiry-Response (Credit Check): Average 2.7 to 4.2 seconds in the peak periods. A typical retail Datapac 3201 application uses short input and output messages. (For example an average of 50 characters). One kilopacket (1,000 packets or 256,000 bytes) is equal to approximately 1,000 sales transactions or 500 credit authorizations. Average transaction volume would be less than 5000 packets per day. Other optional Datapac network features include Closed User Group (CUG): Allows devices within one group to communicate only with accredited devices of the same group, resulting in a high degree of data security. Additional options are available to limit call attempts between closed user groups or within a closed user group, reverse charge call: Allows a user to charge a call to the destination address, reverse charge call: Reverse charged calls destined to a Datapac 3201 blocking: address will be blocked by the network. Datapac 3303 (BSC) provides polled BSC communications protocol support for IBM 3270 information display systems or their emulators. Datapac 3303 (BSC) supports all the typical on-line inquiry response and data entry applications normally accessed with these 3270 terminal clusters. Datapac 3303 (BSC) is a PAD based service. The 3270 controllers connect to the network via PAD's (Packet Assemblers/Disassemblers). PAD's perform the host functions of communicating with the 3270 controllers in the binary synchronous communications polling protocol, and in doing so, eliminate cross-network polling. Datapac 3303 (BSC) connections are dedicated facilities (one per controller) at speeds of 2400, 4800, or 9600 bps. A virtual circuit is maintained for each terminal across the network and out to the host at the other end via a Datapac 3000 line. Most Datapac 3303 (BSC) connections dialogue with hosts that are running Telecom Canada's Datapac access software (DAS) in their IBM 3720, 3705, 3725 or Amdahl look-alikes front ends. DAS supports X.25 connecting. To the network via Datapac 3000. It also supports the end-to-end protocol transporting the 3270 data across the network. Aside from lower communications costs, the main reasons for using Datapac 3303 (BSC) are: Ease of network reconfiguration, and dynamic multiple terminal functionally. New on-line systems are economically feasible and equipment changes can be easily accommodated without disrupting service or affecting the network. Terminals are now much more versatile than ever before. The capability exists to dynamically access multiple hosts and/or applications from the same destination (either manually, or via a user friendly mnemonic addressing scheme). This means terminals behind the same controller can access different destinations at the same time, saving equipment and communications facilities costs. In conjunction with DAS (Datapac Access Software) in the host's front end, that 3270 terminal can also act as an ASCII asynchronous device and access such systems as Envoy/100 and iNet. In addition, each terminal now has the ability to appear as either a BSC device to a non-SNA host or an SDLC device to an SNA host in a matter of a few keystrokes. There are currently 2 services under Datapac 3303 (SDLC). They are Datapac 3303/SDLC and Datapac 3303/SDLC Plus. Both services allow IBM (and their emulators) devices to access the Datapac network for the purpose of transmitting data using the SDLC link level protocol. Some common features of the Datapac 3303 (SDLC) are terminal pad based: The service provides the X.25 framing and de-framing for SDLC data stream as well as the packetization and de-packetization, QLLC end-to-end protocol: the service conforms to IBM's QLLC specifications thus making it compatible with most host X.25 PAD software/hardware implementations, physical unit type 2 accessibility: services such as the IBM 3270, 3177, 52xx, 36xx, 37xx, 47xx, ATM's, etc. 2.4, 4.8, 9.6 kbps access speeds, Point to point and multipoint on-net and off-net access, terminal or host initiated calling, normal or priority packet size option and Closed User Group (CUG) options. Datapac 3303/SDLC offers 1 VC per PU (controller), switched and permanent virtual circuit support, and the following applications: virtual private line emulation, centralized host processing simple call set up, international (via Telenet/US) access, and token ring gateway support using the IBM 3174 Datapac 3303/SDLC Plus offers 1 VC per LU (end user terminal), local command mode allows call set up and clearing from users terminal, automatic direct call, mnemonic DMA dialing methods of call set up, switched virtual circuit support, and the following applications: disaster recovery, alternate host access using switching capability from user terminal and Datapac options (packet size, charging, CUG's) at user terminal level. Datapac 3304 offers batch terminal support. It supports RJE (or Remote Job Entry) batch work stations or communications terminals operating under binary synchronous communications (BSC) protocols. Datapac 3304 allows users operating under IBM's Multileaving Interface (MLI) protocol to access the Datapac network. It also supports compatible computers and terminals using this protocol. Datapac 3304 supports the bulk data transfer applications from these remote job entry (RJE) work stations whin as 'transparent' s'pad-to-pad operation'. Devices are connected to the Da dedicated lines aor 9600 bps. As users groimplement new technology, the termin upgraded to X.25. A typical user profile would include a host with a spooling or queueing subsystem such as HASP II, JES 2, JES 3, ASP and RSCS, batch terminals such as the IBM 3777 M2 and Data 100 and to have low to medium volumes to transmit. Datapac 3305 also supports a variety of BSC RJE batch work stations such as IBM 2770, IBM 2780, IBM 3740, IBM 3770 and IBM 3780. It provides network access support for those customers using equipment operating under IBM's point-to-point contention mode protocol and those compatible computers and terminals using the same protocol. Datapac 3305 supports the bulk data transfer (batch transmissions) applications that occur between terminals, hosts, and a variety of other devices such as communicating word processors. Datapac 3305 provides savings for those customers running low to medium volume applications. Datapac 3305 is a PAD based service. The RJE (Remote Job-Entry) work stations access the network via PAD's while the host computer may also use the Datapac 3305 PAD or connect via an X.25 link on Datapac 3000. Datapac 3305 supports three modes of access: Dedicated lines at 2400 or 4800 bps, private dial at 2400 bps and public dial at 2400 bps It should be noted that the destination must be dedicated in order to receive a call. Datapac access software (DAS) provides a Datapac (X.25) compatibility for IBM host computer environments. Datapac access software (DAS) resides in customer-provided IBM hardware; the communications controller or front end processor such as the IBM 3725 or IBM 3705, and co-exists with its compatible IBM software such as NCP (Network Control Program), EP (Emulation Program) or PEP (Partitioned Emulation Program). Datapac access software (DAS) compatibility also extends to IBM look-alike hardware manufacturers such as Amdahl. DAS-installed host computer environments have access to their Datapac-bound devices, such as those connected via Datapac 3101, Datapac 3303 (DSI/DSP), Datapac 3303 (QLLC)*, and Datapac 3305, as well as those devices which are connected via conventional communications facilities, such as private line or dial-up. DAS can also provide SNA conversion for non-SNA devices, such as conversion >from 3270 BSC-3 (Datapac 3303 DSI/DSP) to physical unit type 2 (SNA 3270 SDLC representation), and ASCII/asynchronous (Datapac 3101) to physical unit type 1 (SNA ASCII SDLC representation). These SNA conversion features allow the customer to convert his host environment to SNA without modifying or replacing his existing terminal/device population. DAS also provides an extended conversion feature for 3270 devices that modifies the incoming data (3270) to an ASCII/asynchronous datastream and re-routes the traffic into the Datapac network. Thus providing external ASCII database access to the 3270 device population. Other DAS features include multiple host support, transparent path, host to network callout, extended console routines, code conversion, etc. Datapac International provides outgoing and incoming access to 6 U.S. based Networks and to over 100 packet-switched networks around the world. To successfully complete such calls, Datapac has implemented the International CCITT X.75 procedures and X.121 International numbering plan. Thus, the Datapac user originating an international call must use the following format: (1) (DNIC) (FOREIGN ADDRESS) : : : One defines the Datapac International.: : : Prefix. : : : : Packet networks are identified by a ........: : four digit number called a DNIC : (data network identification code) : : The foreign national address is .......................: expressed as an eight to ten digit address. Calls to international networks, other than those to the U.S., must be pre- paid; that is, placed from dedicated or private dial access, m The packet size for an international call must be 128 characters. On both the Summary and Detailed Usage Statements, Service Type (ST) codes are used to identify the type of Datapac service involved with a particular address. Service Service Type Description Code 00 U.S. and overseas 01 3000 Dedicated 02 3101 De Private Dial (300-1200 bps) 04* " Pub05 06 " Out -Dial 07 3201 Shared 08 3303 BSC (DSP) 09 3304 MLI 112 " " Private12 " " P14 3101 Dedicat1 16* " Public Dial (2.4Kbps) 18 3000 Public Dial 19 3303 SDLC (Terminal) 20 3201 Dedicated 21 3303 SDLC (Multihost) 25 3303 SNA/SDLC - Private and Dedicated 26 3001 Enhanced Datapac 3000 Dial trial for off-net in-dial 27 3002 Enhanced Datapac 3000 Dial trial for off-net out-dial On the Detailed Usage Statement, a code is used to indicate the class of the call set-up associated with the associated accounting record of a call. The following codes are used; C Regular call set-up - A call set-up charge applies; CP Priority Call set-up - A call set-up charge applies; N No call set-up - A call set-up charge DOES NOT apply and NP Priority no call set-up - A call set-up charge DOES NOT apply. On the Detailed Usage Statement, a code is used to describe the reason a particular call cleared. At the present time a 3 number code is being used. This will be replaced by a 2 character alpha-numeric code in mid-1991. A call set-up charge applies to those clear codes denoted by an * Clear Code Description 000 00 Trunk network congested 001 01 DSR is invalid 002 02 DSR cannot be reached 003 03 TM not responding 004 04 Address not in tree 005 05 Service down 006 06 Address served not in tree 007 07 Addressed service not ready 010 0A CPM busy 013 0D CPM busy 015 0F Out of norm state - reset 160 A0 Trunk network congested 161 A1 DSR invalid 162 A2 DSR unreachable 163 A3 Time out 164 A4 Address not in tree 165 A5 Service down 166 A6 Network address not found 167 * A7 Addressed service not ready 173 AD CPM busy 174 AE Reset address error 175 AF Reset state error 176 * B0 Local user clear (see note) 177 * B1 Remote user clear 178 B2 Close request from above 179 * B3 Local procedure error 180 * B4 Remote procedure error 181 B5 Message not wanted 182 B6 Packet not wanted 183 B7 CPM shot 184 B8 Call collision 185 B9 Network congestion 186 BA Common block fail 187 BB Local block fail 189 BD Invalid call 190 BE Incoming call prohibited 193 * C1 Local clear before remote accepted 194 C2 X.75 call to clear 195 C3 X.75 reset to clear 196 C4 NUI barred 198 C6 RPOA required 199 C7 RPOA invalid 208 D0 Packet network address error 209 D1 Service not up 210 D2 Service to go down 212 D3 No links up 212 D4 Links restarting 213 * D5 Link out of service 214 D6 No more calls 215 D7 Invalid logical channel number 216 * D8 No free logical channels at called address 217 D9 Nonexistent CUP 218 DA Failure to set up CUP 219 DB Application processor busy 220 DC No application processor 221 DD Maximum number of facilities exceeded 222 * DE Collect call refused 223 DF CUG violation 224 E0 Illegal facility 225 E1 LRC fail 226 E2 Service coming up 227 E3 Service not up Clear code 176 (B0) can also indicate a record was generated by the network for accounting purposes. This is most often associated with PVCs or long calls with a greater than 12 hour duration. The class for this type of record would be N or NP. In addition to the fixed monthly rates for Datapac access lines and options, the following charges apply: Internetwork Usage Rates and Holding Time Charges $/HOUR FOR $/HOUR FOR $/KS $/KS US ORIGINATED CDN. ORIGINATED NETWORK DNIC DP3000 DP3101 CALLS CALLS ACCUNET 3134 $ 2.65 $ 3.90 $ 2.00 DED. = $2.00 PUB. DIAL = $3.80 AUTONET 3126 $ 3.75 $ 5.10 $ 5.10 DED. = $0.60 PUB. DIAL = $2.40 BT TYMNET 3106 $ 2.75 $ 5.00 $ 5.60 DED. = $0.60 PUB. DIAL = $2.40 FEDEX 3138 $ 2.75 $ 5.10 $ 6.30 DED. = $0.60 3150 PUB. DIAL = $2.40 NET EXPRESS 3139 $ 2.50 N/A $ 0.60 DED. = $0.60 WESTERN 3101 $ 2.50 $ 5.00 $ 1.85 DED. = $0.60 UNION 3124 PUB.DIAL = $2.40 SPRINTNET 3120 $ 2.75 $ 5.10 $ 6.30 DED. = $0.60 PUB. DIAL = $2.40 (NOTE: DATAPAC 3303 (SDLC) IS ALSO SUPPORTED THROUGH SPRINTNET DP 3303 $/KS = $5.90 $/HR = NIL ) Notes: (1) Packet Assembler/Disassembler (PAD) charges are included each band. (2) Each individual call is rounded up to the next higher minute (3) Usage charges are calculated on a per Kilo-segment basis. A KS is 1000 segments; each segment is up to 128 characters. In addition to the fixed monthly rates for U.S. access lines, the following charges apply: Internetwork Usage Rates and Holding Time Charges NETWORK DNIC $/KS $/KS $/HOUR FOR $/HOUR FOR DP3000 DP3101 US ORIGINATED CDN. ORIGINATED CALLS CALLS ACCUNET 3134 $ 2.25 $ 3.25 $ 1.80 DED. $1.80 PUB. DIAL = $3.25 AUTONET 3126 $ 0.12 $ 0.15 $ 4.50 DED. = $0.60 (kchar) (kchar) PUB. DIAL = $2.40 BT TYMNET 3106 $ 0.07 $ 0.12 $ 4.98 DED. = $0.48 (kchar) (kchar) PUB. DIAL = $1.92 FEDEX 3138 $ 1.50 ( 0-1000 ks) $ 6.00 Not applicable $ 1.40 (1001-2999 ks) $ 1.30 (3000- + ks) NET EXPRESS 3139 $2.00 N/A $ 0.30 DED. = $0.48 WESTERN UNION 3101 (Not available...) SPRINTNET 3120 $ 2.35 $ 5.10 DED. = $0.60 DED. = $0.60 DIAL = $5.10 PUB. DIAL = $2.40 (NOTE: SDLC SERVICE IS ALSO SUPPORTED THROUGH SPRINTNET) DP 3303 $/KS = $4.80 $/HR = NIL) Notes: All above rates are in U.S. Currency (1) These charges represent both Datapac and selected U.S. Network holding time charges. (2) BT Tymnet cannot currently make sent-paid calls, but will be able to do so shortly. The Datapac outdial service is available in eighteen major centers (DPSA's) are being served by outdial. They are: Vancouver, Calgary, Edmonton, Regina, Saskatoon, Winnipeg, Toronto, Clarkson, London, Windsor, Kitchener, Hamilton, Ottawa, Montreal, Quebec, Halifax, Saint John (NB) and St John's (Nfld) and is only available at 300 and 1200 BPS. The outdial port uses profile 6, except that the user of the is allowed to escape to command mode by using outdial port "Control P". The destination terminal must be set at even parity in order to receive the outdial call. Once connected, Datapac 3000 users can set and read the remote ITI parameters by sending level 1 packets (X.29). Establish a call to Datapac via a dedicated or dial-in access. Note: If using a dial-in access, a network user identifier (NUI) must be activated before establishing the call. Enter the address of the outdial port. Datapac will respond with the following: DATAPAC: call connected ENTER DESTINATION TELEPHONE NUMBER/ENTRER LE NUMERO DE TELEPHONE DU DESTINAIRE Enter the 7-digit telephone number (Local) of the destination terminal. Datapac will respond with the following: DIALING/COMPOSITION DU NUMERO (XXX-XXXX) Printing the destination telephone number as it is dialed. Datapac will then indicate: RINGING/SONNERIE as the modem detects ringback tone. When the destination modem answers the call, Datapac will send the following message to the originating end: CALL CONNECTED/COMMUNICATION ETABLIE then proceed with your call. To clear a call upon completion, enter the clear command: (Control P) Clear Datapac will respond with the following: DATAPAC: call cleared - remote Note: If you have used a NUI to place the ca the network with the command: NUI Off Datapac will respond with the following: DATAPAC: network user identifier not active Well