u ~a,(}tl1;pted.l,ffiA( p ~ ' . e ' .. . , ..JJ!!Tli~" D',' TIfi!:~_I':Hal:ker!itMiiiBiiiB! This magazine is dedicated to the curious people who want to know the "Inside" technical Information regarding • computers, BBS's, the telephone company, arcade games, radio equipment, general electronic equipment, cable and other utility compan ies and anything/everything nobody else wants to talk about...or might not even KNOW aboutl Are you a hacker? Are you curious? Do you want to know how~t-works? Then you want to read this magazlnel I Volume 5, Issue 2. Second Quarter. Fall 1998. $4.95 US $7.25 CAN Another utility truck . Nothing really important about this guy except we found it and two others just like it sitting by themselves in the back ,end of a large parking lot. So, what the heck, why,not take a few snaps of them? That's what we were thinking anyway. How many times have you driven, walked or run by a utility van with the doors wide open and wondered, "what do they have inside this beast?...Maybe I should stop and take a peek." Yeah, and then you keep on driving, walking or running on by and don't bother satisfying your curiosity, Why not? No time? No guts? No interest? Well, you had better be interested at the very least. It's this very interest, or curiosity if you will, th.atdrives the hacker mentality. Perhaps you're a hacker and don't even realize it. Being a hacker isn't bad in itself. A hacker lives to know more than your average Joe, constantly seeking out'new ideas and iriteresting situations. What a hacker does with the knowledge he (or she) does possess decides whether or not that hacker is "bad", Enough with the what-kind-of- person-is-a-hacker lesson. In this issue we've got some cool stuff to look over. If you're into hacking with your Mac, we've got ya covered. If you're into hacking in any way, we've got ya covered. So, read on. Inside this issue: Central Office Operations, Wingating the Net, Caught in The BlackHsted Web, Mac Spooling, Eyeblilling U, Guide to Hlickirig Clible, The Bilick Mlirket, Beige Boxing for Free, CDROM Review, How to be 1I Detective, BllIcldistad Photo GlillelY, Federlll Govemment Frequen~ list, News lind Updates, uj ::i Avoid.the Kinkoid, Tony's Workshop, Hlicking the Trllil lind aLOT MOREl! .. "' .... "! This publication brought to you by Syntel Vista, Inc . .I ----~-----------------------------. Address all subscription correspondence to: : Blacklisted! 411 Subscription Dept., P.O. Box 2506, Cypress, CA 90630 I : I Office Line: (909)738-0406 FAX Line: (909)738-0509 I ._---------------------------------~ ISSN 1082·2216 Copyright 1994-95-96-97-98 by Syntel Vista, Inc. All opinions and views expressed in Blacklisted! 411 Magazine are those of the writers of the articles, and do not necessarily reflect the views or opinions of any Syntel Vista, Inc. staff members or editor. Blacklisted! 411 Magazine will, from time to time, contain articles on activities which are illegal. This information is provided for an informational and educational purpose only, and is not intended to actually be used to commit these crimes. Syntel Vista, Inc. staff takes no responsibility for any illegal information published in the rnaqazine and all risk is solely that of the reader. We do not promote illegal activities - we write about them from a "this is what's being done - and YOU should NOT participate in" point of view to advise readers of crime activity. Everything within Blacklisted! 411 is protected under the First Amendment of the United States Constitution. Furthermore, no fraud or conspiracy is to be assumed . Blacklisted! 411 MagaZine strongly supports the idea of Freedom of Speech, and will publish ANY articles which we feel are of sufficient quality. These articles will often contain material offensive to certain people. If you cannot handle this, please do not read the rnaqazlne. This information includes (but is not limited to): Information on the computer underground; anti-govemment material and material relating to hacking, phreaking and other similar interests. Again, if this sort of thing offends you, don't read the rnaqazine, or at least don't read the articles which you find offensive . Our purpose is not to offend, but to educate. All rights reserved. No part of this material may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without the prior "'" written permission of Syntel Vista, Inc. <, _ Syntel Vista, Inc. publishes the advice of people in many fields. But the use of this material, is not a " iubstitute for legal, accounting, or other professional services. Consult a competent professional for am;w",~ur specific questions. Syntel Vista, Inc. P.O. Box 2506, Cy ress CA, 90630 9035768ABBAJBVJB-o , m Printed in the United States of America " >." Blacklisted! 411 5TAFF Editors Main Office Grunts Zachary Blackstone Dave S., AJ, Tyke Alexander Tolstoy Distribution Co-editor (our backup) Greg, Boiler, Syntax, David B. Dave S. Artwork Photographs Derek Chatwood - A.K.A. Searcher Daniel Silvercloud, Beaver Kate 0., Parallax, Mason/Wolf Blacklisted! Submissions/Supporters/Friends EyeRB Skywise - MrEUser Shiva Line Tech cronus ShorlFuze Telecode Ender Wiggin THUD Magazine Group 42 GoldFinger Tony deBuzzard 367 Consumerlronics ....and a few ANONYMOUS people Inside this issue: 4 Intra 48 News and Updates 4 Letter From The Editor 51 Wingating the Net 5 Letters 52 CDROM Review 12 Guide to Hacking Cable 53 Caught in the Blacklisted! Web 21 Avoide the Kinkoid 54 Tony's Workshop 22 Beige Boxing for Free 55 Blacklisted! 411 Photo Gallery 23 How to be a Detective 56 Hacking the Trail 26 Central Office Operations 57 Eyeballing U 28 Check us out on IRC 57 Deadlines 30 Federal Govt. Frequency List 57 Greetings From THUD Magazine 34 The Black Market 58 Monthly Meetings 37 Unlbomber's Manifesto Part 5 59 Subscription Info 38 Mac Spoofing 59 Backlsuues Dumb Questions are better than smart mistakes! Introduction It's about time we change this introduction since we 've been didn't have any money . NO MONEY! running the same text for I don't know how long. So, here we have Blacklisted! 411 in 1998. We've been around (in paper So, occasionally, we'd print up a few copies on our top of the form) for 4 years and we're well into year number 5. Boy, line brand spankin ' new 9-pin dot matrix printer and run off a few photocopies in the media center at school. We'd pass have we grown! It really is an amaz ing outcome isn't it? these out at the local "copy meets" and leave a pile of them How did it all start? anywhere we were allowed to do so . I'm oniy guessing here, but I think people photocopied them and then those were It's 1983.. Start with a bunch of guys with common interests. photocopied, etc. I wonder just how many generations made We're in high school. Hacking was the "coo l" thing to do and it out there . So, we never really put much effort into making a so a few of us got together and formed the "Blacklisted "real" magazine out of it. Hackers Group".. We were all into our Alari computers, Commodore computers. electronics, sciences. arcade Years went by and the Blacklisted! 411 info site grew into a games , etc. We built projects, hacked into this n' that, came 2-line system. Information was passed around strictly by up with grand ideas and tried to make them into some sort of modem (unofficially on paper) and we never released another reality, hung out, had lunch, talked, took notes, poked fun at disk based (or otherwise) copy of Blacklisted! 411 after June the weirdo 's on campus, etc. of 1987. Now , around the same time , "Blacklisted! 411" started as a All of us were now out of high school and onto college , work hackers "disk magazine" distributed among the Commodore and the bigger/better things in life. This situation forced the 64 circles on a monthly basis. Actually, it was named once thriving Blacklisted! 411 group to put every1hing on hold "Blacklisted! 411, the hackers monthly" when it was in disk until one day we could again revive it and put it into print. form. Perhaps some of you remember it? We gathered all of Paper print, that is. Nobody thought it would ever happen . our notes, other peoples notes, questions and answers and every1hing else we could find and compiled it into our 1993 comes along and it's nearing the end of the year. Most wonderful creation: BLACKLISTED! 411 THE HACKERS of us are now out of college and working full time. One person in the group (me , of course) decides to start up the MONTHLY. defunct Blacklistedl411 idea and run with it. As the title quite clearly states, we distributed the disk magazine on a monthly basis using any means available to us It was extremely difficult. The group was no more. I was the at the time . Most of the members of our rather small group only one of the original group rema ining that still had the had no money to speak of so purchasing the amount of disks hacker spirit inside of me. I had some money . I had the will w" did was a miracle in itself. Every month , like clockwork, to make it happen . I gathered as much info as I could and compiled it, using the same method I did before . This time, 150 disks were released . however, I was equipped with some top of the line (at the One-hundred-fifty disks sounds so miniscule when you think time) computer gear and took my first shot at page-layout. about it from the perspective of being in the late-90's, but trust me, it was an immense amount back then - in both sheer Blacklisted! 41 1 Volume 1, Issue 1 First Quarter, January number and cost. When computer usage was limited mostly 1994 was released shortly thereafter. to hardcore nerds, hackers and science-related business Blacklisted was finally BACK and it's still here. The issues folks . Not like it is today, when every Tom, Dick and Sally were released monthly and distribution was small. After a (trying to be gende r-courteous here) has a computer, even year passed, it was decided to try a quarterly format in an though . they have no idea how it really works - but that's effort to increase distribution. Anyhow, over the first year , I another topic of discussion, right? managed to get in contact with many of the aid group Eventually, modems caught on and file transfer became more members and they are now active staff members once again acceptable as a form of exchanging information. Then, We are of the oldest group of hackers still remaining and utilizing the power of a Commodore 64, came our Blacklisted! releasing gathered and compiled information within the 411 info site which anyone could log into without handle or hacker community and the mainstream community as well. password . It was a completely open message center. Using We still have the same hacker mentality and code of ethics strictly X-modem or Punter, you could download the latest from the 80's . Hackers are not thieves - they're curious . We Blacklisted! 411 text file or readlieave "messages" which are are not elitist hackers by no means and no question is a now commonly known as newsgroup postings. We had only stupid question. We're not going to knock you down , call you one message center, no email capability & only 1 phone line. a "lamer" "Iamah" or give you shit for being a newbie! Every At this time (1964), a new magazine called "2600" popped up hacker started somewhere. We remember this most out of nowhere. Personally, at the time , I never saw it but I fundamental fact and we will NEVER forget it. heard rumor of it until finally, one day about a year later , I saw If you have questions, comments, articles. ideas, flames, some photocopied versions of it floating around . Our little general "screw you guyz " messages or wish to offer support in group though it was pretty damn cool to see something in some way, please contact us immediately and let's see what print for a change ..'why didn't we think of that? Duh , we we can do. Thanks for your support, hackers! As you can see , I changed the introduction to the magazine . It was We're making someminorchangeswithBlacklisted! 411 witheach about time I did something with it, eh? I thought so. too. Since I issue and I ask for the readers to send in their opinions on this had so much to say about the history of Blacklisted! 411 in the matter. We're very interested in dropping the sovereign citizenship introduction, I don't believe I need to speak of this particular topic and politial-bend articles because, well , they're not really hacking for awhile . Ok with you? Good. We have new phone numbers!! related topics. Of course. there's politics involved in almost everything, I'd like to toss the non-hacking related material out. I The premier issue of THUD (a sister publication of sorts) was know that Blacklisted! 411 has made a nice little cozy place for released along the same time as our last issue of Blackl isted! 411. I itself over the years and people gobble it up as fast as we can make need to mention it. It's already taken the hacker community by them. but I'm not too sure what everyone really thinks of the type of storm. Good for THUD! I don't know how many times I've material I am speaking of. What do YOU think we should do? Axe wanted to crack a joke about the name, but I hold back. Man, I it completely, keep some of it or keep it at the same level as it is really try to hold back. Perhaps I should just refer to it as "The now? I really want to hear from as many of you as I can. So, call, Hackers Underground Digest.... Yeah, that sounds better. Heh. write, or post about it on the internet. We will hear your opinion Contact 'em at: P.O. Box 2521. Cypress. CA 90630. It looks very. c one way or another. With that in mind. I'm going to cut this section very cool. The first issue really surprised the hell out of me. short and let you get onto the hacking material. Seeya next time. 4 2nd Quarter - Fall 1998 Blacklistedl 411 Dear Blacklisted, or hard drive that you wouldn't mind sending my way and I just got off a 4 month deployment to the Persian Gulf and popping them in a nice little box and mailing them to me (I'm happened to take 2 copies of BL!411 with me (v4i2 & v4i3). not sure if "FREE MAnER FOR THE BLIND" applies to Needle ss to say, they helped me keep the faith while I was packages ) it would make my da y and week and month and so away from my computer! I also have collected some on. I espec ially need plans for hOw to get on to the intemet interesting thing s from over there that you may be interested free through any channels which I can acces s from the house. in publishing. Keep your mailbox cleared for them somet ime This would mean a lot to me. Than k You in the near future! Maybe someday the rest of the world will see things from OUR perspective, with kick ass rags like P.S. Where can I get an updated and corrected version of the yours . they 'll have no choicel Thanks! Anarchist's Cookbook? I have included a drawing with this letter in case you actually decid e to use it or this letter . Feel P.S. Got any BBS lists for SoCal???? (619.760 AC ?) free to edit this letter as much as you want too if it is printed. Morpheus Mr. Happy Camp Pendelton, CA Madison, NC Routed> U.S. Snail Mail Routed> U.S. Sna il Mail We'll be on the lookout for the material you're going to be No editing necessary. Thanks for the praise and for hanging sending us. As for a current SoCal BBS tist well, we donY » in there. The cheapest method of/e am ing in your case would have one that 's "current" and I'm on this anti-BBS kick lately be the intemet. If you do indeed have some buddies that because too many people complain about the BBS lists we allow you access to the intemet, here 's your gateway into the supplied. Let m e offer this: Someone send me a current wonderful world of free informa tion. Get on Yahoo, Southem Califom ia BBS list and I will print it. Man. I miss the Webcrawler, Excite, etc and do a seach for "hacker" "hacking" good old days of having a BBS at every street come r. "cracking " and see what you come up with. While you're at it, search for "Blacklisted! 411" and "2600". Get on the alt.2600, Dear Blackliste d! 41 1, alt.hacking. alt.phreaking newsgroups and read read read . Hey , how's it going . I am a newbie lwannabe hacker with quite If's all FREE. a few -impediments concerning the furtherment of my knowledge (I'm referring to resources . not actual learning Now, if you oon't have intemet access and you still have the disabi lities) . I hope you don' mind the follow ing bitch session . crappy little compufer you mentioned in your letter, you still The first problem that I have is that my computer sucks. The have a pretty useful tool sitting there. It mighf not be as fast comput er is so outda ted that I literally ca n't run a single as the new systems of late, but it's still fast enough. Hell, all prog ram in an entire Best Buy (c). It's a Winblow s 486DX2, of us over here learned this crap when the Commodor e 64 400 MB hard disk. 8 MB's of RAM, 14.4 fax modem , 2XCD- and Apple II, IIGS, etc were top of the line and our ROM pile of evil ENlAC spaw n (not to insult ENlAC ). Oddl y felecommun ications connection was only 110 baud.... or 300 enoug h I also don' have an intemet conn ect ion due to a baud if we were lucky.. anyho w, I'm swaying from the point , technoph obic father (luckil y I have others wh o help me out I'm trying to make. Use that computer of yours, log onto some wah this problem) . And worst of all, I ca n' get any money... local BBS 's and download all the free text files you can find. legally ... because I live in a place where the words neighbo r I'm sure there has to be something local to you. I know the and poputation center can' be pronounced in the native internet has all but killed the BBS scene - you can still find a tongue (southern drawl). Th is prevent s me from upgrading die hard hacker running his single line BBS somewhere . my computer to something that can actuall y calculate math problems before I get tired of w aiting and do them in my head. Now, if any of the read ers has any spare junk they want to Oka y, pity party is over , now on to the real letter.' send to Mr. Happy, please packag e it up and send it to us and we'll forward if to Mr. Happy. I think your magazin e is great! The articles are simple enough to understand even for someone who has no training In fact, right now wouid be a good time to starl up a yet they still carry informati on which would be useful to the "Blacklisted Stockpile " where we could send some stuff to elite. I also think that a nice little section for newbies like needy peopl e as they requ est it. Now I know ail of you out mys elf would be a nice add ition. It is one of the few there have something you can spare. OlrJRAM, hard drives, magazines that continues to be untainted by the corruption monitors, etc. Why not offload that crap and send it to us? and control of the powers that be. KEEP IT THAT WAY! We get so many requests from people like Mr. Happy who Than k you for creating this magazine . cent afford anything and would be happy for some new toys to play with. Bf' a pal. Send it on in. Here is my que stion to the staff of Blacklisted l 411: What is the absolute cheap est way that I cou ld leam the absolute Blacklisted , most about hacking. phreak ing, and all things great and anarchic? I have been troubled wi th finding things out about I love your Mag . I came over from 2600 and I think it is great. hacking, etc. due to my con flicting opinions as to whether my I have one question : could you send me a full copy of the self-education was morall y and legally within bounds. This Unabomber's Manifesto? I would be willing to pay for it. com ing from people who still hold KKK rallies at high schools Thanks . and traffic drugs like candy through our children for a personal thrill . They try to keep people like us within constra ints and A. Gower have us good and stupid so that we won' ever break our Englewood, CO leash and will always be a sitting target for their schemes of Rouled> U.S. Snail Mail sucking the life out of us until we can't put up a fight. Sorry about getting off track again, I've got a lot on my mind and I P.S. - If you could send me any hacking BBS's for (303) area probably won' be editing this lelter. I was hoping that you cod e I wou ld be much o bliged. would be able to provid e me wah a nice long list of compa nies and websltes where I cou ld get free or next to free hacking , Wow, now that 's two people asking for BBS numbers ... Anyone want to hand over a current list of BBS numbers in etc. tools and things tha t would help me on my way . Any the 303 area code for Mr. Gower? personal advice would be more than gladly accepted. If a isn't too much trouble , if the staff of Blacklisted! 4 11 could find It in Mr. Gower, we can send you that Manifesto but you need to the kindness of their hearts (wink, wink , nudge , nudge, beg & send us a letter with a mailing eddress ; The post office strikes plead , beg & plead) , perhaps a few of you could throw again. Your letter was in poor shape when it arrived. Need togethe r a few things that are just laying around in the garage we say more ? Damn post office . Blacklisted! 411 2nd Quarter - Fall 1998 5 Altention 411 Blacklisted: Dear Blacklistedl 411, I need information. I need to know what or where I can SUBJECT: PHONE SCAM research, so I can obtain info on e-mail hacking. I am not lazy, so I don't want the answers on a plalter. Instead I'd like I received email today from a friend passing along info references so I can train myself, the cyberpunk way. It's regarding a telephone scam making the rounds. I'll explain dedication! I want to read my ex's e-mail never leaving tracks. what I heard and then what I was able to verify. If anyone has any info please write me @ via snail mail 5109 SW 87th Terrace Timber lakes Cooper City, Florida 33328- I was told that someone received a telephone call from an 4335. Thanx I!! Pharewell, . individual identifying himself as an AT&T Service Technician Anymous who was conducting a test on their telephone lines. The Florida alleged technician stated that to complete the test they should Routed> U.S. Snail Mail touch nine (9), zero (0), the pound sign (#) and then hang up. Well, folks you got the address. They were suspicious and retused. Upon contacting the telephone company they were informed that by pushing 90# Dear Blacklisted 411: you give the requesting individual full access to your telephone line, which allows them to place long distance I just picked up the last issue of the magazine, and found that te!ephone calls billed to your home phone number. They were I had left some information out of the article on the LAPD's further informed that this scam has been originating from radio system . I apologize, but by the time I finished the article, many of the locai jails and prisons. This info was supposedly it was some really nasty early hour of the morning, and I just verified with UCB Telecomm. put the stuff in the envelope and sent it. I called GTE and was told that this scam is only possible if the To complete the missing sections of the MDT information, 90# is pushed on a phone system that requires you to dial 9 there are in fact five MDT channels, and they are divided to get an outside line, typically businesses. It cannot work on geographically . a standard residential phone line, according to GTE. DIVISION USE RPTIN RPTDUT It goes without saying that you should be suspicious of Valley Bureau Mobile Data Terminal A 155.370 159.150 anyone calling and asking you to test your line in any matter. South Bureau Mobile Data Terminal 8 155.010 158.910 Central Bureau Mobile Data Terminal C 155.520 159.180 Good luck. Citywide Mobile Data Termina! 0 155.580 159.030 West Bureau Mobile Data Terminal E 155.070 158.865 E.Coli (location withheld) For some reason, they don't use (Pl) tones on the system. Routed> U.S, Snail Mail The radios that connect the MOTs to the system are usually Iiltle Motorolla GM-300s or Maxlracs, and can be found in the Blacklistedl411, older cars either in the trunk with the trunk units of the other radios, under the drivers or passenger seats, and in the I would like to see two things. First I would like to see a newest cars are actually in the glove compartment. Hacker Defense Fund set up. It would help pay legal expenses for hackers who get caught. Second I would like to Keep up the good work. see hackers target people who send spam and the companies who pay to have spam sent. God how I hate Phone Scum poepie who send shit like that. (location withheld) Routed> U.S. Snail Mail BenDover VeniCe, fL Thanks for the update. Hope to hear from you again. We got Routed> U.S. Snail Mail an aweful lot of happy-happy response from that article. If We hate spammers, too. Doesn't everyone? Anyhow, we'd you'd like to send in anymore articles, go for it. I'm sure the like to see a hackers defense fund but nobody seems to want readers will enjoy it. to drop money into something like this. Do any of the other readers have any comments or ideas on this one? Are you an artist? Do you like Blacklistedl 411? Do you hate BlacklistedI411? Well, ifyou're looking for work, itdoesn't matter if you like us or not, does it? Ifyou'd like to show off some of your talent, why not send us some sam~es on PAPER or send us a FAX telling us of your interest. We'd be happy to show off your work, give you afree subscription or make some other alTingement if necessary. Ifyou're interested, take alook "'rough lIte magazine and make note of lIte existing artwork. Think about itand try to come up with something com~ete~ original and along "'esame general "'eme of lIte magazine. A few ideas to consider: Pirates, Skull & Crossbones, Einstein, Computers, Phones, Cable TV, Satellite TV, Radio, etc. Here's who you send your artwork to: Blacklisted! 411 ARTWORK P.O. Box 2506, Cypress, CA 90630 We WANT to hear from YOU! Our artist at the moment is a very busy person and has not been able to produce much new artwork over the last year. Have you noticed? Anyhow, we have heard from many people showing some interest in helping out in the art dept., so this is your chance....don't delay - just send us what you have. We prefer artwork on PAPER, but will accept in high resolution (if at all possible) computer graphics formats: TIF. PCX and any other popular IBM format. 6 2nd Quarter - Fall 1998 BllICklistedl 411 Blacklisted 411, Hoping to be a hacker one day, In issue 4:4 , about the letter about the redbox tones. If you CloWnZ aren't making a long distance fane call, it needs to be through (Address withheld) .the operater. They ask the number and how you wish to pay Routed> U.S. Snail Mail for the call; then they will pause for you to put your box up too the fane and play the tone. It's as easy as that. Long • Most of us over here who grew up in the 80's and remember distance you just dial the number and it will tell you how much the arcade industry at it's best (and it's worst) like to refer to to put in (in are case, tones). ourselves as coming from the "Atari, Commodore or Apple Age" ... Go figure . Anyway, there's no point to be made , Have you tested the new 6.3000 & 6.37000 MHz to see if they really. work on cocot & new U.S. West fanes. Ok, so you started a little late. No big deal. What you do wflh And any info about making a new id & how scan calls work your time NOW decides where you fit into the whole hacker would be appreciated. Thanx. circle. • U. h. F.