(%)%(%)%(%)%(%)%(%)%(%)%(%)%(%)%(%)%(%)%(%)%(%)
)%( )%(
(%) > Hot Flashes < (%)
)%( )%(
(%) The Underground News Report (%)
)%( )%(
(%) Edited by: the Informatik Staff (%)
)%( )%(
(%) October 1991 (%)
)%( )%(
(%)%(%)%(%)%(%)%(%)%(%)%(%)%(%)%(%)%(%)%(%)%(%)
Teenage Hacker Emulates Hess
----------------------------
[Summary from Computer Weekly, 8th August 1991.]
A 16 year old schoolboy named Jamie Moulding has been cautioned by plainclothed
police after hacking into a military computer and trying to sell secrets to the
USSR. He claims to have read the Ministry of Defense personnel and payroll
files. One computer he entered held details of a British Army tank control
system. Moulding first incorporated details of the system into his own
simulation package, and then phoned the Soviet Union's London embassy to try to
sell the information. Next day two policemen turned up at his home and spoke
to his parents. Moulding's telephone bills were unwittingly paid by his
school. He wrote an autodialer program and an automatic hack program which
"planted a command which led to a display of passwords". DEC denied that its
systems had been hacked. The police officers were unavailable for comment.
Phone Card Scam Cheats Beaumont Residents
-----------------------------------------
[Houston Chronicle, Sept. 28, 1991]
Several residents have been cheated out of hundreds of dollars by con
artists who call, posing as police or phone company employees, and ask for the
residents' telephone credit card numbers. Most of the victims are elderly and
are eager to cooperate, since they are promised that they will be reimbursed
for any long-distance calls.
About eight Beaumont residents received extremely high phone bills last
month, including one that totaled $1,395, after giving their calling card
numbers to the California based con artists, Southwestern Bell spokesman Frank
Merriman said. Merriman said the caller identifies himself as a law
enforcement officer or a telephone company employee who needs the resident's
calling card number to catch a credit card theif or an employee suspected of
misconduct.
A Beaumont physician, who was not identified, told authorities he gave his
number to a man who posed as an FBI agent. The physician later received
long-distance bills totaling $1,395 that included calls to Iran, Puerto Rico,
Hong Kong, Belgium, and China.
The doctor said the man who called him said they had arrested a man in
Atlanta who had 19 cards, including his. "He said he has to really arrest this
guy, because he's ripping off the public, and that he needs my help." the
doctor said.
The calls have been traced to a pay phone in Los Angeles, he said.
Customers should never give their calling card numbers to anyone over the
phone, Merriman said. Southwestern Bell will adjust the charges if the company
can prove the customer did not make the calls, he said, but such scams end up
costing customers. "It's like shoplifting," he said. "It's a cost, and
sombody has to incur it."
Security Comes To The Free Software Foundation
----------------------------------------------
[Summary from an article in the Boston Globe, Aug 6, 1991.]
The Free Software Foundation (FSF) has been forced to institute security
(password) control because "vandals who were able to enter the foundation's
system anonymously were not only deleting and trashing files there, but were
also entering Internet ... and doing damage in other systems as well."...
Michael Bushnell, a programmer at the Free Software Foundation, said the
changes are making systems more inconvenient to use and creating an
international network that cannot be used without an operator putting himself
under surveillance.
"There's not a big sharp impact because, over time, so many networks
already created security barriers," Bushnell said. Extension of these
restrictions..." is kind of like when the last critical-of-the-government
newspaper is shut down. After it's gone a while, people notice a difference.
An estimated 1,000 to 2,00 persons gained access ... and staff members say they
will try to preserve this somehow." "I feel ashamed not having an open
system," says [Richard] Stallman, "I feel ashamed having a system that treats
everyone as vandals when in fact very few were... Every time I think about this
I want to cry."
Miser Held in Record Social Security Fraud
------------------------------------------
[Extracted from the article in from the ClariNet news service.]
Robert L. Chesney is facing trial in the single biggest Social Security
fraud case in U.S. history. He is accused of receiving retirement and
disability checks under at least 29 names. Federal agents found 15 boxes and
three steamer trunks full of birth certificates, bank statements, Social
Security cards and over 200 CA DMV id cards, each with Chesney's picture and a
different name. Chesney allegedly gleaned biographical date about public
personalities from the library. Pretending to be those people, Chesney would
write to their home counties, give their birth dates and other information and
ask for copies of their birth certificates. He then took the documents to the
DMV and obtained the ID cards with which he applied for the Social Security
benefits.