I have talked about Datapac outdials know I will include a list of outdial ports for the 18 cities that I mentioned above. Well here's the list. Calgary (ALTA) 300 63300900 1200 63300901 Clarkson (ONT) 300 91900900 1200 91900901 Edmonton (ALTA) 300 58700900 1200 58700901 Halifax (NS) 300 76101900 1200 76101901 Hamilton (ONT) 300 38500900 1200 38500901 Kitchener (ONT) 300 33400900 1200 33400901 London (ONT) 300 35600900 1200 35600901 Montreal (QUE) 300 82700902 1200 82700903 Ottawa (ONT) 300 85700901 1200 85700902 Quebec City (QUE) 300 48400900 1200 48400901 Regina (SASK) 300 72100900 1200 72100901 St-John's (NB) 300 74600900 1200 74600901 Saskatoon (SASK) 300 71200900 1200 71200901 St. John (NFLD) 300 78100900 1200 78100901 Toronto (ONT) 300 91600901 1200 91600902 Vancouver (BC) 300 67100900 1200 67100901 Windsor (ONT) 300 29500900 1200 29500901 Winnipeg (MAN) 300 69200902 1200 69200901 You want to hack a system on Datapac. So you decided to call and it connects onto the NUA you want, but you find you are having troubles getting the system to recognize your input. So here are some answers to some common problems people find when connecting to systems. The screen remains blank A physical link has failed - check the cables between computer, modem and phone line. The remote modem needs waking up - send a or failing that, a ENQ E, character The remote modem is operating at a different speed. Some modems can be brought up to speed by hitting successive 's; they usually begin at 120 Bps and then go to 300, and so on up the ladder. The remote is not working at V21 standards, either because it is different CCITT standard. Since different standards tend to have different wake-up tones which are easily recognized with practice, you may be able to spot what is happening. If you are calling a North American service you should assume Bell tones. Both your modem and that of the remote service are in answer or in originate and so cannot speak to each other. Always assume you are in the originate mode. The screen fills with random characters. Data format different from your defaults - check 7 or 8 bit characters, even/odd parity, stop and start bits. Mismatch of characters owing to misdefined protocol - check start/stop, try alternatively EOB/ACK and XON/XOFF. Remote computer operating at a different speed from you - try in order, 120, 300, 600, 1200, 2400, 4800, 9600, 14400, 19200, 38400. Poor physical connection - if using an acoustic coupler check location of handset, if not, listen on line to see if it is noisy or crossed. The remote service is not using ASCII/International Alphabet No 5. Every character appears twice. You are actually in half-duplex mode and the remote computer as well as your own are both sending characters to your screen - switch to full-duplex/echo o All information appears on only one li has the facility, enable it to induce carriage returns when each display line is filled. many online services and public dial-up ports let you configure the remote port to send carriage returns and vary line length. Your software may have a facility to show control characters, in which case you will see -K is the remote service is sending carriage returns. Most of the display makes sense, but every so often it becomes garbled. You have intermittent line noise - check if you can command line the remote computer to send the same stream again and see if you get the garbling. The remote service is sending graphics instructions which your computer and software can't resolve. The display contains recognized characters in definite groupings, but otherwise makes no sense. The data is intended for an intelligent terminal which will combine the transmitted data with a local program so that it makes sense. The data is intended for batch processing. The data is encrypted. Data seems to come from the remote computer in jerky bursts rather than as a smooth stream. If you are using PSS or a similar packet-switched service and it is near peak business hours either in your time zone or in that of the host you are accessing, the effect is due to heavy packet traffic. There is nothing you can do - do not send extra commands to speed up twill arrive at the host ev Most of the time everything works smoothly, but I can't get past certain prompts. The remote servr computenormally generate - check your terminal softw sending them. The following is a list of acronyms and terms which are often referred to in this document and others dealing with this subject. ACP - Adapter/Concentrator of Packets. ASCII - American Standard Code for Information Interchange alternate name for International Telegraph Alphabet No 5 - 7 bit code to symbolize common characters and comms instructions, usually transmitted as 8 bit code to include a parity bit. Asynchronous - Description of communications which rely on start and stop bits synchronize originator and receiver of data = hence asynchronous protocols, channels, modems, terminals, etc. Call Accept - In packet switching, the packet that confirms the party is willing to proceed with the call. Call Redirection - In packet switching, allows call to automatically redirected from original address to another, nominated address. Call Request - In packet switching, packet sent to initiate a datacall. Closed User Group - A type of high security NUI in use on several PSNs throughout the world. CUG users can access optional parameters and NUAs blocked out by security. CUG - Closed User Group. Data Circuit Terminating Equipment - Officalese for modems. Data Country Code - The first three digits in the four digits of any given DNIC. Data Network Identifier Code - The four digits which come before the area code/address/port address of any given NUA. The DNIC shows which PSN any given host is based upon. The DNIC can also be broken down into two parts, the DCC and the NC. For more information, see part VIII. Data Terminal Equipment - Officalese for computers. DCC - Data Country Code. DCE - Data circuit terminating equipment. Destination Paid Call - A collect call to a NUA which accepts collect charges. DNIC - Data Network Identifier Code. DTE - Data Terminal Equipment. DTE Address - The five digits following the area code of the host on any given NUA. For example, the NUA 234122345678 has a DTE address of 45678. Gateway - A host on a given PSN which is connected both the the originating PSN and one or more different or same PSN's. Gateways also allow one user on one PSN the ability to move to another PSN and operate on the second as if the first was not interfering. Host - Any system accessible by NUA on the PSN. Hunt/Confirm Sequence - String of characters sent to the SprintNet POTS dialin/port which allows SprintNet to determine the speed and data type to translate to on its PAD. ITI Parameters - Online PAD parameters (X.3 or ITI) which allow the user to modify existing physical measurements of packet length and otherwise. LAN - Local Area Network. Local Area Network - A data network which operates within the confines of an office building or other physical structure where several computers are linked together into a network in order to share data, hardware, resources, etc. These may or may not own a host address on any data network, and if so, may be accessed via NUA; otherwise direct dialin is the only alternative. NC - Network Code. NCP - Nodes of Communication of Packets. Network Code - The fourth digit of any given PSN's DNIC. Network Protocol - The hardware protocol which allows the host systems to communicate efficiently with the PSN it is connected to. Generally, synchronous protocols (X.??) are used within the network and asynchronous protocols (V.??) are used to access the network, but asynchronous protocols within the network and/or synchronous dialin points are not unheard of. The standard protocol for packet transfer today is the X.25 synchronous data protocol. For detailed information, please see part V and Appendix F. Network User Address - The address of any given host system on any PSN. This address is thought of as a "phone number" which is dialed to access the desired host. Network User Identifier - The ID and password which allow the user which has logged onto the PSN's PAD to originate calls to host systems which do not accept collect calls. it is often thought of as a "k0de" or a calling card which will be billed for at the end of every month. NUA - Network User Address. NUI - Network User Identifier. Outdial - Any system which allows local, national, or international dialing from the host system. PC-Pursuit can be defined as a local outdial system. Most outdials operate using the Hayes AT command set and others may be menu oriented. Packet Assembler/Disassembler - The device/host which translates the actual input/output between the host and the user. The PAD often translates between baud rates, parities, data bits, stop bits, hardware protocols, and other hardware dependant data which reduces the hassle of continual modification of terminal and hardware parameters local to the originating terminal. Packet Switched Exchange - Enables packet switching in a network. Packet Switched Network - A network based upon the principle of packet switching, which is the input/output of packets to and from the PAD which translates input and output between the user and the host. For detailed information, please see part IV. Packet Switched System - Another name for the PSN. Packet Switch Stream - The PSN used by British Telecom. PAD Delay - The extra time that is used to translate incoming and outgoing packets of data which is composed of a continuous stream of clear-to-send and ready-to-send signals. PAD delay can vary depending on the type of network protocol and network/port speed is being used. PAD - Packet Assembler/Disassembler (technical), Public Access Device (customer service description). PDN - Public Data Network or Private Data Network. Port Address - The two optional digits at the end of any given NUA which allow the PAD/PSN to access a given port. For example, 131202129922255 would reach the NUA 31202129922255, 55 being the port address. Private Data Network - Any network (LAN/WAN/PSN) which is owned and operated by a private company. Private networks are usually smaller than public networks and may host a myriad of features such as gateways to other public/private networks, servers, or outdials. PSE - Packet Switch Exchange. PSN - Packet Switched Network. PSS - Packet Switch Stream or Packet Switched System. PTSN - Public Switched Telephone Network. Public Data Network - Another name for the PSN. Public Switched Telephone Network - The voice grade telephone network dialed from a phone. Contrast with leased lines, digital networks, conditioned lines. Server - A type of network which is connected to a host system which can be reached either via NUA or direct dial which provides the "brain" for a LAN or WAN. V.?? - Asynchronous network protocol. V1 - Power levels for data transmission over telephone lines. V3 - International Alphabet No 5 (ASCII). V4 - General structure of signals of IA5 code for data transmission over public telephone network. V5 - Standardization of modulation rates and data signalling rates for synchronous transmission in general switched network. V6 - Standardization of modulation rates and data signalling rates for synchronous transmission on leased circuits. V13 - Answerback simulator. V15 - Use of acoustic coupling for data transmission. V19 - Modems for parallel data transmission using telephone signalling frequencies. V20 - Parallel data transmission modems standardized for universal use in the general switched telephone network. V21 - 300 bps modem standarized. V22 - 1200 bps full duplex 2-wire modem for PTSN. V22 bis - 2400 bps full duplex 2-wire modem for PTSN. V23 - 600/1200 bps modem for PTSN. V24 - List of definitions for interchange circuits between data terminal equipment and data circuit terminating equipment. V25 - Automatic calling and/or answering equipment on PTSN. V26 - 2400 bps mode on 4-wire circuit. V26 bis - 2400/1200 bps modem for PTSN. V27 - 4800 bps modem for leased circuits. V27 bis - 4800 bps modem (equalized) for leased circuits. V27 ter - 4800 bps modem for PTSN. V29 - 9600 bps modem for leased circuits. V35 - Data transmission at 48 kbps using 60-108 kHz band circuits. V42 - Combined error correction and data compression standard to give 9600 bps on dial-up lines. WAN - Wide Area Network. Wide Area Network - A data network which operates on a continuous link basis as opposed to the packet switched basis. These do not operate on the X.25 protocol and may only be accessed via direct-dial or a host on a PSN which is linked with the WAN. X.?? - Generally symbolizes some type of synchronous network protocol. X1 - International user classes of services in public data networks. X2 - International user facilities in public data networks. X3 - Packet assembly/disassembly facility (PAD). X4 - General structure of signals of IA5 code for transmission over public data networks. X20 - Interface between data terminal equipment and a data circuit terminating equipment for start stop transmission services on public data networks. X20 bis - V21 compatible interface. X21 - Interface for synchronous operation. X25 - Interface between data terminal equipment and data circuit terminating equipment for terminals operating in the packet switch mode on public data networks. X28 - DTE/DCE interface for start/stop mode terminal equipment accessing a PAD on a public data network. X29 - Procedures for exchange of control information and user data between a packet modem DTE and a PAD X95 - Network parameters in public data networks. X96 - Call process signals in public data networks X121 - International addressing scheme for PDN's. X400 - Standards for electronic mail, covering addressing and presentation. Some interesting books I think you should read that are related to Phreaking & Hacking: Cyberpunk - Outlaws And Hackers On The Computer Frontier, By Katie Hafner And John Markoff, Simon And Schuster Incorporated, Simon And Schuster Building, Rockefeller Center, 1230 Avenue Of The Americas, New York City, NY 10020, 1991, 368 Pages Data Theft, By Hugo Cornwall, Mandarin Paperbacks, Michelin House, 81 Fulham Road, London, England SW3 6RB, 1989, 402 pages Hacker's - Heros Of The Computer Revolution, By Steven Levy, Bantam Doubleday Dell Publishing Group Incorporated, 666 Fifth Avenue, New York City, New York 10103, 1985, 448 Pages New Hacker's Handbook, By Hugo Cornwall, Century Hutchinson Limited, Brookmount House, 62-65 Chandos Place, Covent Garden, London, England WC2N 4NW, 1989, 194 pages The Cuckoo's Egg, By Cliff Stoll, Pocket Books A Division Of Simon And Schuster Incorporated, Simon And Schuster Building, Rockefeller Center, 1230 Avenue Of The Americas, New York City, NY 10020, 1990, 356 Pages The Hacker's Handbook, By Hugo Cornwall, E Author Brown Company, 3404 Pawnee Drive, Alexandia, MN 56308, 1986, 186 Pages ------------------------------------------------------------------------------ -=- United Phreaker's Incorporated Magazine -=- Volume Two, Issue Six, File 8 of 11 The Lost Avenger/Wiz Kid Bust By Black Manta & The Lost Avenger As some of you may know Wiz Kid and I got busted in Jan of 1991 for Theft of Telecommunications times three and Illegal Use Of A Computer. The theft of telecommunications was for a couple conference calls that they did. One of the conference calls was on the Saturday, which went through without any problems, and the other two were on Sunday. The first one on Sunday was screwed up totally since we couldn't make any overseas calls. We should of know something funny was going on and should of left but instead we set up another one from the same location and in turn got busted. Oh well that's li a half inch diskette on me with a bunch of o related stuff. Oh well enough of this bullshit here's the complete story as told as it happened by Black Manta, The Lost Avenger and Wiz Kid. On Sunday January 27th 1991 at approximately 12pm, The Lost Avenger and John Medica aka: Crackerjack, Wrath Child, Byte Bandit, Wiz Kid & Heavy Dee were caught for Theft Of Telecommunications (Conference call with a Bell calling card). The call consisted of: LD calls made to Australia, U.S., France, Denmark etc.. 2 Bomb threats were made to the White House in Washington D.C., and in Australia crank calls were made to a Drug information center + Pizza Hut (Pathetic!). The whole of the calls, were recorded on tape. "Anybody on the