· Does anyone remember a decade ago when Quantum Link Yakima, WA was around?.... The sample enrollment disks, the free Routed> U,S, Snail Mail accounts, all fhe hacking, free downloads? Heh. Gee, A cough cough 0 cough cough L cough cough seems the same. We have not tested 6.3 or 6.37 MHz crsytals in anything. Bah. I really want to dog on AOL but I won't because I always After a little bit of looking around, we found that the only way keep in the back of my mind that "we all started somewhere" we could get these particular parts would require us to have and I hate fhe use of the word lamer because, in all faimess, them manufactured for us - which lsn': a big deal. Where did every last one of you "elite" (or should I call you "teet") you hear of fhese crystals and their use? it sounds a little hackers out there were lamer fucks just like the newbies you suspicious to me. Anyone else heard of this? Hey, if it works, call lamers today. So, back off. Ok, back to your response. that's awesome! / thinkAlaric mightbe doing a newbie sectionin our upcoming Dear Blacklisted 411, issues of Blacklisted from now on which should help out people such as yourself. I've been following your magazine and 2600 for a couple of years. Ilove both, but I've been drawn to Blacklisted for its I'm going to touch on the emulators you mentioned. MAME- !ess-political, more technical articles. I'm an airman in the Multi Arcade Machine Emulator. If you don't want to go out USAF and am currently stationed at Sheppard AFB, and there and buy the old video arcade games, this is the program of are no bookstores that carry your magazine, that I can find choice. You can run it on you IBM compatible (possbilyother anyway. I'm not very experienced , to tell you the truth I've platforms, but not sure) and it will allow you to run hundreds of been trying to learn but everytime I sit down at the computer I the old video arcade games by use of the original ROM (or don 't know where to start. If anyone can help me find out EPROM) code from the actual game. Look for fI on the where to begin, and how to keep going, please write me at the intemet. Use the skills you already have. MAME. address listed . Dear BLl411, AIC Moore 3535 I just got a copy of your new issue. I was surprised to find 709 G. Ave. Bx 5623 when reading the letters section that so many people liked my Sheppard AFB, Tx 76311·2846 article. Hang in there. man. Keep reading as much as you can - The one letter that got me thinking is the one that asked if when you have the opportunity and you ·wiW leam. Everyone there could be a neophyte section in every issue. Then you else, there's another address to send care packages to. guys said it was a good idea and you asking for anyone that would be willing to write it and I would be more then happy to Dear411, do so. All you have to do is let me know soon if it is mine and I will start on the first installment right away and get it to you This is the first time I have ever seen or read your magazine. for the next issue. I found Vol. 5, Issue 1 at the local Borders. I gotta say it's the best darnm magazine I have ever read, I carry it around with What I do ask of is that I get a subscription as long as I write me everywhere I go. I got it becuase I am very interested in for the zine , one of those cool "I've Been Blacklisted!" shirts, the wortd of hacking. I grew up in the 80's along with the rest and the same benefits that the staff of BL have. of the Nintendo generation. I just about defeated and conquered every game in 1 week that my dad could throw in As you can see from the top of the letter I have moved . I have my face to keep me busy . After awhile he got tired of buying recently been aware that some loser has been going around me games and so he started carrying video games at his the chat rooms and saying that (s)he is me, so I am not pizza place. I beat all them too and he got angry me asking leaving anything to chance. And sorry about the red ink but him to get a new arcade game every other week. And so as my printer ran out of black. the rest of life goes we got our first computer in '91 . I hated it. It scared me. The first thing to actually frighten me so I stayed P.S: Could you guys please do a review on the book "Hacking away from it until about late '96. Yeah I know it was a lon9 the Internet" from Consumertronics and found out if the time to stay away from a computer and I sure as hell regret information in the book is worth the $30? Thanks! that now. Well, I did use it periodically for AOL. Then in '97 I got into the warez scene and then graduallybecame curious ALARIC about hacking : I know it's kind of late for me to jump on this Carmichael, CA hacking thing. I should have started right after vid games Routed> U.S. Snail Mail were too easy. I went to the sites u guys mentioned were good for beginners to go too and then I clicked on the links to Dude, cool red ink! I was just mentioning you in the previous DL the Iinux I got confused . There are a lot of DL files there letler. Go for fl. Wrfle for us and we 'll hook you up. and I dont know which ones I need . Besides I have 3 Someone's using your name, eh? Been there. It sucks. questions, How can u trace AOL accounts, does anyone have any OH, Guide, or Host accounts they can hook me up with, We'll get 8 copy of the book and do 8 review on fl. Be on the and what do I need to make emulators of video games and lookout . systems to comp with . Blacklisted! 411 2nd Quarter - Fall 1998 7 Hey411! !, GF, please feel free to share the wealth of info as often as you'd like. Glad you decided to hop on over to the other side Thanks for the great use of the processed tree fibers! ! ! of the "hacker fence" so to speak. Also, you might want to take a look at our siter publication - The Hackers I need to respond to kryplO cipher's "Enhanced 911" piece in Underground Digest. THUD. It should be on the shelves the 1st Quarter issue, Mr. KC should remember that cell alond with this and your other favorite hacker rags. If not, phones are just radio. send them an article to print and get a free 1yr sub. THUD, P.O. Box 2521, Cypress, CA 90630. Tell them lack sent yal The point is, spoofing the cell system can happen and calls 'from where you are not' can be made. Dear411, Buy (or better build) a direction antenna and plug it into your I've just picked up my first copy of Blacklisted and it's great phone. With the phone turned OFF point the attenna at a one of the best mags I've read yet. Anyway I have some tower in the distance and then turn the phone ON. The cell questions for you guys. I hope you guys wont think they 're site should recognize the phone and make a link. Adding dumb or stupid but I'm just getting started in hacking, elevation to antenna can make things real interesting. In phreak ing etc ... particular if you happen to be on the border of a state ... 1) In the April issue of 98 you've 90t the kool pcitures and I You can only triangulate if you can be seen by at least two (2) would like to know what that phone thing is the telephone receivers (okay there are some other ways but I think they're repair guys carry its also in the pile with all that other stuff. beyond off-the-shelf technoloqy) which means if you 're only seen by one (1) tower ... 2) Where can I get it. Mr. KG's TDA and 'arrival angle' discussions are correct but 3) What's the deal with frequencies and scanners? assume multiple receivers. Remove the multiple receiver aspect and the most that could be done is calcuate a distance 4) What's a red box and can you send me some instructions from cell site and the phone. on how to build it or tell me were I can get instructiuons. Mr. KC has done an excellent job of describing how the 5) Aiso what's with crystals? system works . His observations on the implications for this syst':.m are important to note . 6) Last question. In Terminator 2 Judgement Day what was that thing he put into the money machine and where can I find Suggested materials: it. - the ARRL (american radio relay leg) has great books on antenna design and theory. - look here for lNWW.rfmicrowave.com some hinks and helps http:// - there are resources for antenna design at multiple sites on '• •1 JIit?Jl the 'net - with everyone getting PROGRAMMED via cable, there are lots of TV antennas 'hanging' around that usually can be had for the effort of asking and using a ladder to take them down . Great raw construction material. . , Of course, I welcome corrections and different opinions. -. -i.: Ignorance can only be corrected if it is identified and the truth applied . :-) S_kY piNE Jac ksonv ill e, FL Ro ut ed> U.S. Snail Mail J Thanks for the response. Hola Amigos, Just wanted to say that Blacklisted! 411 is a great mag & to keep up the good work. I just discovered it last year and not a moment too late. It's been getting harder & harder for me to walk into a bookstore & find material worth reading. So much commercialized bullshit dogs the shelves. Anyway, I'm down wI your mag since its right up my alley . I've been into the hacker scene for a little less than 2 yrs & find it fascinating. Prior to that, however, I was a serious hustler involved in all types of ill shit. During that time, I stacked cash while scheming the next plot. ! had some wild times along wi some situations & events that wised me up & changed my life for the better. Now I'm a seeker of knowledge for knowledge sake. I learned that the (know - how) is widely available, but it doesn't come with the wisdom to know when & why to apply it. I do lots of research on a variety of topics & would love to share them wI you along wI some of my tales of shadiness from the old days . Later GF Flint,MI Routed> U.S. Sna il Mail 8 - -- - -- - - - - - - - -- - - P.S_I really appre ciate all your help and thanks for taking the 4. Red Box, I knew this one was cominq. (smile) A Red Box time to read this. I'll defie ntly be subscrib ing . is a device the one can use 1 delraud Ihe phone company by 0 fooling a pay phone into belie ving coins have been inserted J . Conley when in fact only some tones were produced and directed into Whiting, IN the mouthpiece of the payphone . Red Boxes do not seem to Routed> U.S. Snail Mail work as often as they used 10. The phone companie s are getting wise in Iheir old age - somewhat. anyhow - and they're Welcome newbie. Let's answer your questions by the replacing old pay phon e which have this fatal loophole with numbers. new machines which will not allow Red Boxes to fool them. You can get the instructions anywhere. The internet, 2600, 1. I'm not sure which phone thing you are referring to. There are two obvio phone items in the pict us ure you mentio on n. Blacklisted! 411, THUD magazin e, etc. Bull wi!! answer this the top left of the picture is a Harris Model TS22 Linemans question with a super quick response . Buy a Radio Shack Testset and on the top right is a Progressive Electronics programmable memory dialer. Take it apart. Replace the Model 100A Tone Genereto r. crystal inside with a 6_5536 MHz (or 6.50MHz, depending on what school of thought you are ln}. Put back together. 2. If you want either of thes e, try one of the follow ing Program one memo ry with five stars (the" key). This is your companies (ask them for a catalog, at lea st) red box. Cheap, doesn't work that great because tolerances are way off, but it's a Red Box. Use of this is illegal and Jensen Tools shouldnl be done, of course. blah blah blah. Also. buy back (800)426-1194 issues of Blacklisted! 411 and read up on this. http://www.jensentoo/s.com 5. Crystals. An electronic component which is used in Parts Express oscillator circuits to create frequencies of specific value. (800)338-0531 http://www .parts-e xpress.com 6. The thing in Terminator II you speak of is a small Apple computer attached to some wires and a card. It's a fantasy Contaet East device which will not work in the fashion they portray in the (800)225-5370 movie. But it sure tooks coot. Then again, I recall an ad. in httpJIwww.contacteast.com one of the other hacker mags or hacker catalogs that describe the device "a la Terminator 2" or something like that. Still, I MCM Electroni cs cannot see any way the device can do as it is portrayed_ (800)543-4330 httpJIwww.mcmelectronics.com Blacklisted: Congrats on another damm good rnaq. Enclosed with this 3. Frequencies are useful to hackers in many ways. Wireless letter is a little informa tion the moron at Southwestern Bell left units operateon certain frequencies. Scannersallow anyone in my cell phone box upon purchase. Don 't you just love the to monitor those Irequen cies. I'm sure you can see why and title "Authorized Dealer Use Only ." The information may be how that is important . Blacklisted! 411 2nd Quarter - Fall 1998 9 old, but I thought there might be some reader who could use five digit SID followed by four zeros. (Example 001750000 is it. The SID for the cell around the (915) area code at one time a SID of 175 followed by four zeros). An error message will was 2214. However this code is over a year old & I can not display if an incorrect enlly is made. Do not add more than confirm the accuracy of this code at present. four zeros after the system ID. Enjoy! NOTE: Change the Lock code by adding a pound sing and new lock code after the code. (example: 001750000#7788. My question concerns pirate radio. I have read what your Lock code = 7788) mag. has printed in the past, however, I need specifics on the subject. What transmitter is best for certain terrains, etc?How Change the Language by adding a pound sign and a new much power must I generate in order to be heard across the language code after the code (example: 001750000#2 city; (populatlon 108,OOO)? Finally what is the best way to deal Language = 2) with the damm FCC and ham freaks whe n they come snoop'in around? Is there a sort of pirate radio bible or Language Code: 0 (default) = English, 1 = French, 2- something where can it be obtained, and is the price right for Spanish, 3 = Portuguese us poor college students who spend all our money to keep the P.H.d.'s employed? I realize this is a lot of questions for one Change the Lock code and Language code by separating letter, but the radio stations in my town suck real bad! each set of numbers by a pound sign. (examp le: = 001750000#7788#2) The SID 00175, Lock code = 7788, Horse Haar Language = 2 (Spanish) From : Radi o Statio n Hell 6. Press the "SEND" key. The display will tell you Enclosed document: that the activation was "ACCEPTED". Do not touch any keys. The phone will power down and then back up again. Your FOR AUTHORIZED DEALER USE ONLY phone is now programmed for use. NOKIA 638 CELLULAR TELEPHONE NAM ACCESS NAM PROGRAMMING MODE: PROGRAMMING INSTRUCTIONS. 1. Tum the phone on. The Nokia 638 Series handportable CMT uses an EEPROM 2. Enter the NAM access code. Factory default is: NAM that can be programmed directly from the standard user "300 1#12345 and press the [STO] key. The display will revert keypao. In order to access the NAM, you must enter the back to the normal operational display. special access code currently programmed into the phone. Once the programming mode is accessed, NAM parameters 3. Press the down arrow key and verify the display are loaded by entering them into the display and "storing" reads "911#"911#0" 1234' . This is NAM location one (n1 them to selected memory locations. Be sure to obtain all upper right come r of the display) . To verify that NAM parameters before proceeding. programming has been successfully entered, use the scroll key to scan through the NAM memory locations. You may use EASY NAM PROGRAMMING the scroll key to verify that all entries were made correctly. 1. Tum the phone on 2. Enter the Easy NAM access code. Access code CHANGING THE EMERGENCY NUMBERS, LANGUAGE, is: "#639# AND LOCK CODES (LOCATION 01) 3. Verify the display now reads "Cellular number" 4. Press and hold the [CLR] key until the display and enter the 10 digit MIN for the phone. clears. 4. Press the [SEND] key_If less then 10 digits are entered the error message "TRY AGAIN" will prompt you to 5. Enter the string in Figure 1 using the keypad. reenter the number. Fig1: 911"#911#0"1234 5. Verify the display reads "CODE" and enter the 10 2nd Quarter· Fall 1998 BllICklistedf 411 911=First Emergency Number When I hacked root for the first time I thought I would run 911=Second Emergency Number eggdrop because of my K Rad 3L337 nuke scripts. O=Language Code 1234= Lock Code Here's the quick story. I received root, root handed itself to me. I backdoored, secured, and setup a eggdrop bat. I ' 6. Press [STOl 01 (STOI chmod'ed eggdrop to run as root and put in some poor saps dir. That I snil/ed their Up . After I config the bat I connect it to ENTER THE MOBILE PHONE NUMBER : (MEMORY my personal batne!. Too bad the hub was a legal account at LOCATIONS 02 AND 04) mine. The server that the hacked eggdrop bat was a OC-3 university in another country. They decided to contact my 7. Press and hold the [CLR] key until the display legal shell accounts admin and begin to prosecute me. The clears. legal shell admin changed my password as evidence. To keep all intormation intact. Little did they know my eggdrop on 8. Enter the correct 10 digtt phone number. the legal shell was still up. I used some tmn commands to change the file dir to my - I dir a trashed it all. Deleted all logs 9. If desired, press the [ALPHA] key and enter a and trashed the bat. name up to 16 characters. Note that the pound (#) key can be used to insert blank spaces. Once the name is entered, press I disappeared and tt was dropped. [ALPHA]. Inform you of the world, 10. (For NAM 1) Enter (STO] 02 [STO] Freaky (For NAM 2) Enter [STO] 04 [STO] Las Vegas , NV Routed> U,S. Snail Mail PROGRAMMING THE SYSTEM INFORMATION: (MEMORY LOCATIONS 03 AND 05) MAC UNDERGROUND COMMUNIT Y - DOES IT STILL EXIST? As a member of the Macintosh community I can be 11. Press and hold the (CLR] key until the display first to tell you, Mac's can hack, but can you hack a Mac? clears. Every OS is vulnerable to some type of dos but when you goto look for the explots and attacks there all .c.exe where's 12. In one long string, enter the system parameter the Mac files? A group of Mac programmers have been according to the format in Example 2. Be sure to separate porting and making programs for attacks. each parameter with an asterisk ("). Do not place an asterisk before or after the string. Where can I find these programs? Well the programs can be found at www.weasel.org which they sell a rich Mac CD full of Fig2: 00034"1"1"334"15"15 hacks and utilities , some not even seen by the Mac community until now. 00034=System 10 1= Access Method Purehnuy.ml.org/-frea ky/macl is another archive of Mac 1= Local Use Mark program, the newest and most esquisit files. 334= Initial Paging Channel 15= Access Overload Class If you are on a Mac and looking for a special port, visit these 15= Group 10 Mark sites. 13. (For NAM 1) Enter (STOl 03 (STOI Inform you of the world (For NAM 2) Enter (STOl 05 [STOI FREAKY Las Vegas , NV End of enclosed document Routed> U.S. Snail Mail Ok Horse Haar, thanks for the stuph. Many times I've though Dear Blacklisted 411, about operating my very own radio station because what the local area has to offer pretty much sucks big donkey dong. I was wondering if you can explain to me on how to hack, step But, the all mighty FCC has kept the idea jus t that - an idea. by step. I really want to know how. I want to know also If Unfortunately, to operat e a station that has any sort of reach, there is any way to hack by using more than 1 telephone line, you have to e#her have some big time bucks and buyout an so I don't get caught. These might be stupid requests, but I already existing radio station OR break the law. You see, the would appreciate If you can help me. I also wanted to know law pro vides for big corporet ions to own and operate their how I can send a virus to someones computer so tt will aI/eel. stations and leaves the little guys out in the dust. We COULD Do I have to write a program or something? If I do, can you operate some small stations without interfering but to do so, send me the source codes for this program, if you have. And we'd still be breaking the law. one (1) last thing, how do you connect a laptop to a pay phone? Thankx! Keep up the good work on your mags! Now, Free Radio Berkeley is the perfect example of a station operating outside the law, pissing off big corporations and still P.S. I hope this letter got to you. being able to do so even with the law at their heels. I don Y know the recent news concerning Free Radio Berkeley, but it Krash02600 was always a good chuckle seeing them still on the air after all West New York, NJ the mumbo jumbo ... Routed> U.S. Snail Mall Apparently there is a loophole they are trying to abuse the shit We got the letter. Now, Krash 02600, how can I answer this out of and make well known to tne public - which would allow easily ? How do you hack, step by step ? Well, tha first step is a person such as yourself operate his own station and do so to read, read, read until you canY stand # anymore ... then w#hout breaking the law. read some more. Keep asking questions and, this ana is a must, apply what you read about and hear about. You must Look into # and see what you can find out. Remember, more try your hand at hacking . Now, I'm not telling you to go steal power means more distanca . :) phona service or do anything illegal. The art of hacking has nothing to do with staaling - it has to do with learning all that Blacklisted: 411, you can - and knOWing how to use that knowladga . Read our future newbia sections and learn as much as you can. If you A couple notes to newbies. In someone's article or letter want to use a laptop with a payphone - use an acoustic things to do when you have root; ie. run eggdrop. (Found in madam. It really works. vol. 5 issue 1, first quarter) This is not a good idea at all. CONTINUED ON PAGE 47 Bluklistedf 411 2nd Quarter - Fall 1998 11 L.fX AND G-MAN '5 GU:IDE TO HACK :ING CABLE (c)1993,94,95 Group 42 "IMPORTANT_NOTICE The ownership of a signal descrambler does NOT give the owner the right to decode or view any scrambled signals without authori ation from the proper company or individual. Use of such a device without permission may be in violation of state z and/or federal laws. The information contained herein is intended to serve as a technical aid to those person seeking information on various scrambling technologies. No liability by myself or my employer is assumed for the (mis )use of this information. Other References Video Scrambling and Descrambling for Satellite and Cable TV by Rudolf F. Graf and William Sheets (ISBN 0-672-22499-2) US$20.00. Published In 1987, it is somewhat dated but is useful for understanding what is happening when a video signal is scrambled. Covered topics include SSAVI, gated sync, sine wave, subcarrier recovery, outband, VideoCipher II, B-MAC, etc. 246 pages. Scrambling_Technologies Traps (Traps/Addressable Taps) A cable system may not be scrambled at all. Some older systems (and many apartment complexes) use traps or filters which actually remove the signals you aren't paying for from your cable. (These are negative traps because they remove the WHOLE signaL) These systems are relatively secure because the traps are often located in locked boxes, and once a service technician finds out they're missing or have been tampered with (by pushing a pin through a coax trap it to change its frequency, for example), it's a pretty solid piece of evidence for prosecution. Another method is where the head-end ADDS an extraneous signal about 2.5 MHz above the normal visual carrier which causes a tuner to think its receiving a very strong signal-the tuner then adjust the automatic gain control and buries the real signal. If you pay for the service, the cable company adds a positive trap which then REMOVES the extraneous injected signal so it becomes viewable . (This system is very easy to circumvent by building your own notch filter, so it is not very commonly used.) Advantages to a cable system with this technology is that you don't need a cable box-all your cable-ready TVs, VCRs, etc. will all work beautifully. The disadvantage is that pay-per-view events are not possible, and that every time someone requests a change in service, a technician has to be dispatched to add/remove the traps. An article for building a tunable notch filter to block data streams sent just above the FM band was in the April 1992 issue of Radio-Electronics (pp. 37-39). Notch filters (as well as kits for them) for other frequencies are frequently advertised in Nuts & Volts magazines as beep filters and the like. Becoming more and more popular, not only because of the Cable Act of 1992 but also in an effort to stop pirates are addressable taps. Many cable companies will be moving to this technology in the near future , (which they call interdiction). These are devices located at the pole, where your individual cable feed is tapped from the head-end. Similar to addressable converters, they each have a unique 1 number and can be tumed on/off by a computer at the head-end . Any stations which 0 you are not paying for are filtered out by electronicly switchable traps in the units. (Including the whole signal ~ you haven't paid your bill or had the service disconnected .) (Several patents have already been issued for various methods of making SURE you don't see a channel you don't pay for.) Again , these almost guarantee an end to piracy and don't have any of the disadvantages of the manual traps. Plus, they provide a superior signal to those customers paying for service because they no longer need complicated cable boxes or AlB switches - and they can finally use all of the cable-ready capabilites of the VCR, TV, etc. About the only known attack on this type of system is to splice into a neighbors cable, which again provides plenty of physical evidence for prosecution . Sine-Wave Early Oak (and some very early Pioneer boxes) employed a sine-wave sync suppresion system. In this system, the picture would remain vertically stable, but wiggling black bars with white on either side would run down the center of the screen. The lines were caused by a 15,750 Hz sine-wave being injected with the original signal, causing the sync separator in the TV to be unable to detect and separate the sync pulses. Later, Oak came out with a Vari-Sync model, which also removed a 31,500 Hz sine-wave added to the signal. Oak was one of the first to use extra signals (tags) as a counter-measure for pirate boxes - in the normal mode, a short burst of a 100 KHz sine-wave (the tag signal) would be sent dUring the VBI, along with the AM sine-wave reference on the audio carrier and scrambled video . They would then put the AM sine-wave reference signal onto the audio carrier, leave the video alone, and NOT send the tag. Any box which simply looked for the AM sine-wave reference would effectively scramble the video by adding a sine-wave to the unscrambled video! Real decoders looked for the tag signal and still worked correctly. Other combinations of tag/no tag, scrambled/unscrambled video were also possible . 6 dB In-Band Sync Suppression Early Jerrold boxes used in-band gated sync suppression. The horizontal blanking interval was suppressed by 6 dB. A 15.734, 31.468 or 94.404 KHz reference signal (conveniently all even multiples of the horizontal sync frequency) was modulated on the sound carrier of the signal, and used to reconstruct the sync pulse. An article in February 1984 issue of Radio-Electronics explains this somewhat-old technique. Converters which have been known to use this system include the Scientific-Atlanta 8500-321/42 1, a number of Jerrold systems [see numbering chart), Jerrold SB-#, SB-#-2oo , SB-#A, RCA KSR53DA , Sylvania 4040 and Magnavox Magna 6400. Tri-mode In-Band Sync Suppression A modification to the 6dB sync suppresion system, dubbed tri-rrode, allows for 0, 6 and 10 dB suppression of the horizontal sync pulse. The three sync levels can be varied at random (as fast as once per field), and the data necessary to decode the signal is contained in unused lines during the VBI (along with other information in the cable data stream.) See the February 12 2nd Quarter - Fall 1998 Blacklisted! 411 1987 issue of Radio-Electronics for a good artid e (both theory and schematics) on the tri-mode system. Converters which have been known to use this system ind ude a number of Jerrold systems [see numbering chart], Jerrold SBD-#A, SBD-#DIC, Jerrold Starcom VI (DP5IDPV models), Regency, Scientific- Atlanta 85SO-3 and early Pioneer systems. 