phrack/phrack48/16.txt

342 lines
18 KiB
Plaintext

==Phrack Magazine==
Volume Seven, Issue Forty-Eight, File 16 of 18
THE TRUTH, THE WHOLE TRUTH AND NOTHING BUT THE TRUTH-
-a story of the 'BT-Hacker' scandal.
By Steve Fleming
Sitting in a chilly university computer department in northern England
was in itself exhilarating. The mid-February climate made it cold; my
head was buzzing with voices chatting freely about gaining access to
secret computers, acquiring free telephone calls and how to fashion
'bombs' to maim or kill lecturers and 'Senior Vice Principles'. There
was nobody else in the room, all the company was just under a meter from
me in CyberSpace, that alternative universe where anything is possible
and everyone is somebody they want to be. The stories were
extraordinary - in fact they were incredible, an eclectic mix of fact
and fantasy bound together by expert social engineering.
These CyberSpace 'cafes' are the BBS' - Bulletin Board Services - and
are the stock-in-trade of the electronic community. The Internet is
connected to some of them, but the best ones, the ones with the best
chat and the most exciting files are not - you get the dial-in number
from another user, and have to then beg to use the service. It is
interesting to note that the Internet has now become a generic term for
on-line communication and suffers as a result of its inappropriate use.
Blaming the Internet for anything is like apportioning culpability to
'society' - fine for academics but otherwise a shallow construct.
I have known some computer experts in my time, and still some 'reformed
hackers' count as my best friends - I really wanted to find out if a
major British computer could be hacked or if it had been done. The UK
has some of the most draconian secrecy laws anywhere on the planet, so
if secrets are found, they tend to be kept secret. When people start
talking in CyberSpace, they really talk and talk and talk. Their voice
has no tone or volume, no emotion or mood - it can be like talking with
a form of electronic psychopath sometimes. But there are inventive
ideas 'on-line', and sometimes you can SHOUT, but this is quite rude,
mostly pictorial punctuation (the smiley) is the key. You can indicate
a smile :-) or a frown {:-( and you can even indicate sarcasm ;-) with
a sly wink. It's interesting to note that irony is not really a north
American thing at all; sarcasm is a CyberSpace thing. I wouldn't say
that I am an expert, I wouldn't even say that I was very good with
computers, I'm always learning. My qualifications are in science;
Biology and Psychology, not computing. What this gives me is an urge to
investigate assuming a null hypothesis - I disprove things in short.
It's funny to think that most of the press followed a placed PR line
that I must be a '... twisted computer boffin who had broken into an
'...entirely robust...' computer system'. And my, did that title stick
- friends from Hong Kong to Turkey called to say I was a computer expert
all over the world! This was very effective and obviously placed by
someone with powerful influence, perhaps advertising influence? It
doesn't really matter, bad journalism is all over and we all have a
living to earn - I however, would never do it at the expense of a
colleague.
There was the vision of news editors screaming, "... get me some
secrets!" - they simply couldn't believe that a freelance with only a
few published pieces could have brought in such an impressive story with
a scandal at every level - so they capitulated with the 'boffin' lie and
went back to boring, standard, sloppy 'background' on this 'hacker'. It
was actually a bit of a personal tragedy, my on-line persona was
cracked, there wasn't very much in my life at all, quite a boring person
really; like most journalists who spend a lot of time observing rather
than doing. The Today newspaper had some hot tip-off's from people I'd
interviewed in the past, one man in particular who had lied in a silky
and attractive way for two and a half hours had been doing the same to
them. The fact that I wrote for a 'gay magazine'. Shock horror, a
definite Philby, Burgess & McLean story breaking. What a bit of
investigate journalism that wasn't, I wrote under my own name! Was he a
spy, was he working for Libya, Israel, MI-6, MI-5, the Labour Party,
Duncan Campbell, Richard Gott... and then there was the 'shit-bagging'.
This happens when tardy investigators are ignorant of the facts,
automatically they assume it should be them who had the story, if only
they'd had the time. But this is all history now, and I forgive them
all... but I never forget.
How could a temporary member of staff see all this secret information?
The list forming in the mind of the press (and I do think in situations
like these one surprisingly tiny mind) went something like this:
1. They aren't secrets at all.
2. BT would know if anyone had looked at the secret stuff, so
they'll catch the whistle-blower; probably working for computer
security within BT.
3. Fleming is a computer expert, he's hacked the system and is
spinning a story to prevent him being found out - and he's not a
'real' journalist and we are.
Well, there was clear evidence that the stuff was very sensitive, so
strike number 1 from the list. How could they wait for stage two, if it
is the case it may take days or weeks, so they couldn't have that -
anyway the Independent had shown it could be done away in time or place
of Fleming. The only option was; who's there, who'll talk, and how can
we retain credibility as journalists - repudiate the freelance!
There was no shortage of shit-bag material; 'various anonymous
sources... unconfirmed reports... it seems likely etc.' Some even
fancied the idea that the details were shocking, but lets just do it all
ourselves and dump on Fleming from a great height? It really was like
being on a maggot farm, wading through pen after pen of repulsive,
brainless, panicked... maggots.