line that said anything about P\H\C or pirating, might be in danger." -- TLA Also when caught, TLA had a 'Black Book', which consisted of Pirate BBS numbers, and home phone numbers & names of at least 150 pirates (You might well be on it!). So be very careful about what your hard drive consists of.. Since a statement was made, that all the people on the list would be visited and checked. (Somehow I think this is bullshit!) But regarding of the seriousness of the incident, I would be careful from now on. On the 28th TLA, and JM where sent to court at old city hall in Toronto, Ontario. They got set for another court date, which took place shortly after the fist, on the 30th of January. Now I write this file right after arriving from court with TLA. Also Morkoth, and an other unnamed person were attending the session. Nothing much was happening there, except for a quick overview of the situation. Then yet another court date was set for March 4th, 1991. At College Park At College and Yonge, at 10am in Room 503. Pirates are not advised to attend it because of previous experiences. One of the Cops who arrested TLA started questioning me and the others, and said "So you must be hackers too, you will be found out about on the list (of numbers)". Here is an exclusive intervi BM: So what happened, from your p TLA: We were sitting there, talking on the phone. We were faced towards the alcove at Royal York Hotel. And then two uniform & and two detectives appeared from no where and arrested us. They took the phones out of our hands, and and put handcuffs on me and JM. They then look through the notes I had on me and gave me my rights. They then shoved us into a Cop car outside the hotel (Boy was it every cramped in the back. My fucking knees where up near the top of the cage). If you don't know what a police car inside is like here's a short description. It's a normal car, but back behind the two front seats is a cage so you can't hit or do anything to the cops in front. But with handcuffs on its even worse. Oh well. Anyways back to the story. They took us down to 52 Division and we each sat around in little room (one room for each of us). They came in did a strip search on me. They left the room and for the next couple of hours they came in and out asking me questions and shit, this lasted to approximately 2:30am Sunday morning. They then brought me downstairs and finger printed me and took a picture of me and Released on a Form 10 (A Promise To Appear Form). I was released at approximately 3:15am and to court the next day also for 1 station most likely all that night as he had other charges against him. I was sure happy to get home. I went to court the next day (At Old City Hall) a another court date up On Wednesday Janua time). Then on Wednesday I went to court again (At Old City Hall Again) and again it was to set up another court date appearance for today (Thursday Febru991). Today I went to court (At College Park) and again another fucking court date was set up. This time for March 4 at College Park (again) at 10am, Room 503. What a pile of shit three times and it was for diddly twat (what a major waste of time). If you want to come to the next trial please feel free to come to it but just be warned to watch out and becareful. Anyways that's what happen up to today. I thank TLA for that interview. (He wrote it himself). So here you see, You are never too good to get caught, TLA was considered an expert at what he was doing, and still the long hand of law caught him. So be warned in the future.. -- Black Manta, Feb 7th 1991. Yesterday, March the 4th. Was TLA's, and Whiz Kid's fourth time at court. This time they actually got on trail! Here's a quick overview of what happened in the courtroom: TLA and WK were called up to the stand.. The accusation loud, and i by request) and John Medica we're caught at Royal York hotel for misusing Bell Canada wire's with a unauthorized calling card number. The cost of the calls made summed up to no less than a thousand dollars." The lady who was reading it out, repeated it about 3-4 times. I have no clue as to why, but, all I can say is that it got hard to hold your laugh. Sounded like the record player kept on repeating the same track.. After she had taken her time, and finally realized that she had already read it numerous times, she then asked the two guys, who were shitting bricks buy now.. "What do you plead?", TLA replied "Hmm, Guilty I guess", Medica blurted out loudly and proudly "GUILTY" like he was the jury or something... After this the judge issued the date of sentence, and told TLA and JM to visit the probation officer. This didn't come too easy though.. Me, my friend, TLA, and JM found ourselves sitting in the front hallway of the courthouse, waiting, waiting, and waiting, that the stupid idiot in the this little office would get the papers done (I don't understand what these papers were, but the probation officer wanted them before he'd talk to the two guys). yet another hour passed by, but no papers were done. kind person in the office to hurry it up.. And then we were all hit by shock, when he said that they never even started to make them. Because the the lawyer had already cleared it up, all of 3 hours ago. We then found out that it had all been John's fault, he was told what to do by the lawyer before he left, but must have been picking his ear at the time or something.. So, we gave Mcfly a big lecture, and then kicked his ass into the probation office. Everything then got cleared up. TLA that night called his lawyer, and was told that the sentence would not be very rough at all.. Nothing like going to jail, or paying a huge fine.. Just community work, or something. John in the other hand is probably heading to the slammer, because of his previous offenses. But, to see exactly what happens to TLA, PLEASE! Attend the final court date on April 17th - 1991. (What happened to those people that were supposed to be there yesterday!!). College Park provincial court (Get off at College if using the subway) Room 503, at 10 o'clock am. -- Black Manta -- -=March 5th - 1991=- TLA here... Ok it is now one year later, today's date is March 25, 1992. We never did write a final edition to this so I will report on what happened that final court date, and all the events that happened there after Wiz Kid and I went to court on the 17th of April, 1991. It was the day that we were going to find out what was going to happen to us. What happened in court is our lawyer talked to the judge in the court jargon (didn't know what they where talking about), and then the judge called JM (he stood up). The judge read him his sentence. What we got was a suspended sentence in that we have to do 100 hours community service (10 hours per month) and 2 years probation, and if we didn't do this we could wind up in court again on the same charges (that's all I wanted...to waste more of my time in court). After the judge ready JM his sentence the judge then proceeded to called me (I had to stand up...whoopie), and read the same sentence to me. Well to make a long story into a short one, (I don't really want to write about everything that happened in court that day as it world take forever to write and I don't really remember exactly what happened and don't really care to either). We have both finished our community service within the designated time period specified by the judge. But we still have just under 1 year of probation left to do (which is a major waste of my valuable time in which I could be hacking). At least we got off basically and won't have a criminal record. Another thing I have found is my probation officer is cool compared to the one JM has. There was also one more subclause on our sentence which was there is no making of Long Distance calls (argh..). Well JM's probation officer makes him brings his telephone bill in every time he sees her which once every month, while I don't have to (she doesn't even ask me if I make any LD calls and if she does I say no even though I did make a couple. (I do pay for LD calls every once in a while when I have nothing else to phreak with). Another thing I have found is that for a couple of months I didn't bother doing my community service. While I could of been charged but neither my community service officer nor my probation officer bothered doing anything. All they did was sit on there ass and just told me to start doing some or else they would charge with Breech Of Probation.. (whoppie). But I have met other people who didn't do community service for a while and got charged (they got even more community service..). One last thing I found interesting about my probation officer is that sometimes I would forget to go to a probation checkup (which I have to go an see her every month) or even sometimes I would go on the wrong day and the bitch wouldn't even give a flying fuck. This give you an idea how screwed up and laided back the Corrections system here in Canada, also it tells you that my probation officer is really lazy and doesn't give a shit what clients do and she's getting paid for doing it too. Ah well I will be glad when this is all over. If you ever do get busted just pray to god that you are as lucky as we were. Well that's it for now, I want to go and do some hacking on Datapac (hahaha). Talk to you all later. The Lost Avenger/UPi - March 25, 1992 - This will give you some idea of what happened before the conference bust. It was cold winters day, I was leaning back on my chair upstairs in my room sitting around my three computers. One of them hacking CallNet (a local PBX company) and second system hacking a 1-800 PBX system, letting my computer hack day & night, I finally figured out a couple of days later, I wasn't really getting anywhere. Shortly later that week on Tuesday evening around 8pm I was walking downstairs heading towards the kitchen, when I looked through the window and saw three men walking towards house. I opened the door and there stood three plain clothes cops. The search warrant was issued and showed to me. One of the plain clothes cops was standing beside me while I was standing with my feet to the wall, drinking a two liter bottle of coke and wondering fuck going on. Well shortly after one of the cops got chance to talk to my parents about what was going on. My dad kept screaming "Lock him up!". Sergeant Gord Rothledge then came up to me and said lets go upstairs John. We then walked upstairs entering my room, he then proceeded to ask me not to touch anything. Snap shots of my computer systems, my room and my notes were taken. Phreaking & hacking related papers, some other computer related books, and 3 computers were removed from my desk and packed away in cardboard boxes. These cops made my room into a war zone, by dumping everything not bolted down into the center of the room. They then proceeded downstairs. Two of the men where from the Metro Police Criminal Investigations (Fraud Squad) and the other was a Manager of Bell Securities, Walter Heapy. They was a couple of laughs here and there about how I hard-wired the phone line so I had a phone extension in my room. Shortly after I was dragged into private room, in which I picked my parents room. We then sat down and they explained what was going down and told me the method they used to drag me down. To catch me it took one year of investigation and 24 hour surveillance by Bell Canada and Metro Police. They recorded all numbers that were in-coming and out-going and all illegal activities I was doing. The interview was recorded and fortunately couldn't be used in court, so I didn't have to worry about what I said. Questions were asked such as how I got started, and certain numbers like CallNet, Video One, Bell Cellular, Cantel Cellular and other numbers which I said I didn't remember every using them. If you know what I had, this guy had twice as much. All numbers were reordered (in-coming and out-going), the time and date of the calls and even the duration of the call. You name it the assholes had me nailed to the wall. About an hour later after the interview we returned back to my room and there was some talk between my parents and the cops. After that they took all the stuff they packed away and left my house. A few days later during the morning, I got a call, asking if I could come down to the Metro Police Headquarters. I went down to there and sat down on a bench waiting to be called. A little while later I was then called and dragged up a flight of stairs, and thrown into a chair. Well so far, so good, one of the other officers I saw a few days earlier popped in and said 'Hello'. He seemed to be an ok guy. Shortly after that two men entered the room and closed the door and started asking questions. I played stupid to the questions. The sergeant left the room and the other officers kept asking me questions. This went on, and on, and on (it seemed like forever). They kept giving bullshit as I didn't know anything. The sergeant came back in the room with a cardboard box with cables, notes and books packed to the rim. I went through the cardboard box to see if I could recognized anything. They read me my rights and took me downstairs. Before leaving the headquarters they asked me if I had any sharp articles on me in which I replied "No". They stuck in the back of a police car and drove me to the Old City Hall Jail. Once we arrived at the Old City Hall Jail they strip searched me and then put in a jail cell. After waiting five hours in a dingy jail cell they called my name. A cop opened the cell door and escorted me down a small through the side cell into a doorway which led to a small box looking towards the side of the cell. They called up the case and discussed it for a couple minutes. After that I was escorted to a different jail cell and shoved back into it. While waiting in the jail cell the cops were working on my paper work. After waiting for another hour and a half they released me on my own free will. During the hours of 8pm on January 26 we headed down to the Royal York Hotel. TLA kept bugging me about making a phone call, well, ok fine, so we headed towards a payphone in the hotel up in the upstairs lobby. He made the call and after he hung up we decided that we would fuck around for a sometime more. After fucking around for an hour or so. We decided we would head back to the lobby of the Royal York Hotel. Shortly after returning to the Royal York Hotel, we were looking around the main upstairs lobby and noticed and the end of one side of the lobby just outside the short hallway was a restaurant. Outside the restaurant was a bellboy standing around looking bored as hell. So we decided to talk him and give him something interesting to do. Wiz Kid> Hey guy, how's it going. BellBoy> Ok. Wiz Kid> Hmm ok. TLA > (doesn't know to say.) Wiz Kid> Food good. Bellboy> Yes. Wiz Kid> Comment->TLA must be mid 30's. Wiz Kid> Expensive? (Guy must think some tourist from another country.) BellBoy> Well,.. Not really. TLA > What kind food you guy's have? What kind food you serve? (Can't remember exactly what was said.) Wiz KID> Huh! Ok. Hmm, ya ok. TLA > (Laughs) Wiz Kid> (Smiles) We then returned back to the short lobby and TLA then made a call to Australia. He talked to a friend of his for about an hour and then hung up since his friend had to go out. We left the short hallway and returned to main lobby of hotel. We then were trying to decide what to do next. TLA had idea, he wanted to go up to the 21th floor and take a look around. Heck, why not browse around what harm can that do? Anyways during the way up 21th floor the elevator stopped at 15th floor and a couple joined us in the ride up. Talk about feeling like right at home 'Shezz' their where in bath robs. TLA and I just laughed and we wondered about each other thoughts. Well seems they were just going for dip! Well they seemed to be a nice couple. We got chance to talk each other on the way up asked them where their from and shit like that. Anyways TLA then changed his mind, and decided to go to the 23th floor. Well, nothing really to see, but just then we got stopped by security guard, asking us if we guests or looking for someone. Well, TLA replied we were guests. The security guard said can I see your pass. My reply to the security guard we looking for some one who staying here. The security guard asked what room are they in. My reply was that we weren't to not sure. Security Guard then replied "Leave this floor or you will be charged with trespassing." Our reply to that