21 Out-Band Sync Suppression Out-band gated sync systems also exist, such as in early Hamlin converters. In this system , the reference signal is located on an unused channel, usually towards the higher end (channels in the 40's and SO's are common, but never in the low 30's due to potential false signalling.) The signal is comprised of only sync pulse information without any video . Tuning in such a channel will show nothing but a white screen and will usually have no audio. SSAVI I ZTAC SSAVI is an acronym for Synchronization Suppression and Active Video Inversion and is most commonly found on Zenith converters. ZTAC is an acronym for Zenith Tiered Addressable Converter. Besides suppressing sync pulses in gated-sync fashion, video inversion is used to yield four scrambling modes (suppressed sync, normal video ; suppressed sync, inverted video; normal sync, inverted video; and normal sync, normal video). The horizontal sync pulses of an SSAVI signal can be absent completely, at the wrong level, or even present , and can be varied on a field-by-field basis. Any decoder for an SSAVI (or similar) system has to be able to separate a video line into its two basic components-the control and picture signals. In SSAVI, the horizontal sync is never inverted , even if the picture is. So a method of inverting the picture without inverting the control section is necesary. This is complicated by the fact that almost every line in an SSAVI signal has no horizontal sync information, making it difficult to perform the separation (since the usual reference point- the horizontal sync pulse-is gone). In the older suppressed-s ync system, the sync pulse could be recovered from the gating signal buried in the audio subcarrier, but SSAVI is piioUess. The key to this system relies on the strict timings imposed by the NTSC standard-if you can locate one part of the signal accurately, you can determine where everything else should be mathematically. Since the cable company is sending a digital data stream-the security and access-rights-during the VBI of the signal, the VBI makes a great place to find a known point in the signal. Obviously if the electronics in the cable box can locate this information, so can electronics outside the cable box! :-) The only constant in the SSAVI system are the horizontal sync pulses during the VBI (the first 26 lines of video) , which are sent "in the dear". The pulses from the VBI can be used as a reference for a phase-locked loop (PLL) and used to supply the missing pulses for the rest of the video frame. With 20.or so reliable pulses at the beginning of each frame , you can accurately generat e the missing 240 or so pulses. Of the 26 lines in the VBI, lines zero through nine are left alone by request of the FCC, lines 10 to 13 are commonly used to transmit a digttal data stream, line 21 contains d osed-caption information, while other lines are used for a variety of stuff depending on the cable system and the channel you're watching . When you tune to a scrambled channel with a cable box, logic circuits in the unit count the video lines, read the transmilled data stream, and compare the transmilled data with the information stored in the box. If the box is authorized to receive the signal with that particular data stream, the decoder is enabled and the scrambled signal becomes viewable. If not, the signal is passed through wtthout being decoded, or more commonly, a barker channel (whose channel number is sent via the data stream) is . automatically tuned instead. This prevents people from using the unit as a tuner for add-on descramblers often advertised in the back of electron ics magazines. In the SSAVI system , the video can be sent with either normal or inverted picture information. The descrambler needs a way to determine whether to invert the video or not. Originally this information could be found on line 20, but has since moved around a lot as the popularity (and knOWledge) of the system increased. In any event, the last half of the line would tell the decoder whether to invert the picture or not. If the rest of the field was not inverted, the last half of the line would be black. If the video in the rest of the frame was inverted, the last half of the line would be white. The Drawing Board column of Radio-Electronics starting in August '92 and going through May '93 described the system and provided several circults for use on an SSAVI system. Note that audio in the system can be scrambled - usually by burying it on a subcarrier that's related mathematically to the IF component of the signal. Addressable data for Zentih systems is sent in the VBI, lines 10-13, wtth 26 bits of data per line. Tocom systems The Tocom system is similar to the Zenith system since tt provides three levels of addressable baseband scrambling: partial video inversion, random dynamic sync suppression and random dynamic video inversion. Data necessary to recover the signal is encrypted and sent during lines 17 and 18 of the VBI (along with head-end supplied teletext data for on-screen display). The control signal contains 92 bits, and is a 53 ms burst sent just after the color burst. Up to 32 tiers of scrambling can be controlled from the head-end. Audio is not scrambled. New Pioneer systems The newer 600o-series converters from Pioneer supposedly offer one of the most secure CATV scrambling technologies from a major CATV equipment supplier. From the very limited information available on the system, ~ appears that false keys, pseudo-keys and both in-band and out-band signals are used in various combinations for a secure system. From U.S. patent abstract #5,113 ,441 which was issued to Pioneer in May '92 (and mayor may not be used in the 6000-series converters , but could be), "An audio signal is used on which a key signal containing compression information and informaton concerning the position of a vertical blanking interval is superimposed on a portion of the audio 'signal correspond ing to a horizontal blanking interval. In addttion, a pseudo-key signal is superimposed ...so that the vertical blanking interval cannot be detected through the detectiion of the audio signal... Descrambling can be performed by detecting the vertical blanking interval based on the information...in the key signal, and decoding the information for the posnon which is transmilled in the form of out-band data. Compression information can then be extracted from the key signal based on the detected vertical blanking interval, and an expansion signal for expanding the signal in the horizontal and vertical blanking periods can be generated ." Note that Pioneer boxes are booby-trapped and opening the unit will release a spring-mechan ism which positively indicates Bluklistedf 411 2ndQuarter • Fall 1998 13 access was gained to the interior (and sends a signal to the head-end on a two-way system , and may disable the box completely.) (See U.S. patent #4,149,158 for details .) The unit cannot be reset without a special device . Pioneer systems transmit their address ing data on 110.0 MHz, and there are several programmable cubes that can activate these systems. The data is a manchester I encoded FSK signal at -6kHz data rate, this data is easly readable using software developed by Group 42 that will be available on the next release of their CDROM. New Scient ific-Atlanta Systems Some of the early S-A boxes used 6 dB only sync suppression (some of the 8500 models), and some of the 8550 boxes are tri-rnode systems. The three d ig~ number after the model (such as 321) is a code which indicates the make of the descrambler in the unil. Apparently some of the newer S-A boxes use a technique called dropfield , and some of the newer 8600 and 8570 models use baseband methods (see Jerrold Baseband below). Scientific-Atlanta systems transmit their FSK addressing data on 106.2 or 108.2 MHz. There are several programmable cubes that can activate these systems. On the newest 8600 systems the the address ion data is hidden elsewhere , possibly the video blanking region . Oak Sigma Systems This a secure system which replaces the horizontal sync of each line of video with a three -byte digital word. Video is switched from inverted to non-inverted between scene changes, and the colorburst frequency is shifted up. This is a standard suppressed sync video scrambling method and is relatively simple to defeat with the appropriate circuitry. HOWEVER , the three-byte digital word in the area where the sync normally is contains audio and sync information . The first two bytes contain a digitized versions of the audio, the third byte contains sync information (and perhaps addressing data?) The two bytes of digitized audio are encrypted: a separate carrier signal conta ins the decrypt ion keys for the digital aud io datastream . Jerrold Baseband (dpbb and CFT mode l units) Jerrold has gone one step further in scrambling the signal at the baseband level. Other less complicated methods like tri-rnode scramble the signal at the RF level (ie. the channel 73 signal is scrambled when the signal is already modulated on channel 73.) With baseband scrambling the signal is scrambled, then modulated on the desired channel. Using this method the scrambling device has more control and more complicated methods can be used. The most popular way to defeat these systems is to use a test chip or a cube device to activate the original Jerrold equiptmenl. Addon descramblers are more difficult to build since you have to convert the signal to baseband levels, descramble , then remodulate the singnal. Cable Companies have been experementing with several new methods of defeating test chips and cubes , most notably is the use of Multi Mode and adding an extra checksum byte in the FSK data packet formal. Pirates are starting to clone cable companies test boxes to get around the most problem areas of multi mode and newer test chips and cubes are gelling smarter to combat both multimode and the extra checksum bytes. Chameleon The research and development division of Fundy Cable Ltd., NCA Microelectron ics, has a systemd dubbed Chameleon. They claim it is a cost-effective solution that prevents pay TV theft by digitally encrypting the video timing informa tion of sync suppression systems. The company claims the technology has been proven to be effective against pirate and tampered boxes. Supposedly, existing decoders can be upgraded to Chameleon technology with a low-cost add-in circuit, and that the card's sealed custom IC, developed by NCA, is copy-proof. Pe4t Society/ BE DIFFERENT! THINK! Be aPAL! ""=:-"...""""d:;---/ .------;' Share BACKLISTEDI ~ 14 2nd Quarter - Fall 1998 Blacklisted! 411 VideoCipher The VideoCipher system is now owned by General Instrument and is used primarily for satellite signals at this time. VideoCipher I is the "commercial" version which uses DES (Data Encryption Standard)-encrypted audio AND video. A VCI descrambler is not available for "home" owners. VideoCipher II is the now-obsolete system which used a relatively simple video encryption method with DES-encrypted audio. (Specifically, the audio is 15 bit PCM, sampled at -44. 1 KHz. It is mu-Iaw companded to 10 bits before transmission .) This has recently been replaced by the VideoCipher 11+, which has been incorporated as the 'default' encryption method used by VideoCipher IIRS (a smart-card based, upgradeable system). Supposedly, coded data relating to the digitized , encrypted audio is sent in the area normally occupied by the horizontal sync pulse in the VCII system. (The Oak Sigma CATV system uses a similar technology .) Several methods existed for pirating the VCII based system, and some SUPPOSEDLY exist for the new VCII+ format, although this has never been verified. DigiCable/DigiCipher DigiCipher is an upcoming technology being developed by General Instrument for use in both NTSC and HDTV environments. The DigiCipher format is for use on satellites, and the DigiCable variation will address CATV needs. It provides compression algorithms with forward error correction modulation techniques to allow up to 10 "entertainment quality" NTSC channels in the space normally occupied by one channel. It provides true video encryption (as opposed to the VCII-series which only DES encrypts the audio). In a Multiple Channel Per Carrier (MCPC) application, the data rate is - 27 MB/second via offset QPSK modulation. Audio is CD-quality through Dolby AC-2 technology, allowing up to four audio channeis per video channel. The system uses renewable security cards (like the VCIIRS), has 256 bits of tier information, copy protection capability to prevent events from being recorded, commercial insertion capability for CATV companies, and more. The multichannel NTSC satellite version of DigiCipher started testing in July of 1992, and went into production several months later. B-MAC MAC is an acronym for Mixed Analog Components. It refers to placing TV sound into the horizontal-blanking interval, and then separating the color and luminance portions of the picture signal for periods of 20 to 40 microseconds each. In the process, luminance and chrominance are compressed during transmission and expanded during reception, enlarging their bandwidths considerably. Transmitted as FM, this system, when used in satellite transmission, provides considerably better TV definition and resoluton. Its present parameters are within the existing NTSC format, but is mostly used in Europe at this time. Miscellaneous Information Two-Piece vs. One-Piece There are both advantages and disadvantages to the one-piece and two-piece descramblers often advertised in the back of electronics magazines . Most one-piece units are real cable converters, just like YOU'd get if you rented one from the cable company . It has the advantages of real descrambling circuitry and the ability to fit-in well when neighbors come over (avoids those my box doesn't look like thaLor get all these channels! conversations . A disadvantage is that if you move or the cable company installs new hardware, you may now have a worthless box -- most one-piece units only work on the specific system they were designed for. Another disadvantage is that if the box has not been modified, it can be very easy for the head-end to disable the unit completely. (See Market Codes & Bullets, below.) A two-piece unit (combo) usually consists of an any-brand cable TV tuner with a third-party descrambler (often referred to as a pan) which is designed to work with a specific scrambling technology . The descrambler typically connects to the channel 3 output of the tuner, and has a channel 3 output which connects to your TV. (Although some tuners have a decoder loop for such devices.) They have the advantage that if you move or your system is upgraded, you can try to purchase a new descrambler - which is much cheaper than a whole new set-up. You also can select the cable TV tuner with the features you want (remote, volume control, parental lockout, baseband video output, etc.) Two-piece units typically cannot be disabled by the data stream on your cable. (Note however that there ARE add-on pans manufactured by the same companies who make the one-piece units that DO pay attention to the data stream and can be disabled similarly!) The main disadvantage is that a third-party descrambler MAY not provide as high of quality descrambling as the real thing, and it may arrouse suspicion if someone notices your cable thing is different from theirs. Jerrold Numbering System To decode older Jerrold converters, the following chart may be helpful. XXXX - XXX II III II I I ,'- T = two-way capability, C = PROM programmable II II II II DI =Inband decoder, DO =Outband decoder, PC =Single pay channel, A =Addressable II I II 1'- Output channel number (3 very common) II II.. D or I = tri-mode system, N = parental lockout feature (6dB-only systems are "blank" here) I I M =mid-band only, X =thru 400 MHz, Z =thru 450MHz, BB =baseband '- S = Set-top, R = Remote D =Digital tuning, J =Analog tuning Also note that some Jerrold converters (particularly the DP5 series and some CFTs) have a tamper-switch, and that opening the box will clear the contents of a RAM chip in the converter. This mayor may not be comected by letting the unit get refneshed by the head-end FSK data stream. Most Jerrold systems in the United States and Canada transmit their addressing data on 97.5, 106.5 or 108.5 MHz. Some Blacklisted! 411 2nd Quarter· Fall 1998 15 DPV7 and DPBB7 models have S7, S8, or S9 as the last numbers on there modIe numbers, these correlate to 97.5 ,106,5 and 108.5 Mhz directly. CFT model numbers almost always use 108.5Mhz. DPV5 and older units mostly use 106.5Mhz. In Europe 122.75 Mhz seems to be the address ing frequency used , at least in several parts of Jolly old England . The datastream is Manchester II encoded FSK, with approximately a 14kHz clock . And is fully readable with software developed by Group 42 available on a future relase of this disc. Scientific-Atlanta Suppressed Sync Boxe Numbering Model 8600 - Till , I , '__ Impulse PPV Retum: N=none, T=telephone, R=RF ,I, Dual cable option : N=none, D=dual cable , 1 Descrambler type: S=SA standard, K=oak I Channel : S=selectable channel 3/4 The 8600 has 240 character on-screen display , multimode scrambling, 8 event 14 day timer, and is "expandable"... Model 859 - 7 7 I 1- , 1 1__ Dual cable option : D=dual cable 1 1___ Descrambler: 5=SA scrambling+video inversion , 7=5+0ak I 1 O=No Impulse PPV , 5=Telephone IPPV, 7=RF IPPV The 8590s feature volume control, multimode scrambling, 8 event 14 day timer ... Model 858 - 3 - I I I 1_ Dual cable option : D=dual cable 1 , I-Data carrier: 6=106.2 MHz, 8=108.2 MHz 1 1 Channel : 3=channel 3, 4=channel 4 1 O=No Impulse PPV , 5=Telephone IPPV , 7=RF IPPV The 8580s use dynamic sync suppression, 8 event 14 day timer , and built-in pre-amp . The 8570 is similar to the 8580 . Model 8550 - II- I - 1=108.2 MHz data stream 1 , Jerrold, dropfield , SA descrambling , Channel : 3=channel 3 The 8550 is not a current model; it can be replaced with an 8580 -321. Non-addressable products include the 8511, 8536, 8540 and 8490. The SA models below 8600 transmit there FSK addressing data on one of two frequencies. It is -32kHz Manchester I encoded signal that is easly read by software developed by Group 42 avalable on the next release of their CDROM. Market Codes Note that almost every addressable decoder in use today has a unique serial number programmed into the unit - either in a PROM, non-volatile RAM, EAROM, etc. This allows the head-end to send commands specifically to a certain unit (to authorize a pay-per-view events, for example .) Part of this serial number is what is commonly called a market code , which can be used to uniquely identify a certain cable company . This prevents an addressable decoder destined for use in Chicago from being used in Houston . In most cases, when a box receives a signal with a different market code, it will enter an error mode and become unusable. This is just a friendly little note to anyone who might consider purchasing a unit from the back of a magazine - if the unit has not been modified in any way to prevent such behavior, you could end up with an expensive paper weight... (see next section) Test Chips So-called test chips are used to place single-p iece converters (that is, units with both a tuner and a descrambler) into full service. There are a number of ways to accomplish this, but in some cases, the serial number/market code for the unit is set to a known universal case or, better yet, the comparison checks to determine which channels to enable/disable are bypassed by replacing an IC in the unit. Hence, the descrambler will always be active , no matter what. This latter type of chip is superior because it cannot be disabled and is said to be bullet proof , even if the cable company finds out about a universal serial number. (When the cable company finds out about a universal serial numbe r, it is easy for them to disable the conv erter with a variation on the bullet described below .) Cubes Another type of test device has been advertised in magazines such as Electronics Now (formerly Radio-Electronics) and Nuts & Volts. It's called a cube and it SIMULATES the addressing data signal for a cable box, most commonly for those from Pioneer and Jerrold (the Zenith data stream is sent in the VBI, making this apporach more difficult). You plug the cable into one side , where it filters out the real data signal, and out the othe r side comes a normal signal, but with a new data stream. (There are also wireless cubes which you just periodically set near your box with the cable disconnected to refresh it.) This new data signal tells whatever boxes the cube addresses to go into full-service mode (including any cable company- provided boxes) . Sometimes it is a non-destructive signal , and if the the cube is removed from the line, the real data signal 16 2nd Quarter· Fall 1998 Blacklisted! 411 -- - - ----- - - - - - - - - - - - - - - - - - - - gets to the electronics inside and the converter goes back to normal non-test mode. Note that sometimes it IS destructive: there are some cubes that re-program the electronic serial number in a converter to a new value . This type has the advantage that it will work with any converter the cube was designed to test (but changes the serial number to some preset value) . The non-destructive versions of a cube usually require that you provide the serial number from the converter you're interested in testing. That way a custom Ie can be programmed to address that converte r with the necessary data . (Otherw ise the converter would ignore the information, since the serial number the cube was sending and the one in converter wouldn't match.) The best cubes that we have seen are the Stealth FSK and RFT-2 units. These seem to offer the most trouble free performance, don't require a serial number, and are non-destructive devices. There are some newer cubes on the market called genesis FSKs that will reboot (or reactivate ) a shut down box. Bullets First and foremost , THE BULLET IS NOTHING MORE THAN THE NORMAL CABLE FSK DATA STREAM WITH THE APPROPRIATE CODE TO DISABLE A CONVERTER WHICH HAS NOT BEEN ACKNOWLEDGED BY THE CABLE COMPAN Y. For instance, the head end could send a code to all converters which says unless you've been told otherwise in the last 12 hours , shut down . All legijimate boxes were individually sent a code to ignore this shut down code, but the pirate decoders didn1 get such a code because the cable compan y doe sn't have their serial number . So they shut down when the see the bullet code. The bullet is NOT a harmful high-voltag e signal or something as the cable companies would like you to believe - if it was , ij would damage anyone with a cable-ready TV or VCR connected to the cable (not something the cable company wants to deal with!) The only way to get caught by such a signal is to contact the cable company and tell them your illegai descramb ler just quit working for some reason . :-) Not a smart thing to do, but you'd be surprised , especially if it's someone else in the house who calls, like a spouse, child, babysitter , etc. While we're on the subject, it's also not a good idea to have cable service personnel come into your residence and find an unauthorized decoder ... Time Domain Reflectometry I Leak Detection The cable comp any can use a technique called Time Domain Reflectometry (TOR) to try and determine how many devices are connected to your cable . In simple terms, a tiny, short test signal is sent into your residence and the time domain reflectometer determines the number of connections by the various echoes returned down the cable (since each device is at a different point along the cable, they can be counted .) Each splitte r, filter, etc. will affect this count. A simple way to avoid being probed is to install an amplifi er just inside your premises before any connect ions. This isolates the other side of the cable from the outside, and a TOR will only show one connection (the amplifier). The cable compan y also has various ways of detecting signal leaks in their cable . The FCC REQUIRES them to allow only so much signal to be radiated from their cables. You may see a suspicious looking van driving around your neighborhood with odd-lookinq antennas on the roof. These are connected inside to field strength meters wh ich help locate where the leaks are coming from so they can be fixed (to prevent a fine from the FCC!) If you've tampe red with a connection at the pole (say, to hook up a cable that had been disconnected ) and didn't do a good job, chances are the connection will "leak" and be easily found by such a device. This can also happen INSIDE your residence if you use cheap splitters/amplifiers or have pooriy-shielded connections. The cable company will ask to come inside, and bring with them a portable field strength meter to help them locate the problem. Often they will totally remove anything causing the leak, and may go further (e.g., legal action) if they feel you're in violation of your contract with them (which you agree to by paying your bill.) Obviously it's a bad idea to let cable service personnel into your house if you ARE doing something you shouldn't (which you should n't be in the first place ), but if you DON'T let them in (as is your right), it will definitely arouse suspicion. Eventually you will have to let them in to fix the "leak", or they will disconnect your cable to stop the leak altogether. (After all, it's a service, not a right, to receive cable!) Some Common Ways Pirates Get Caught There are many ways for a pirate to get caught. Since stealing cable is illegal in the U.S., you can be fined and sent to jail for theft of service. Cable compan ies claim to lose millions of dollars in revenue every year because of pirates, so they are serious in their pursuit of ridding them from their system. A pirate will often show-off the fact they can get every channel to their friends . Pretty soon lots of people know about it, and then the cable company offers a "Tum In A Pirate And Get $50" program . A "friend" needs the money and turns the pirate in... A pirate (or more likely, unsuspecting housemate of a pirate who knows nothing about whats going on) calls the cable company to report a problem with the equipment or signal. The cable company makes a service call and finds gray-market equipment connected to the cable ... During a pay-per-view event such as a fight, the cable company offers a free T-shirt to all viewers. Little does the pirate know that just before that message appeared on the screen, legitimate viewer's boxes were told to switch to another channel WHILE STILL DISPLAYING THE ORIGINAL CHANNEL NUMBER (yes, cable boxes can do this .) So now the legitimate subscriber continues to see the "original" signal (without the T-shirt offer), while the pirate gets an 800 number plastered on the screen . The pirate calls , and the cable company gets a list of all potential pirates... The cable company temporarily broadcasts some soft-core pornography onto what is supposed to be The Disney Channel (and vice-versa). They simultaneously reprogram subscriber converters to re-map the channels correctly , so the change is transparent to all but non-company converters. Those who call to complain about the "non-Disney" entertainment (or cartoons on the Playboy channel :-) are more than likely to have gray-marke t decoders... A big cable descrambler business gets busted. The author ities confiscate their UPS shipping records and now have a list of "customers" who most likely ordered descramblers for illegitimate use ... Blacklisted! 411 2nd Quarter· Fall 1998 17 And this is only the beginning. Unconfirmed reports of the cable company driving around with special equipment allowing them to determine what you're watching on your TV (like HBO, which you don't pay for) have also been mentioned (but unlikely.) Of course, the best thing to do is simply PAY FOR WHAT YOU WATCH! Then you don't have to worry about the possibility of a prison term, criminal record, hefty fine, etc. The Universal Descrambler In May of 1990, Radio-Electronics magazine published an article on building a universal descrambler for decoding scrambled TV signals. There has been much talk on the net about the device, and many have found it to be lacking in a number of respects. Several modifications, hoping to fix some of the problems have also been posted, with limited success. The Universal Descrambler relies on the presence of the colorburst for its reference signal. In a normal line of NTSC video, the colorburst is 8 to 1t cycles of a 3.579545 MHz clock (that comes out to 2.31 microseconds) which follows the 4.71 microsecond horizontal sync during the horizontal blanking interval. Since a large number of scrambling systems depend on messing with the horizontal sync pulse to scramble the picture, the Universal Descrambler attempts to use the colorburst signal to help it replace the tainted sync pulse. Unfortunately , random video inversion is still a problem , as are color shifts which occur from distorted or clamped colorburst signals, etc. Most people have not had very good results from the system, even after incorporating some modificat ions. Glossary of Related Terms CATV: Acronym for Commun ity Antenna TeleVision. Originally cable TV came about as a way to avoid having everyone in a community have to spend a lot of money on a fancy antenna just to get good TV reception . Really all you need is one very good antenna and then just feed the output to everyone. It was called Community Antenna Television (CATV). Of course, it has grown quite a bit since then and everyone now just calls it cable TV. The old acronym still sort-of works. Converter. A device, sometimes issued by the cable company, to "convert" many TV channels to one specific channel (usually channel 3). Used early-on when VHF & UHF channels were on different dials (and before remote controls) to provide "convenience" to cable customers. Now mostly considered a nuisance, thanks to the advent of cable-ready video equipment , they are mainly used as descramblers . An "addresable" converter is one that has a unique serial number and can be told (individually by FSK or other signal) by the head-end to act in a certain manner (such as enabling channel x, but not channel y). Addressable converters nearly always contain descramblers for decoding premium services subscribed to by the customer. Colorburst: Approximately 8 to 10 cycles of a 3.579545 MHz clock sent during the HBI. This signal is used as a reference to determine both hue and saturation of the colors. A separate colorburst signal is sent for each line of video, and are all exactly in phase (to prevent color shifts). Control Signal: The first t1 .1 microseconds of a line of NTSC video. The signal area from 0 to 0.3 volts (-40 to 0 IRE units) is reserved for control signals. the rest for picture information. If the signal is at 0.3 volts (or 0 IRE) the picture will be black. See IRE Units; Set-up Level. Cube: A test device that generates an FSK signal to the cable box to activate itself into full service mode also called FSK device or FSK unit. The first Cubes were named because of the cube shaped box that they were sold in. Field: One half of a full video frame. The first field contains the odd numbered lines, the second field contains the even numbered lines. Each field takes l/6Oth of a second to transmit. Note that both fields contain a complete vertical-blanking interval and they both (should) have the same information during that interval. Since the NTSC standard is 525 lines, each field contains 262.5 lines-therefore it's the half-line that allows the two fields of a frame to be distinguished from one another. See Frame; Line. Frame: An NTSC video signal which contains both fields. A frame lasts l/30th of a second. See Field; Line. FSK: Acronym for Frequency Shif Keying. A common data modulation method. Addressable cable systems usually send there control information using this method. FSK Device: See Cube. Head-end: The main cable distribution facility where your CATV signal originates from. (Easily identifed by several large satellite dishes, some smaller ones, and usually an antenna tower.) HBI: Acronym for Horizontal Blanking Interval. The first 11.1 microseconds of a line of video. It contains the front porch, the 4.71 microsecond horizontal sync pulse, the 2.31 microseconds of colorburst, and the back porch. The horizontal sync pulse directs the beam back to left side of the screen. Almost every scrambling method in use today mutataes this part of the signal in some way to prevent unauthorized viewing. See Colorburst. . Interlace: Term used to describe the dual-field approach used in the NTSC standard . By drawing every other line, screen flicker is increased-but if all the lines were painted sequentially, the top would begin to fade before the screen was completely "painted". (Computer monitors, which do "paint" from top to bottom, do not have the problem due to higher refresh rates.) IPPV: Impulse Pay-Per-View , A method whereby a viewer can order a pay-per-view event "on impulse" by just pushing an "Order" (or similar) button on a remote control or cable converter keypad. A customer's purchases are sent back to the head-end via a standard telephone connection (the converter dials into the cable co. computer and uploads the data) or via radio frequency (RF) if the cable supports two-way communication (most don't], A pre-set maximum number of events can be ordered before the box requires the data to be sent to' the head-end for billing purposes. IRE Units: IRE is an acronym for Institute of Radio Engineers. The NTSC standard calls for a peak-to-peak signal voltage of 1 vol1 Instead of referring to the video level in volts, IRE units are used instead . The IRE scale divides the 1- volt range into 140 . parts, with zero-IRE corresponding to about 0.3V. The full scale goes from -40 IRE to +100 IRE. This is convenient scale to 18 2nd Quarter - Fall 1998 BllCklisted! 