The truth is that there was no great skill involved in cracking BT's
computer, it was so easy my pet parrot could have done it with only one
claw. Many companies are confused about computer security and what it
means. The sharp young suits talk about 'magneto-optical storage
facilities' and 'EPROM or WORM access'. The captains of industry nod
sagely, they run the ship and leave the deck scrubbing to junior
officers. These proud, self important and generally thick as two short
planks when it comes to computers men, authorise huge budgets for the
whiz-kids who play with the money, buy new things, install new software,
'patch' the operating system, attach ISDN cards, issue user ID's after
extensive family checks. You name it, and these guys do it, and they
love it. They install password checkers that look for hackers (or
errors) and disconnect users for 15 minutes if they get their passwords
wrong three times. The captains of industry still discuss 'wireless'
and 'word processors'. The bright young men should be allowed to deal
with all the computer stuff, it's not that the captains can't understand
it or anything like that, they just don't have the time.
Staff who have to work the systems couldn't care less about the
'advanced software engineering' that went into the system. There is as
much 'social engineering' as any other sort when it comes to computers
for industry. So they have to remember passwords that change regularly
and they have to remember to get that report done, and see the boss and
train the new staff and type that letter and claim those expenses and
design that form and... it's a lot to remember. When folk have a lot to
remember they make lists, and those lists include passwords - sounds
like an opportunuty for 'trashing'. They simply look through the
rubbish and see what they can see. Sometimes someone writes down a
password on a post-it note to let someone into their computer for some
reason, that person enters the password and makes a note in their diary
of it and pops the sticky in the bin. Then, in these busy offices,
staffing levels are being cut. The managers need a dozen staff, and
have four. They are allowed to contract from a temp agency and top up
the office. These people are often unemployed graduates. Clever, but
very, very bored. They don't get paid much, 4.00 an hour. That's what
I was paid to write a nationwide database suite for BT but there I have
to stop, the gag is cutting into me. They just want a decent job, and
try to impress in case they get offered one, and the companies play on
this and exploit without mercy. 4.00 an hour and they want unbridled
enthusiasm, ideas, loyalty, commitment - who are they trying to kid!
The computer administrators say they can't give temporary access to the
system, '... it can't be done.' Well what do you suggest? 'You'll just
have to make do, it's the system, can't help, sorry.' You need a dozen
workers, perhaps 6 need to be on the system, you have 5 passwords plus
another of the departmental manager making six. Why not let the temps
use these passwords and you can get on with the more important stuff,
can't be any harm in that? It's not as if we're using them? However,
temps are just that, temporary - they move on. Consequently with all
the changes you make up a folder with all the passwords and then they
can just flick through that to find a password, it doesn't seem all that
insecure does it?
And there we have it, passwords being shared, passed, written down,
typed in and shouted across the office. You can forget about any notion
of security, the moment you take that step the whole system is
pointless, you may as well print out all the secret information and sell
it in Dillons - it would certainly make the phone book a best seller!
Better still if the marketer's got what they wanted, put it on CD-ROM
and charge a fortune for it at christmas;
The Multimedia Secrets Collection, 199.95!
The ideal christmas gift for the spy in your life. Includes music from
around the world. BT, it's good to talk! NB it may be an offence to
talk to anybody about this.
Now you see why BT are keen to quell this espial, they know the
situation, but don't want it publicised, it's very embarrassing for
goodness sake - they have a contract to advise the government on
computer security! Frankly, I couldn't care less if some BT mandarin
gets a red face, it is no concern of mine. What is, is the fact that
these secrets are not encrypted and are broadcast around the country on
computers and are available to just about anyone who cares to look at
it. The only warning displayed was 'Unauthorised access is an offence
under the Computer Misuse Act (1990)' - but this access isn't
unauthorised, is it? This notion of 'confidential' is a joke. BT's
computers happily broadcast your ex-directory telephone number (and soon
your name) down the line unless you make the choice to prevent it. What
is confidential about that? The public interest is of prime importance
here. The scandalous intimition in my legal gag is that I am risking
national security? Me! Well I have a lot to say about that, it's not
me that allows any old temp to see secrets, and I have never printed a
single telephone number or details of any equipment, unlike some
respected others. I brought the fact this could be done to light in a
responsible journalistic manner.
If I was such an expert, the intelligence service would have snapped me
up immediately, BT would have paid me off and the government could have
avoided embarrassment. But I'm not, I'm a journalist. The Independent
published this story and I have respect for them, they took a risk and
then wanted to distance themselves from me, which I understand. It was
however a lonely, cold and frightening experience which is not yet over.
The governments of these lands talk big about how the information
superhighway will change all our lives, and how committed they are to
servicing this new form of infrastructure leading to a new, fresh and
exciting dimension - but they also punish, abuse, prosecute, imprison
and destroy the lives of the people who may be far better able to
exploit their ignorance and expose the sensitive underbelly of their
power - their information. If you ask me, the old guys will make
CyberSpace just as ugly and corrupt as the society they have already
spawned, nurtured and set on a path of destruction out here. I for one
don't want or need their advice, support or money - let them lay in the
bed they have made, I'll stay in CyberSpace.