was "Yah right, fuck you buddy". We then headed back to the 20th floor. We called downstairs from an in-house phone just for the fuck of it and tried to get an outside line. We got the hotel operator and asked here if she can dial number for us. Her reply was you're calling from in-house phone you have to call from your room. Well, we then headed down the hall and up a flight of stairs. Hmm people must be having a party up here. Well nothing really interesting to see. We walked down another hall and to another staircase leading to the pool. We checked out the pool for a while and decided to go back down the elevator an back to the main lobby. From the main lobby we walked down another flight stairs to lower floor of the hotel. We came across another batch of in-house phone's and TLA started fucking around with those for a bit. We then started walking back upstairs and proceeded to walk back to little hallway. We stayed in the little hallway for a while talking to each other about various things and screwing around with the phones (both the in-house and payphones). Ten minutes later a tourist bitch entered the hall from the outside main lobby, and started to use the phone next booth over from us. Well, knowing me I looked over her shoulder and low and behold their was a calling card facing towards the other side of the phone booth. After jumping up and down and yelling grabbing a pen and piece of paper from TLA. I looked through a crack trying to find out the numbers on the calling card. I started writing the numbers of the calling card down but about one minute later while still trying to get the full number written down the bitch started moving around which made it harder to the complete number. TLA then took a crack at getting the calling card number. Well a minute went by and all you could here was 'Click, Click'. Which was TLA hitting the pen on his teeth while leaning back making it look like he was using the phone. Well it's hard to remember everything did happened but that's most of it. We did finally get the calling card to work after a couple of tries. Shortly after 10pm we headed towards to Union Station which is almost right beside the Royal York Hotel. For those who don't know what Union Station is, it's basically nothing but seats where you sit around doing nothing except for waiting for either a Via Rail Train, Go Train or TTC Subway. But knowing Toronto it's a bum hang out for quick a buck. Walking through the doors of Union Station's Go-Train waiting platform from the Royal York Hotel we came upon a set of payphones. Anyways now it came the time to decide who was going to start the conference. Well it turned out to be me. The conference that night wasn't too bad. There was couple of overseas people as well a some US and even some local people on the conference. Over two hours worth of conference calls with TLA having the control what can go wrong. At approximately 12:30am a security guard from the CN Police came to us and and asked us to finish our calls since they wanted to close the station down. Well TLA kept on talking and talking and not bothering to listen to what the CN security guard had to say. It seemed like there was never going to be a end to TLA's talking. Well the CN security guard came back to us after five minutes and started yelling at TLA, asking to finish his call. Finally, TLA wasn't really to happy having to hang up on the conference, but he did. After hanging up he started yelling and screaming at the CN security guard. Yelling and screaming at the CN security guard didn't seem to get us anywhere so we decided to pack it in for the night and head for home. Most of what was said earlier by TLA in his story is basically the same. However, once we arrived at 52 division just after getting busted there were some differences between what happened to me and what happened to him. Here's the story of what happened Sunday night when we got busted. We where sitting down at the payphone faced back to front. We where on the lower floor of the Royal York Hotel, sitting in a little alcove next to a flight of stairs leading up to the main lobby. We decided to get something to eat. Walking down the hall we came to the small restaurant. I grabbed a Coke, and sandwich and TLA got a Coke and piece of Black Forest Cake. Well we walked back towards the payphones as sounds of music and voices was heard in the background coming from a small local bar just outside the alcove. Walking back to the alcove, we decided who would start the conference and as it turned out I would start the conference (again). Operator> "Operator" in a hi pitch voice. Wiz Kid > "Yes, can I have the conference operator." Operator> The operators reply "Yes, one moment please". Operator> Operators reply, "Yes, party calling from a local coin box number XXX-XXXX, go ahead sir". Operator> Conference operators reply "Yes sir, can I help you" Wiz Kid > My reply was "Yes". I proceed to tell her I wanted to set up a conference call. She proceeded to ask me for my billing information, in which I gave it to her. About five minutes later a guest came up the payphone asking if he could use phone. My reply was sorry I am waiting for a call. He questioned us what we where up to. TLA and I reply was just screwing around. Nothing was really said however we did talk him about five minutes. Shortly after the bitch finally called back with a local phone number to call. TLA who was standing around looking puzzled and said to me "Let me control the conference". My reply to that was "Well, I have the controller's dial-in phone number". Well we compromised and I let him control the conference. TLA started calling away to everyone who he knew and even people who he didn't know. However the first conference we did on Sunday had a problems calling overseas. TLA called the conference operator inquiring about the trouble we have with the it. TLA kept and yelling and screaming at the conference operator. Finally after about five minutes the conference operator asked him if he would like to re-start the the conference. The reply from the TLA was "Yes of course I would (stupid bitch)". Well after talking to the conference operator TLA then came back on the conference and asked everyone hang up as he was going to restart it. We should of know something funny was going on when the first conference didn't work but we didn't realize that until it was too late. The conference got restarted and TLA started to call everyone back. Sitting back at the Royal York Hotel everything seem to be going well. Shortly after around 11pm a hand reached out so quick that TLA and I didn't know what the fuck was happening. I looked over and TLA and his face wasn't too happy! The rest of the story told earlier is basically the same. TLA gave me chance to write about the horror side of my part of the story. I asked the guy if he was a "Cop". It was a stupid question but someone had to do it. The guys reply was "Yes". Shortly after we were escorted down the long hall and outside to a waiting cop car. While walking down the long hall, people started to stare at us. I guess these people have never seen anyone get arrested before. They shove us in the back of an awaiting cop car and they proceeded to drive to 52 Division. We arrived at 52 division a few minutes later and taken out of the car and escorted to garage door at the side of 52 division. One of the officers opened a small phone box, asking the person inside to open the door. The garage door opened and we proceeded to walk inside. Once inside an officer then asked us for our names if we know why here for. We were escorted up some stairs, down a long hallway and put into separate small white rooms. During the short walk upstairs, small talk broke up between the officer and me. I kept saying that I have this addiction. The officer kept on saying "Sure", as he really fucking cared. Some more small talk then broke up dealing with something to do with ripping off phone company. Well shortly after fours hours of standing around in white room an officer then came in asking which articles belong to me well. The only really thing I had was Cellular Phone, knowing that the 3 1/2" diskette, a three ring binder, a World Radio Television Handbook, and a garage door opener belonged to TLA. Walking outside the room the officer then asked about articles. Looking at long short table I saw my Cellular Phone and TLA's book, garage door opener, 3 1/2" diskette, and three ring binder. I then pointer which article belong to me and then was escorted back to the little white room. I knew I would be staying for the night. The next day I was escorted downstairs to a room with steel door with 1 camera faced to the door. At least I had someone to talk to. Well the person seemed alright. He was talking away, telling me what the fuck he done explaining he stolen a leather Jacket from The Bay. Well I explained what the I did, and not much of a reply was said. A little later I was escorted outside. Escorting me outside I was handcuffed to 3 people and away we went like the three stoogies. Stepping into the back of the paddy wagon we sat down front to front. Looking outside the back window looking to see where we were going, looking outside the side window seeing people going to work, thinking to myself what I am missing. We came to a stop and heard the door getting open, we walked out of the paddy wagon and escorted through a long corridor. Sounds of shouting, talking, other weird things that I couldn't make out echoed in the hall. I waited to be uncuffed, checked out and shoved into a cell. After being uncuffed I had to pull my pants down and get checked out by a officer with white gloves who was checking for any weapons that I might have. I was escorted through a main corridor of jail cell was then put in cell. One half hour went by and once again put out of one jail cell and put into another jail cell waiting to hear my case be brought up. I wasn't really to thrilled with my companions in the cell. Hours passed by sitting on the ground, sitting down and try to get a bit of sleep, you could hear talk going back and forth to between the other cell mates, "Hey, I like those Runners, I have to have them. I will make sure I get them by time night is over". I got escorted once again to another jail cell, which you could say this cell had been overcrowded with people, looking the doors of the jail cell I could see on the left table with an officer signing people out, and other side basically where you pick up your personal belongings. I was once again moved to another jail cell waiting around 2 hours with three other people in this cell, talking away to the officer they once again moved to another jail cell waiting to be moved to The Don Jail. After about one hour I was once again handcuffed and put in the back the paddywagon and off to The Don Jail I went. We arrived at the Don Jail and escorted to a front of desk with officer asking if I had any valuables. AFter that he asked me to remove my cloths. Standing in front of me was a officer who asked me to hang my cloths up on hanger. I though just didn't give fuck and just hung them as I pleased. Well the officer wasn't really pleased who I hung them and did it for me. Shortly after we where giving cloths to wear, which were cheap, neon and polyister but it's than better been nude! We where put small room with showers, having to change into these cheap cloths and shoes. I was then put in a chair with a Korean person and asked a bunch of questions. Shortly after a picture was taken with number. I was given a tray of food but the food tasted like the kind of stuff you get in hospitals. Anyways standing at the elevator of the Don Jail awaiting to be escorted to my jail cell. I waited to use the phone to call home and asking my parents to bail me out well. I finally got a chance to use the payphone to call home but no one was home. Well, I then called friend to see if he could contact my parents. Well my friend answered but doesn't know what the happened. Shortly after my name was called. I was escorted to small room looking around was glassed window, and a visiting room of some kind. I was surprised to see friend well got chance to talk. We talked away to each other, asking what each other we have done. After I talked to my friend for a while I was once again escorted to another small room. There was short person at a table signing people out, the bail was set at $2,000, and I agreed to show up in court at the set date. I am not going to say anything about the court appearances as they were basically the same as TLA said earlier and is nothing really interesting happened during that time. It's December of 91, the World of Commodore show. It's been nine months since I last heard of each TLA, however I was looking around thinking about what to buy and watching an interesting seminar at the same time. Well thought's went thought my mind when looking ahead and I though I saw TLA's color jacket. I was surprised to see TLA after nine months. During this first time their wasn't really much to say, however during months TLA and I got a chance to clear up some misunderstandings that happened over the years. Well I hope you enjoyed this article, as it was fucking hell just writing it alone. Well that's about all, thanks again to The Lost Avenger and all members of UPi. You may contact me, and leave comment or general replies to my private VMB at, 416-505-4785 24 hours. Thanks again. Wiz Kid, RaDD Corp. Written By Wiz Kid May 18, 1992 ------------------------------------------------------------------------------ -=- United Phreaker's Incorporated Magazine -=- Volume Two, Issue Six, File 9 of 11 United Phreaker's Incorporated Underground Newsline By Arch Bishop & The Lost Avenger Bell Protects Customers Against Long Distance Fraud ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [ Courtesy of Bell News April 6, 1992 ] On March 19, 1992, Bell began to verify charges on all long distance calls charged to a third number as a way of protecting customers against fraudulently billed calls. As a result when a customer asks the operator to bill a long distance call to a third number, the charges must be accepted at that number before the call goes through. This procedure was already in effect for such call when made from public pay phones. Applying the measure to all third number calls is intended to stop a type of fraud which has increased sharply over the past few months. If no one is available to accept the charges, there are still several options for customers, including billing their call to a Bell Calling Card, calling collect or dialing direct. To order a Calling Card, customers can dial 0 and place their request through an operator. There is no subscription fee to order the card. Calling cards are more economical than billing calls to another number, and they allow customers to bill long distance call to their account when they are away from home or the office. Informing Customers We're letting customers know about the change in several ways. First, Bell operators are informing customers who want to place this type of call. Second, a short informational message has been printed on customer bills. Third, information was issued to the news media about the change. Finally, customers who have made at least three such calls over the past three months and do not have a Bell Calling Card (about 200,000 customers in Quebec and Ontario) will receive a letter informing them of the change and letting them know what alternatives there are. To Curtail Fraud, Restrictions Are Put On Calling Cards From Payphones ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [ Courtesy of Bell News April 20, 1992 ] Increasing fraud prompted Bell to discontinue the use of calling cards to make calls to overseas destinations from payphones in Bell Canada territory. All calling cards, those of Canadian, American, and international telephone companies, were affected by the restriction which took effect April 13. Consumers, however, are able to continue to use calling cards for calls to Canada and the United States. The Need to control fraud on calling card from payphones led to this security measure. Recent investigandicated losses of over a quarter of a million dollars a day from payphone calling card fraud. In practical terms, this represented a loss of $500 for every $10 the company made, from overseas payphone calls. While Bell recognized this decision will inconvenience some customers, fraud has