411 make a distinction between control signals « 0 IRE) and picture signals (> 0 IRE). See Control Signal. Line: A video signal is a series of repeated horizontal lines, consisting of control and picture information. The color NTSC standard .allows a total time of 63.56 microseconds for each line, and each frame is composed of 525 lines of video information. The first 11.1 microseconds make up the horizontal blanking interval , or contro l signal , the following 52.46 microseconds make up the picture signal. See HBI; VBI. NTSC: Acronym for National Television Standard s Committee (or Never The Same Color, if you prefer :-) Picture Signal: The 52.46 micro seconds of signal following the control signal. Information in this area is betwee n 0 and 100 IRE units. See IRE Units. PPV : Acronym for Pay-Per-View. A revenue-enhancing system where customers pay to watch a movie or event on a "per view" basis. Cusomers usually place a phone call to a special number and order the event of their choice; some systems provide Impulse PPV. The presence of a PPV movie channel or your system guarant ees you have addressable converters. See IPPV. Set-up Level: Picture information technically has slightly less than 100 IRE units available. That' s because picture information starts at 7.5 IRE units rather than at 0 IRE units, The area from 0 to 7.5 IRE units are reserved for what is commonly called the "set- up level". Having a small buffer area between the control signal information and the picture information is a "fudge factor" to compen sate for the fact that real-life thing s that don't always work as nicely as the y do on paper. :-) See IRE Units, VBI: Acronym for Vertical-Blan king Interval. The first 26 lines of an NTSC video signal. This signal is used to direct the beam back to the upper-left corner of the screen to start the next frame. In order for the horizontal sync to continue operating, the verti cal pulse is serrated into small segments which keep the horizontal circuits active. Both actions can then take place simultaneously. The VBI is the most common place for "extra" information to be sent, such as various test signals, and in some cable systems, a data stream. Televi sion Frequency Chart The following chart lists frequency information for the "standard " carrier sets. In an HRC (Harmonically Related Carrier) system, all picture carrier frequencies are derived from a 6 MHz oscillator , so all channels except 5 and 6 will be 1.25 MHz lower than usual. Channels 5 and 6 will be 0.75 MHz HIGHER than usual. An IRC (Incrementall y Related Carrier) system. all channel s are at their normal frequency except for channels 5 and 6, which will be 2 MHz higher than usual. Some older TV sets can't receive any channels except 5 and 6 on an HRC system , and can't receive channel s 5 and 6 on an IRC system. This is also true of some cable converters. A few converters are set up to allow HRC or IRC operation but with channels 5 and 6 on different numbers -- 55 and 56, or 55 and 66. (Tnx to David Sharpe and Ed Ellers for this info!) Damien Thorn's CELLULAR + COMPUTERS + TELCO + SECURITY ULTIMATE HACKER FILE ARCHIVE ON CD-ROM The entire underground archives from the Phoenix Rising Communications online service are now available on a single CD-ROM!!! Hundreds of megabytes consisting of text files, software and hacking utility programs authored by hackers and security experts. More than 3,200 files in all. Also includes an archive of 3,249 cellular and 14,413 hacking related messages from the Intern et. Now shipping for $89.00. Next-day Air delivery available for an additional $10. Mention this ad and receive a free copy of our Tandy I Radio Shack Cellular Guide (while supplies last). To receive more information and a free copy of our current newsletter, please send an SASE. Orders charged to Visa or Mastercard are accepted via mail or may be faxed to (209) 474-2600. Phone number must be included for credit card verification. Purchase of disc conveys ownership of media only. Price covers archiving and production costs. r-I-OiCnIX ~1~lnG COIi1Ii1UnICALIOn~ 3422 W. Hammer Lane, Suite C-110 Stockton, California 95219 Blacklisted! 411 2nd Quarter - Fall 1998 19 VHF-LowBand UHF Broadcast Band (Broadca st) Center Video Color Sound Osc . 14 470-476 473 471.25 474.83 475 .75 517 Channel Band Freq. Carrier Carrier Carrier Freq . 15 476-482 479 477.25 480.83 481.75 523 16 482-488 485 483.25 486.83 487.75 529 TVIF 4G-46 43 41.25 44.83 47.75 - 17 488-494 491 489.25 492.83 493.75 535 2 54-60 57 55.25 58.83 59.75 101 18 494-500 497 495 .25 498.83 499.75 541 3 60-66 63 61.25 64.83 65.75 107 19 500-506 503 501.2 5 504.83 505.75 547 4 66-72 69 67.25 70.83 71.75 113 20 506-512 509 507 .25 510 .83 511 .75 553 5 76-82 79 77.25 80.83 81.75 123 21 512-518 515 513.25 516.83 517.75 559 6 82-88 85 83.25 86.83 87.75 129 22 518-524 521 519 .25 522.83 523.75 565 23 524-530 527 525 .25 528.83 529.75 571 FM (Ps eudo) 24 530-536 533 531.2 5 534.83 535.75 577 FM-l 88-94 91 89 .25 92.83 93.75 - 25 536-542 539 537.25 540.83 541.75 583 FM-2 94-100 97 95.25 98.83 99.75 - 26 542-548 545 543.25 546.83 547.75 589 FM-3 100-106 103 101.25 104.83 105.75 27 548-554 551 549.25 552.83 553.75 595 28 554-560 557 555 .25 558.83 559.75 601 VHF-Mid Band (CATV) 29 560-566 563 561.25 564.83 565.75 607 A2-(00) 108-114 111 109.25 112.83 113.75 155 30 566-572 569 567 .25 570.83 571 .75 613 Al -(Ol) 114-120 117 .115.25 118.83 119.75 161 31 572-578 575 573.25 576 .83 577.75 619 A-(14) 120-126 123 121.25 124.83 125.75 167 32 578-584 581 579 .25 582.83 583.75 625 B-(15) 126-132 129 127.25 130.83 131.75 173 33 584-590 587 585 .25 588 .83 589.75 631 C-{16) 132-138 135 133.25 136.83 137.75 179 34 590-596 593 591 .25 594.83 595.75 637 D-{17) 138-144 141 139.25 142.83 143.75 185 35 596-602 599 597 .25 600.83 601.75 643 E-(18) 144-150 147 145.25 148.83 149.75 191 36 602-608 605 603 .25 606 .83 607 .75 649 F-(19) 150-156 153 151.25 154.83 155.75 197 37 608-614 611 609 .25 612.83 613 .75 655 G-(20) 156-162 159 157.25 160.83 161.75 203 38 614-620 617 615.25 618.83 619.75 66 1 H-{21 ) 162-168 165 163.25 166.83 167.75 209 39 620-626 623 621.25 624.83 625.75 667 1-(22) 168-174 171 169.25 172.83 173.75 215 40 626-632 629 627.25 630.83 631.75 673 41 632-638 635 633 .25 636.83 637.75 679 VHF-High Band 42 638-644 641 639 .25 642.83 643.75 685 7 174-180 177 175.25 178.83 179.75 221 43 644-650 647 645.25 648 .83 649 .75 691 8 180-186 183 181.25 184.83 185.75 227 44 650-656 653 651.25 654.83 655 .75 697 9 186-192 189 187.25 190.83 191.75 233 45 656-662 659 657 .25 660.83 661.75 703 10 192-198 195 193.25 196.83 197.75 239 46 662-668 665 663.25 666.83 667.75 709 11 198-204 201 199.25 202.83 203.75 245 47 668-674 671 669.25 672.83 673 .75 715 12 204-210 207 205.25 208.83 209 .75 251 48 674-680 677 675.25 678.83 679.75 721 13 210-216 213 211.25 214.83 215.75 257 49 680-686 683 681.25 684.83 685.75 727 VHF-Super Band (CATV) 50 686-692 689 687.25 690 .83 69 1.75 733 J-(23) 216-222 219 217.25 220.83 221.75 263 51 692-698 695 693 .25 696 .83 697.75 739 K-(24) 222-228 225 223.25 226.83 227.75 269 52 698-704 701 699 .25 702.8 3 703.75 745 L-{25 228-234 231 229.25 232.83 ) 233.75 275 53 704-710 707 705 .25 708 .83 709.75 751 M-(26) 234-240 237 235.25 238.83 239.75 281 54 710-716 713 711.25 714.83 715.75 757 N-(27) 240-246 243 241.25 244.83 245.75 287 55 716-722 719 717 .25 720.83 721.75 763 0-(28) 246-252 249 247.25 250.83 251.75 293 56 722-728 725 723 .25 726 .83 727 .75 769 P-(29) 252-258 255 253.25 256.83 257.75 299 57 728-734 731 729.25 732.83 733 .75 775 0-(30) 256-264 261 259.25 262.83 263.75 305 58 734-740 737 735 .25 738 .83 739.75 781 R-(31) 264-270 267 265.25 268.83 269.75 311 59 740-746 743 741.25 744.83 745 .75 787 S-(32) 270-276 273 271.25 274.83 275.75 317 60 746-752 749 747 .25 750.83 751.75 793 T-{33) 276-282 279 277.25 280.83 281.75 323 61 752-756 755 753.25 756.83 757.75 799 U-(34) 282-288 285 283.25 286.83 287.75 329 62 758-764 761 759.25 762.83 763.75 805 V-(35) 288-294 291 289.25 292.83 293.75 335 63 764-770 767 765.25 768.83 769.75 811 W-(36) 294-300 297 295.25 298.83 299.75 34 1 64 770-776 773 771.2 5 774.83 775.75 817 65 776-782 779 777 .25 780.83 78 1.75 823 VHF-Hyper Band (CATV) 66 782-788 785 783 .25 786 .83 787.75 829 M-(37) 300-306 303 301.25 304 .83 305.75 347 67 788-794 791 789 .25 792 .83 793.75 835 BB-(38) 306-312 309 307.25 310 .83 311.75 353 68 794-800 797 795 .25 798.83 799.75 841 CC-(39) 312-318 315 313 .25 316 .83 317 .75 359 69 800-806 803 801 .25 804.83 805.75 847 DD-(40) 318-324 321 319 .25 322 .83 323.75 365 70" 806-812 809 807 .25 810.83 811.75 853 EE-{41) 324-330 327 325 .25 328 .83 329 .75 371 71" 812-818 815 813.25 816 .83 817 .75 859 FF-{42) 330-336 333 331.25 334.83 335.75 377 72" 818-824 821 819.25 822 .83 823 .75 865 GG-(43) 336-342 339 337 .25 340 .83 341.75 383 73" 824-830 827 825.25 828.83 829.75 871 HH-(44) 342-348 345 343 .25 346 .83 347 .75 389 74" 830-836 833 83 1.25 834.83 835.75 877 . 1I-(45) 348-354 351 349 .25 352 .83 353.75 395 75" 836-842 839 837.25 840.83 841.75 883 JJ-(46) 354-360 357 355.25 358.83 359 .75 401 76" 842-848 845 843.25 846.8 3 847.75 889 KK-(47) 360-366 363 361 .25 364 .83 365.75 407 77" 848-854 851 849 .25 852 .83 853.75 895 LL-(48) 366-372 369 367 .25 370 .83 371 .75 413 78" 854-860 857 855 .25 858 .83 859.75 901 MM-(49) 372-378 375 373 .25 376 .83 377.75 419 79" 860-866 863 861 .25 864 .83 865 .75 907 NN-(50) 378-384 381 379.25 382 .83 383.75 425 80" 866-872 869 867 .25 870.83 871 .75 913 00-(51) 384-390 387 385.25 388 .83 389 .75 431 81" 872-878 875 873 .25 876 .83 877.75 919 PP-{52) 390-396 393 391.25 394.83 395 .75 437 82" 878-884 881 879 .25 882 .83 883 .75 925 0Q-(53) 398-402 399 397 .25 400 .83 401.75 443 83" 884-890 887 885 .25 888 .83 889 .75 931 RR-(54) 402-408 405 403.25 406.83 407.75 449 • Channels 70-83 have been allocated to land mobile communication services. Operation. on a secondary basis, of some television translators may continue on these frequencies. This article was reprinted from the Group 42 Sells Out CORaM with permission. You NEED to take a look at this COROMllt's FULL of great info: "Group 42 Sells Outl The InformatIon Archive" Price $49.00 US, $69.00 CAN 1390 N. McDowell Blvd #6142, Petaluma, CA 94954 URL, group42@sonic.net http://www.sonic.netJ---group42 20 2nd Quarter - Fall 1998 Blacklistedf 411 the I1iU~IHN(~ IHNliOS I·1J.n.l(~ '1"~Il~IINiU~~ by MrEUser Information doesn't want to be free, it wants to be liberated at expense. This is the statement that helped me to accomplish this hack, and thought some of you might be able to use it. The Macintrash and Windoze computers at Kinko's have SurfWatch and Desktracy installed. SurfWatch is a way to control what you see while accessing the internet. Desktracy is the program that is responsible for writing up your bill when you logoff a terminal. Both programs cause a severe speed bump in the flow of information, so here's the way to repave the highway. Sit down at a Mac (with these instructions, you'll see why) that has a Zip drive (yes have a Zip disk with you). Ask for the password of the day (Desktracy changes the password daily), or have the Kinkoid log you in. First stop will be at www .fiIez.com. You'll want to get the latest copy of ResEdit and Oasis (keystroke saver). I'd put both programs on you Zip disk, decompress them, and run them from there. Now that you've got your software, let's discuss what's going to happen. You're going to get Oasis (or whatever keystroke saver you're using) up and running. Next start ResEdit. Use it to open the SurfWatch control panel. You'll want to go open the Dialog Boxes (the icon that says DITL under it). Then select the line with ID number 4064. This is the Dialog box that says that SurfWatch is on or off. Highlight the two fs in the word off. Copy them . Open Illustrator and paste the letters in. Convert them to curves. Save the file on your zip disk in a graphics format. Do the same with the n in the word on. After saving them both as graphics, use ResEdit to go back in to Dialog box number 4064. Paste your n graphic over the two fs in the word off. Paste the f graphic over the n, and save your work. Close ResEdit. You'll notice that if you double click on the SurfWatch Control Panel, it now says it's off instead of on. You being a good citizen will want to bring this to the attention of the Kinkoid that works in Computer services . At this point they will come over, click the on button (you made the on, off) and put in the password. You now have the password that turns on and off SurfWatch (the keystroke saver got it for you), and believe it or not the password is the same for Desktracy. Funnier still is the fact the password is the same for every computer in that store (for SurfWatch or Desktracy) whether Mac or IBM. At this point, I would do turn off Desktracy, do my surfing unencumbered and free of charge, and then turn everything back on and restore it to it's original configuration . This way you can use the password time and again for free use, and not have to worry about being discovered . In case your wondering , 1figured this out because being an employee, it was to difficult to get my mail without SurfWatch interfering . WA.Nrl'I~I) IPhotographs!1 DEAD OB.ALIVE If you have a photo of a payphone, local telephone company vehicle or building, local cable company vehicle or building, interior of a telecomm. or other utility building, inside a manhole, inside a utility box or some other interesting item, please send them to us along with a short "memo" explaining what it is that we're looking at! If you send a photo that we end up using in our magazine, we'll mention your name along with the photo. Sen4 to: BllCIdiste4/411 Photo G.n", P.O. Box 2506, Cypress, CA 90630 Blacklisted! 411 2nd Quarter· Fall 1998 21 "cronus" 29/06/98 The Beige Box is simply a corporate lineman's handset, which is a phone that can be attached to the outside of a person's house. To construct a Beige Box, read on... The construct ion is very simple. You need an ordinary phone and a couple of alligator clips . That's all. You simply need to remove the phone jack from the phone line. Separate the phone wires inside the phone line and strip the insulation off them. Then attach the clips to the two copper wires. You now have yourself a linesmen set, better known by some as a Beige Box. There are many uses for a Beige Box. The most obvious use is if you can get a phone box open, you have limited phone access. A simple pair of pliers can open most. Some are locked, but you'd be surprised how many are simply left open without regard to their abuse. Open the box and find a phone line that you want to use, simply attach the clips to the metal connections. You now have access to that line from your phone. Also most new houses have box's built into the wall at the side of the house. This is a perfect place for you to beige box from. Simply open it up, shouldn't cause too much of a problem, connect your phone and you are away. You may have some difficulty with the line if you are connected outside. Water on the connections can cause interference . If your two clips are touching you probably won't be able to get a dial tone. This will be because if any two phone connections are bridged by a conductive material, you will blow a fuse in the telephone exchange . If you do this, the phone company will send a repair man out to fix it, so after that you will probably lose your access to those lines. So you will have to be careful. Always grounding yourself with those connections will send a decent shock though your body and you definitely don't want that. It won't kill you, but it WILL hurt. If you do fail to get a dial tone, then you might need to adjust the clips so that they aren't touching each other or any other terminals . Also make sure they are firmly attached. By this time you should hear a dial tone. Dial an ANI number to find out the number you are using. If you don't have the number for an ANI in your area or if there isnt one. Then you can call the operator and try to social engineer the number out of them. "Its a new house and I want to know the number..." - You get the idea. Some more malicious ideas are possible. I should probably stay away from these topics as they are low and unnecessary . But because I realise that it will happen any way, I will mention them briefly. Eavesdropping is a big possibility, listening in on the phone line is very easy with a beige box. This is a huge invasion of someone else's privacy and I feel very strongly against that. Next is calling abroad and clocking up phone charges for someone else. And their are others, like getting the line disconnected by abusing the operator and other stuff that I am going to leave to your imagination. But if you could spare a little of your time to listen to me - DON'T ABUSE IT ! There are several potentially risky things to remember when Beige Boxing. Apart from the case of a mild electric shock , there are some things to take into account. Here are essential ideas to incorporate if you want to avoid capture from any authorities; • Choose a secluded spot to do your Beige Boxing. Away from street lights and people. • Use more than one different phone line. The more you use, the safer you are. • Box at night if you can. Day time is too light and visible. • Don't exploit the one phone box too much, you will get caught and you don't want that. • Keep a low profile (i.e., do not post under your real name on a public BBS commending your accomplishments ). • In order to make sure no body has tampered with your output device, I recommend you place a piece of transparent tape over the opening of your output device. Therefor, if it is opened in your absence, the tape will be displaced and you will be aware of the fact that someone has intruded on your territory . Be careful I Don't abuse it otherwise you WILL get busted... This file can be downloaded along with many others at: http://homepages.iol.ie/-cronus ~ = = = = = === == = == = == = = = = ==~ o SO, you want to subscribe....but you think it's TOO MUCH!? 0 o What? It's on~ t20 ayear! Subscribe NOW! 0 Q:, = === = = = = == = = = = = = = = = = = = ~ 22 2nd Quarter· Fall 1998 Blacklisted! 411 HO\\fTO BE It D£T£CTIVt: PARTl BvEvER8 Well, here I sit thumb ing thru the 1998 Stud ent Catalog from the West Coast Detective Aca dem y, and I'm thi nking to myself, w ell Hell , being a reade r of Blacklisted and THUD, I should share some of this info with other readers. So, that's wh at I'm going to do with this artid e. If you eve r thought about bei ng a detective, or jus t wan ted to know how they dig up the facts they do , then you migh t find this article usefu l. On the other hand, it may be crap. But I'll do my best to get the gooc info into this article . You should see th e shear size of the stud ent s manua l. Th is thing is huge. First , let me tell you wh at it takes to beco me low man on the totem pole of private investigators. (Reme mber this is all according to the manu als and student catal og I have for the West Coast Detectiv e Acad emy , this could be diff erent in your state. Also , don't even ask me how t got hold of this info.) The Professional Program Th e Prof es sional Progr am consists of 240 classroom hours and appr oxim atel y 144.5 Lab/Homestud y hours . This program is impacted in a 10 week per iod that consi sts of two 3 hour classe s, four days a wee k. That doesn't sound too bad, now does it? Well , all that, AND a $5000 dollar tuition . Not to mention you must own a 35 mm camera . If you don't, you must purchase one. I am going to list the Code of Ethics for investigators ju st because it makes for interesting reading . Code of Eth ics Each and every member of the California Ass ociation of Lic ensed Invest igators, Inc ., sub scribes to and circum scribes his or her activities accord ing to the princip les set out in this Code of Ethics. It's new! It's different! It's a HACKERS MAGAZINE! T.H.U.D. The Hackers Underground Digest Check it out! That's right. Your eyes aren't messing around with ya. From the same people who brought .. Blacklisted! 411, comes a brand new hackers zine with all new stuff. Inside THUD Magazine, you'll find more technical hacker info. It's got a neato color cover, too. THUD Magazine P. O. Box 2521 Cypress, CA 90630 BllICklisted! 411 2nd Quarter· Fall 1998 23 Duties of Investigators in Civil and Criminal Cases The prima ry duty of an investigator engaged in either civil or criminal cases is to determine the true facts and to render honest, unbiased in reference thereto. Duty to a Client The best interests of a client may be served by maintain ing a high standard of word and reporting to a client the full facts ascertained as a result of the work and effort expended whether they be advantageous or detrim ental to the interest of the client, and the nothing be withheld from said client save by the dictates of the law. It should be bome in mind at all times that the duties of the investigator should be within the bounds of the Jaw and do not permit, much less deman d of him, any , violation of the law or any manner of fraud. Duty to the Public and to the Profession An investigator or security professiona l should at all times maintain a high standard of conduct, personally and professionally, that may serve as a good example to others . Confidence of a Client The duty to preserve the client's confidence outlast s the employm ent of an investigator, and extends as well to his or her employees ; and neither of them should accept employment which involves the disclosure or use of the confid ence for the private advantage of the client without his or her knowledge and consent , even though there are other available sources of informat ion. An investigator should not continue employment when he or she discovers that this obligat ion prevents the performance of his or her full duty to his or her former or new client. Advertising . The most worthy and effective advertising possible is the establishment of a well-merited reputation for professional capacity and fidelity to trust. This can only be built by character and conduct. The solicitation of business by misleading advertising is unprofessional and is prohibited . Retainers and Fees Controversi es with clients concerning compensation can be avoided by the protection of some form of written agreement or letter. It should never be forgotten that the investigation business is a professional and all financial dealing s with clients should be handled on that basis. Alrigh t, on to the good shit. The first part of this article will talk about Auto Accident Investigation . You probabl y won't even need to know this.. but I found it interesting , and some of you might as well too. So on with the show. The following is an outtine and general info about Auto Acc ident Investigation. 1. Investigator should know the facts of the case and what the case is all about. 2. Once you get wijh the witness, have the witness give a narrative of what happened and we would ask some questions throughout that and then we would draft a statement from that. 3. A statement should have a name and address, both work and home, and it should start that the statemen t is given without duress , freely, and to the best of their recollection . 6.500 MHz "Red Box" Crystals BLOWOUT ECS gUARTZ CRYSTALS PRICES! We've been selling the 6.500MHz crystals for several years now! This is the very notch filter used to receive The Disney Channel on Paragon Systems in Southern California . They try to charge $150 for this suckerl Order YOURS TODAY! $20.00 + $2.00 s/h PVS If you need Zemth Remotes. we got 'em' P0 B 1032 If you need those hard to find 6 500MHz Xlals, we gal 'em' • • OX If you need channel 21 (Disney) notch filters. we gal 'em' Los Alamitos, CA 90720 If you need '1 CALL US TODAY' . 24 2nd Quarter - Fall 1998 Blacklisted! 411 4. The statement should also have a friend or family member's name , phone number and address in case the witness moved or could no be reached. If a witness were needed two or three years down the road, this relative or friend would always know how 10 reach them. 5. Where was the witness in relation to the accident. It is best to draw a diagram of the accid ent location. Have Ihe witnes s show where they were at. Attach this rough diagram to the statement and have them initial the diagram so that this can be referred to later. 6. What were the weather conditions like? Raining, clear, cloud y, overca st, fog? Anything that might have affected the accident. 7. Were the streets wet or dry? Note either way. The whole purpose of this, either negat ive or positive, is so that this factor cannot be changed later. 8. Were there any obstructions to your view of the accident? Many times later they will try to come up with something . g. Did either party try to avoid the accident ? 10. Where was each car when the witness first saw them. Note this on the diagram or have the witness follow this through in the narrative where they first saw P-l or P-2 or however it is noted on the police report and identify them as per the police report either by type of car or color. Ultimately, identify them so that the witness can say yes, P·l is the same car they are talking about. 11. Did you talk to either driver? Did either driver admit fault in the accident? What did you overhe ar? 12. Was either driver showing signs of alcohol or drugs? Any type of foreign substance? What was their mannerisms? Note any slurred speech, erratic behavior, troubl e walking or blurry eyes, even if they didn't think they were on alcohol or drug s. If there were no signs of alcohol or drugs , also put that in the statement. 13. Where was the damage to each car? Have the witness describe and estimate the dam age and the cost of to the best of his ability. 14. Were there any defects or blockage to view that contributed to the accident. 15. Did either car violate any laws? Such as, a stop sign, stop light . were they speeding? Estimate the speed of each car. Use a high and low. Have them put between 40 and 55 or 55 and 70. If most people try to put down a particular speed, obviously they couldn't put that in, it would discount their testimony. But if it is a high and low, it is much more effective. 16. Did either car show any defects, such as bad tires, prior dama ge that might have helped contribute to this accident? 17. If it was a multiple car rear-ender, where was the damage to each car and who caused the accident? Was there contributing factors? Such as another car stopping fast in front and causi ng a chain reaction . One of the important points of rear-ender is to determine if the last car caused the accid ent. Many times they will try to say that they were hit by another car. if they don' have damage to the rear , that is an important factor . 18. If the witness is a passenger in the accident car, how fast was the car going? Wa s the driver distracted? Was the driver wearing a seatbelt ? Did the driver contribute to the accident? Did the driver have a chance to avoid? Did anything obstruct the driver's view? 1g. Ask the witness , in his opinion who caused the accident and could it have been avoided ? 