SWBT's Responds to the Supreme Court's White Pages Ruling
---------------------------------------------------------
[By SWBT Media Relations staff]
The following article discusses Southwestern Bell's response to the
recent Supreme Court ruling that White Pages Directory Listings generally are
not protected by Federal copyright law.
Media Relations Report
----------------------
Subject: White Pages Listings Generally Not Protected By Copyright Law, Supreme
Court Rules
Contact: George Stenitzer
White pages directory listings generally are not protected by federal
copyright law, the Supreme Court ruled today. The court said that white pages
listings are facts that lack the originality required to have copyright
protection, although directories as compilations may be copyrighted.
The Supreme Court ruled in the case of Feist Publications Inc. versus
Rural Telephone Service Co. Feist publishes wide area directories in parts of
Kansas, Oklahoma and Texas. When Rural, a small Kansas telephone cooperative
refused to license its white pages directory to Feist, Feist extracted listings
from Rural's directory without permission. The Supreme Court held that Rural's
listings were not entitled to copyright protection, and that Feist did not
violate copyright laws by using the listings. This ruling reversed earlier
decisions by the District Court and Court of Appeals, and expressly rejected
earlier cases holding that directory listings could be copyrighted.
Today's ruling means that other firms may use published white pages
listings without violating copyright laws. Southwestern Bell Telephone has
licensed the use of its white pages listings to directory publishers in both
paper and magnetic formats. SWBT's policy is not to license listings to direct
marketing firms but today's ruling suggests that direct marketing companies may
use published listings without a license. Southwestern Bell Yellow Pages does
not license its yellow pages listings.
SWBT's licensing of published white pages listings in a paper format
represents about $250,000 in annual revenues; these revenues may be affected by
the ruling. However, today's ruling does not give other firms free access to
SWBT's yet-to-be-published listings, to listings in magnetic form, or to the
white pages database itself.
If queried, Southwestern Bell will respond as follows:
"Of course, we don't think it's fair that other firms can copy our published
listings without paying for them."
"Most of our white pages listing customers, however, are seeking updated
listings in magnetic tape form, not the right to copy listings from directories
that have already been published. Our white pages databases are updated
continuously, and the Supreme Court did not deal with the unpublished data
contained in telephone company databases"
Queries will be handled by SWBT's Sherry Smith.
Returns for Senders: (US Postal Service handling of forwardings)
----------------------------------------------------------------
[From the July/August issue of the Common Cause Magazine]
The U.S. Postal Service - the butt of so many complaints about inefficient
service -- is on its toes in one way the average mail recipient might not
appreciate. The same system that enables the Postal Service to forward your
mail to a new address also alerts scads of direct marketers -- from the folks
at your favorite mail-order company to those pesky tricksters who say they have
a special gift waiting if only you'll call to your new whereabouts. The system
seems to work for better and for worse. For better: You get the mail you want
and the Postal Service saves time and money by not delivering mail to the wrong
address. For worse: Junk mailers you never wanted to hear from discover your
new address and waste no time making use of it.
Postal officials insist that they share change-of-address information only
with those who already have your old address. Thanks to the large-scale
selling and renting of customer lists among direct mail marketers, some
companies that never knew you existed will have your particulars. The Postal
Service forwards about 2.3 billion pieces of mail a year for the 40 million
Americans who move annually, at a cost of some $1 billion, says Bob Krause,
director of the Postal Service's National Change of Address (NCOA) system.
Meanwhile 19 companies, including some of the largest direct-marketing
list management firms, pay the Postal Service an annual fee of roughly $48,000
to receive computerized NCOA updates every two weeks. These "licensees" then
provide the updated information to their customers, who pay for address changes
for consumers already on their mailing lists.
The Post Office places great importance on keeping address-correction
information secure, Krause says, and the licensees must follow strict
guidelines on what they can do with it. They may not use the information to
develop mailing lists. But direct marketers who properly obtain the
information from the Post Office or its licensees can make it available to
others with impunity. Ann Zeller, vice president for information and special
projects of the Direct Marketing Association, concedes that firms can buy
names from a direct mailer who has a consumer's new address.
Evan Hendricks, editor of the Washington-based Privacy Times newsletter,
is "very suspicious" of the system. Without realizing it, individuals who
complete change-of-address cards are permanently giving away their addresses to
anyone who asks for them," he says, and that should be clearly explained on the
card.