escalated to such a degree that it is was felt a security measure had to be implemented to protect customers and the company from further risk. Customers are being advised to use alternative calling methods such as: o billing validated calls to third parties; o using credit cards (American Express, VISA or Mastercard) with Millenium payphones. Located in key airports and hotels, these payphones use magnetic band screening to validate calls; o making collect calls; o using the Bell calling cards from non-coin telephones and, finally o making cash calls from payphones. On March 17 Bell made validated of calls billed to third parties mandatory whether the calls were being placed from payphones, homes or businesses. The new measure was introduced to protect customers against fraudulently billed calls. PBX Fraud Takes Toll On Unsuspecting Users ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [ Courtesy Of Business First Of Columbus April 6, 1992 ] Private branch exchanges can develop privacy--and pricey--problems of their own. PBXs, as they are commonly called, are internal telephone switching systems that businesses use to route calls made by their employees. And in recent years, PBXs have become the targets of crooks who illegally use such switches to place long-distance calls without paying for them. "This is one of the most under-reported stories around," says Marsha Schermer, a Columbus-based partner with the law firm of Arter & Hadden who specializes in public utility issues. "PBX manufacturers and long-distance carriers don't want to talk about PBX fraud because it's bad publicity for them," she says. "And companies that have been victimized also don't like to publicize that fact, out of fear of being targeted by other thieves." Telecommunications specialists say the most common route thieves use to break into PBXs is through their remote-access features, which allow employees located outside the office to place long- distance calls and charge them to their employer. To use that feature, employees must first enter a toll-free "800" number to get access to the PBX, followed by a multi-digit authorization code that allows them to place long-distance calls. Thieves reportedly use several different methods to find the toll-free num- bers and related authorization codes. Among the more popular: the use of "war dialers," which are computer software programs that electronically dial numbers until they find a combination that gets a dial tone; "Dumpster diving," in which the thieves look through trash bins in search of coding information that's been written down and discarded; and "shoulder surfing"-- spying on business people as they dial into their PBX from a pay phone. Kim Koeller, a manager within Andersen Consulting's Network Solutions Group, says thieves have also found ways to break into PBXs via their voice-mail systems. "As PBXs have gotten more sophisticated, so have the methods thieves use to break into them," notes Koeller, who is based in Andersen's Chicago office. Once they break into a given PBX, the thieves often set up "call-sell" operations in which they sell the stolen long-distance time to someone else, often recent immigrants who want to talk with friends or relatives back in their homeland. However, Arter & Hadden's Schermer says much of the illegal calling activity funneled through PBXs probably involves drug deals and weapons sales. Telecommunications experts say thieves operating out of New York City are the largest source of PBX fraud. But such problems can strike just about anywhere. That situation is reflected in an informational brochure on PBX problems that was issued by the Communications Fraud Control Association (CFCA) in Washington, D.C. According to that publication, entities that have been hit by PBX fraud include the Tennessee Valley Authority, which lost $65,000; Philadelphia Newspapers Inc., which was bilked for $150,000; a Midwest chemical company, which lost $700,000; and an Ohio manufacturer, which lost $300,000. In all, CFCA says toll fraud costs companies more than $1 billion a year. It's hard to say just how much of this illegal activity is striking Central Ohio PBXs. The Columbus office of the FBI, for example, recently reported that it had received a half-dozen reports of PBX-related fraud during the past nine months. The potential for PBX problems here is further reflected in statistics compiled by the North American Telecommunications Association, which show there are about 1,000 PBXs now in operation in Columbus. If your firm is using one of those switches, the CFCA recommends taking the following defensive steps to reduce the chances of thieves breaking into them: o Assign authorization codes for remote-access use on a need-to- have basis. Also, use random numbers for such codes--never have them match the user's telephone station or corporate badge number. o If possible, limit remote-access trunk lines to domestic calls only. o If your PBX has a time-of-day control feature, use it to block the placement of long-distance calls after business hours. o Regularly monitor your long-distance billing and traffic for unusual patterns. Numerous attempted calls that are short in duration, for example, might indicate a computer "hacker" seeking to break into your system. o Try "hacking" your PBX to seek weaknesses in its defenses. If your company PBX does get hit by thieves, who pays for the illegal calls? Thus far, at least, legal and regulatory bodies have held that the firm owning or leasing the PBX--and not the equipment manufacturer or the long-distance carrier involved--is responsible for paying such charges. AT&T To Reopen Direct Calling Service Between U.S., Vietnam ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [ Courtesy of Dow Jones News Service/Wall Street Journal April 6, 1992 ] WASHINGTON -DJ- American Telephone & Telegraph Co. said it reached an agreement with Vietnam communications officials to reopen direct communications service between the United States and Vietnam for the first time in 17 years. The company said the start of service hinges on acquiring all necessary U.S. regulatory approvals. AT&T said in a press release that it hoped to offer limited direct dial service in a few days by sending calls between the United States and Vietnam through third countries. The company said direct links could be available in a matter of weeks. Calls to Vietnam from the U.S. mainland will cost between $2.51 and $2.91 for the first minute, depending on the time, and between $1.77 and $2.17 for each additional minute, AT&T said. Currently, callers trying to reach Vietnam from the U.S. pay as much as $8 a minute to black market telephone operators. AT&T said it has been working since 1988 to seek approvals from U.S. government officials to provide telephone service for the 700,000 Vietnamese-Americans living in the United States. The State Department on April 13 said it would grant an exception to the U.S. economic embargo with Vietnam to allow telephone calls between the United States and Vietnam. Payments due the Vietnamese for completing calls will be placed in a blocked account under the jurisdiction of the United States government. AT&T Unveils New Consumer Long Distance Phone Service ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [ Courtesy of Dow Jones News Service April 28, 1992 ] NEW YORK -DJ- American Telephone & Telegraph Co. unveiled its EasyReach 700 Service, a portable, permanent long distance telephone number. For $7 a month, customers will receive a 700 number that is theirs for as long as they remain EasyReach 700 subscribers, no matter where on the U.S. mainland they travel or move, the company said in a press release. Sucribers also get selective call forwarding and the option to receive calls that are toll-free to the caller. AT&T said the service is designed primarily for long distance calling and subscribers are expected to retain a local telephone number. The EasyReach 700 calls will be billed at fixed per-minute prices, regardless of the distance. In its filing with the Federal Communications Commission, the company said the service will be introduced June 15. Merrill Tutton, president AT&T consumer communications services, explained that the new service will permit customers to use a single telephone number at their homes, office, vacation or wherever they might choose. The customer has only to give friends, family or associates, his 700-number, tell AT&T the telephone number where he can be reached and AT&T will forward all calls to the 700-number called to the location the customer desires. AT&T also will provide a mechanism that will allow certain calls to be billed automatically to the 700-service customer. AT&T said it will charge $7 a month for service. For calls billed automatically to the 700-service customer, AT&T will charge 25 cents a minute at peak hours and 15 cents a minute off peak - both about the same as a regular direct-dialed long distance rates. "You can give it to a child, friends, army buddies, whoever you want, and they can reach you wherever you are," Tutton said. He acknowledged, however, that "there is a finite number of people that will feel this is a service they want." Tutton said, "this is aimed at people who move around a lot, have a couple of homes or also own a cellular phone." Customers can designate those whose calls can be billed to the 700-service customer by providing them with a four-digit personal identification number. The charge to the subscriber is 25 cents a minute during peak hours and 15 cents off-peak, or "a penny or so more than regular long-distance rates," Tutton said. Customers must make the call over an AT&T line or dial an extra five-digit access code to send the call over the AT&T network, AT&T said. "That doesn't strike me as very user friendly," said Patricia Proferes, director of card and Personal 800 Services at MCI Communications Corp. She noted that MCI has been offering a "Follow Me" service that allows a customer to use a toll-free 800 number and give it out to friends or business associates. "People are confused by 700 numbers," she said. A Sprint Corp. spokesman said the company "looked into offering the type of service announced by AT&T and while we're not ruling out offering a similar one in the future, we're now focusing our resources on other services." While Tutton wouldn't offer an estimate on the size of the potential market, a spokeswoman noted that AT&T Bell Laboratories figured there are about six million possible combinations of ten-digit numbers that can be offered using the 700 prefix. There are more than 100 million phone customers in the U.S. Moreover, nothing is keeping rivals MCI and Sprint from offering similar programs based on 700 numbers. "This is a nifty way for AT&T to condition its customers to think of AT&T in terms of mobile communications and local communications," said Jack B. Grubman, telecommunications analyst at PaineWebber Inc. Currently AT&T offers neither of those services, and this could pave the way for the company to wade into these markets. AT&T Unveils New Fraud Protection Program ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [ Courtesy of Dow Jones News Servic May 13, 1992 ] NEW YORK -DJ- American Telephone & Telegraph Co. said it is introducing a new program to help its customers secure their communications systems and control telephone fraud. The company said its NetProtect Basic Service, which monitors calling to countries experiencing the highest amounts of long-distance fraud and domestic 800 service 24 hours a day, seven days a week, and alerts customers to suspected fraud, will be offered to all business customers of AT&T's long-distance and domestic 800 services at no additional charge. AT&T said it began this week monitoring its 800 service to prevent thieves >from using the network to commit fraud. It said it will begin monitoring international long-distance service Aug. 1. The company said in addition to basic service, its customers will be able to choose optional NetProtect products and services, for a cost, to meet their individual security needs. Among the other options it plans to offer are NetProtect Enhanced Service, which includes all NetProtect Basic Service options, provides more customized monitoring and - pending Federal Communications Commission approval - will offer a $25,000-per-incident limit on customers' financial liability for fraud caused by thieves using a company's PBX; Hacker Tracker, a software package that works with AT&T's PBX Call Accounting System Plus to detect and alert customers to suspicious calling patterns; and AT&T Fraud Intervention Service, which gives AT&T's PBX and voice messaging customers access to a team of technical and security experts who can help them detect and stop fraud. The company said it expects the liability cap component of the program, pending FCC approval, to take effect Sept 1. The problem of phone-service theft has been a bone of contention between long-distance carriers and corporate customers, some of whom have complained that the carriers haven't done as much as they could to stop the problem. At issue is whether the customer or the phone company is responsible for the costs rung up by thieves, primarily professional hackers who get access to companies' internal telephone systems. AT&T also will offer seminars to companies in watching for fraud and in developing phone security measures for companies' staffs. Corporate customers would remain liable for fraudulent phone charges that do occur. AT&T's announcement follows a similar move several weeks ago by rival Sprint Corp. Unlike the other long-distance carriers, though, AT&T also makes telephone equipment, so it could face possible complaints from customers about insufficient equipment as well as service. Also, AT&T's fee-based enhanced protection programs require customers to have AT&T 800 service and AT&T outbound long-distance traffic at each location. Such theft is estimated to cost companies more than $1 billion annually, according to the Communications Fraud Control Association, a Washington-based group. Jerre Stead, president of AT&T's business communications systems unit, and Joseph Nacchio, president of business communications services, said they see the cost for enhanced protection as "only marginal" to companies. But they noted that toll-call fraud has increased sharply in the last few years, as companies try to make their phone systems more user-friendly to their employees. AT&T - World Connect Service: English-Speaking Operators ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [ Courtesy of Dow Jones News Service April 30, 1992 ] NEW YORK -DJ- American Telephone & Telegraph said its World Connect Service, beginning today, eliminates language barriers and unfamiliar dialing procedures for Americans living or traveling abroad. Users of AT&T's World Connect Service will be able to place calls from 34 countries by using their AT&T Calling Card or AT&T Universal Card. Calls will be completed with the assistance of an English-speaking AT&T operator. Customers can access AT&T World Connect Service by dialing the AT&T USADirect Service number from the countries where World Connect is available. Callers then give the AT&T operator the country code, city code and local number of the person they want to reach, along with their AT&T Calling Card or Universal Card number and the operator completes the call, the company said in a press release. Sprint Unveils Calling Card To Facilitate Calling Process ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [ Courtesy of Dow Jones News Service April 20, 1992 ] KANSAS CITY, Mo. -DJ- Sprint Corp. unveiled a new Sprint FONCARD that will enable customers to dial fewer digits to complete a call, place calls with a card number and use new technology. In a press release, the company said the new Sprint FONCARD has a variety of features designed for domestic and international business travelers. It will make FONCARD long distance calling simpler and enable customers to save time, effort and money. Pacific Bell Delays Ending Grace Period For 213/310 Code ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [ Courtesy of Dow Jones News Service May 1, 1992 ] SAN FRANCISCO -DJ- Pacific Bell, citing unrest in Los Angeles, said it will delay indefinitely the end of its six-month grace period for users of the 213 and 310 area codes. On Nov. 2, the company, a unit of Pacific Telesis, introduced the 310 area code and announced that