20. Was either driver cited? Welp , thats alii have time for right now .. check back next issue for more detective type information or whatever you wanna call it :) Peace out. I::::> ~ t== <::::::::::.<:::::::> ~ Voice Bridge 801 -855 3326 Free VMBs - 2 Voice BBS Sections - 5 Voice Bridges Up to 8people on abridge at once/Daily meeftngs start around 6pm PST A good place to meet before you start your evening activities Blacklisted! 411 2nd Quarter - Fall 1998 25 Central Office Operations AT&T5ESS The End Office Network By LineTech This information contained in this text is correct to the best of my knowledge. There are many different sources from manuals and books to actually being in the Central Office Environment and gaining a hands on knowledge . This is a general overview of the central office updated to 1998. There are many different equipment configurations possible , however the ones given here are generally used in most class 5 end-office CO·s. I'm basing this article around the 5ESS since it is the switch I was in today and the one I'm most familiar with . OUTSIDE PLANT This Is the facilities between the subscribers Minimum Point Of Entry (MPOE) and the central office Main Distribution Frame (MDF) . CO CABLE VAULT All of the cables from other offices and from subscribers enter into a room called the cable vault. This vault is always located underground beneath the CO building . The cable vault is located at one end of the building . The width of the cable vault depends on the size of the building and the amount of cables entering it. Cables enter through duets in the wall. These ducts lead to manholes. After entering the cable vault, are racked and plugged with pressure plugs. This is because all cables leaving the CO are under several pounds of air pressure applied right before they leave the vault to keep moister out of the cable sheath. Beyond the pressure plug on the CO side of the cable , the cable is spliced into special splice enclosures that distribute the 3600 pairs into their 100 pair complements. Each of these 100 pair cables are then feed through the ceiling of the vault through shafts that lead to the frame room. Each of these cables contain of an average of 3600 twisted pairs . This equals 3600 telephone lines. The amount of cables obviously depends on the size of the office . Other cables such as fiber optic , coaxial (broadband), interoffice and local subscriber lines enter the central office through the cable vault. FRAME ROOM The main distribution frame (MDF) is where the 100 pair cables are separated into individual pairs and attach to conneclors. The main distribution frame runs the length of the cable vault directly above it, from floor to ceiling . There are two sides to the main distribution frame, the vertical side and the horizontal side. The vertical side is where the outside wiring attaches to connectors and is feed through the protector fuses (heatcoils). From there, the tip and ring of each pair is cross connected to the horizontal side where the hard-wired connectors to the switching system are located . These hard wired Multi-conductor cables run from the connectors to the physical location of the switching equipment (also referred to as the Office Equipment (OE). Technicians have access to COSMOS (the phone network mainframe) and receive printed information regarding cable and pair and "OE" (Office Equipment) . With this informat ion they find the line on the vertical distribution frame and on the horizontal distribution frame connectingl deconnecting services as indicated. The vertical distribution frame side is marked by cable and pair. The horizontal distribution frame varies in format depending on what type of switch it is going to be connected to. An example would be a Special Services line would be routed to different swilching equipment than a regular POTS line. CENTRAL OFFICE BA TTERY ROOM The central office battery room is a special room set up to house the office battery. Inside are racks containing what looks like oversized car batteries . These are the wet cell batteries of the CO. Together provide power to the copper lines. Copper facilities idle at -48 volts DC current. The current drops to -6 to -8 volts DC when dial tone is requested (by . picking up the phone). The current spikes to around -90 volts DC when ring is sent. T1 lines use around -130 volts DC. The output on copper wire is only about 15 milliamps from the Illl(~I{ rrIII~ "TOIll..n, frame. However at in the CO battery room there is an average of 1400 ampsl Ouch, 2 amps can kill a human . SWITCHING SYSTEMS 1I1l1lV! The 5ESS® Switch (by Lucent Technologies) 26 2nd Quarter· Fall 1998 Blacklisted! 411 "The 5ESS® Switch is a most flexible digital exchange for use in the global switching network. Digital switches replaced earlier electromechanical and analog switching systems. The 5ESS® equipment switches ISDN voice and data, local voice calls, long distance calls, Internet access, wireless PCS, Advanced Intelligent Network services, interactive video and multimedia services...moving any media on the public switched network. This means the 5ESS® Switch provides the system, services and software to transform current networksinto multi-functional networksthat meet the needs of today's home, businessand community. By 1992, the next generation 2000 Switch was created at Bell Laboratories and added to networks worldwide . A digital switch is a single system with multiple applications such as local, toll, operator services. The switch architecture is a modular,distributed architecture with an administrative module, a communications module,and a varying number of switching modules that provide the major processing power in the total communication system. This switch design will allow network providersto offer their customersvoice, computer,fax, data, and visual services. FCC (Federal Communication Commission) required quality monitorlng process has shown the 5ESS® Switch is highly reliable, in fact the 5ESS®-2000 switch is four times more reliable than its nearest competitor. Today the 5ESS® switch is considered the workhorse of the public telecommunications network in the United States with its lower life cycle costs and its proven record of reliability. Modular Design Advantage An advantage, when deploying the 5ESS® Switch, continues to be its modular design. This modularity allows for ease of implementing ongoing enhancements and allows service providers the ability to change their communication network quickly. The value of the current 5ESS® Switch modular architecture and the ease with which is adapts to new technologies has been repeatedly demonstrated. Administrations can deploy new 5ESS® Switches in their network, only to find their business requires additional hardware modules and the associated software releases. The new hardware can easily be added to the network's standard growth and modernization plans. The result is an easy, effective, and economical upgrade to a 5ESS®-2000 Switch without service disruption. Telephone administrations are often concerned with: • Increasing busy hour call completion capacity • Minimizing floor space requirements • Enabling growth in small increments • Integrating multiple applications in one exchange • Reducing power consumption and operational costs The 5ESS®-2000 Switch architecture and software addresses each of these concerns. Economical access to advanced services via the 5ESS®-2000 Switch can be provided to all subscribers no matter where they are located; in metropolitan, suburban or rural areas. Blacklisted! 411 2nd Quarter· Fall 1998 27 A Distributed Arc hitecture The 5ESS®- 2000 Switch also features a distributed architecture that employs modular components in all systems and subsystems. This readily accommodates a broad array of growth and configuratio n options that allow you to easily and economically evolve your network as subscriber demand grows . This flexibility enables you to maintain your competitive edge whilesaving on sparing. training and documentation. Internet Capacity Reliability and customer satisfaction are especially important with respect to internet services, since the extensive growth of the Internet has caused an increase in network blockages on existing central offices. However, a new capability which Lucent , refers to as Project Renaissance, helps service providers avoid this problem in a least costly fashion . Today the 5ESS®-2000 Switch is the first switch to handle both wire line and wireless t raffic. Project Renaissance will modernize and consolidate central offices and networks by using the SM2000 with Digital Network Unit -- SONET·· and the Access Interface Unit to provide increased trunk and line capacity for the service provider's network. Project Renaissance also reuses some existing central office equipment. This increased capacity affords opportunities not only for a lower cost structure and simplified network operations, but also a better grade of service with less probability of internet and voice calls being blocked as a result of high internet hold times. Access Interface Unit (AIU) - A new cost-effect ive non-blocking line unit for the 5ESS® Switch that will be generally available in 1996. This line unit initially supports enhanced performance and reduced operational costs for analog connections, but will also support ISDN and ADSL in the future. ISDN PRI Expansion - The 5ESS® Switch SM·2oo0 can be expanded to handle more PRI terminations in 1996. This capability will lower service provider operational and first-time costs. Provisioning Solutions • The Switch Element Manager Operations Systems will shadow a switch's translation/feature database, making it easier and faster to provision ISDN lines without placing strain on the embedded switch call processors. In early 1997, addili onal Applications Software will be made available to further enhance the ISDN provisioning process. Provisioning audit services are available to pinpoint trouble spots . Small Exchanges and Remote Capabiltties Remote line unit s can support basic and supplementary services and ISDN capabilities. Remote switching systems provide all the duplex switch services of the host exchange and can sustain complete stand alone functionality if remote-ta-host facilities are out of service. Small autonomous exchanges, like COX and VCDX, are configured to support exchange sites where deployment of remotes may be unsuitable. In addilion to typica l host exchange configurations, the 5ESS® Switch offers full service remote switch solutions and interchangeable models to configure the smallest to the largest exchange sites. This simplifies training, documentati on, and spare parts while increasing flexibility and services. No longer must network providers procure differing systems for small sites versus large metropolitan exchanges. Over the past seven years the switch has increased busy hour call capac ity more than fivefold . The architecture lets the switch add processing power as needed to add extra call capacity. A network service provider need buy only as much capacity as needed to start, then expand later to meet business demands or to bring more features to customers in their market. Thus as business expands, the service provider need only upgrade the modul es directly involved, rather than add whole new switches.' SPEC/AUDIGITAL OFFICE EQUIPMENT There are many other types of equipment found in the frame room, assuming it is a one story building. These could include: • MAARS • Lifeline 100 • Eg· 1-1DMS/ALI/ACD • T10rDS1 • X.25 • Synchronou s Optic al Network (SONET) • Lightspan 2000 (Fiber) • DS3 • ISDN (Cisco 200) • Advanced Digital Network • and much more. FIBER DISTRIBUTION FRAME The Fiber Distribution Frame (FDF) is a centralized optical term ination frame for facilitating the cross-connecting of optical fibers. This system allows the technician to connect Outside Plant (OSP) facilities to the Central Office (CO) equipment. It allows for the minimum handling of fragile optical fibers after initial installation. Individual FDF bays are placed adjacent to each other to form a continuou s FDF frame. In larger CO's, the FDF frames are interconnected to allow for utilization of all CO and asp facilities. An FDF is used to connect OSP facilities to CO equipment. Connections are flexible. They are made using Jumper/Patch Cords. Connections can be readily changed without disturbing the optical fibers or optical fiber splices. A jumper can be temporary to bypass trouble or permanently placed. In short, the FDF is a point of flexibility, allowing access to optical fibers. Pre-terminated cable stubs eliminate a splice point in the bay. Pre-terminated cable stubs meet all National Electric Codes. They are OFNP and OFNR rated. Check us out on IRC: #Blacklisted Weekdays: 2:15pm EST· 5:30pm EST Weekends: 8:00pm EST· 11:OOpm EST Dr. No w ill be hosting the IRe each evening. If the channel has not been started up by th e list ed lime, feel fr ee to stan it up yourself and wait for some others to join m. EnJOY! 28 2nd Quarter· Fall 1998 BllIcklistedf 411 @®[K]0QD~~[lllJ[ll®[K]~@0 ..........~~~ 2430 JUAN TABO, HE #259, ABQ, HM 87112 P.O. Box 23097, ABQ, NM 87192 Voice: 505-237-2073 (9.6,M.F) Fax: 505-292-4078 (all hours, orders only) WWW.tsc-global.com Add $5 total S/H (US, Canada) 10% Offorders $100+ CATALOG is$3 wIorder.$1 wI0 PostalMOis fastest VISA, MCOKCOD, add $7 Sold for educational l'urposes only See CATALOG for all Policies ~ I-NEW CATALOG FEATURES 200+ HI-TECH PRODUCTSI WILL ROCK YOUR WORLDI I' W/ ORDER, U W/O BllICklistedf 411 2nd Quarter· Fall 1998 29 1~1~J)IUllll.. fJO'TI~IlN)II~Nl' 1~IU~UIJI~Nf~Y I..IS1' DEPT of AGRICUL TURE 418.825r 415.600 input - Ch 5 Operations 418.95O 16.200 input - Ch 6 Operations r4 170.450 Otis Air Force Base, Falmouth, MA 416.375 input - Operations, Cape Cod 171.525 Waltham, MA 418.975 r417.025 input - Ch 7 Operations 413.900 Beltsville, MD Research Center Security 418.975 Simplex Ch 8 Operations 416.050 Long Island KLR757 USATIORNEY 418.700 Nationwide 418.725 Nationwide 415.850 Nationwide 418.750 Washington F3 simplex 416.175 Nationwide 418.750r input 415.600 NY 418.775 Nationwide US CAPITOL POLICE 418.800r Nationwide 418.875 Nationwide 164.625r KGD238 Washington F2 Car to Car 418.900 Bridgeport. CT 164.800r KGD238 Washin9ton F1 Dispatch 418.925 Nationwide 419.000r input 417.400 New York task force KLR710 CENTRAL INTELLIGENCE AGENCY DEA uses 156.7 hz PL when not in DVP 163.810 165.010 2.8085 X-RAY ALPHA 11.2460 165.110 4.5000 ZULU ALPHA 11.2880 YANKEE DELTA 165.385 4.9910 X-RAY BRAVO 12.2220 ZULU DELTA 165.875 Langley Security 5.0585 X-RAY CHARLIE 13.3120 YANKEE ECHO 407.800 5.2770 ALPHA 14.3500 LIMA 408.600 5.5710 YANKEE BRAVO 14.6860 PAPA 5.8410 BRAVO 14.6900 GOLF U.S.C.G. 7.3000 CHARLIE 15.8670 ZULU ECHO 7.5270 ZULU BRAVO 15.9535 X-RAY FOXTROT 162.125 LANT 7.6570 FOXTROT 16.1410 HORNET 4 164.1375 Police 7.7780 X-RAY DELTA 17.6010 X-RAY GOLF 166.225 Aircraft 8.9125 YANKEE CHARLlE18 .6660 HOTEL 171.3125 Falmouth, MAANARC Net 9.2385 X-RAY ECHO 19.1310 171.3375 Utility Network 9.4970 DELTA 23.4030 ROMEO 171.5875 9.8020 ZULU CHARLIE 23.6750 INDIA 172.3OOr Security - Boston 11.0760 ECHO 415.625 Link - Boston 419.125 Security -Boston DEPT of ENERGY US CONGRESS 4.6045 3.3350 Nuclear Transport 169.5750 Cloak Room Page - Washington 5.7510 Nuclear Transport 7.7000 Nuclear Transport DEPT OF DEFENSE 11.5550 Nuclear Transport 164.2250 Brookhaven National Lab. L.I. N. Y. Fire Dept. 167.7125 Miliary Intelligence 164.3250 Brookhaven National Lab. L.I. N. Y. - KRF255 164.1375 Dept of Defense Police . 164.750r 167.850 input Middleton, MA 165.1375 167.825r input 164.275 Brookhaven Nat. Lab. KFWl03 167.9750 Brookhaven Nat. Lab. paging - KCG827 DRUG ENFORCEMENT ADMINISTRATION (DEAl 411.3500 Germantown, MD KZW924 418.625r 416.050 input - Ch 1 Operations US ENGRAVING & PRINTING OFFICE 418.900r 416.325 input - Ch 2 Operations Central MA 418.750 415.600 input - Ch 3 Surveillance/Strike Force 172.2750 Washington Orderwire Patch System 171.3875 Washington 418.675 Surveillance - Ch 4 Strike Force cc Sales - Parts A RCADE 6AMES - Service - Custom • Video !3ame Guls...Technical Help & Info If you're looking for one of those hard to Complilte PC boards. Power Supplies. Monitors. etc Pinba ~ Ma ch ines . find arcade games, this is the place to call. We have one of the larg est ALL Pans & Supplies Buy. Sell & Trade selections of hard to find classic arcade Hard-te>-Firi Games d Hugefarts W: rehouse a -c, . .... ~ . games and pinballs. If you're looking for > ,,'x -, ,~._ New 'lIld Used Parts .• :._c a part or y ou just want an arcade game for Full ~9rviceRepair Shop. :' '' \..- .~ > ", .: your business site or for home use, give CustomWork -CALL .- , -'1, .... •. . , -{ . us a call. Be sure to mention you saw the For It0 ME or Business Use" '\." - -") ':1_ " Quotes Availab le . .... -.". '~.":.. . ,. ....':. ad here in Blacklisted! 411. -Selection of Marquee's & B~ckplaleS' -- - -- Eldorado Games, Ltd. . 911 S. East Street, Anaheim, CA 92805 Voice (714)535-3300 Fax (714)535-3396 Blacklisted! 411 2nd Quarter - Fall 1998 31 GENERAL SERVICES ADMINISTRATION 163.800r input 164.55 163.850r input 167.4175 Blue/ECC2 - KGB750 Federal Protective Service 163.8625r input 167.5375 Black/ECC - CT Tactical 163.8875r New Haven F5 KEX600 413.875 Boston Pagers 163.9125r input 167.150 Black/ECC - F1 414.8500 Washington F3 163.9125 Washington simplex F3 - KGB770 415.200r Washington F1 Security - KGC253 163.9125r input 167.5125 ECC1 - Washington 415.2000 Washington simplex F2 163.925r F5 417.200r input 415.2 - Boston 163.9375r New Jersey KEX620 417.200 Boston simplex 163.950r input 167.4625 New York F3 Black/ECC 419.1750 Baltimore Security - simplex 163.9625r input 167.6625 - Maryland 163.9625 MD simplex F3 GOVERNMENT PRINTING OFFICE 163.9875r input 167.725 AXO Station - Alexandria KFQ240 164.1500 Exeter, RI simulcastw/167.6000 411.200 Washington Security 164.2250 Springfield , MA area 167.2125 New York Administration Gold F1 FEDERAL AVIATION ADMINISTRATION 167.2375r input 163.9875 Foxboro, MA 167.2500 NY F1 input 163.9875 Springfield, MA 162.2750 Washington, DC HQ 167.2625r input 162.975 Exeter, RI Westfield, MA WWLP 165.5000 Dulles Airport Police/Fire Operations 167.2875 CT simplex car-car MA active in Worcester, MA 165.6625 National Airport Police 167.3000 NY Blue 165.7125 Dulles Police - Access Highway Net 167.3125r Boston Tactical F1 166.1750 New York link 167.3375 CT simplex Car-Car 167.1755 input 165.6125 New England Network 167.3600 Baltimore F2 169.2625 Dulles police 167.3625r Boston Area "CENTRAL" 169.3250 Dulles police Mobile Lounges 167.3750 New York Administration simplex Gold 172.850r 169.25 input Safety Operations - Cape Cod 167.3875r input 163.8875 Stamford , CT 172.950r 169.35 input Safety Operations - Boston 167.3875 RI Car-Car 408.8250 Washington, DC HQ 167.4000 NY F2 410.9000 Washington , DC HQ 167.4125 MA Bank Robbery Task Force 167.4250 New Haven F1 FEDERAL BUREAU OF INVESTIGATONS 167.4375r Boston, MA 167.4500 Baltimore link on 414.35 F1 9.2400 Mhz 167.4625r input 162.950 Fall River, MA 10.5000 167.4625 New York Gold F3 Administration 162.6375 167.5125 input 163.9375 Hartford, CT B3 "800" 163.425 167.5250 KEX620 New Jersey F1 163.925 167.5375 KEC270 New York Gold F4 Administration 163.725r input 167.3375 Black/ECC - F2 N.Y. KEC270 167.5625 Nationwide simplex F4 163.775 167.6000r RI Simulcast w/164.1500 "TI~',rl~ .,0'1' S.»II~ .,00)) S'l'(JPD 1i'01l YO(J! ECS gU.4RTZCRYST.4LS S,.if"'oho"'" 0,..";" 11"",. bat"' - \ O ~ · llF'S: F~¥ 1.,....._ A, C"1 15 0 W"@ · 25't. :I. 100 W'\ I,,". fi' 'C '" ' 10"1: 0 ';".1 0": I",W This is the very same crystal used in making a Retj Box. We've got both 6.500Mhz and 6.5536Mhz crystals. Opens up all Nintendo game un its and cartridgesI We know you may want one or the other 3.8mm typically fits the cartridges. depending on your particular project. 4.5mm typically fits the game units. $4 each inc luding sh ipping. We sell j ust about any screwdriver bit you're looking for. We have the hard to find bits like security Torx (also known as tamper Torx), Scrulox (security Scrulox). Spanner, Internal and External Line Head (like the Nintendo bits above), Tri-win ,Securi Hex, S line and Pozi Drive, Most bits are $12"$15 each. Our !lelt selling ~o piece screwdriver hit set isnow IVQilQhle lor 140 including shipping to Qnywhere in the U.S. Theset includes 9 security T hits from m through TT4O, 7 security Hex hits from S/64' through 1/4', 4 security Scrulox bits from S-O one through S-~, 8 mndQrd pieces, covered ~utic cue wI Qnice hQndle lor QII of the bits. This isInextremely hQndy toolset! 6.50Mhz Crystals EPROM Programming Unusal web site listing Tool bits(includingsecurity) 6.5536Mhz Crystals Auction Booklet T-sh irts other interesting stuff.... TfJ FIIID tHI'I MtIRE AIfHITAllY S1E&IFI& JIIlOIHI&T 1ft'1M.,.. fIUASE &IIf&/{ OUT tIUR ADS III TIlE &WIIFIEtJ SE&T1fJ11 (JF THIS . . . .11",. ' TCE Information Systems P.O. Box 5142 Los Alamitos. CA 90720 32 2nd Quarter · Fall 1998 Bl/lCklistedf 411 167.6125r input 163.9875 Paxton, MA - NH 167.6500 New York Red F2 surveillance U.S. Customs 167.6625r input 162.7625 Federal Bldg, RI KCB801 167.6875r input 164.350 New York Blue F2 162.8250 Operations 167.7125r input 162.950 Providence, RI Cl 165.2375r input 166.4375 - Operations Ch.1 NY KAE310 167.7375 input 164.8625 New Haven, CT B8 input 166.5875 - Operations PA Sector 167.7625r input 162.950 Shannock, RI 165.2375 simplex Ch.2 167.7750 New Yorl< Blue Fl 166.4625 USDT Common - X-Ray Ch.3 167.7875 New Haven, CT car-car 165.7375 Tactical Ch.4 168.875r input 163.8375 Hamden, CT WTNH Tower A5 165.46·25r input 166.5875 USDT CommonUniformPatrol Div 169.950r input 163.9375 Sterling, CT 165.8500 Tactical simplex input 163.8875 Bozrah, CT 171.2500 Nationwide wlUS NAVY ships 171.1750 Aeronautical Surveillance 2808.5 X-ray Alpha 11246.0 412.4500 Montville, CT link to 169.950 Repeater 4500.0 Zulu Alpha 11288.0 Yankee Delta 412.5250 North Stonington, CT iink to 169.950 Repeater 4991.0 X-ray Bravo 12222.0 Zulu Delta 413.6250 unknown use 5058.5 X-ray Charlie 13312.0 Yankee Echo 414.0750 Trumbull, CT UHF link Repeats 167.5625 5277.0 Alpha 14350.0 Lima 414.1000 Suffolk, NY link 5571.0 Yankee Bravo 14686.0 Papa 414.2500 Washington, DC link F5 5641.0 Bravo 14690.0 Golf 414.3500 Baltimore link to Fl - 167.450 7300.0 Charlie 15867.0 Zulu Echo 414.3500 Suffolk, NY link 7527.0 Zulu Bravo 15953.5 X-ray Foxtrot 414.4000 Long Island, NY 7657.0 Foxtrot 16141.0 HORNET 4 414.4750 reported link, unknown use 7778.5 X-ray Delta 17601.0 X-ray Golf 414.9500 Washington link for KGB770 8912.5 Yankee Charlie 18666.0 Hotel 419.2750 Washington Fllink 167.400 9238.5 X-Ray Echo 19131.0 419.3500 reported link, unknown use 9497.0 Delta 23403.0 Romeo 419.4000 Alexandria, V.A.link for F3 163.9875 9802.0 Zulu Charlie 23675.0 India 419.4750 Suffolk, NY link 11076.0 Echo (khz) Unknown Killingworth, CT link Rcvr for 168.8750 Repeater Secret Service The FBI uses a 167.9hz PL tone when not in DVP 32.2300 Washington to Camp David link - Able UNITED STATES MARSHALLS 164,1000 Presidential Protection - Victor 164.4000 Nationwide - Papa counterfeit operations 163.200r input 163.8125 - Ch 1 Operations 164.6500 Nationwide - Tango 163.200 Simplex - Ch 2 Operations 164.8875 Nationwide - Pres. Limo & Exec. Family - Oscar 164.600 input 163.8125 - Ch 3 Vehiclular Rptrs 165.2125 Nationwide - Mike, local Field Office operations 164.600 Simplex Operations Ch 4 165.375r input 165.7125Nationwide - Charlie 163.8125 Air Mobiles. 165.650r input 166.640 Baltimore FO KGC942 162.7125r 170.800 input 165.6875 Nationwide - Alpha 165.6875r Washington FO U. S. BUREAU OF PRISONS 165.7875 Presidential I ViP Escorts - Baker 166.2125 Nationwide - Hotel 170.875 Ch 1 166.4000 Nationwide - Golf 170.925 Ch 2 166.5125 Nationwide - WHCA - Sierra 170.650 Ch 3 166.7000 Nationwide - WHCA Staff - Quebec 167.0250 New York - WHCA & SS - November U.S. DEPARTMENT OF TREASURY 167.8250 Nationwide - WHCA Staff - Kilo 168.7875 Nationwide - WHCA Staff - Lima Internal Revenue Service (IRS) 169.9250 Nationwide - Delta - WHCA 170.0000 Washington - Presidental Aide Paging System 166.4625r input 166.5875 USDT Common 171.1875 Washington - Security Force 165.950r input 167.00 CID Operations Ch.1 407.9250 Washington - India - Guard Force 167.000 CID Operations simplex Ch.2 162.6875 Yankee AF1 uplink trom Crown (WHCAl 165.950 CID Operations simplex Ch.3 171.2875 Zulu AF l downlink to Crown 166.000r input 167.10 IRS Investigations Ch.1 407.8500 Echo AFl uplink trom Crown (WHCA) 166.000 simplex Ch.2 415.7000 Foxtrot AFl downlink to Crown 418.225r input 414.700 CID Operations Ch.l 418.225 CID Operations simplex Ch.2 USDT uses 103.5 hz PL when not in DVP 418.175 CID Tactical Ch.3 414.700 New York Metro link to 418.225 FEDERAL COMMUNICATONS COMMISSION Long Island - shared wI ATF 418.175 New York - shared wI ATF 167.050r 172.05 input - Nationwide - Field Op.Bureau 418.200 New York - shared wI ATF 418.225r input 414.70 New York - BrooklynlLong Island IMMIGRATION Bureau of Alcohol, Tobacco and Firearms (ATF) 163.750r Boston 123.0 hz PL 163.6250r Nationwide 165.2875r 166.5375 input - Operations Ch.1 163.6625r Nationwide 166.5375 Tactical Ch.2 163.675O input 169.675 - Richmond, KAD210 r 165.2875 simplex Ch.3 162.975Or New York 166.4625r 166.5875 input - USDT Common Ch.4 166.4625 simplex - X-Ray FEDERAL DISASTER NETWORK 165.9125 Operations Ch. 5 165.3500 Local Office 170.200 414.7000 Nationwide shared wnRS 167.975 Nationallnteragency Emergency Network 418.1750 Nationwide shared wnRS 418.2080 Nationwide shared wnRS 418.2250 Nationwide shanedwnRS 418.2500 Nationwide shanedwllRS (Continued on page 50) Bluklisted! 411 2nd Quarter - Fall 1998 33 CELLULAR TELEPHONE. Reprogram from your computer, Motorola bag changed in minutes. Compare, ours is at a much lower cost. Software & manual $199. Loader phone available. Voice or FAX (903)389-8352. Call now. MCN/SA. EPROMS COPIED We have an EPROM duplication service. Give us your original and we can make as many copies as you'd like. We Specialize in older 2516, 2532, 2716, 2732, 2764, 27128, 27562 and 27512 EPROMs. We also do Bi-Polar PROMs, as well. $6 per copy includes the copy service, the material (any of the part numbers mentioned above) and return shipping. Bi-Polar PROMs may be slightly more or less in cost. 15% discount on 10+ copies. 20% discount on 25+ copies. Send prepaid orders (with master copy) or inquiries to: TCE Infomn ation Systems, P.O. Box 5142, Los Alamitos, CA 90721 CELLULAR EXTENSIONS, SEND US YOUR PHONE or buy a new or used phone from us! Proof of line ownership required. We have phones from $129. Call for a list of available models, we program many different brands including all Motorola, same day service. Orders only: (800)457-4556, inquiries to: (714)643-8426. C.G.C. CELLULAR PROGRAMMING CABLES: For Motorola Flip Series $100, 8000/Brick Series $150, Mobile/Bag: $100 (includes handset jack, the only way to program Series 1). Panasonic and Mitsubishi Cables $100. All cables are high quality, professionally assembled and guaranteed. Guide to. Cellular Programming, everything you ever wanted to know, correct wili ng diagrams, troubieshooting, etc.: $45. Other accessories and programming software available. Inquilies to: (714)643-8426, orders only to: (800)457-4556. C.G.C. SCANNER MODIFICATiON HANDBOOK. Big! 160 pages! More than 20 perfomnanceenhancements for PRO-2004 and PRO-2005. Restore cellular, increase scanning speed, add 6,400 memory channels, etc. Step by step instructions, photos, diagrams. Only $17.95, + $3.50 hipping ($4.50 Canada). (NYS residents add $1.38 tax.) CRB research, Box 56BL, Commack, NY 11725. Visa/MC welcome. (516) 543-9169. "I LOVE TOXIC WASTE" T-SHIRTS Now available.Red on white. Available in Large and Extra Large. $16.95 each. TCE SCAN NERS AND SECRET FREQUENCIES. Best selling Infomn ation Systems, P.O. Box 5142, Los Alamitos, CA 90721 new 320 page book covers scanning from A to Z. "Useful. SIX DIGIT LED CLOCKS (with seconds); AC powered, highly knowledgeable. and readable" (Popular Communications). accurate. Several models. Free catalog! Whiterock "Wry. cynical. and immensely entertaining" (Paladin Press). Products, 309 South Brookshire, Ventura, CA 93003. (805) "A must for the radio monitoring enthusiast" (Radio Monitors 339-0702.-9169. of Maryland). "An enormous collection of infomnation...plenty COMPUTER REPAIRS for Atari, Commodore , Coleco, of great reading" (Monitoring Times). "You can't miss" SinclairlTimex, Osborne, TI, TRS-80 and IBM compatible. (American Survival Guide) . "A high point of scanner Reasonable flat rate plus parts and shipping. Buy/SelifTrade/ publication" (RCMA).Only $19.95 + $3 S&H. Check. Money Upgrade. SASE appreciated. Computer Classics, RT-1, Box Order to Index. 3368 Governor Drive. Ste. 273-N, San Diego. 117, Cabool, MO 65689. (417) 469-4571. CA 92122. Credit cards only, 800-546-6707. Free catalog of CELL PHONE cloning for the guy who has (two of) insider books on scanners, cellular. eavesdropping, cable. everything. Must have current service contract. For more much more. info, call Keith (512)259-4770. 