Of course a change-of-address card is only one of many methods direct
mailers have for learning a person's new address. Those who would sell you
their wares also mine motor vehicle records, voter rolls, magazine subscription
bases, home purchase records and other sources.
There is a way out. Individuals who want their names removed from various
mailing lists can contact the New York-based Direct Marketing Association,
which runs a name and address "suppression" service. But, Krause notes, "If
you buy something at your new address from any direct marketer, your name will
be on a number of lists within weeks."
Inmate, working for TWA, steals credit card numbers
---------------------------------------------------
[From September 8, 1991 'Los Angeles Times']
Carl Simmons, a 20-year-old California Youth Authority inmate, working as
a TWA telephone reservation agent, stole dozens of customer credit card numbers
and used them for thousands of dollars of personal charges. He is now serving
two years in state prison for the thefts.
TWA has used CYA inmates in a special program since 1986. The story says
the program "has been touted as a way to help young criminals learn a trade and
repay their debt to society. It has raised more than $500,000 for victims'
restitution and the cost of incarceration. And the program's 213 graduates,
many of whom now work at airlines and travel agencies, are one-tenth as likely
to commit new crimes as nongraduates, CYA officials said."
CYA has tightened security, including more frequent searching of rooms and
occasional strip-searches. Inmates have always been forbidden from taking pen
and paper into the computer room, and now not even instruction manuals can be
taken out. But Simmons and another inmate said that won't stop inmates from
stealing card numbers or illegally charging airline tickets.
Fred Mills of the CYA says, "There's always going to be an exception, but
99.9 times out of a hundred in a program you're not going to get that. For
every person we can keep out of the institution for a year, that's saving the
state about $31,000. That's the thing we have to look at and balance."
One victim, New Hampshire businessman Phillip Parker, said, "I don't want
to begrudge someone a chance to make it back into a productive life, but giving
them a chance where there's a significant amount of potential for financial
fraud or risk -- maybe there's other things that would make more sense."
TWA says it will now re-evaluate the program.
Network Security Lacking at Major Stock Exchanges
-------------------------------------------------
[From Network World, Sep. 16, 1991]
"The General Accounting Office (GAO) found a total of 68 computer and
network security and control problems at five of the nation's six major
exchanges during reviews it conducted this past year for the Securities and
Exchange Commissions. The lack of adequate controls at the five stock markets
could impair their ability to maintain continuous service, protect critical
computer equipment and operations, and process correct information." The worst
three in terms of numbers of problems were the Midwest (24), Pacific (18), and
Philadelphia (18) exchanges, which were all faulted for their inadequate risk
analysis. The biggest problems were in the areas of contingency planning and
disaster recovery. The NY and American stock exchanges came off relatively
well.
Computer Security Breach at Rocky Flats Nuclear Weapons Plant
-------------------------------------------------------------
[Associated Press, 9/16/91]
Security lapses at the Rocky Flats nuclear weapons plant included the
storage of top-secret bomb designs for a week on a VAX accessible from the
public phone network. In other instances, workers transferred classified
working materials from secure computers to lower security ones, including PCs,
because they were tired of constant changes in the secure systems and wanted to
work on familiar systems.
Head of DOE operations at Rocky Flats Bob Nelson said that the agency
started last year a $37M program to correct security problems, following the
recommendations of outside security experts.
Nelson also said that the unclassified VAX was used by employees working
from home, but that if someone tries to break in "bells and whistles go off"
According to other documents obtained by the AP, other DOE computers had been
found to be vulnerable to break-ins.
Virus Halted Government Computers in South China
------------------------------------------------
HONG KONG, Sept 16 (AFP) - A spate of computer virus attacks put computers
in more than 90 Chinese governmental departments out of order, prompting the
authorities to have all software checked by police, a official Chinese news
agency reported here Monday. More than 20 kinds of the rogue disruptive
programs hit more than 75 percent of the offices' computers in southern China's
Guangdong province, the Hong Kong China News Service said. The provincial
public security bureau had ordered all government units not to use software
from unknown origin or software which had not been inspected by the bureau. In
addition, units or individuals were banned from engaging in the study of
computer viruses, or to hold training courses on them. The new regulations
forbid the sale of software capable of neutralizing the viruses. The report
said the public security bureau had set up a testing department for all
software against the computer viruses.
AT&T Phone Failure Downs Three New York Airports For Four Hours
---------------------------------------------------------------
[N.Y. Times, Sep 18, 1991.]