------------------------------------------------------------------------------
- Related Info Appended by the Editor -
DCS DISPLAY CUSTOMER SUMMARY ??/??/?? 11:41
Name : THE CHIEF CONSTABLE Telephone No : 031-315 2007 NQR
Account No : 8077 0366
Address: LOTHIAN & BORDERS POLICE Customer Type: BUSINESS VOLUME
POLICE HEADQUARTERS Installations: 1
5 FETTES AVE
EDINBURGH LINE DETAILS
EH4 1RB Installed : 26/08/88
Line Status : B/W
Curr State :
Inst Class'n : BUS SINGLE EXCL
ORDER Exchange Type: TXDX03
RECEPTION MARKER Recent Order : YES
Contr Signed : BILLING
REPAIR CONSENT Method of Pay: ORDINARY ACCOUNT
: NO Systems Bus : C A/C U/Enquiry: NO
Servicecare : NO Sup Serv Bus : D D/M Case : NO
O/S fault : NO Cust Options : STANDARD VRUF
Hist fault : NO OSC Ind : NO
Hazard : CUSTOMER CONTACTS
Warning : Issue : NO Notes : YES
BRDCST MANAGERS USING NJR-PLEASE DNB"NJRNEWS" FOR UPDATE ON CALLOUT PROBLEM ES
4A_ O-O
DCRD PRODUCT TARIFF DETAILS ??/??/?? 11:41
Exchange Name : DEAN Tel No : 031-315 2007 NQR
Installed : 26/08/88 a/c No : 8077 0366
Inst Class'n : BUS SINGLE EXCL Notes : YES S/S No :
QTY PROD ID SHORT DESC or MSC / CP NOTE TARIFF:RATE TOTAL
1 A14499 C EXCH LINE + LINEBOX 32.66 32.66
*
1 A10117 C BASIC DIAL PHONE 4.70 4.70
*
1 A12481 C PRIVACY SET NO 8 51.75 51.75
*
TARIFF GRAND TOTAL : 89.11
ES
4A_ O-O
DIN DISPLAY NOTE DETAILS ??/??/?? 11:41
Installation : THE CHIEF CONSTABLE Tel no : 031-315 2007 NQR
Name
WRITTEN < AUTHOR > EXPIRES
8/ 2/94 JOSEPHINE/8813 8/ 2/95
A/.D LTR SENT FOR 0506843235,0313322106
0506881101 AND 0313152007
DCS DISPLAY CUSTOMER SUMMARY ??/??/?? 11:43
Name : LOTHIAN & BORDERS POLICE Telephone No : 031-332 2106 NQR
Account No : 8076 9640
Address: POLICE HEADQUARTERS Customer Type: PAYPHONE BUS
5 FETTES AVE Installations: 1
EDINBURGH
EH4 1RB LINE DETAILS
Installed : 04/10/83
Line Status : B/W
Curr State :
Inst Class'n : BUS PAYPHONE
ORDER Exchange Type: TXDX03
RECEPTION MARKER Recent Order : NO
BMC/C/N/ / / Contr Signed : YES BILLING
REPAIR CONSENT Method of Pay: ORDINARY ACCOUNT
: ** Systems Bus : D A/C U/Enquiry: NO
Servicecare : S Sup Serv Bus : C D/M Case : NO
O/S fault : NO Cust Options : SINGLE LINE OPTION
Hist fault : NO OSC Ind : NO
Hazard : CUSTOMER CONTACTS
Warning : Issue : COM Notes : YES
ES
4A_ O-O
DCRD PRODUCT TARIFF DETAILS ??/??/?? 11:43
Exchange Name : DEAN Tel No : 031-332 2106 NQR
Installed : 04/10/83 a/c No : 8076 9640
Inst Class'n : BUS PAYPHONE Notes : YES S/S No :
QTY PROD ID SHORT DESC or MSC / CP NOTE TARIFF:RATE TOTAL
1 A17867 C PAYP LINE SKTD SGL LINE TG10 32.66 32.66
*
1 A19493 C OPTION 50 NON-ISDN SITE LINE 0.00 0.00
*
1 A11790 C INTERNAL EXTN OFF MASTER SCKT 0.00 0.00
*
1 A17817 O MINSTREL PLUS PHONE Outright sale
FREE GIFT - NO GUARANTEE
1 A11810 C METER PULSE FACILITY 6.70 6.70
*
1 A19398 C PAYPHONE 190MP TABLE-TOP MODEL Outright sale
KEYHOLDER BETTY MITCHELL ON 031.311.3338
1 Standard Care charge on A19398 12.00 12.00
*
TARIFF GRAND TOTAL : 51.36
ES
4A_ O-O
DIN DISPLAY NOTE DETAILS ??/??/?? 11:43
Installation : LOTHIAN & BORDERS POLICE Tel no : 031-332 2106 NQR
Name
WRITTEN < AUTHOR > EXPIRES
8/ 2/94 JOSEPHINE/8813 8/ 2/95
A/.D LTR SENT FOR 0506843235,0313322106
0506881101 AND 0313152007