6426, Yuma, AZ 85366-6426. COIN-oP VIDEO ARCA DE GAMES. Repairs, parts, boards, BUILD A RADAR JA MMER out of your old radar detector. accessories, and empty cabinets available for all your video No electronic knowledge needed. Only $9.95 + $2.50 S&H game and pinball needs. Largest selection available in the Call 24fr. for easy step-by-step plans. 1-800-295-0953 Visai United States. Eldorado Games 911 S. East St. Anaheim, CA MCiDis. 92805 or call (714) 535-3300 FAX (714) 535-3396 cYCE CLASSIFIED .IrLaA.D..I:I ... ADVERTISING RATES/ Subscribers get ONE FREE 10-line ad per issue . Each additional line - $1.50 Non-Subscriber rates are as follows: 2-line ad - $5 per issue 5-line ad - $10 per issue 10-line ad - $15 per issue 20-line ad - $20 per issue 34 2nd Quarter - Fall 1998 SEARCH AND SEIZURE. What you need to know befor~ FM STEREO TRANSMITTER KIT. Transmitter broadcasts they knock on your door. Send $8 to Veritas Publishing P.O. any audio signal from a CD player, VCR, or cassette player to Box 14137 Pinedale, CA 93650. FM stereo radios throughout your home and yard. Uses the SCIENTIFIC ATLANTA 8580 $225, 8570 $250, 8550 $150, unique BA1404 IC. Tunabl e across the FM band, runs on 1.5 8500 $120. Will program your 8550, 8500 EAROMS for to 12 volts CD. PC board/components. $24. Visa/MC. $7.50. Cable security key gets past collars $25. Add $5 TENTRONIX, 3605 Broken Arrow, Coeur d'Alene, 1 083814. shipping. No TX sales. Send money order to: K. Perry, PO (208)664-2312. Box 816, Leander, TX 78646-0816. Phone: (512)259-4770. CB RADIO HACKERS GUIDE I New! Big 150 pages; HEA R NON-COMMERCIAL SATELLITE RADIO programs pictorials. diagrams, text. Peaking, tweaking and modifying right in your area without the use of a dish or any other 200 AM and SSB CB radios. Improved performance, extra expensive receiving equipment. Thousands of these capabilities! Which screws to turn, which wires to cut, what programs are operating today across America. Programs components to add: Cobra, Courier, GE, Midland, Realistic, may include talks shows, weather, sport events, news feeds, SBE, Sears, Uniden/President. $18.95 + $4 S&H ($5 financial reports, music programs and data ports. This Canada.) NY State residents add $1.96 tax. CRB research, technology is received through a high tech. SCSRT1 card. Box 56BL, Commack, NY 11725. Visa/MC accepted. Phone Find out today what you have been missing! (800) 944-0630. order M-Tu-Th-F, 10 to 2 Eastern time. (516) 543-9169. Credit card orders accepted. TRUE TAMPER·PROOF Security Screw Removal Bits. The USED CELLULAR HANDHELDS: Panasonic EB3500 super tonekit includes: T-10, T-15, T-20 & T-25. Complete set portables, includes a battery (but no charger) forty number for $19.60. TOCOM 5503 bit $8.95. l OCOM 5507 bit alpha memory, good working order, available as an extension $19.95. Zenith PM/PZ-1 bit $10.95. Jerrold Starcom bit to your existing line for $279, or as is for $129. Orders only: $19.95. Pioneer (oval) bit $23.95. Oak Sigma (oval) bit (800)457-4556, Inquiries to: (714)643-8426. C.G.C. $23.95. Security Screws available. Tamper-Bit Supply Co. TIRED OF SA TEST KITS with marginal or inconsistent (310}866-7125. performance? , 21st Century Electronics and Repair CELLULAR RESTORATION on your 800 Mhz scanner guarantees peak performance with 40-pin processor kits. performed expertly for $40 including return shipping. New, more flexible program with additional features puts Guaranteed. Offer expires soon. Keith Perry, 607 Osage Dr., others to shame. Price $49 each or 5 for $233. 1st time PO Box 816, Leander, TX 78641. (512) 259-4770. offered. (404)448-1396 6.500 MHZ CRYSTALS $4 a piece, 50 for $115, 100 for ADVERTISE IN BLACKLISTED! 411 Reach thousands of $200. Add $3.00 for shipping. Send checks to C. Wilson, P.O. readers in the US, Canada. Japan, the UK, Australia, and Box 54348 Philadelphia, PA 19105-4348 elsewhere. Join our long list of satisfied clients who have GET THE ULTIMATE CD·ROM I The virus-base contains made Blacklisted.411 their vehicle for reaching customers. thousands of fully functional computer viruses, virus Call 714-899-8853 and request our rate card information. construction toolkits and virus related info. $99.95 + $7.00 FEDERA L FREQUENCY DIRECTORY I Kneitel's "Top express shipping. Better hurryl American Ea91e Publications, Secret" registry of government frequencies, New 8th edition. P.O. Box 41401, Tucson, AZ 85717. 268 pages! FBI, DEA, Customs, Secret Service, BATF, HACKERS '95 THE VIDEO by Phon-E & R.F. Burns: See Immigration, Border Patrol, IRS, FCC, State Dept.. Treasury, what you missed at Defcon III and Summercon 95! Plus, our CIA, etc. & surveillance, bugs, bumper beepers, worldwide trip to Area 51 and coverage of the "CyberSnare" Secret US military, 225 to 400 Mhz UHF aero band, Canadian Service BUSTS. Elec Cntr Measures, HERF, crypto, and listings, & more! Ultimate "insider's" directory! Standard more! Interviews with Eric BlookAxe, Emmanuel, and others. reference of law enforcement, news media , private security, VHS 90 min. Only $25 - distributed by Custom Video 908- communications industry & scanner owners. $21.95 + $4.00 842-6378. shipping ($5.00 to Canada). NY State residents add $2.21 COIN-DP VIDEO ARCADE GAMES. Parts, boards, and tax. CRB Research Books, Box 58BL, Commack, NY 11725. empty cabinets available for your projects. Cabinets available Visa/MC welcome. Phone orders (516) 543-9169 weekdays for $75. C.J. Stafford, (301)419-3189. (except Wednesday) 10 to 2 Eastern. "TAKE BACK YOUR PRIVACY" Author and Speaker Bill TV CABLEISATELLITE ("GRAY" MARKET) Hayes shows you how to stay cyber, yet stay private. Real DESCRAMBLER EXPOSE, 160pp, illustrated, with vendor world tips and examples to keep prying eyes and electrons lists for chips, parts. Law, countermeasures, much more! out of your life. Send $18.00 (I won't keep any records on you, $23.95 + $3 S/H. Check!MO. INDEX, 3368 Governor Dr., your cash, address, or checking account) plus $2.50 SH to: Ste. 273, San Diego, CA 92122. Credit cards only: (800)546- Bill Hayes, 12289 Pembroke Road, Suite 151, Hollywood, FL 6707. Free catalog of "insider" books on scanners, cellular, 33025 or leave a message at (954) 537-3792. The privacy credit, eavesdropping, much more. you preserve will be your own . . . " I'VE BEEN BLAC KLISTED'" T-sh irts now available. WANTED: FEATURE FILM JUNKIE who can access up-to- Endorsed by the Blacklisted! 411 crew. Get yours now. date FAX numbers for hot agents and/or producers & White lettering on black shirt. Available in large and extra directors. My objective: to bring to their attention my action- large sizes. $14.95 each shipped. Send to TCE Infomna tion thriller script. Can pay by the hour. (909)275-9101 Systems, P.O. Box 5142, Los Alamitos, CA 90721. THE BLACK BAG TRIVIA QUIZ: On MSDOS disk. A TO Z OF CELLULAR PROGRAMMING. Programming Interactive Q&A on bugging , wiret apping, locks, alarms, instructions on over 300 phones in a software database. Also weapons and other wonderful stuff. Test your knowledge of back door and test mode access instructions for all the the covert sciences. Entertaining and VERY educational. popular models; manufacturer's contacts, system select, lock! Includes catalogs of selected (no junk) shareware and unlock info. Just $59.95. Orders only: (800)457-4558, restricted books. Send $1.00 for S.25 disk, $1.50 for 3.5, plus inquiries: (714)643-8426. C.G.C. two stamps, to: MENTOR PUBLICATIONS, Box 1549-W, EUROZINES AND OTHER CULTURAL HACKER ZINESJ A Asbury Park NJ 07712 one-stop, cutting-edge mail-order source for over 1,000 titles. ANARCHY ONLINE A computer bulletin board resource for Beautifully illustrated 128-page catalog includes: alternativel anarchists, survivalists, adventurers, investigators, fringe science, conspiracy, Forteana, sexuality, computer researchers, computer hackers and phone phreaks. hacking, UFOs, and much more. Send $3.00 to Xines, Box Scheduled hacker chat meetings. Encrypted E·mail/file 26LB, 1226-A Calle de Comercio, Santa Fe, NM 87505. exchange. WWW: hhtp:/Ianarchy-onlin e.com Telnet: WEB SITES We have a list of hundreds of interesting and anarchy-online.com Modem: 214-289-8328 unusal web sites. Some of the sites are related to this HACK THE PLANET A new and exciting board game in magazine and some are not. Hacking, phreaking, breaking which 2-4 players race to complete a hacking mission. the law, sovereign citizenship, lasers, electonics, surplus, Please send $3.00 check or mohey order payable to CASH. credit, etc.. You have to check this out! Save hundreds of Haod-scaoned 99XX exchanges in,516 AC. Included may be hours of time by getting our list. We will provide the list on data kit modem numbers, WFNFA, SSCU, TSAC(SCC), 3-112 disk and you can load tt directly into your web browser " CO#'s, etc. Send $2.00 check or money order payable to and click on the links OR we can provide the list on paper - CASH and specify exchange. "MCI-Style" Phone Patrol hats whichever you prefer. Send $5 to TCE Infomna tion Systems, are now available! Just $18 check or money order payable to P.O. Box 5142, Los Alamitos, CA 90721 CASH. 2447 5th Ave, East Meadow, NY 11554. Blacklisted! 411 2nd Quarter · Fall 1998 35 . . ATIENTION HACKERS & PHREAKERS . For a catalog of 6.500MHz or 6,5536MHz CRYSTALS Your choice. $4 each. plans, kits & assembled electronic "TOOLS" including the No shipping charges. Send to TCE Information Systems, RED BOX, RADAR JAMMER, SURVEILLANCE, COUNTER P.O. Box 5142, Los Alamitos, CA 90721 SURVEILLANCE , CABLE DESCRAMBLERS & many other ADULT VIDEOS, We have all the newest releases for $25.99 HARD-TO-FIND equipment at LOW PRICES. Send $1.00 to plus slh or LESS. Get the latest titles, hottest names; Raquel M. Smith-02, P.O. Box 371, Cedar Grove, NJ 07009 Darian, Mrylin Star, Nikki Dial, Janine, etc. Amateur, all girls, NEED HELP TO CLEAR MY CREDIT REPORTS. Send info etc. New titles every week. For latest prices, send SASE to: to: George, P.O. Box 3564, Thousand Oaks, CA 91359-0564 E&M Adult Videos, P.O. Box 1471, Los Alamitos, CA 90720. DON'T BUY A MODIFIED CABLE CONVERTER! I'll show NEW BOOK FOR CABLE HACKING , All about the industry you what to do. Where to get parts. everything. Call 24hr.. and how to install test chips in nearly every model of decoder. 1-800-295-0953 Only $9.95 + $2.20 S&H VisalMC/Dis. Test chips available, Etc. (408)581-2380 UNDETECTABLE VIRUSES. Full source for five viruses PRIVACY ACT AND SOCIAL SECURITY NUMBER which can automatically knock down DOS & windows (3.1) LIMITATIONS , How anyone can win $10K fine for this simple operating systems at the victim's command. Easily loaded, violation of your rights. Open a bank account without aSSN recurrently destructive and undetectable via all virus detection $5 plus 3 FIC stamps. Obtain a major credit card without a and cleaning programs with which I am familiar. Well-tested, SSN (making it impossible for a bank or any institution to relatively simple and designed with stealth and victim check your credit history or records) $25 plus 5 FIC stamps. behavior in mind. Well-written documentation and live For info send $1 and LSASE to: Know Your Rights, c/o R. antidote programs are included. Priced for sharing, not for Owens, 1403 Sherwood Dr.. Bowling Green, Ky 42103. NO making a ridiculous profit. $10.00 (complete) on six 1.44MB, CHECKS PLEASE. MIO or FRN's only. 3.5" floppy discs. Money orders and checks accepted. No HOME AUTOMATION. Become a dealer in this fast growing live viruses provided! Do NOT ask. Satisfaction guaranteed field. Free information. (800)838-4051. or you have a bad attitude! The Omega Man. 8102 Furness FREE CABLE TV Cable TV Boxes: Enables you to receive Cove, Austin, TX 78753 "every pay channel" for FREE as well as pay-per-view. Stop BAD CREDIT? WANTINEED A VISA CARD ? If so, send us paying outrageous fees for pay channels. Cannot be bulleted! $19.95 (cash/check/MO) and we will send you a very useful You must call or e-mail first and tell us the "brand" and "model list of addresses and phone numbers of banks and financial number" of the cable box you have. Ex: Jerrold DPV5XXX. institutions that "WILL" work with you. Most will give you a Only $199 U.S. & $15 shipping & handling. Our units work VISA credit card regardless of your credit rating. We even with Jerrold, Pioneer and Scientific Atlanta boxes only! 30 day include a few banks that will require a deposit, just to "round money back guarantee on cable boxes! FREE PHONE out" the list a bit. For an additional $10 we will include a small CALLS FOR L1FEI NEW VIDEO "HOW TO BUILD A RED "how-to" program showing you step-by-step how to improve BOX". VHS 60 min. Complete step by step instruction on how your credit rating and dealing with creditors. You might think to convert a Radio Shack tone dialer (model 43-146) into a that your bad credit doesn't mean anything right now.. Wait red box to obtain FREE calls from payphones. This video until you need to bUy a house or a car, then you'lI see how makes it easy. Magnification of circuit board gives a great much you REALLY need to have GOOD CREDIT. So, get detai led view of process . Ot her red boxing dev ices discussed back on track. Buy our list and the how-to program and start as well: Hallmark cards, digital recording watch and more! your way back into a good credit status. Cash, check or This video will save you 1000's of dollars every year. Best money order. TCE Information Systems. P.O. Box 5142. Los investment you'll ever make! Only $39 US. $5 for shipping & Alamitos, CA 90721. handling. We sell 6.50 MHz crystals too! COD available or . FIND PIRATE SOFTWARE Learn how to find pirate software send check or money order to: East America Company, Suite on the Internet. Get thousands of dollar's worth of programs 300B, 156 Sherwood Place, Englewood, NJ 07631 -3611. for free such as Office97 and more games than you can play. Tel:(201) 343-7017. E-mail: 76501.3071 @ Compuserve.com Compl ete guide includes backgro und, tools , techniques, Free technical support! locations, and shell scripts that will find software for you! LOOKING FOR A BLACKLISTED! 411 MEETING IN YOUR Send $5.00 money order or CASH (no checks) to The AREA? Why not host one yourself? It's easy. Tell us where Knoggin Group, P.O. Box 420943, San Fransisco, CA 94121- you want it held and give us a contact name and number or 0943, USA. email address. If you want your free SUbscription, you'll need AUCTIONSI You hear about them all the time, but you've to provide an address, of course. Think about starting a never been to one? You gotta GO to one. You can buy just meeting yourself. about anything for pennies on the dollarl Cars, trucks, boats, SINGLE DUPLICATION OF CD·ROMS Send your CD and houses, electronic equipment, furniture, etc. Forget that "cars $25 and you will receive your CD and an exact copy. Wnat for $100" crap. That's a load! But, you can get some pretty more than one copy? Send a additional $15 for each awesome deals for small amounts of cash.. Our favorite duplicate. Make checks or money orders Payable tolMail to: auctions (and many of the BL411 staff) include the arcade Knoggin, 582 Merket Street Suite 616, San Francisco, CA auctions and the car auctions. Remember those arcade 94114 games you played as a kid in the 80's? Man, you can get IMPOTENCE, MA LE PATIERN BALDNESS , loss of sex some bitchen deals on those! This is only the tip of the drive, HIV patient cures. Scrip products, that work, that the iceberg. There's SO MANY things you can get for a small medical community will no tell you. For info call or send fraction of their worth. Send $5 and we'll send you a booklet SASE to S.G. P.O. Box 145, Lower Merion, PA 19010, loaded with names, numbers and places to go...You NEED to (610)348-1398 do this! You'll find out how you can attend the non-advertised SCREWDRIVER BIT SET Our best selling 30 piece auctions, which will mean better deals for you. Don't miss out screwdriver bit set is now available for $40 including shipping on all the great deals! So send $5 right NOW: TCE to anywhere in the U.S. The set includes 9 security Torx bits Information Systems , P.O. Box 5142, Los Alamitos, CA from TI7 through TI40, 7 security Hex bits from 5/64" 90721. through 1/4",4 Scrulox bits from S-Othrough 5-3 , 8 standard NO SOUND ON PREMIUM CHA NNELS? It will happen pieces, covered plastic case wi a nice handle for all of the sooner or later on your Jerrold DPBB·7 Impulse. Ask bits. This is an extremely handy toolset! TCE Information Manhatten! Soundboard brings the sound back. Best sound Systems, P.O. Box 5142, Los Alamitos, CA 90721 fix on the market. Easy to install soundboard $24.95. Easy to VOICE CHANGING ACCESSORY, Digital voice changing: build soundboard schematic, parts list and common chip male to female, female to male, adult to child, child to adult. number $34.95. Send us your unit and we will install the Use with any modular phone. 16 levels of voice masking. soundboard for $59.95. SOUNDMAN, 132 North Jardin St., Connects between handset and phone. STOP THOSE Shenandoah, PA 17976. (717) 462-1134 . ANNOYING TELEPHONE CALLS! Sound older and tougher NULL MODEMS - Download laptop: or upload to your pc the when you want to. Not a kit. Fully assembled. Use with easy wayl wi direct connect, or (DOS 6.1) Customized setup, single or multi-line phones. 30-day refund policy. Ask for free no bulky adapters, MAC or IBM compatibl es. Send $18.95 for catalog of our products. VISNMC ok. Xandi Electronics. 6ft cable, specify 25 or 9db ends, custom ok. Instructions 1270 E. Broadway, Tempe AZ. 85282-5140. Toll Free order included. P.O. Box 431 Pleasanton, CA 94566 (510)485- line: (800)336-7389. Technical Support: (602)894-0992 1589 36 2nd Quarter· Fall 1998 Blacklisted! 411 Unabomber's Manifesto Part V INDUSTRIALSOCIETY AND ITS FUTURE 40. In mode m industrial society only minima l effort is necessary to satisfy one's physical needs . it is enough to go through a training prog ram to acquire some petty techn ical skill , then come to work on time and exert very mod est effort needed to hold a jo b. The only requirements are a modera te amount of intelligence , and most of all, simple OBEDIENCE. If one has those, society takes care of one from cradle to grave . (Yes, there is an und ercfass that cann ot take phy sical necessities for granted . but we are speak ing here of mainstream society.) Thus it is not surprising that modern society is full of surrogate activities . These include scientific work, athletic achievement, human itarian work , artistic and literary creation, dim bing the corporate ladder, acquisition of mon ey and material goods far beyond the point at which they cea se to give an y additional physical satisfactio n, and social activism w hen it addresses issues that are not important for the activist personally , as in the case of white activists who work for the rights of nonwhite minorities. These are not always pure surrogate activities , since for many people they ma y be motivated in part by need s other than the need to have some goal to pur sue. Scient ific work may be motivated in part by a drive for prestige , artistic creation by a need to express feelings, militant social activism by hostility. But for most people who pursue them , these activities are in large part surrogate activities . For exampl e, the majority of scientists will probably agree that the "fulfillment" they get from the ir work is more important than the mone y and prestige they eam. 41 . For many if not most people , surrogate activities are less satisfying than the pursuit of real go als ( that is, goals that people would want to attain eve n if their need for the pow er process were already fulfilled) . One indication of thi s is the fact that, in many or most cases , people who are deeply involved in surrogate activities are never satisfied , never at rest. Thus the money -maker constantly strives for more and more wealth . The scientist no sooner solves one probiem than he moves on to the next. The long-di stance runner drives himsel f to run always farther and faster. Many people who pursue surrogate activities will say that they get far more fulfillment from these activities than they do from the "mundan e" busine ss of satisfying their biological needs, but that it is because in our society the effort needed to satisfy the biologi cal needs has been redu ced to triviality . More importantly, in our society people do not satisfy their biologicai needs AUTONOMOUSLY but by functioning as parts of an immense social machine . In contra st, peo ple generally have a great deai of autonomy in pursu ing their surrogate activities . have a great deal of autonomy in pursuinq their surroga te activities. AUT ONOM Y 42 . Autonomy as a part of the power process may not be necessary for every individual. But most peopl e need a greater o r lesser deg ree of autonomy in working towar d their goals. Their efforts must be undertaken on their own initiative and must be under their ow n direction and control. Yet mos t people do not have to exe rt this initiative, direction and control as single individuals. It is usually enoug h to act as a member of a SMA LL group. Thus if half a dozen people discuss a goa l among themselves and make a successful joint effort to attai n that goal, their need for the powe r process will be served. But if the y work unde r rigid orders handed down from above that leave them no room for autonomous decision and initiative, then their need for the power process w ill not be served . The same is true whe n decisions are made on a collect ive bases if the group making the collec tive decis ion is so large that the role of each individual is insignificant [5] 43 . It is true that some individua ls seem to have little need for autonomy . Either their drive for powe r is wea k or they satisfy it by identifying themselves with some powerful organization to w hich they belong . And then the re are unthinking , animai types who see m to be satisfied with a purely physical sense of powe r(the good combat soldier , who gets his sense of powe r by develo ping fighting skills that he is quite content to use in blind obedience to his superiors). 44 . But for most people it is through the powe r process -having a goa l, making an AUTO NOMOU S effort and attaining t the goal-that self-esteem , self-confide nce and a sense of powe r are acquired . When one do es not have adequ ate oppo rtunity to go throughout the power process the co nsequences are (depen ding on the individual and on the way the pow er process is disrupted ) boredom, demoralization, low self-es teem, inferiority feelings, defeatism, depression, anxiety , gUilt, frustration, hostility, spou se or child abuse , insatia ble hedonism, ab normal sexual behavior, sleep disord ers, eating disord ers, etc. [6] SOUR CES OF SOCIAL PROBLEMS 4 5. Any of the foregoing symptoms can occ ur in any socie ty, but in modern indu strial society they are present on a massive scale. W e aren't the first to mention that the world today seems to be going crazy. This sort of thing is not norm al for human societies. The re is good reason to believe that primitive man suffered from less stress and fru stration and wa s better satisfied with his way of life than modern man is. It is true that not all was sweetness and light in primiti ve soc ieties. Abu se of women and common among the Australian aborigines , transexuality was fairly common among some of the Americ an Indian tribes . But is does appear that GENERALLY SPEAKING the kinds of problem s that we have iisted in the preceding paragraph were far less common among primitiv e peoples than they are in modern society. 46 . We attr ibute the soc ial and psychologi cal probl ems of modern society to the fact that that society require s people to live under conditions radically different from those under which the human race evolved and to beh ave in wa ys that conflict with the patterns of behavior that the human race developed while living under the earlier conditions. It is clear from what we have already written that we consider lack of opp ortunit y to properly experience the power process as the most importan t of the abnormal conditions to which modem society SUbjects people. But it is not the only one . Before dealing with disru ption of the powe r proce ss as a source of social problem s we will discuss some of the other sources. This is all for this install ment (thank youl) ....If you want the entire text, we've got it and we 'd be happy to give it to you. Quite a few ofyou asked for this to be printed in Blacklistedl We're going to do it, only because we want to keep you guys happy, bu t there 's NO WA Y we can get this whole thing into one issue. It's HUGEl It 's beyond huge, actually, It's insanel Read some more in the nex t issue, This Unabomber dude has some strange thoughts. Blacklisted! 411 2nd Quarter - Fall 1998 37 FINAL completed Today [05-APR-98] Back again ;p It's been a while since the last one...I'1I talk more about my where -abouts at the end of this file . Let me say I'm glad to be back writing again , and I like coming back to some fairly uncharted territory for the Mac Underground . I recently made the acquaintance of a couple of up-and-comers who are keepin' the cause alive. Freaky, (#su98) runs an ambitious take over crew on EfNet. One of his peers. The Weasel. runs a very nice MacHack Hotline site at hac kadd ict.ml.ora. A regular at The Weasel's page, and the subject of atlention for th is piece, is a Mac U-G programmer named Wee Do . WeeDo is avid fan of the Mac underground, and a coder of considerable potential. WeeDo has successfuly explored a way in which the Mac U-G can 'spoof their address on the IRC from the Mac desktop ...someth ing which, to my knowledge has yet to been done. WeeDo came up with a script, which when utilized in conjunction with an exploit of a software package called WinGate, will allow you to spoof your address right through IRCle from the Mac DeskTop , no UNIX shell required .. Not too shabby in my opinion...and definitleyworthwritin about... ' To begin. we need to talk alitlle about WinGate.. WinGate is a popular Internet product from New Zealand software manufacturer Firefly, Ltd. What the program essentially is, is an inexpensive, full featured Firewall/Proxy server. You run this package on any PC running Windows 95 or NT, it makes a connection to the internet, and every computer connected to that machine via the LAN, can connect to the Internet through that machine. There in lies it's popularity . Any small business can get internet service for all the machines on it's LAN with no more of an investment than WinGate , a cheap Pentium, a fast modem, a 10/baseT card, and a dedicated Internet account. One modem,one phoneline. one internet account, but accessfor as many machines as their are on the LAN. One Hell of a money saver, which makes for one VERY popular program. On the Mac side we have a similar program called Vieam Intern et Gateway. Some of you may have heard of it. Ok...now here's the thing....we have this program called WinGate , and it's this firewall/proxy server right? Well..so what? How does it let us spoof? Well..besides being this proxy server, WinGate has a number of other facilities. They include: 38 2nd Quarter - Fall 1998 Blacklistedl 411 (from the promo sheet) ...SOCKS VS Se r ver · WWW Proxy • HTTP Ca c hi ng • Accoun t i ng . . Aud it ing / Log g i ng • Polic i es a nd Ri ghts • IT ? Ga tewa y " rre Ine e Ga te.....a y • VDOLi v e Proxy • POP 3 Proxy • Re a l Aud i o Pro xy ... Mappe d Links • Dia l On Dem d an You may have noticed in bold, referrence to a Telnet Gateway. Firefly's description of this feature is: Th e Telnet Ga teway a ll ows u s e o f Te l ne t c l i e n t s to c onnect t o r emote ser v er s . There in lies our potential spoof! Now it should be noted, that the Telnet Gateway alone , does not provide this exploit opportunity , it is the gateway in conjunction with what I would consider a complete bundling BLUNDER that makes these things 'sploitsvilles' . Keep in mind, that what we are talking about here is not really spoofing. No more so than if you were to dial in to a shell account you own, and from that shell account type: t e Lne t , and telnet from that shell account to another location . That ability is par for the course, it's been a VAX and UNIX facility since day one. The difference with WinGate is the Manufacturer saw no immediate need to set the Te/net Gateway with an access password. So in other words, anyone can access a WinGate by doing nothing more than te/netting in, no password required . And once they are in, they can use the WinGate's Telnet Gateway, unhindered . At that point they can telnet back out from the site to any other location , and it will appear as though all communications are originating from the WinGate host. Oh GOODY! >snicker< So you have but to find a WinGate, and if its configurat ion is left at default, (I.e. with no teinet gateway password set), then we can telnet in and telnet back out, for a good old fashion 'spoof t' And the icing on the cake is: not only does the WinGate package deafult to no login password, but also by default WinGat e does not log incoming connections. ;D In fact. the Lite version of this package doesn't even have a logging function . Sounds like 'sploit heaven to me! ;D O k, so now we know what we can do with WinG ates, we can use them to 'spoof our addy for a telnet connection. And when implemented properly, we can use this facility through IRCle to spoof our addy on the IRC. But first, before we can do any of that , we need to FIND a WinGate. And here's the Ping... good news: WinGates ain't hard to find! ;) Trace Route ... Your best weapon in finding WinGates is a product called Name LookUp... AGNetTools from the AGGroup...makers of fine Network Management tools . Finger .. If you don' already have AGNetTools, then get it...you need it to find WinGates, it's a helluva Network utility...and...lt's free!, Wllois .. Throughput Tool... ftP'l/ftp aggroup com/PublicJgoodies/AGNetToolsl Once you've picked it up...then•..Ioad it up, and lets get Name Scan... busy.... Port Scan .. What we need to do is scan for IPs hosting WinGates . To find Ping Scan .. them we will use the AGNetToois Service Scan to search for machines listening at port 1080. When a Service Scan is Service Scan... :., made on port 1080, if a WinGate is running on a scanned machine , it will ACK a SYN request. thus giving a service confinnation.... Network Info ... Blacklisted! 