Operations at all three New York airports ground to a standstill from 5pm
until 9pm yesterday [Sep 17, 1991] when an AT&T internal power failure at a
Manhattan 4-ESS switching center knocked out long distance calls in and out of
the city. Neighboring commercial power was unaffected. The 4-ESS system is
used to route calls between AT&T's long-distance network and the local
companies. The air traffic control centers use a network of radio towers
linked by phone lines.
Although the precise origin of Tuesday's problems remained unclear, the
extent of the difficulties provided yet another example of how dependent
today's telephone networks are on a few pieces of equipment. In recent years,
AT&T and other companies have gone to great lengths to emphasize the back-up
capacity and redundancy of their systems. Yet the long-distance carrier was
unable to reroute all traffic to other gateways for several hours after the
problems first became apparent. Calls were redirected to the two remaining
gateways, but those could not handle that much increased traffic.
Midwest Stock Exchange Reaps Millions Due to Accounting Glitch
--------------------------------------------------------------
[Summary from Chicago Tribune Business Section, 9-20-91]
The Chicago Tribune reports that leaders of the Midwest Stock Exchange had
discovered a 13-year-old accounting glitch which enabled a subsidiary to
wrongfully reap millions of dollars in interest payments which should have gone
to broker-dealers. While the exact amount of money received by the subsidiary
due to the error was not disclosed, the chairman of the exchange said that he
estimated that over the last twelve months, the firm received around 1.8
million dollars.
The accounting error, due partly to human error and partly the fault of
computers, apparently dates back to about 1978. At that time, the exchange and
two of its subsidiaries, Midwest Clearing Corp. and Midwest Securities Trust
Co., altered the way certain broker-dealer transactions were handled. Clearing
Corp. instituted a change, largely computerized, ordering broker-dealers to
wire money to it for the sale of securities before the securities were received
by Securities Trust Company.
By depositing these funds in short-term, government-backed securities,
sometimes overnight but also for longer periods, Clearing Corp. generated for
itself interest payments which should have gone to the broker-dealers. This is
referred to as "playing the float." When the clearing system is working
properly, the securities and proceeds are transmitted through the system
simultaneously, thus eliminating such a float.
The Midwest Stock Exchange insists that they are taking the situation very
seriously, and plan to pay the money back. Some exchange members are concerned
that the money used for the refund will come in the form of higher exchange
rates, putting the exchange at a serious competitive disadvantage.
SWBT sends off first 'cross-country' ISDN call
----------------------------------------------
[This Week, by Southwestern Bell Telephone]
The nation's first "cross-country" public network ISDN was placed last
week, courtesy of SWBT. The historic first call was the result of a two-year
joint effort among SWBT, BellSouth Corp., US Sprint and Bellcore. SWBT's
Advanced Technology Lab originated the call, which used US Sprint's digital
facilities in Burlingame, Calif. The call terminated at a BellSouth switch in
Atlanta, Ga.
Using an ISDN video application, SWBT's trial director Ken Goodgold
was able to see and talk to BellSouth's David Collins. "With this test,
the geographic limits of ISDN-based services were stretched from a few
miles to cross-country," Goodgold says. "We began with protocol testing
and service verification, two key parts of the process," Goodgold says.
"That required an extremely complex series of technical tests. The
Advanced Technology Lab staff worked for months performing the tests
leading up to the first successful call."
Last week's test call was significant from a marketing perspective as
well as a technical one. That's because it demonstrated the economic
benifits of using ISDN for video information. "The cost of a long distance
call is approximately the same, whether it's a voice transmission using a
regular phone line or a video transmission using ISDN," Goodgold says.
"That means a big reduction in cost to arrange a videoconference."
US Sprint joined the test because ISDN has evolved beyond the local
stage, says Terry Kero, the carrier's director of InfoCom Systems
Development Labs. "After today, it will be technically possible to make an
ISDN call across the country just as it is possible today to make a regular
long distance call," Kero says.
Computer Hacker Cited
---------------------
[Houston Chronicle Sept. 25, 1991]
WASHINGTON--A Colorado computer hacker has been charged with breaking into
the National Aeronautics and Space Administration's computer system seven times
last year, the Justice Department said.
Richard Wittman, 24, of Aurora, Colo., allegedly "altered, damaged and
destroyed information" in the space agency's computer system twice, the
department said.
He was charged with illegally gaining access to the NASA computer system
and to its computers at the Marshall Space Flight Center in Huntsville, Ala.,
and the Goddard Space Flight Center in Greenbelt, Md. If convicted on all
charges, he faces a maximum penalty of 15 years in prison and a $1 million
fine.
Back to the master Table of Contents.