its ''permissive dialing'' period would last through May 2. After tomorrow, callers were supposed to be connected to a recording asking them to redial using the correct code. There is no new conversion date at this time, the company said in a statement. Callers will still be able to use either area code 213 or area code 310 for calls into the region, the company said. Pacific Bell To Suspend Some Charges For Victims Of LA Riot ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [ Courtesy of Dow Jones News Service May 1, 1992 ] SAN FRANCISCO -DJ- Pacific Bell, a unit of Pacific Telesis, said it will suspend certain charges for its call forwarding, remote call forwarding, and Pacific Bell voice mail and message center services. In a news release, the company said it is suspending the charges in order to help telephone calls reach the victims of civil unrest in Los Angeles. The offer will be available to those customers who have been forced to flee their homes or whose businesses have been burned or abandoned. The suspended charges include installation fees and recurring charges for 30 days. Usage charges won't be waived. It's difficult to look natural while committing a computer crime. A sweaty brow or quickened heart beat is not going to give you away, but activities like logging on in the middle of the night or accessing a file that you normally have no interest in, may. For a year now, the US Federal Bureau Of Investigations has been testing a new kind of security system which attempts to trap malicious computer users, or intruders masquerading as staff, by highlighting statistically-unusual behavior. At present the system is confined to one IBM mainframe serving three or four field officers in the Washington DC area, but there are plans to extend it across the country. Over the next few years similar systems are likely to surface at other sensitive computer sites in government agencies, defense ministries and also the armed forces. The FBI's package, called Intruder Detection Expert Systems (Ides), has been developed over six years by SRI International of Menlo Park, California, 1.5m) of funding, mainly from the US Navy. The software monitors individual users and groups of users and builds up a historical profile of their "normal" behavior on the computer. It then monitors their current activity, and sends out an immediate alert if there is a significant difference between the two. In this way Ides detects instructions that go unnoticed by conventional password and access-control systems. For example, it can detect hackers who have gained access to a computer through exploiting unknown vulnerabilities. The FBI has uncovered some "interesting events" says Teresa Lunt, programmer director at SRI. "Typically," she says, "they're concerned that a user might be providing information to someone on the street. An FBI employee who normally works on stolen cars, for example, might be contacted by a drug-related criminal and asked to look something up." FBI cases tend to overlap department boundaries, says Lunt, so computer users may have the authority to access a wide range of files. With Ides, however, they will be asked to justify any unusual actions. Ides also includes a second kind of snare - it is able to recognize specific actions that are regarded as suspicious, such as a string of unsuccessful attempts at logging on. It archives this with an expert or "knowledge-based" system programmed to look for particular sets of circumstances. Hackers are predictable, says Lunt. "There's a cookbook of ways to break into a Unix or Vax system for example - you can encode that information and look for those particular exploitations." Lunt says the prototype Ides, which runs on a Sun workstation connected to the computer being monitored, may spawn a product within two to three years. The institute has funding for another three years of research but "we think we can start turning out useful prototypes now," says Lunt. SRI is not product-orientated but the research group is looking for a joint-venture partner to bring Ides to market. Thrifty Tel's Lament: Hackers Back on Attack ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [ Courtesy of Orange County Business Journal April 9, 1992 ] "They're baaack!" says Thrifty Tel Inc.'s Rebecca Bigley. "They" are the computer hackers that plagued the long-distance telephone company two years ago, as it was struggling through a difficult bankruptcy. Hackers are computer jockeys who gain illegal access to a target computer system and often wreak havoc within the system. Bigley had battled the hackers once before --and thought she had won. Now they have returned. "This time we're prepared, and they are not going to get away with it," Bigley said. As if to underscore this, she has taken the offensive, calling on the state Public Utilities Commission to help Thrifty Tel in its fight. As previously reported in the Business Journal, Thrifty Tel emerged from bankruptcy in January after surviving a fire, an investigation by the Securities and Exchange Commission and infiltration by hackers. The company was cleared of any wrongdoing in the SEC case. Then came a faulty billing package that threw the company into bankruptcy--a hole that took two years to climb out of. Now hackers have started entering the company's billing system once again. Bigley, the company's vice president, said that six hackers--all from the San Diego area--have been tracked and caught. "There seems to be a group of kids operating together down there," Bigley said. "I'm here to tell them that we know how to catch them." The hackers, she said, all are children of "well-to-do business people" in the San Diego area. She characterized one as the son of a "very prominent" San Diego businessman. As a condition of settlement, she agreed not to disclose their names. Computer hackers have continuously plagued the long-distance telephone industry, obtaining access codes to make their own long- distance calls without paying for them. "It's a huge problem, especially for the major companies like AT&T, MCI and Sprint," said Jeff Buckingham, president of Cal-Tel, a statewide organization made up of 30 long-distance telephone companies. He estimated that hackers cost the phone companies hundreds of millions of dollars nationwide. Nearly two years ago, Thrifty Tel was hit with the first rash of several dozen computer hackers, who repeatedly broke into the company's computer system and stole long-distance access codes. Unchecked, the problem could have put the company out of business, Bigley said. Bigley mounted a personal and much-publicized counterattack against the hackers. After first coming up with a system that gave instant notification when a hacker was tapping into the telephone network, Bigley applied to the PUC for the right to impose $6,000 in "accessfees" against hackers. "But that does not always seem to faze them that much. For them, the worst is the condition of settlement: They must forfeit their computers to us," Bigley said. Illegal CB Equipment Seized From Four Dealers In Amarillo, Texas ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [ Courtesy of Popular Communication June, 1992 ] Under the direction Of Assistant United States Attorney Mark Nichols, the United States Marshalls with the assistance of the FCC's Dallas office and the Amarillo Police Swat Team, seized an estimated $20,000 of illegal electronic equipment. The equipment was seized from four businesses in the Amarillo, Texas, area: S&S CB Shop, Radio Depot CB Sales, Ben's CB Sales and Repeair and Tri State Radio. After receiving a report from the Crime Stoppers office of the Amarillo Police Department, an investigation was conducted by the FCC's Dallas Office with the assistance of the Amarillo Police Department. The seized equipment included linear amplifiers and non-type accepted CB transceivers capable of boosting transmitter power to over 1000 watts. This level of power is well over the legal 4 watt limit. The use, sale, or manufacture of linear amplifiers or other devices that boost CB radio power beyond legal limits os prohibited by the Communications Act and the FCC's Rules and Regulations. These devices are capable of disrupting public safety and aeronautical communications, and causing interference to home electronic entertainment equipment. Federal law provided penalties, which include fines up to $100,000 and imprisonment for up to one year, for a first offense. Three Pirates Sentenced In Texas ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [ Courtesy of Popular Communication June, 1992 ] Three Odessa, Texas, men have been sentenced by a United States District Court for operating two unlicensed FM broadcast stations. The unlicensed FM stations used the callsigns "KROX" and "KFRE" and identified the operation as the "Pirate Radio Network". Agents of the Federal Communications Commission, United States Border Patrol, United States Marshalls Service and the Odessa Police Department cooperated in the investigation and issuances of search warrants which led to the arrests. Thomas Euguene Barnes pled guilty to one count of aiding and abetting unlawful operation of a radio station. Both men were ordered to perform 100 hours community service and placed on a three year probation term. Unauthorized operation of a broadcast station creates potential of harmful interference to stations licensed by the FCC and is a violation of Section 301 of the Communications Act of 1984, as amended Area Firms Stung by PBX Fraud ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [ Courtesy of South Bend Tribune Business Weekly April 18, 1992] SOUTH BEND--At least two area companies have recently been defrauded of between $60,000 and $200,000 worth of long-distance telephone calls. Both firms requested anonymity, but confirmed the problem and the amounts. The local loss is part of a larger problem called PBX fraud, which has been plaguing companies around the country. PBX fraud usually involves breaking through telephone switches and selling toll-free calling access to criminals. The fraud was discovered in Michiana when the two firms noticed a dramatic increase in the number of calls placed to area code 809-- the code for Colombia, South America. PBX fraud is accomplished by a network of hackers who randomly dial 800 numbers and attempt to break through telephone switches, commonly called PBX's, located in companies around the country. If successful, the hackers notify a ready and willing band of thieves who pay for the number and use it for "business" purposes. The victims of the fraud are then charged for the criminal's calls. In an article in the September/October 1991 issue of ISP News, published by the MIS Training Institute Press, William J. Cook of the United States Attorney's office in Chicago, cited a case of PBX fraud involving Mitsubishi, which lost over $430,000, and AT&T, which provided the telephone system. Although the case has not yet been resolved, Cook reported that "AT&T responded that its standard practice was and is to give customers ample warning of the dangers of toll fraud and that users (of telephone equipment) typically lose out when they implement poor maintenance and security procedures." The fraud is not as difficult to pull off as it may seem. At a recent AT&T Consultants' Liaison seminar, an instructor from DePaul University in Chicago revealed that there is a catalog available which lists software products guaranteed to break into telephone switches or voice mail systems. A typical PBX fraud scenario might begin with an employee unable to place outside calls. The lines of the system are occupied by the criminals. The telecommunications department specialist may receive a call from the long distance carrier inquiring about an increase in calls to a certain area code. Further investigation may reveal that nearly all outgoing calls are placed to the suspect area code. How should a company deal with PBX fraud? First, if the fraud is already established, the firm's telecommunications specialist should remove from the system valid access to the area code the criminals are using. To prevent fraud from occurring, a company systems administrator should check "call detail reports" on a daily basis looking for failed attempts to access the telephone system or multiple calls to unusual locations. In addition, the firm should work with its PBX or voice mail manufacturer or a competent telecommunications consultant to determine where the company is at risk and what hardware, software, or procedures can be implemented to prevent toll fraud. The firm should be sure to report any known attempts at fraud to federal, state, or local law enforcement officials. Canadian Phone Companies Form New Holding Firms And Revise Mandate ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [ Courtesy of The Computer Paper March 1992 ] Canada's major telephone companies last month announced the creation of two jointly held companies Stentor Resource Center Inc. and Stentor Telecom Policy Inc. In addition, they announced a revised mandate for Telecom Canada, which will now be known as Stentor Canadian Network management. The CEOs of the nine telephone companies unveiled their plans at an Ottawa news conference that was to Montreal, Toronto and Vancouver, Stentor Resource Center will consolidate the shareholder companies marketing and engineering development activities at the national and international levels. Stentor Resource Center will develop and deliver national telecommunications products and services, will develop national technology standards, will conduct or sub- contract researches and development projects for the telephone companies, and will establish international alliances with other telecommunications organ- izations. It may also become involved in systems development with the telephone companies. Stentor Resource Center will officially be in operation as of January 1, 1993. It is expected to have approximately 2,500 employees drawn from the member telephone companies. it will be centered in Ottawa, but will also have operations in other parts of the country. Brian Hewat, currently Executive Vice-President Marketing for Bell Canada, will be appointed President and Chief Executive Officer of Stentor Resource Center. Kapor Praises ISDN As Key To Future ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [ Courtesy of The Computer Paper March 1992 ] Mitch Kapor, founder of Lotus Development and the Electronic Frontier Foundation (EFF), used the keynote address at the Winter '92 Usenix technical conference to hammer home the EFF's vision of a civilized network world, with networking for all. Kapor feels that ISDN a technology considered by many to be obsolete even before it has become widely available is in face the key to universal access to the network world.ISDN provides digital service using the same basic equipment used by voice technology. An ISDN connection provides 2 channels of data at 64 kilobits/second and an additional control channel at 16 kilobits per second. Voice communication requires 56 kilobits without compression, and typical high-speed modems attain little more than 9600 or 14400 bits per second by contrast. In theory, ISDN should cost no more than voice phone calls, because many phone companies already transmit most of their voice by digitizing it and sending it over the 64-kilobit channels that ISDN uses. Because ISDN uses the copper wires that are already in place throughout the network world, it requires no additional physical equipment unlike plans for fiber optic multi-megabit data connections. ISDN is also sufficiently fast for good quality videotelephony. Kapor suggested, and the audience agreed, that almost every member of the audience would buy such ISDN service if it were available under the terms he describes. Such could be the start of a network world for everybody in the USA. Kapor also pushed for more commercialization of the TCP/IP "Internet" that already hooks together tens of thousands of computer systems around the world. Kapor offered some free business ideas to the audience, suggesting that people work to start network service bureaus to allow the exchange of money, and even a network bank that accepted checks signed with digital signatures. The EFF has recently opened an office in Washington, DC to assist with its public policy lobbying efforts. In addition to promoting universal network availability the EFF has worked to make itself the ACLU of the network