411 2nd Quarter - Fall 1998 39 Alright, we select a Service Scan. and it brings up the Service Scan window. We need to do 2 things to proceed with the scan . First we need to make sure that the port we're I: F ij an U searching for is set at 1080 (VITAL), Second we need to select a range for scann ing . [Choose I For the scan range in this example we're going to scan just a single ilm UJ) C Class C. from: 207.0.167.0 to: 207.0.167.255 This will scan a range of 255 IPs. Now normally you wouldn't be so lucky as to find a WinGate searching a single Class C. For this example we will be so 'lucky'. but only because I already did my homework. ;) Normally you will want to scan a much larger range of IPs...i.e.:. from: xxx.xxO.xxx.xxx to: xxx.xx1.xxx.xxx This will scan (I belie ve) a max Status: I ;:;; 65,025 address, (255 x 255). To my knowledge thats largest scan range AGNetTools will scan in a single session. Large r than that an NetTools will crash! ;p And if you try and scan something like 0.0.0.0 to 255.255.255.255. your machine (at least my machine) is prone to freeze up. (CACA!) But you don't need to scan a huge range to find a WinGate. A scan of 65.025 IPs will locate more than enough machin es ...mara than will fit in the Service Scan wind ow in fact , which is why I set this examp le up to on ly scan a single Clas s C. Anyway this is what our example scan looks like: Now notice, the maj orit y of the machines confirmed here. ACKed back with open UDP ports. We are NOT interested in machines with open ~ . To exploit the WinGate telnet serv er . we need to r:es have a machine with 207 .0.167 .122 rob .fgi.net an open TCP port, so we can connect to the 204.36 .0.0 204 .36 .0.0 WinGate remotely. 0 .0.2.83 0.0 .2.83 207.0 .167 .162 ntl .iml.org As you can see, only 207 .0 .167 .193 207.0.167.193 one machine 207 .0.16 7.201 207.0.167. 201 confirmed with an open TCP port : 207.0.167.206 www .oas i400 .00m 207 .0.167.206 or 207 .0 .167 .2 10 207 .0 .167 .2 10 www casi400.com. 207.0 .167.194 207.0 .167 .194 207 .0 .167 .213 207.0.167 .213 Only one....but one's enough. Now that we 207 .0 .167.218 calvin .ker asotes .oom have identified a 207.0 .167.229 capit a1.fgi.net WinGate machine. we 20 7 .0 .167 .209 207 .0 .167 .209 can attempt to lnitiate 207.0.167 .234 www .gkctheatres .com a telnet exploit...Time 207 .0.167 .237 www .heritagenet .org to bring on WeeOo's spoof script... I S1a1us: SereviD.!? Sc~n finj,sll d. e 40 2nd Quarte r - Fall 1998 BI/lcklisted! 411 . Alright. we have a WinGate. Now what? Well to get an understanding of how we're going to spoof on the IRC, we should take a second to look at WeeDo 's Spoof script. Doing so provides us some insights into how we are going to get IRCle to work with WinGate . Keep in mind that what we are calling 'spoofing', should more accuratley be categorized as some thing like telnet redirecti on. We're telnetling into an insecure WinGate, and using that Wingate's built-in Tetnet Gateway to telnet back out from that WinGate to make it appear as though our address is originating from an address other than our own (i.e. the address the WinGate is running on.) The only trick is making it all work through IRCle. If we can make all this work through IRCle, then we can in effect 'spoof from the comfort of our own Mac DeskTop...something us aid-school Mac hackers just LOVE to do ;). And sO...thats where WeeDo's script comes in handy.... Spoofer scriptsource A break down of what the script does... on 10adO t.,n applicat ion "ir el. 3 .0b" 1. First, when the script is loaded, display "Spoof. r 1.2 10ad.d.;" with color 2 it dispiays USAGE instrucl ions dIsplay" .. display ':Usag. '" with color 2 2 . Next , as normal , you connect to display" .. a serve r with the /SERVER display "1. ' / s. r v. r [wingate ip] [t.lnelporl]'" with color 2 command. The difference is that display "2 . Wait until ccnnectien ..." wi'th celor 2 instead of connecting to an IRC display "3. 'I spoof Intckl Brcserver l [ircserverpcr-t] [id.nt] [tagli".]''' with color 2 server as normal, we're going to display" .. conn ect to the Wi nGates we display ..A wonderful spoof from WeeDoJ original code by Photoman" with colo r 2 found earlier (i.e, 207.0.167.0) .,nd t.,n end load 3. Once we've Connected to the WinGate, we use the '/SPOOF' on spoof(source ireserver port, ident , tagline) J J funclion of WeeDo's script. As t.,n application "irel. 3.0b" you may be able to see, what the do "/quot... & lreserv.r & & port '/SPOOF' function does is send do "/ quot. NICK " & sour ce & .. the server our defined NICK do "/quot. USER" & id.nt & .. 26 . ." & tagl1n. & .... IRCSERVER IRCSERVERPORT .,nd t.,n IDENTand TAGLl NE, via the .,ndspcof IRCD /QUOTE command. We use the script to do this for us because, although we could use the /QUOTE command directly to send the IRC parameters through, we probably could not type the commands in fast enough to make a complete connection. We'd more than likely get: .....USER Not enoughparameters ...error. So to that extent of utility, the script is right on time for what it does. Alright, so now we have a WinGate , we know how we can exploit it, we have WeeD o script to help us along...the only thing left to do is to bring on IRCte... . If you don' have it, stop by and get the latest version of IRCle. http://www.xs4all.nll-ircle This hack only works (as far as I know) with version bl0 or better. Once you've got IRCle at hand, make sure that WeeDo's spoofer script is in IRCle's script folder. Blacklistedf 411 2nd Quarter - Fall 1998 41 • Once Ircle is loaded, we can get to spoofin '... Spoofet'" 1. 1 loaded. • To Itp oo f : Type: '/server spcc fedserver- tp port ' J.lait unt i I connect ion Type : ' / spoof yourn ic knalli the:IRCser ver thepor-t ' e R lVOMChlr f U I spoo f fra il UeeDo. or ig ina l c. CIe by O PhotolllOf'l Above is a picture of IRCle's four main panels, The Console , the Userlist, the Connections, and the input line. For sake of ease of reading we 'll show the windows seperatley from this time forth as needed ...with the exception of the console which we will show dumped to directly to the screen as a text dump. Alright, the first thing we need to do in IRCle is load the spoofer ... (console:) Spoofer 1.2 loaded... Usage: 1. '/server [wingate ip] [telnetport]' 2. Wait until connection ... 3. '/spoof [nick] [ireserver] [ireserverport] [ident] [tag line]' A wonderful spoof from WeeDo. original code by Photoman Ok...now that WeeDo's spoofer is loaded we need to go ahead and try and make a connection to the WinGate we found with AGNetTools... As you recall, we found a WinGate at 207.0.167.206, and we found it by Service Scanning port 1080. Well, we're DONE with port 1080. Time to move on to port U, the standard port for Telne!. Keep in mind, this whole premise revolves around tel netting into machine, telnetting back out of it, and into another machine running IRCD...which is little more than a worked over telnet session ...and for telnet we need port U . Here's what we type: Looking up IP number for 207.0.167 .206:23 Found IP number: 207 .0.167 .206 Identd waiting for connection Contacting server 207.0.167.206:23 Connection with 207.0.167.206:23 established unknown server message!: yOyOiif:WinGate>NICK oB unknown server message! : Connecting to host NICK...Host name lookup for 'NICK' failed unknown server message!: USER oleBuzzard 32 . :/U.S. Snail Mail raising any dust, if you know what I mean? The camera count has risen from four to ten within the last six months. They We see Ihese things all over Ihe place, 100 Look at page 55. . Blacklisted! 411 2nd Quarter - Fall 1998 47 Dear Blacklisted ! Would it be worth it for you to build the unit? Sure it would be worth it if you 're into the whole learning idea which you should I've been reading your zine for awhile now. I just thought I'd know all about... Spend the few bucks and the time. It's a write in to help "tofrn". From my experien ce, all he has to do lesson that reading about can never replace. Then, grab that to gellhat LED light working is simple. little program, run it on your computer, play the tones into a microcassette recorder or digita l keychain recorder and get -Take ilto a friends house. that lesson under your beit, as well. If you want to learn, do it. ·Use a phone cored and plug it into a wall jack . If not, just read about it. -Go home and call your friends number wilh your modem. -Frorn here you should be able 10 change Ihe design, ect. Yo BL 4 11! Please write in and tell us readers if it worked . First of all, yer magazine kicks ass. I got a couple problems. For yer monthly meeting (in Cleveland ), I tried to get ahold of Also, do you know of any ECSC in Southern MN? Digiphrea k but err...lthink he is dead or someth ing? his voice mail has been disconnected and email returns cause his Thanks email addy doesn.lexist.So. does yer melting in Cleveland still happen ? If 50, where could I gel the info on it? Could you Bombtrack possibly go back over hacker ethies cause some people slill (location withheld) Ihink hacking is when you reformat the hard drive just cause Routed> U,S. Snail Mail you can . I have one furthe r request. You have the 'uni bombers manifesto" and you were givi ng it out, could I We don't know of any ECSC-Iike places in that area. Perhaps possibly get a copy of it, please? Sorry got 2 more quick one of/he readers knows of such a place ? Anyone ? quest ions. Do you know the call back number for area code 440? It is a Cleveland area code and I snapped two pies of Dear Blacklisted 411, inside of Ihose big gray telco boxes similar 10 the ones on the cover of Volume 5 Issue 1, But it shows the internal, (all Ihe I have a coupl e of questions for you, 50 hear me out that I'm wires wanta lamper with em) not externa l. Would you like a sli ll new on this subject. I know thai red boxing still works bUI copy of them , if so, scanned or original pictures? Please wrile 10 my expense, would it be worth the money 10 make one or back Ihrough snail mail. 10 use a program emulator (like the box of many colors) and AdeNlal A record the tones of that program? Or do I just play Ihe tone s Bay Village, OH inlo the reciever? Tha nks for your time. Routed> U.S. Snail Mall The New Guy Ok, I've got a tiny bit of room left for this last letter, so here Nis swa, MN goes. Will look into Cleveland metting. Read back of issue for Routed> U.S. Snail Mail info. Send original pics. Sure you can have 8 copy of the manifesto . Someone send in ringback for 440. I'm outte here. . News and Updates NATIONS CABLE TV CUSTOMERS GETTING A BREAK? Cable television customer's who for years have been forced to rent cable boxes for years may finally have a choice in the matter. The Federa l Communications Commi ssion had set in forth the one of the parts of the 1996 telecommunic ations law passed by Congress which would allow cable telev ision customers the ability to own their own cable box. Sources inside the FCC has stated that customers would be able to choose from stand-alone set-top units as well as VCR's , TV sets and other units sometime in the third quarter of 2000 in time for the christm as selling season. These regulations would apply to current and future analog and digital cable boxes. Th e new cab le units would be ab le to work with any of the over 10,000 nation wide cables systems that supply the roughl y 65 million customers. Thes e units while allowing reception of programming wo uld not include any security measures . Cable custom ers would need a security card which would be supplied by cable TV companies when the cable in turned on. Th ese cards are similar to the "s mart card" required by man y digital satell ite systems. Pricing for the new units wou ld range from about $25 to $100 dependin g on feature s and whether it is a stand-alone or integrated into other devices such as TV 's and VCR's. These prices are much more favorabl e for cable cus tomers then the $2 to $5 a month that they curr ently pay. Not only wui the new cables units be affordable but it will increase coemption from cons umer electro nic compan ies allowing cable cus tomers more choic es. Other benefits are that cu stomers would be able to use the unit anywhere in the nations but would finally be able to watch one prem ium channel and tape another. HACK THE PLANET, OR AT LEAST THE UNITED STATES The u.s. Government has alwa ys been a favorite for hackers lookin g to test their skills. A good percenta ge of these hack s have been to the Department of Defense(DOD), The DOD has long beentbe prime targetfor hackers looking to test their skills. Hackers often seethe see the DOD as the final test of thei r ultimat e suprem acy as one of the hack 's to end all hacks. u .s . Government hacks happen on a daily basic but most are minimal threats . But in February seve ral successful hacks were made again st military systems , the same time that our military forces were bein g m~e ready for a possible attack on Iraq . Thesearebut j ust a few of the half dozensubstantia hacks that have beenlaunched that have beeninvestigatedby the Pentago andFBI l n from February to June of this year over half dozen substantial attacks have been launched against U.S. Government computer-systems.' This information was conferred to the Senate Jud iciary Subcommittee on Technology, Terrorism and Govenunent information by Michael Valis, the chief of the newly created National InfrastructureProtectionCenter(NIPC) of the FBI. The NIPC was formed in response to 48 2nd Quarter· Fall 1998 BltlCklistedl 411 concerns about the safety of our national computer system. The NIPC focus is to detec t, deter , warn, investigate and respond to unlawful acts that involve a threat or intrusion against vital infrastructures. Other measures have also been taken as President Clinton signed two new directives this May to strengthen our defenses. Alliances have also been formed with public and private groups to form create a united strategy against these hacks and more conventual terrorism attacks . Word to the wise watch out. ANOTHER CRACK IN WIN-doohhh's ARMOR Windows NT has yet again proven how little security it offers users. A new bug was recently discovered in Mircosoft's Point to Point Tunneling Protocol (PPTP) that would allow hackers access to significant portions of the operating system . Hackers would have access to passwords and confidential data as well as break encryption scheme's and lock users out of the network. Microsoft is aware of the problem and says that they are working on fix. Other's such as Peter Mudge, director of a group of white-hat hackers (who seek to report flaws and not exploit them), say's "there' s no real way to fix it" because it's so severe . Microsoft disagree's with Mr. Mudge's opinion. The fact's remain that this is so far one of over a dozen major bugs to pop up with NT this year. User beware, especially in netwo rk use. CRACKING COMPETITION Electronic Frontier Foundation (EFF), a non-profit civil liberties group based in San Francisco was the winner in an industry code breaking contest this July . The purpose of the contest was to see if a widely used method of electronic data scrambling could be cracked, and how long it would take . The EFF team cracked the system in less then 72 hours. This information was very upsetting to the financial industry as they use a similar system to protect bank and credi t card transactions. Certain C lintion administration policies regarding data scrambling has also come into question as a result on the contest. The end result leaves a bad tast e in the public mouth who rely on the security measures on a daily basis for all their ATM, Bank, Credit Card and Internet transactions. Digital Television Security Threatened Digital TV is due to start broadcasting here in the United States during November but a formal copy protection scheme has yet to finalized. Hollywood studio 's are the hold up once again just as they were last year with the Digital Versatile Disc (DVD) format. The hold up is going to hurt everyone in the long run with the exception of hackers. As some of us know early DVD players from several manufacturers allowed consumers the ability to shut-off copy protection with the flick of a switch which feel through the cracks. This may be the same situation with Digital TV as manufacturers will be rushed aga in to get products to market at the last minute and weak spots in the copy protection are sure to pop up. I The problem is several fold with some Hollywood studios refusing to endorse the standard and manufacturers not able to get needed parts in time for the November introductions. The standards for the copy protec tion were supposed to be a done deal after a year of discussions settled on an encryption standard called " M-6" to be used on a de facto industry standard IEEE 1394 serial interface. Problems abound as the M-6 encryption system in considered a "lightweight" by some in the industry and the fact that manufacturers have been unable to get a 1394 interface chip that can handle the M-6 encryption. These unresolved interface problems while they will not delay digital TV broadcast may well delay standardization of the future Open Cable systems which rely's on IEEE 1394 as well . Manufacturer's have been quite open with the fact that the new digital units are prone to hacking, maybe hoping to get Hollywood to realize it doesn't make a difference to hold out on one thing because NOTHING is hack proof. For the so inclined Jack Chaney of Samsung admits that "there are a lot of other places inside a set-top or PC where professional hackers can tap in if the y are serious about illegal copying." The interface between the MPEG decoder and SDRAM is "totally unprotected" Chaney went on to say . What all this means to the rest of us that we're going to have to end up waiting for products which will be rushed out the door and offer limited functionality or reliability. "The fact remains that if hackers want to get into a system, and system it will be done. There are just too many people, with too much tim~, and too many imperfect or bad designs that make the system vulnerable. Maybe the Hollywood studios should just relax , aren't they making enough money? FEDERAL GOVERNMENT FREQUENCY LIST (Continued from page 33) FEDERAL GOVERNMENT SHARED 166.8500 Washington Park Police F3 R.Creek Pwky 166.900r Long Island - Fire Island 165.850 Tactical 166.9OOr input 166.300 Shenandoah Park VA 408.40 166.925r input 165.925 WA Police F2 '200' GW Pkwy 418.05 National Fire Protection Agency - Boston 166.950 Boston National Park Operations KCA711 418.075 166.950r input 166.350 Lowell, MA National Park Op. 166.9500 input 166.350 - Maryland R C & 0 Canal U.S. DEPT. OF LABOR 166.9500 Harpers Ferry Park, MD 167.0750 New York Park Police Gateway Recreational Area 162.900 167.0750 Washington Park Police F4 '400' BW Parkway 163.750 168.4750 input 169.175 Prince Will Forest, VA 164.700 KY 168.5500 New York F4 Gateway Recreational Area 168.350 W. VA 171.725r 172.525 input -Cape Cod National Seashore 173.6125 Ohio 171.725 Cape Cod National Seashore simplex 406.200 Ohio 172.400r New York Central Park 406.200 Portables 409.050 JFK Center Washington 411.6250 Washington Park Police US MARINE CORPS 411.7250 Washington link to 12on 166.925 411.8250 JFK Center Washington Base - Quantico, VA 411.8250 Washington Park Police 411.9250 Washington Park Police 140.100 Crash Crews 411.9250 Washington National Vietor's Center 149.100 Police Ch 1 416.125r input 417.725 Washington train 149.130 Police Ch 2 417.8250 New York Park Police link to 166.325 149.350 Fire Dispatch 417.9750 Virginia Wolf Trap Farm 149.450 Ambulance Dispatch NATIONAL TRAFFIC SAFETY BOARD DEPT of STATE 166.1750 Diplomatic Protection Service OTIS AIR FORCE BASE 165.6125 KHA200 New York UN Security paging 166.1000 KHA200 New York UN Security 165.0375 PAVE PAWS 168.2250 Washington Foreign Service Security 171.3375 Rescue 170.5750 New York 173.5625 Fire 407.2000 New York NY City - White Face Mountain 173.5875 Crash I Rescue 407.6000 New York NY City - White Face Mountain 409.6250 New York NATIONAL MARINE FISHERIES 409.7000 New York NY City 411.15Or input 407.20 - Boston Diplomatic Security 163.225r 162.050 input Boston & Newport,RI Repeaters 414.6750 Washington Blowtorch F2 163.225r 162.100 input Cape Cod, Portsmouth NH 414.850r Washington Boardwalk Embassy Prot 414.9500 New York Boardwalk THE PENTAGON 414.9500 Washington Orange Fl Uniform Division I · 414.9750 Washington F4 36.510 Base Link 4 15.6500 Washington 36.710 MP's 415.8750 Washington 36.990 Fire 415.9750 Washington . U.S. POSTAL SERVICE FEDERAL EMERGENCY MANAGEMENT AGENCY Inspectors 5.2110 10.4939 414.75Or Ch 1 16.9500 414.750 Ch 2 139.3500 415.050r Ch 3 143.0250 415.050 Ch 4 143.2500 164.5000 Maryland Largo Mail Handling Facility 167.975 164.9875 NJ truck operations 166.3750 New York truck maintenance operations NATIONAL FIRE PROTECTION ASSOCIATION 169.0000 New York Inspectors 169.1125 NY Long Island 418.050r input 408.40 Braintree, MA 169.6000 New York Inspectors Ch3 169.850r New York Inspectors NATIONAL PARK SERVICE 173.6125 New York Kennedy Airport 173.6375 Long Island Hicksville , NY 166.725 Park Police Channell 173.6875 Long Island 166.925 Park Police Channel 2 Dispatch 417.6500 Rockville, Maryland Training Center 163.1250 Virginia Manassas Battlefield 418.3000 Washington Security KIB754 164.475r input 165.4125 New Jersey Parks FEDERAL RESERVE BANK 164.425 Minuteman National Park Operations MA 166.325r input 166.925 Gateway Recreational Area 413.9250 Washington Security 166.3500 Baltimore Fort McHenry 166.725r input 167.075 Washington Park Police '100' DEPT of HEALTH , EDUCATION & WELFARE 166.7750 Boston National Park Operations KCA711 50 2nd Quarter - Fall 1998 Bluklisted! 411 171.2375 New York 166.175r input 169.025 Gaithersburq, MD KGB548 411.450r HEW NIH Bethrsda , MD Security LIBRARY OF CONGRESS SMITHSONIAN INSTITUTE 411.4000 Washington Security 169.0375 Washington Fl Security KFX752 169.200r Washington F2 Security 169.725O Washington National Zoological Park Police NASA U.S. SUPREME COURT I. 170.1750 Washington - Dulles Airport 408.150r Goddard Ctr - Greenbelt, MD maintenance 163.2750 Security UNKNOWN I NATIONAl BUREAU OF STANDARDS 165.2625 164.0250 Maryland messenger Garthersburg, MD 168.3250 Traffic at 8AM WINGATINt; THE NET /\cronus/\ 29/06/98 Wingate is a software package for Windows available for download over the net. It allows many computers to connect to the Internet by first connecting to a single computer over an Ethernet. That one computer has net access and it bares the grunt of the net traffic for all the computers . It comes with several security flaws already present. Port 23 is open from the basic system preferences. It can be blocked or restricted to password access only, but comes open, You can Telnet to port 23 on a Wingate system. It will then give you a prompt such as 'Wingate> ' you can then use that prompt to bounce yourself to another system. You simply need to enter the address of the system you want to connect to, a space and the port number. A possible address would be .www.Whitehorse.gov23·butldon·tsuggestyouactualconnecttheir.This flaw in the software allows you to use a Wingate system to bounce your connection across the net. This might be useful if you wanted to get onto a server that you have been banned from, very useful of IRC hacking, To hide your real IP when you are using IRC, so that you can't be nuked, banned or k-Iined. Also if you are doing some hacking and you want to hide your real location, then bouncing off a Wingate can be extremely useful. Another exploit in the Wingate system is port 8010. Connected to port 8010 on a Wingate IP in your browser, you will get a listing of the hard drive that the program is installed on. Accessing the log files on the Wingate system will be able to get you some user names and that might be useful to hack the Wingate machine or even to hack the computers that have been accessed from the Wingate host. Wingate systems by their nature are lagged and quite slow because they are handling the traffic of many computers connected to the net. But still they are extremely useful. Before you can use Wingating to bounce around the net, you need to actually have the IP address for an Wingate system. Many people on-line are Willing to trade IP addresses, but the best method of obtaining them is to scan for them. You could simply scan by hand, trying the IP addresses from people on IRC and the IP addresses around the original one. But it is so much easier to download a program from the net that scans the IP numbers for you. This is a very quick and easy method of collecting them. These file as well as many others are available on my site; http://homepages.iol.ie/-cronus cronus@iol.ie DID YOU MOVE? ARE YOU GOING TO MOVE? ill us mill'SWIN/II'UB in 1.,68411 You can't find the most recent issue of Blacklisted at your local newsstand! BllICklistedf 411 2nd Quarter· Fall 1998 51 CDlt~M "E~IE. Provided by THUD Magazine Edite d by Short Fuze D = == = == == = = == === = == = = ==~ Title: Choonz & Warez Maker: Iron Feather Journal Type : Double CD Set - Music/Data Cost: $16.00 (Postage Paid) Inc luded extras : Free copy of Iron Feather Journal Addres s: P.O. Box 1905, Boulder, CO 80306 I must say I found IFJ's double CD set very refreshing. Although it doe s not contain as much raw data as on other ware z related CD 's I've seen this on e makes up for it by introd ucing me to some unus ual musical talents. The re are two CD's in this set. The first is all music, the second is a mixed media RO M and audio. All together there are 36 audio tracks. Many of them are just little 10-15 seco nd shorts. There are, however, some very professional and very well composed trac ks that I thought were ve ry good. Among my person al favorites were "Hall of the Inverted Mushroom" by Multicast, "The Birth" by Feral, and a really coo l remix of the AC /DC song "Dirty Deeds Done Dirt Cheap" called "Deadly Deeds" done by Deadly Buda. All in all you should force yourself to take the time to liste n to these examp les of audio artistry . You may be surprised at you you may find you like! Oh, and YOU'll find a track of Red Bo x quarter tones, too!!! :) Anyway, on to the Wa rez!!! The ROM po rtion is all set up in HTM L code so all you have to do is load up your favorite web browser and load up the index .HTM L file . From there you can navigate your way around the CD and find all sorts of useful info. There is such a la rge arra y of different items that I'm sure there's gonn a be somethin g useful to be found for everyone . In one section YOU'll find tons of images. The re's various logo's and pies of people, poste rs, places , and things that probab ly we re influe nced by vast amoun ts of illega l sub stances from the sixties!! Also , you'll find animated GIFs as well in addition to some tileable cells which are excellent for backgrou nds on webpages. All these images are presen ted for you r use. It's a grea t littl e sour ce of material for spici ng up yo ur webpag e or persona l pubtications. Next, yo ur gon na find one hell of a huge section on audio fiies. We're not talking your sim ple pile of strange and bizarre sound .wAV files , alth ough there is quite a co llection of those. There's a large collection of MIDI files as well. There's eve n a few Real Audio files for your listen ing pleasure. And for all you home audio studio tec hnophile types you're gonna find some drum loops and groove sample s for your favorit e drum machines. Heck, there's even some files on how to hack your favorite dru m machine. Oh, you'll also find a couple of MOD files too , although I wou ld have liked to have seen more. I personally know there's some really awe some stuff that wa s don e on those Ami ga's out there and woul d really like to see more of it brought out for the IBM users of today . Now for the goodz. Just take a look through the resources section and you're gonna find all sorts of philes on hacking , cracki ng, phreaking, survival, informatio n warfa re, even drugs (although I personally think that could have bee n left out). There's eve n a whole section on MIDI hacks. This CD really is musically oriented and influen ced. There 's also a section which is take n from the Group 42 Sell s Out CD-ROM . There' s also some religious works for all you philosophi cal types . Oh , and lest I forget, there's also a nice big list of serial numberz ...no warez archive ca n be without your serial numberz...they make the world go round !!! I thorou ghly enjoyed the 2 CD set. The music was great and the informatio n useful. This is definitely an all around try to please everybody piece of work that I think defin itely succe eds in doing so. From the same people who brough t you Blac klistedl 411 comes ano ther hac ker related magazine . '!OOllJID THE HACKERS UNDERGROUND DIGEST THUD is the ultima te hackers r eso urce, bri ngin g to you in formation on the latest (and cl assic) hacking techn iq ues , circuits useful to the tech-head hackers, lists, d iagra ms & pic tures for the reading impa ire d and ot her neato stuphl In side each Issu e, you will fi nd topics relate d to: Hacki ng V ideo Mod s Privacy Phrea kin g Computers A narch y Freedom of Spee ch BBSllntemet Electron ics Ci rcu its Sche m atics Pirate Rad io Telecommunicatio ns Rad io Communication Sources Survival Cabl e Televis io n Encryption Chem ica ls Audio Sate lli te TV Virii Exp losives Hard ware Hacking Microw ave Commun ica tion The Underground Sovereign Cit izenship Subs criptions are $20/y r U.S., $24/y r Canada , $35/ yr Foreig n (U.S. Currency) Sampl es are $5 each (most current issue unl ess otherwi se requested) NOTE: W. ·te a quarterly zlne · we only pUblis h " Iss ues per quarter. THUD Magazine, P.O. Box 2521, Cypress, CA 90630 52 2nd Quarter· Fall 1998 Blacklisted! 