world, assisting those whose rights are abused by law-enforcement officers who misunderstand or fear computer and network technology. New For Networks: Hayes Announces ISDN Extender ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [ Courtesy of The Computer Paper March 1992 ] Hayes Microcomputer Products has announced the Hayes ISDN eXTender, a network interface module providing both ISDN (Intergrated Services Digital Network) service under its Basic Rate Interface, and analog phone service to users of the NeXT computer. The product provides an eight-pin connector to an analog telephone line. When used in conjunction with NeXTstep release 3.0 applications, the eXTender can be used for remote connections to local area networks, as well as high- speed voice, data, fax and multimedia communications. The product represents a strategic relationship between two of the computer industry's first wave of entrepreneurs, Dennis Hayes and Steve Jobs. Hayes created some of the first PC modems on a kitchen table in 1977, about the same time Steve Jobs was forced out at Apple while Hayes faced hard times resulting from price-cutting in the modem market. Since then, Jobs has founded his NeXT company while Hayes has rebuilt his firm around ISDN and local area network access, using a subsidiary called Practical Peripherals to fight the modem price war. Hayes was also one of the first U.S modem makers to aggressively search out international markets, and has been a leader in opening the Chinese market. Phone Rate Hikes Are Likely to Continue, Analysts Say ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [ Courtesy of The Los Angeles Times March 27, 1992 ] After eight years of price cuts, long-distance telephone rates for most of the nation's households are rising, and analysts said the trend is likely to continue as carriers retreat from the bruising competition that followed the breakup of American Telephone & Telegraph. Industry leader AT&T, as well as MCI and Sprint, Thursday acknowledged the rate increases for 1991 _ which ranged from less than 1 percent to nearly 3 percent. The increases were necessary, they said, because the cost of doing business also rose. The increases came as the carriers backed away from the intense price competition that hammered interstate phone rates down by 40 percent since 1984. Carriers instead are focusing their efforts on winning the loyalty of high-volume long-distance callers with special discount programs. While these plans can offer significant savings, it is estimated that less than one-third of the nation's households enjoy bargain rates. The trend toward high-volume discounts concerns consumer activists who worry that low-income or elderly people who make few long-distance calls are subsidizing the low rates enjoyed by people who can afford to call more often. "We are moving away from the social commitment to inexpensive, basic phone service," said Audrie Krause, executive director of Toward Utility Rate Normalization, a San Francisco-based consumer group. Representatives of the nation's three largest long-distance carriers rejected the notion that affluent people benefit at the expense of those who can't afford to make enough calls to qualify for a discount. "We do not view (basic) long-distance customers as a cash cow of any kind," MCI spokesman John Swenson said. For most consumers, the increase in long-distance rates last year was barely perceptible. Consumer Action, a San Francisco-based consumer advocacy organization, released a survey Thursday indicating that AT&T rates rose by a fraction of a percent, and that MCI's rates rose by 1.2 percent. Consumer Action said its survey showed Sprint's rates shot up by 3.94 percent. Consumer Action calculated the increases by comparing the costs of calling between four pairs of cities during the day, evening and at night to capture time-sensitive changes in phone rates. The group noted that its survey is only a sampling and may not reflect actual rate changes experienced by consumers. In fact, Sprint disputed the survey's findings, saying that it raised basic long-distance rates by 2.7 percent last year. Consumer Action spokesman Michael Heffer said MCI and Sprint raised their rates to more closely match the rates set by AT&T, the largest and usually the high-price carrier. The survey indicated that Sprint's rates now match AT&T's in some cases, while MCI continues to price itself below AT&T. In a statement, Consumer Action Executive Director Ken McEldowney criticized the rate increases as unjustified. "At first glance, it looks as if the carriers are raising rates to offset revenue losses they may be incurring from their discount calling plans." But the carriers disputed this. AT&T specifically attributed its rate jump to a government-ordered rise in the amount the company must pay local phone companies to offset the cost of doing business in low-income areas. While AT&T would not disclose the size of the federally mandated cost increase, spokesman Michael D. Johnson said, ``AT&T did not pass along the full extent of our costs.'' Computer Virus Fails To Byte Canadian Tipped Off In Time But Other Countries Not So Lucky ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [ Courtesy of The Toronto Star March 7, 1992 ] It was billed as the great plague, but it turned out to be nothing more than a sniffle. Advanced precautions taken by Canada's governments, universities and corporations served as immunization against a lethal computer virus known as Michelangelo. Other countries, however awoke to the Italian Renaissance artist's 517th birthday yesterday with gibberish on their IBM-compatible computers. The virus, which attacked sporadically around the globe, left South Africa hardest hit, with more thank 1,000 computers affected in 450 to 500 businesses, most of them pharmacies. Police in Amsterdam said the virus was unwittingly spread around the world by a Taiwanese software copying house, by Taiwanese authorities have not identified the firm. Immunization techniques appeared to have avoided the worst effects in Europe and Asia and, with Middle Eastern offices closed for the Muslim day of prayer yesterday, the extent of damage there was not know. John McAfee, president of the U.S.-based Computer Virus Industry Association, a research group of software and hardware makers, estimated that at least 10,000 computers has been hit world-wide and had lost data. The virus, scheduled to strike at 12:01 a.m. yesterday, wipes out the contents of hard disks of infected computers as they are switched on. Any computer compatible with IBM equipment is a potential target, but the virus can be eradicated by special software. Only a handful of cases were reported in Toronto, Ottawa and Kitchener, and these occurred days before the artist's birthday. Over-all, government agencies seemed to escape the deadly virus, said Constable Greg Peters of The Royal Canadian Mounted Police in Ottawa. "We notified 150 government agencies and private contact and advised them to prepare themselves," Peters said yesterday. "We're quite confident that preventive measures halted the virus." IBM Canada Ltd. reported no problems from its customers, who own 1 million PCs across the country, adding that a warning earlier this week about the virus gave people time to prepare. Maclean's magazine suffered some minor disruption from the virus, but it did not affect editorial content, an official said, and most of the wiped-out information was backed up on other files. Bell Canada kicked in its anti-virus software this week, searching for bugs in the system, but none were found, said David Goldsmith, associate director of corporate security. Norton anti-viral software used on computers at the Toronto Stock Exchange seemed to prevent any problems, said Olaf Kraulis, vice-president of information systems. The University of Toronto - which was hit with the virus in a test last week - also didn't experience problems, said Wilfred Camilleri, the university's manager of security. Computer Crime Problem Highlighted ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [ Courtesy of The Toronto Star March 9, 1992 ] With the growing corporate dependence on computers, "information crimes" have become easier to commit but harder to detect, says a Toronto-based security company. "Electric intrusion is probably the most serious threat to companies that rely on computerized information systems," Intercon Security Limited says in its Allpoints publication. Allpoints cited a study of 900 businesses and law enforcement agencies in Florida showing that one of four businesses had been the victim of some form of computer crime. "While most of the media attention has focused on `hackers,' individuals who deliberately and maliciously try to disrupt business and government systems, one estimate indicates that 75 per cent plus of electronic intrusion crimes may be `insider attacks' by disgruntled employees," the publication said In Intercon's experience, vice president Richard Chenoweth said the company is as likely to find a corporate crime committed by a disgruntled employee as one one perpetrated by an outsider. Intercon said the technology exists to guard against most electronic intrusion. "The problem is that many information managers still don't believe there is a risk, so they are not making the best possible use of what is available." More on computer security and corporate crime in Allpoints, Telephone: (416)229-6812. MCI, Sprint Take Steps to Cut Off Swindlers ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [ Courtesy of The Washington Times March 1, 1992 ] MCI and Sprint yesterday said they are cracking down on telephone fraud. The two long-distance carriers are tackling different kinds of swindles, though: o MCI said it will stop sending out bills for pay-per-call operators who promise help getting a loan, credit, a credit card or a job. o Sprint said it will offer large business customers a form of liability insurance against unauthorized use of corporate switchboard lines. MCI Communications Corp. of the District said it wanted to protect consumers who might be gulled into overpaying for some "900- number" services during economic troubles. But long-distance carriers are also guarding their own bottom lines by tightening up pay-per-call standards, said telecommunications analyst James Ivers. "They're acting fiscally responsibly because traditionally these were the types of programs that created a high level of uncollectable" bills when ripped-off consumers refused to pay, said Mr. Ivers, senior analyst with Strategic Telemedia, a consulting firm in New York. Last September, Sprint Corp., of Kansas City, Mo., told more than 90 percent of its 900-number customers it would no longer do their billing. Long-distance firms cannot refuse to carry pay-per- call services, but most 900-number operators do not want the expense and trouble of doing their own collections. American Telephone & Telegraph Co., of New York, said it has set up strict guidelines for all 900-number firms, such as disclosing in advertising any fees charged for credit processing. AT&T spokesman Bob Nersesian said: "We still think there are legitimate providers of this kind of service and our guidelines keep the dishonest guys off the network." Sprint's switchboard-fraud liability protection is aimed at big customers, whose Sprint bills are more than $30,000 per month. For an installation fee (up to $5,000) and a monthly charge (also up to $5,000), Sprint will absorb fraudulent phone charges above $25,000 per switchboard. The customer pays the first $25,000. Sprint's liability ends at $1 million. Large and medium-sized companies can rack up huge bills if their private switches, known as private branch exchanges or PBXes, are broken into and used to make calls to other countries. In a recent case, more than 20,000 calls were made on a company's PBX over a weekend, with the charges estimated at more than $1 million, said M.R. Snyder, executive director of Communications Fraud Control Association, a Washington trade group. "It is certainly (a fraud target) that is ripe for being abused," Ms. Snyder said, especially since telephone carriers have improved their ability to spot unauthorized credit-card calls more quickly. Overall, telecommunications fraud costs phone carriers and customers an estimated $1.2 billion per year although the figure is really just a "guesstimate," Ms. Snyder said. Company PBXes often have features that allow traveling employees, or distant customers, to call in and tap an outgoing line. With computer programs, hackers can randomly dial numbers until they hit security codes. Sometimes the codes are only four digits, so hackers don't even need a computer said Bob Fox, Sprint's assistant vice president of corporate security Along with the fees, customers must agree to take certain precautions. Those include using security codes at least eight digits long and eliminating the ability to tap outside lines through voice mail. In return, Sprint will also monitor PBX use every day, instead of the five days per week currently done free for customers, Mr. Fox said. MCI spokesman John Houser said his company will be watching Sprint to see if the program is a success. Spokesman Andrew Myers said AT&T offers fraud protection to some corporate customers but is not considering extending that to cover PBX abuse. AT&T is currently involved in several lawsuits over disputed PBX charges that total "many millions" of dollars, Mr. Myers said. Sprint officials said they have not sued any customers to collect on PBX fraud bills. Province Careless With Data: Auditor ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [ Courtesy of Toronto Computes March 1992 ] When lunch hour moves in, government employees move out, abandoning desks and computers in search of sustenance. Dutifully, they stuff confidential papers into safes and cabinets. But those diskettes holding private credit data and other confidential information are often casually strewn atop desks. Nearly 65 percent of government staff don't lock up diskettes containing confidential information when they leave their stations, according to Douglas Archer who recently retired as provincial auditor, Ontario's watchdog for government spending. Are we governed by a computer-careless, if not computer illiterate, body? Yes, according to Archer's last report. "The problems we identified were so widespread, we felt it was fair to be critical of the entire system government-wide," said John Sciarra, executive assistant to the auditor. In the daily use of desktop computers by government employees, the auditor found information inadequately protected, staff unaware of when they were handling confidential data, few guards against viruses and incidents of unlicensed copies of commercial software. Also present was that bane of computer equipped organizations, inadequate selection and protection of passwords. At five different ministries, said the auditor, it was easy to find phone numbers, user names and passwords all the supposedly confidential information anyone would need to gain acces to computers via modem. In some cases, that information was pinned to a wall, taped to keyboards or left on a desk. Lax security precautions were also found in the powerful government mainframes. The auditor examined five mainframes, focusing on how each managed its security software, known as Resources Access Control Facility, or RACF. The report gave very low marks to the Ministry of Correctional Services. But Bill Gray, director of management information systems at the ministry's North Bay data center, said security is not lax. "The wording (of the report) is much more pejorative than the reality. It's not terribly lax." According to the report, the data center's mainframe had too many privileged users and poor password controls. As well, some users were capable of altering the audit trail information, allowing them to erase records of their activities. The Information Security group at North Bay didn't have control of the command to turn RACF off, nor had it changed the original password required to use that command. Gray said Corrections' poor showing was because RACF had just been installed in December 1990. "When they audited, the data center had been in operation for only weeks. "Most people, I think, would recognize that when you set up something new there are lots of things to do and we missed some of these, frankly. The auditor pointed them out to us and we thanked them for it. It helped us improve our security, and for us, because of the line of business we are in, we take security very seriously probably more seriously than most organizations." Gray said the center has done a review of its technical staff and "documented who can and should have access, and the number has been reduced." The only recommendation not implemented is encryption. "We have evaluated that and we are still uncertain if that's a wise thing to do," said Gray. He said there are some questions about the RACF encryption system. "That option apparently doesn't work all the time. It causes some failures under certain conditions." Only the Ministry of Revenue received a glowing report card from the auditor. "It's and educational thing, the knowledge level of people," said John Thompson, manager of technology security at the Revenue Ministry. "Revenue has a fairly strong technology base and I think we are alert to the technology concerns." One ministry spokesperson said mini-computers were at fault for security problems. "Minicomputers were initially purchased to process information for small numbers of people...The minis were traditionally much less well protected since the loss of a mini threatened only local interests." The next step for the auditor's office is to return to the ministries to check on whether its recommendations are being implimented. "It's still to early, "Sciarra said." "We'll probably do follow-ups in the summer." Follow-ups aren't as detailed as audits, and the next audit isn't due for five or six years, he said. "We audit government programs on a cyclical basis. There are too many government programs to allow annual audits." Sciarra said a detailed follow-up will have to come from the standing committee on public accounts of the Ontario Legisature. That all-party committee made up of 11 MPPs is designed to keep government bureaucracy accountable by holding public hearings on issues raised by the auditor. "There are so many weaknesses we identified." Sciarra said, "I think the public accounts committee will be selecting those three sections of the 1991 report (dealing with computer security) for more detailed review. It is on their agenda, but hasn't been scheduled for hearing yet." Sciarra said that once the committee tackles the problem, there will be considerable "pressure exerted" for better security measures. Virus Helped United States Win Gulf War ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [ Courtesy of Toronto Computes March 1992 ] Computer virii have moved from the basements of techno-weenies into the Cloak-and-dagger world of military espionage. According to an American newsmagazine, the U.S military used a virus to cripple the Iraqi airforce during last year's Gulf War. In an operation worthy of James Bond, American intelligence agents identified a French printer about to be smuggled to the Iraqi army from Jordan, according to unidentified senior U.S officials who leaked the story to U.S News and World Report. The agents then removed a chip in the printer and replaced it with a chip that contained a virus. The virus was designed the National Security agency, the magazine said. A spokesperson for the NSA told Toronto Computes that it would be inappropriate to comment on the story. According to the magazine article, the virus was intended to foul up a mainframe computer tied to Iraq's air defense system, said the magazine. "Once the virus was in the system, the U.S officials explained, each time an Iraqi technician opened a window on his computer screen to access information, the contents of the screen simply vanished." Because the virus originated in a printer, it evaded detection by the Iraqi computer. "It's a very sneaky way to get a virus in," said Glenn Price-Jones, technical services director for Wanikas Software Inc. of Toronto which provides a wide range of anti-virus services and distributes VirusBuster software for Leprechaun Software International. "It would make it very difficult to find the source of the virus. You wouldn't expect a printer to cause software subverstion." The operation must have been incredibly sophisticated, he said. "You'd have to know how a central processor and a printer communicate with each other in great detail and how to subvert that." But a virus writer could figure out how to confound a mainframe system if it's one that's widely used, he added. "It's pretty easy to know the system if its in use many areas." But the operation would have been difficult. "Someone would have to have the printer stolen between France and Iraq, change the chip, then put the printer back on the transportation route without any detection." The virus directed against Iraq could also infect innocent victims, said Price-Jones. Such a virus could have infected civil aviation systems, causing civilian airplanes to be misguided by air traffic controllers, he said. It's likely the military and the civilian air control systems used the same type of hardware, making it possible for the virus to spread, he said. "They have to talk to each other or they'll be straying into each others' air space." If the Iraqi military passed along any data to civil aviation authorities, the virus might have ridden along with the data. "With something as insidious as this the virus could hide itself as a data record." But it's highly unlikely the virus would have spread to civil aviation authorities in other countries because they'd have to be using the same hardware and software as the Iraqi military was using, he said. There's a greater risk that the Iraqis discovered which printer chip carried the virus, cloned it, then smuggled it into a printer destined for the military of the U.S. or some other country. But such a smuggling operation would probably be detected before it did any damage. it would be easy for security officials to check for tainted chips by examining every chip and seeing whether they match the specifications of a good chip. Price-Jones said there was no possibility that such a virus could be used to foster world peace, say by disabling every country's nuclear arsenal. "In theory you could do it, but there are too many layer of failuch as DOS Macintosh, and very difficult on mainframes, said Price-Jones. "There's built-in security in a mainframe. You usually can't get access into a mainframe without being detected." It's virtually impossible to run a mainframe without first entering a personal password. And once you've given it your password, the system maintains a record of everything you do. So most mainframe virii would carry the electronic fingerprints of its creator. DOS systems, however are very virus-prone and are becoming increasingly susceptible, said Price-Jones. "There is zero security in DOS systems. You can look at anything you want. It's wide open. As PCs become the global-village network, the risk is getting higher. There are 100 million DOS PCs in the world and they're getting cheaper. A $200 compiler program lets you write a very elegant little virus." A spokesperson for the Iraqi Embassy in Ottawa wouldn't comment on the story and said questions should be addressed to the ambassador by fax. The ambassador did not respond to a faxed request for a comment. AT&T Provides Debit-Card Service To Visitors In U.S. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [ Courtesy of Wall Street Journal May 12, 1992 ] American Telephone & Telegraph Co. and other U.S. long-distance carriers are offering services that let foreign visitors to the U.S. prepay their long-distance phone calls here, The Wall Street Journal reported. AT&T, the nation's largest long-distance phone carrier, said it plans to announce its AT&T TeleTicket service today. It said the debit-card service will assist the caller in one of nine languages and that it has started taking orders for the debit cards which customers use to make the calls. About 42 million travelers visited the U.S. last year, according to the U.S. Travel & Tourism Administration, a Department of Commerce agency. AT&T said its studies showed each visitor made an average of four phone calls per visit last year. "There's a different calling system here and it can be very confusing" to an outsider, said Margaret Barrett, director of Global Consumer Services at AT&T. Unlike the foreign debit cards, AT&T customers won't have to search for a special phone that takes its debit card, according to Barrett. TeleTicket customers will dial a special "800" number to make their calls, then punch in an identification number that also tells the AT&T system the customer's regular language. A recorded message tells the customer how to select each service, including phone calling. Once the call is completed, the cost of the call is deducted from the customer's prepaid card account. In addition, TeleTicket users can also dial the number to gain access to U.S. weather reports, currency exchange information and interpretation services in their own language. AT&T is offering the service initially in nine languages: Dutch, English, French, German, Italian, Japanese, Korean, Portuguese and Spanish. TeleTicket calls will cost more than regular direct dial calls. Under the AT&T plan, a three-minute call to the Netherlands costing $5.10 at regular rates will cost $7.20 using a TeleTicket card. Barrett said AT&T hopes to distribute the debit cards through numerous channels overseas, including travel agents, airlines and tourist bureaus. Other carriers are tapping into this international traveler market. In early April, Sprint Corp. announced a debit card program that lets Japanese and Mexican travelers buy phone call credits in $10, $20 and $50 increments and get language assistance. MCI Communications Corp. said it will unveil its own debit card program for travelers in a few weeks. The regional Bell companies are said to be readying their own debit card programs and some carriers in other countries are beginning to offer prepaid debit cards to travelers. Authorities Uncover Network of Hackers In Credit Card Fraud ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [ Courtesy of Wall Street Journal April 20, 1992 ] SAN DIEGO (AP) -- Police said they have cracked a network of young computer hackers who were able to make millions of dollars in fraudulent credit card purchases and break into confidential credit- rating files. As many as 1,000 hackers, ranging in age from 14 to 25, have shared such information nationwide for at least four years, Detective Dennis Sadler said. He said officers stumbled upon the network while investigating a local case of credit card fraud. An alleged hacker picked up in late March agreed to cooperate and has provided information to police and the FBI, Mr. Sadler said. Authorities refused to identify the person. The probe has led to the arrest of two teens in Ohio and seizures of computers and related items in New York City, the Philadelphia area and Seattle. Police say the hackers can gain access to the computers of national credit card agencies and credit reporting agencies through such major computer networks as Telenet, Signet and Sprintnet. Hackers obtained some information from computers at Equifax Credit Information Services, an Atlanta-based credit reporting agency. "We're still in the process of investigating, and we're working very closely with San Diego police," said company spokeswoman Tina Black. Equifax, one of the nation's three largest credit bureaus, has a database that includes about 170 million credit files. Ms. Black said fewer than 25 files were compromised. Bell Atlantic Picks N.J. Town To Test Technology ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [ Courtesy of Wall Street Journal May 1, 1992 ] PHILADELPHIA -- Bell Atlantic Corp. said it picked Union City, N.J., for a joint test with American Telephone & Telegraph Co. of technology to bring information services to the classroom. The companies announced last October that they planned to test a technology that allows the transmission of interactive voice and data as well as full-motion video over existing copper wires in the telephone network. The technology is called "asymmetrical digital subscriber line," and allows compressed video signals to be carried only one way over regular copper phone wires. It also allows the same line to transmit voice, data and video signals simultaneously. ------------------------------------------------------------------------------ -=- United Phreaker's Incorporated Magazine -=- Volume Two, Issue Six, File 10 of 11 Member & Site Application Form UPI has once more returned and it is no longer the shit group it used to be. We are looking for quality members that are willing to contribute to the group. We are especially looking for people who are experienced in electronics and chemistry, and any other P/H/C/A topic. If you would like to join UPi please fill out the application below then rename the application form to your alais and zip it up and upload it privately to The Cathedral or you can send it to us in ascii form via our internet e-mail address (which is listed in the main introduction). What is your handle? : What is your first And last name? : What is your voice phone number? : What is your data phone number? : What city do you live in? : What province/state do you live in? : What country do you live in? : How old are you? : How many years of experience do you have in the underground? : What are you specialities in the underground? : : : : : What do you have to offer UPi? : : : : : Are you/or have been a member of any other groups? : List anything else below that you want to say about yourself that would convince us to let you become a member? : : : : If you run a board and would like you board to become a site for UPi please fill out the following information. What is the name of board? : What is the phone number? : How many megs does the board have? : What baud rate is supported? : What bbs program do you run? : How does you board support the underground? : Is the anything special about your board? : : : : : List anything else below that you want to say about your board that will convince us to let you become a site? : : : : : ------------------------------------------------------------------------------ -=- United Phreaker's Incorporated Magazine -=- Volume Two, Issue Six, File 11 of 11 [$]==[$]==[$]==[$]==[$]==[$]==[$]==[$]==[$]==[$]==[$]==[$]==[$]==[$]==[$]==[$] !! !! !! U P i - U N I T E D P H R E A K E R ' S I N C O R P O R A T E D !! !! !! [$]==[$]==[$]==[$]==[$]==[$]==[$]==[$]==[$]==[$]==[$]==[$]==[$]==[$]==[$]==[$] Founder And President: The Lost Avenger - Editorial Staff Vice President: Arch Bishop - Editorial Staff Writers: Truth Assasin Black Flag Hardwire Master Of Gold Silcon Phreaker VC Hacker Site Listing: ------------------------------------------------------------------------------ Node BBS Name Area Baud Megs BBS Sysop Number Code Rate Program ------------------------------------------------------------------------------ WHQ The Cathedral 416 14.4 85 Telegard Arch Bishop Node #1 Pango +972 2400 200 SuperBBS Basil Chesyr ------------------------------------------------------------------------------ Freelance writers are always welcome to write articles for future UPi Issues. If you would like to submit an article please send then to The Lost Avenger or Arch Bishop via The Cathedral or send them to The Lost Avenger via Internet E-mail. If the article is not accepted you will be notified and let known the reason why or why not, your article was not acceptable. But don't be discouraged if your article wasn't acceptable, you may submit more articles even though one of your other submissions were not accepted. New members from anywhere in the world will always be welcome. If you wish to join the group, you must logon to The Cathedral and acquire an account. Once that's done, you need to ask TLA or AB for the UPi questionnaire to be used to evaluate you. Once you pass, an email of congratulations will be sent to you and you will be able to participate fully in the group in addition to getting your name on this elegant introduction screen. Impress chicks with how you're a member of a premier international organization of freelance anarchists with the capability to reach out and touch a globe. [$]==[$]==[$]==[$]==[$]==[$]==[$]==[$]==[$]==[$]==[$]==[$]==[$]==[$]==[$]==[$] !! !! !! U P i - U N I T E D P H R E A K E R ' S I N C O R P O R A T E D !! !! !! [$]==[$]==[$]==[$]==[$]==[$]==[$]==[$]==[$]==[$]==[$]==[$]==[$]==[$]==[$]==[$]