411 -~ -- ------------------------ p----------------------------------. : CAUGHT IN THE BLACKLIST£Dt WEB : I I I By Ender Wiggin I ._--------------------------------_. Here it is! The most eagerly anticipated column in this magazine - Caught in the Blacklisted Web with Ender Wiggin! Listed here for your undeserving eyes are some of the most unusual and informative sites on the Web! And from the kindness of my heart, I provide this column to you in almost every issue of the glorious mag for your surfing pleasure! Just remember, if you have any sites you think should be listed here, send them to Ender Wiggin care of the magazine, and I will most likely put it in! Bert ino's Blueprint Page - htto:llwww.ca lwe b com /- be rtino/bp.html So, you say you the curious type who likes gawkin' at blueprints? Well check these out - they ju st happen to be photographs of the blueprints for several Disneyland and Walt Disney World attractions! It just doesn't get much better than this! You'll find everything from the plot of The Haunted Mansion to the original plans for Mickey Mouse Park (later to be changed to Disneyland) and the plans for the Carolwood Railroad, WaIt's own backyard railroad! This site is a real treasure-trove for Disney enthusiasts and the curious alike, and there are still more plans on the way! T he Trash Cans of Disney - http://www.swt.edu/-CS22517/ Provided by Codie, a custodian at Walt Disney World, this site gives an unusual insight into something you never think of when visiting theme parks - Trashcans! Yet Disney spends up to $5,000 (!) to bring them to you! This site shows photos of all the different trash can styles around Walt Disney World, and the wondrous artwork that graces them (check out the Toy Story trashcans!). Also provided are descriptions of the cans themselves and the routine for emptying them (actually quite interesting!). Codie also tells why being a custodian is one of the best jobs at Disney, .especially from a hacker's point of view! The PC Arcade - http ://dspace .dial.p ipe x.com/dodge/ Remember all those old classic arcade games? Y'k now, Ikari Warriors, Frogger, Galaga, Donkey Kong, or my favorite, Terra Cresta? The games were simple, but so addictive you would go through a week's allowance in one day? The days of those great games may seem long gone now, but they'r e not! No, they can live again one your very own PC! Jump to this site and you will discover programs call emulators which will allow you to play j ust about every old game imaginable, on every old system imaginable - from Atari 2600 to the Sinclair Spectrum! And this site has it all - it is quite possibly THE MOST complete site for emulators in the world. There are emulators of every flavor to be found here - in fact, if i!'s not here, it probably doesn't exist! There are even discussion boards so you can talk about your favorite EMUs or get help if the one you' re trying goes awry. Check this site out, and stop wasting those quarters at those "vintage" arcades! EMU2K - http·Us z cze cin.top.pl/-d uddie/ So you say you don 't like any of those emulators, you prefer to play modem-day Playstation games on your PC? Whelp, try this one on for size! If you can handle the stiff requirements (oh, a little Voodoo card here, a PII 266+ there), you can run this nifty little emulator. Of course, it would prolly be cheaper to buy the real thing! Players Who Suit MUDs - http ://journal.tinymus h.org/v1n1 /bartle .htm l On the surface, this site appears to be ju st another boring thesis written by a Brit with no pretty pictures or anything else you' ve come to expect from the WWW. But as you read into the paper, you find that it is actually quite fascinating. This paper is an analysis of the type of people who play MUDs (Multi-User Domains), a type of online social game that bears a resemblance to Dungeons & Dragons. You will discover what type of people seekwhat in a MUD, and why. Whether this is the first time you' ve ever heard of a MUD, or you've been playing them for years, this analysis of the phenomenon is a worthwhile and interesting read! Satan On Dining - hltp:Uwww.brunchjng .com/fea tures/fealure -sata nondining .hIml Oh dear, you've committed a faux pas while dining out in high society - you didn't know when you were supposed to use the myriad of utensils placed in front of you, or even what half of those things were for! Well, let the ultimate authority on fine dining instruct you on what to do - that's right, the original charming devil himself, Satan. Beezelbub has taken a few moments from his busy schedule of snacking on the souls of sinners to write this very informative guide on fine dining. After reading this entertaining guide, you are guaranteed to be prepared for any future Dining Hell you may be subjected to! Crud! Are they out of stock? Have they dumped on Blacklisted! 411? BI/lCklisted! 411 2nd Quarter - Fall 1998 53 TONY'S WORKSHOP This month . we will investiga te the work ings on the //~ Exidy 440 syste m. This syste m was far ahead of its time which resulted in a rather monstrous sized ~ ~ game board w hich drew about 8 amps of power. The 440 is best known for its introductory gam e of Crossbow. Som e other gam es which appeared on the system include Comb at. Cheye nne. Chiller, Ciay Pigeon . To p Secret. Crackshot and Showdow n Poke r. Ch iller attracted major attentio n to itself on release . Exidy had undergone a bout of bad publicity with the release of Death Race 2000 . a game in w hich you run ove r people in a graveya rd. With the release of Chille r. Exidy promised that "this game wo uld make Death Race look like a gumba ll machine!" And the y were right. Even today . Chiller stand s as THE grosse st game ever made . much blood ier an d gorier than the supp osed hig h wate rmarks of today such as Mortal Komba t or any of the Doom clo nes or Doom itself. Chiller literally made all of these look like a Dis ney movie. Let us take a technological look into the heart of the 440 system . We beg in by looking at the main CP U. It is a 68B09E base with 32K of EPROM and 4K of program RAM. A 28C04 nonvolatile RAM stores custom settings a nd encryption data . Several latch ports control the functions from this data bus . The sound section is on the top PCB. and utilizes a 6802 CP U along with a DMA controller chip. a 6844. Th is is used to strobe the sound sample ROMs w hich are somew hat autonamous in their mode of operation. The program for the Sound CPU is 8 or 16K, with 2K of progra m RAM . The sound samples are arranged in 4 ban ks of 256K ROM memory. Each bank runs throug h a seria lizer into an MC34 17 or MC341 8 slope de lta modu lato r. The way this work s is that the serial samp le stream instructions a voltage to rise or fall. depending on a capa citor charg ing and discharging point. (please see the previo us article on Star Castle for another point on this method but in usage for video generati on). Each of the sound cha nnels is mixed through its own individual CA3080 operatio nal amplifier. Th is part of the circuit is interesting because it use s an elect ronic voltage as a volume contro l. This is possibl y the first arcade application of such a technique. A regular pote ntiometer is controlli ng a 4051 chip which strobes 8 channel s nonstop . Th is creates 8 sepa rate volume control voltages as the sound CP U can set its own volume level for each channe. This creates a volume versati ity never seen before in any other system. The volume levels go l to each mixer op amp. After the sounds a re mixed to stereo , dual amplifier circuits give e nough power to run spea kers. The video section is no less interest ing. The basic video section is composed of a bank of static RAM """W HICH IS CON FIGURE D AS A DYNAMIC RAM BANK". This is truly bizarre for at the time. most compa nies were using dyn amic RAMs to create screen memo ry. To my knowledge. this is THE only game system whic h used static RAM in this setup. It used 4 banks of RAM at 12K for eac h bank . Each ban k could be addressed directly from the data bus or from the gra phics ROM banks. Each bank also had its own serializer, allow ing 4 serial graphic outputs for 16 colors . The 4 color outpu ts were then sent to control a pallette RAM setup and the n to the video output transistors. The pallette RAM was also modifi able by the CPU . Screen resolution was set at 320 by 200. with 16 colors into a 256 colo r primary pallette RA M and a seconda ry 32,768 color final outp ut. This allowed a color flexibility whic h was truly revol utionary for its time . The picture graphic RAM was set up as a dua l ported input RAM. The CPU itseif could affect the RAM. or it could gain data directly from the g raphics ROM bank libr ary. This bank was set up as 34 bits wide. to load the RAM in a wide path. The ROMs were addressable via both CPU and the video timing bus. allowing a sort of automated load of the RAMs. Basically. the CPU would point to a section of ROM memory and it would take over loading whoie chunks into the scree n RAM. The graphics des ign was VER Y slow. but it worked wit h amazing flexibilit y. In fact . it was so slow that it would blank out the screen to give it time to draw the screen up , then it would fade the colors up in order to view the screen. Previou s game designs would use a fairly simple scree n bac kground with small characte rs using sprites for the games. The 440 was the first to offer some abso lutely stunning colo r graphics ove r anything available at the time . The gun circuitry used an interesting tec hnique of video counts. By this . the trigger pull would enable a registe r set. The photoce ll withi n the gun would seek the flyi ng scan spot from the monitor. and on reading this, it wou ld cause a set of regis ters to load with the vertical and horizontal addresses from the video timing bus . The addresses read would then form the x and y position of the gun aim. III I FA'EE.fuIJlll'ipHln/ , S4dt!infOUlARIltLESPOH'/ ISenth;,! Insomeone elselllfMleloes Norcount! 54 2nd Quarter· Fall 1998 Blacklisted! 411 Blacklisted! lill Photo C;allerll Photo 1 Photo 2 Photo 5 Photo 6 Photo's were sent In by 367 of Douglasville, GA. What we're looking at above (In pictures 1 through 3) is a crew installing an overhead camera system on one of Cobb County, GA's streets. In pictures 4 through 6, we have a few shots of the inside of Cobb County, GA Traffic Management System. (This is where the pictures from those cameras end up) Thanks for the cool pies, 367/1 Maybe somebody hid them behind another magazine... Blacklisted! 411 2nd Quarter - Fall 1998 55 HatJuq fb T'UIit "cronus" 29/06/98 All hackers need to hide where they are hacking from. It is so essential to hide your location that it becomes instinctive for hackers. I shall discuss some techniques, both new and old, of hiding your reallocation. The most important part of your hacking sequence is going to be your net account. If you are traced back to your ISP, then their logs will be able to tell the victim who you are, where you live and what you eat for breakfast. You can avoid being traced back to your own account by hacking someone else's net account and using that. Some Internet Providers allow you to set up a Guest account so you can test their services. If you can't hack another account on an ISP, then you should try to get your hands on a Guest account to hack from. It is necessary that you don't hack from your own account so that you aren't traced to your name and address. Getting a Guest account should be easy enough. Contact an ISP and ask about their services. Then ask if you can have a Guest account to see if it compares to the others. You will need to give false information to the ISP so that you are safe. Also many companies over the net offer free shell accounts and these are perfect ways to hide your IP address . You connect to the shell account and do your hacking from there and so hide where you are coming from. Again you will need to give false information for that to so that you are totally safe. If it isn't a net hack, but over the phone line, then you might want to hack on neutral ground. By this I mean with a laptop at a pay phone or even in an Internet cafe. Preferably one that allows you some privacy. You can connect a laptop to the side of pay phone or even the side of a house. This is called beige boxing and is used widely by phreaks . I have written a file on Beige Boxing that is available on my site http:// homepages.iol.ie/-cronus as well as many other quality files. After all this, you are still possibly being traced to your city and general location . So next you want to hide your geographical location, as well as your net location. There are several ways to hide your physical location. First is a practice that is making a huge impact on the net at the moment. Wingating can be used to 'bounce' your data packets off another system, to hide your IP address. This is a large topic and I have also written a file about this on my site http://homepages.iol.ie/-cronus as well as several other classic files. Next is out-dials. These are diminishing fast, because of their use by hackers, but some universities still run them for their students. An out-dial is a computer that is set up to let you dial out over its modem to another computer. These can be used to call another system and from their you can hack away. This means that the trace can only go as far as the out-dial and then it would slow down any trace allot as anyone tries to move the trace to the university line. If the University is logging the connection then they will have your IP address. But if you are spoofing your IP address or if you are using another net account that isn't yours then this isn't a problem. IP spoofing is an extremely complex and difficult technique used by hackers to hide their IP address. I can and will only skim the surface of spoofing , giving you enough information so that you can go and search for more information on your own. IP spoofing can be simply done by bouncing off another computer system such as a Wingate host. This is very easy , but also quite effective. If you have a shell account some where you can bounce off that. If you connect to an anonymous FTP server then you may be able to bounce off that and connect to the computer you intend to hack. If you have root access on an UNIX machine, then you can program a program to hide your IP address in data packets. My site at http://homepages.iol.ie/ -cronus has some excellent files on IP spoofing. The next big step for a hacker is to pack on a military system . Many hackers move on to high-grade computers like military ones because it presents more of a challenge. They are allot more worrying than a simple computer system, as they have far higher abilities to trace a connection . If you already have access to several smaller company or University systems then you might want to use them to bounce your connection though them in order to hide yourself. The more connections you can make between you and the victim; the better you have hidden your location, your identity and your freedom . All this may seem like basic ideas that you would have used anyway. But you'd be surprised at how many elite hackers have been arrested because they got too .big headed and neglected to use any protection. Also remember that you should change the route you take each time. This is so that over a few different hacking sessions you aren't slowly traced section by section. If you change the route often then you will make each trace a brand new one. And remember - Paranoid People Live Longer... Don't mis§ an issue/ SUDsdlme TODAY! 56 2nd Quarter· Fall 1998 Blacklisted! 411 EYEBALLING U by the GOLDFINGER Prepare to be scrutinized very closely. A new 1 system is about 0 to change banking, and virtually eliminate fraud, and privacy for that mailer. The new system will be coming to a bank near you soon. The touted "benefits" of this system will allow banks to Hey every one, this ;s th e crew over at THUD Magazine. offer higher-value ATM services beyond the withdrawal of cash. Now , everyone, please spell along with us: Enhanced services will likely include deposits, larger cash advances, transfer of funds between accounts and bill The Hackers Underground Digest payments. Yep. We're a new hacker rag done by a small group of What is this ID system? I'm glad you asked. Optical scanning people from the Blacklistedl 411 crew. We got units consisting of a standard video camera, coupled with together and formed our own hacker zine for the world lighting enhancements and special software will be able to to enjoy. This project Is to compliment the Blacklisted l validate a bank customers identify within seconds by imaging the 411 zine and co-exist without competing. Afterall, how iris (the colored portion of the eye). After encoding the image can we compete? Hackers are info h-u-n-g.r.y! MORE and comparing it with a previously stored code already on file, INFOI ATM access is automatically approved. The iris is as unique as a fingerprint so rt can't be defeated. At least that's what Sensar, Since we just starte d up , we 're s titt on the lookout for Inc. Is bell ing on. anyone who wants to he lp us out. We need photographs, drawings, articles, letters, sch ematics, Sensar was founded in 1993 and is a spin-off of the Sarnof Corp. projects, review items and anything else you might An international advanced technology R&D organization. Sensar want to send to us . holds the exclusive rights to this computervision technology for use on a worldwide basis with the iris ID system. I don't know We're no t intending on sounding like a charity case - in about you, but I get a lilli e nervous when I hear plans that fact, we have tons of really kewl material to print - just include the phrase "for use on a world-wide basis". check out our first couple of issues and see for yourself. We just think it'd be the right thi ng to do The system requires no customer participation and works even if asking the hacker community for their input - because, the individual is wearing glasses or contacts. Electronic afte rall, this magazine Is for the hac ker and by the transactions by consumers are growing, especially at ATM hac ker . Besides it 's a great way to mee t new people locations. Last year over 30 billion transactions were processed , and get a free subscription out of it, too . and that figure will continue to grow . Everyone is concerned about fraud , and the need for a more secure personal 10 has So, send us some cool shit. become more important. We'll send you a free 1 year sub. Sensar claim s that its patented new technology cannot be bypassed or compromised in any way and could eventually Hacker community, this i s your chance to say eliminate the need for PIN numbers. I'm down for safer banking, something and get it i n print. Seems like there 's not but this system leaves a bad taste in my mouth. It doesn't take a too many of us as there were only a decade ago . So, rocket scientist to envision future ' scenarios where this take this opportunity right NOW and speak up. We're technology could prove very troubling indeed. not going to prejudge anyone, so send in your thoughts, ideas and whacky and insane compilations Ready or not, get prepared to be "eyeballed" the next time you r igh t away. visit your ATM because the company has a multimillion dollar multi-phase agreement with Citicorp for direct marketing of it's THUD Magazine Jumpstart Project products into the financial services scene ... P.O. Box 2521 Cypress, CA 90630 .--- -------------------------------~I :Deadlines: I I I(Winter 1998/3rd quarter) Subscriptions can still be backdated to the] I January 1995 first quarter issue, if preferred.] IArtic les • October 1st, 1998 We have a new supply of Volume 2, Issues 11 IDisplay ads - September 20th , 1998 and 2 available, so there's no need to rush. I IClassified ads - October 1st, 1998 IMeetings. October tst, 1998 Volume 1 will be available again sometime I Artwork· September 20th, 1998 soon. We need YOUR VOTE: Should bel IPictures • September 25th, 1998 make vol. 1 availabe in 12 single issues OR al .-------------- --- sure don't know. I Who knows! We ---------------_ . compilation of all 12 in ONE book? I / PANIC/Lool IB811yh81ti liun110OIiE/ Blacklisted! 411 2nd Quarter· Fall 1998 57 Monthlv Meetings! Interested in meet ing up with some of the Blacklisted! 411 readers? Well, we're starting to set up meetings in differ ent areas all ove r the U.S. and anywhere else. Monthly Blacklist ed! 411 meetings are held the first Sunda y of each month at 1pm . Aorida Utah (813 Area Code) - Tampa/Brandon (80 1 Area Code) - Salt Lake City Brandon Tow n Center - betwee n the food cou rt and the Crossroads Mall in the food court , north end betwee n Dippin' • arcade by the pay phones. Dots and the glass elevator. Hosted by: Desolated Dream • ddream @cyber space.org Hosted by: Apocal ypse and The DFL Hackers! (407 Area Code) - Orlando MQ'Y!Q nd Fashion Square Mall· upstairs by the payphones next to the Pand a Express in the food court . (301 Area Code) - Silver Spring Hosted by: Whis per. SSo 964 2199@aoJ.com Wheaton Plaza - at the Cinnabon Hosted by: Pappy (954 Area Code) - Ft.Lauderdale/Miami Broward Mall - center of the food court near the bi9 planter - you can't miss il. Virginia Hosted by: Mystaro - blac klisted@jOll.net (703 Area Code) - Schantiloy Fairoaks Mall - middl e of the mall at the Cafe Pennsylvania Hosted by: Elebom Co ntact: The Conspiracy Quarterly BBS (703)6 31-1499 (2 15/6 10 Area Code) - Philadelphia Suburban Station, 16th & JFK Blvd. near the Track 5 sign, across from the pizza place. Colorado Payphon es: (215) 654 · 9266, 9671 , 9673, 9019 (303 Area Code) - Westminste r/Denver Hosted by: lionel McGimp y Westminster mall, between food court and pay phone s. Hosted by: Arsenic (610 Area Code)- Med ia (outside of Philadelphia) Granit e Run Mall, outside the arcade at the paypho nes Heisted by: theg reek (Mark Pap pas) thegreek@hygnel. com C lifomia Q (707 Area Code) - Santa Rosa NewVork Santa Rosa Plaza, 1st floor at the wate r fountain. Hosted by: Tron (516 Area Code) - Long Island Walt Wh itman Ma ll by Radio Shack (760 Area Code) - Oceanside Hosted by: Chao s - MikeLow rie@ pointb!ank.co m Hill Street Coffee House - 524 S. Coast Hwy. Meeting located in the partio area (516 Area Code) - Long Island Hosted by: Secondshot Roo seve!t Field Mall by the Sam Good y entra nce, nea r the Email: j563@ usa.net payphones. Hosted by: GuNDaM - ve rbeeck@nether .net Ohio (518 Area Code) - Albany (216 Area Code) - Cleveland Barnes and Noble (The co uches near the Art sectio n) The Ave nue at To wer City, food court area, 2nd level, in/nea r Hosted by: Toeknee - toeknee@ nycap.rr.com Smoking sectio n. Payphon es: (Will advise) Minnesota Hosted by: Digiphreak • frequen cy.rec@worldnel.att.net Voicem ail info #: (216)556-0469 press #3 (612 Area Code) - Minneapolis/St. Paul Starb ucks Coffee in Highl and Park SI. Paul (right on Ford Parkway), rig ht inside the doo r, next to Barnes and Noble ArizonQ books tore . (602 Area Code) - Phoenix Host ed by: DeadW8 Tri-City Mall near food court by the payp hones . Host ed by: Cynosure NevadQ (360 Area Code) - Las Vegas Washington Wow Superstore on Saraha and Decatur (360 Area Code) - Vancouver Hosted by: Freaky - freaky@ neva daunderground .org Vancouver Mall in the food court - look for large sign at table . For more infonmali on viSITwww .nev adaunderground.org Hosted by: Joe Psycho THIS MEETING IS HELD ON THE FIRST FRID AY OF EAC H MONTH . - ~" JUNCTION WITH THE "THUD" MEETING. Mo nt hly BlacklISted! 411 m eeti ng s are held the first Sunday of each month at 1pm . If you are Int erest ed In organizing a meetin g in y ou r ar ea, p leas e cont act us , ad vi si ng us of y our in terest, where you' re loc ated , where you would lik e to hold the mee t ings, etc . (Be s ure to in clude you r contact n ame, area co de, city, st ate and desc . of meeting location) If you dec ide to call in and tell us th is info , IF you g et th e answe rin g m ac h ine , you w ill need to slowly S.p-E-L·L y o ur contact/host name and the citynocation you are to hold th e meeting. Ple ase leave area code II Important: We NEED con tac t informa tion {ie : name, phone number, address, email.. so me thing) so we can ge t ah old of you if we need to. 1t'A1I1F1J: Articles lot /JUtmd/di'lnel Sentithem In /{IGHTNOJtl/ 58 2nd Quarter - Fall 1998 Blacklisted! 411 Subscribe TODAY! .----------------------------------. : 8M/Klislel//11 Su!JSdri/liod till V512 : 16:~~~~:h-:~~'"inm~~ ~~~:'-~~f~;~~.~y~~~:~O;:lh~::~:n~~·I;:::n~_:n~lit~~:I~~ ::~~:;:y;u~::y~~t"o~:.~~· I ( ) Pleau send me 81 year subscription of Blackllstedl411 (4 quarterly IHu••) for $20 I ( ) Pie nd me a 2 year subscription of Blackllstedl 411 (8 quarterly Issues) for $40 I ( ) Pl send me a 3 year subscription of BlackUstedl41 1 (12 quarterly "aues) for $54 (10% discount) Il :=~.~=~:: (n~IOV~ I I:'~~~~:~~O~) ~I~~~~:"y Cred~ Clrd: I I Name: Company: _ : Address: City: St: Zie: _ I Card#: Exp Date: Phone: _ I I Signature: DL#: (Required forcredit cardpurcheses) I ~~:r: ;~~~~e~;;:;~::.~Z;;~:;:~:~::.s~d;oj;~rit~ ~~~~:;/:i::~:~:io:e~-~~:::fO~ ~~~I~~t~J~::/~u:.trademark ofSyntei Vista. Inc. Canadian I ._--------------------------------_. Address all subscription correspondence to: Blacklistedl411 Subscription Dept., P.O. Box 2506, Cypress, CA 90630 Blacklistedl 411 Office Line: (909)738-0406 FAX Line: (909)738-0509 I We still have a supply of first and second quarter 1995 issues available for purchase. They're $5 each ($6 Canada - $9 Foreign). Please allow 6-8 weeks for delivery of back issues. HURRY. while supplies last. [ ] Volume 2, Issue 1 - First Quarter - January 1995. • Quantity: _ [ ] Volume 2, Issue 2· Second Quarter. April 1995. • Quantity: _ [ ] Volume 2, Issue 3 - Third Quarter - July 1995. Quantity: _ [ ] Volume 2, Issue 4· Fourth Quarter· October 1995. Quantity: _ [ ] Volume 3, Issue 1· First Quarter· January 1996. Quantity: _ [ ] Volume 3, Issue 2 - Second Quarter - April 1996. Quantity: _ [ ] Volume 3, Issue 3 • Third Quarter· August 1996 Quantity: _ [ ] Volume 3, rssue 4 - Fourth Quarter - November 1996. Quantity: _ [ ] Volume 4, Issue 1· First Quarter· January 1997. Quantity: _ [ ] Volume 4, Issue 2 - Second Quarter - April 1997. Quantity: _ [ ] Volume 4, Issue 3· Third Quarter· October 1997. Quantity: _ [ ] Volume 4, Issue 4 - Fourth Quarter - January 1998. Quantity: _ [ ] Volume 5, Issue 1 • First Quarter. April 1998. Quantity: _ Please photocopy this page, fill out this Back Issue portion, indicating which issues you want and the quantity you desire. Enclose with payment (check, money order, (ahem) cash or Credit Card Information - photocopy and include card with I name/address and any other info you feel necessary. Send order to: Note: We do NOT have any first I BltclclirtN/411 Back Issues. volume Issues available It this time . I P.O. Box 2506 I I Cypress, CA 90630 I• Thisissue maybe a reprint. II ~---------------------------------_. SUBSC/?IBETOBIACKLISTEPI4/lJ41HIIE10UREATIT ThIS message was brought to you by the Blacklisted 411 Preservation Society! ' Uh···veah. WARNING If any of the following conditions occur after use of Blacklistedl411, please discontinue use or use only as directed by a Blacklisted! 411 official: Bloating Loss of hair Temporary Blindness Loss of appetite Temporary deafness Rash Insanity Violence Laughter If any of the symptoms listed above occur.. discontinue use immediately and drink 10 large glasses of water. Wait 1 week and proceed with use 'once more. 8/1dK/islel//11 NlI12me TheAltemative Hackers Magazine Quarterly (Voice) 909.738.0406 (FAX) . 909.738.0509 (Email) info@blacklisted411.com (Address) P.O. Box 2506 Cypress, CA 90630