The Secret Service, Komputer, More Hacking

[ Pobierz całość w formacie PDF ]
The Secret Service, UUCP,and The Legion of Doomby Kevin Mullet, University of North Texas (KEV@VAXB.ACS.UNT.EDU)UUCP and UNTBack in 1978, a couple of bright fellows at AT&T's Bell Labs, where the Unixoperating system was developed, wondered if computer files could just becopied from one computer to another over a cable. State of the art datatransfer back then meant writing data to paper cards or magnetic tape andreading them in on another computer.The chaps with the bright idea were M.E. Lesk and A.S. Cohen and the programthey wrote to implement the idea was Unix to Unix Copy, or UUCP. The ideacaught on just about the same time Unix was taking off in popularity.As the number of computers that could UUCP to each other grew, the firstwide-area network was born. It slowly grew to the size it has today of over11,000 nodes, or individual computers. The UUCP network, namedafter the primary software used for communication across the network in itsearly days, now provides much more than simple file copying. The UUCP networknow provides electronic mail, network-based news servicesand, of course, file transfer services between each computer on the network.Electronic mail, or e-mail, is a kind of computer-based postal system wherepeople can send messages back and forth to each other electronically withoutever having to print them out on paper.UUCP news is not unlike e-mail. The network of computers where people read,write and distribute news is called Usenet. Most, although not all, of thisservice takes place on UUCP. Because of its popularity, though, the serviceis also available from the NSF-Internet and BITNET wide area networks.Usenet news is comprised of several hundred newsgroups. These newsgroups areforums for ongoing discussions on an endless variety of topics ranging fromspecific computer languages and architectures to cooking, horseback riding,politics and religion. When a person sends e-mail to a news group, themessage is automatically sent out to every computer on the network thatsubscribes to that particular news group. That way, each person who reads andposts to a news group is literally carrying on a dialogue with hundreds, oftenthousands, of other people at the same time.At NT, the most popular way to be a part of these Usenet news groups is withthe ANU program on the VAX Cluster. Through ANU, anyone with a VAX Clusteruserid can take part in up to 366 different newsgroups.Messages from all over the world can be read from the user's terminal.Usually this system works flawlessly, but a few weeks ago something happened.A computer and UUCP network node partially operated by AT&T called ATTCTC wasseized by the US Secret Service as evidence in an ongoing nation-wideinvestigation of data piracy, credit card and long distance dialing abuse, andcomputer security violation called Operation Sun Devil. When that happened,the umbilical cord between NT and UUCP was severed.An understanding of why this impacted NT requires an understanding of how UUCPworks. The great strength and weakness of many wide area networks is theirreliance on "store and forward" technology. Wide area networks which usestore and forward schemes typically communicate only with computers, or nodes,that are geographically close to them. If a node on one side of the world hassome e-mail, news or a file to send to a node on the other end of the world,it simply passes the data to a computer close to it along with instructionsabout the eventual destination. That computer, in turn, passes the data on toa computer close to it until, many nodes later, the e-mail, news or filesreach their intended destination.The great strength of this scheme lies in its economy. Any particular siteneed only pay for connections to a nearby neighbor to access the rest of theworld. This way, a large number of sites can affordably interconnectin a global wide area network.The frailty of this technology is its weakness. On a network where the costis so low to connect, many sites don't arrange redundant routing in case acritical node goes down. NT was such a site. When ATTCTC was seized, all thenodes "downstream" from it, including NT, lost their UUCP access. All thesesites had to scramble to contact other geographically close UUCP nodes thatwere "upstream" of ATTCTC to arrange for new UUCP access. Three days later,thanks to the Computer Science department at the University of Texas at Austin,NT was back online to UUCP, but for some other sites on the UUCP network, thestory was just beginning.The rest of the storyThis account is based largely on the grand jury indictmentsagainst alleged Legion of Doom members and accounts by actual Legionof Doom members who posted to the Usenet group comp.dcom.telcomSometime in December of 1988, Robert Riggs, a 20 year-old student of DeVryTechnical School, hacked his way into a computer at Bell South telephonecompany headquarters in Atlanta. Bell South provides telephoneservice for Alabama, Missippi, Georgia, Tennessee, Kentucky, Louisiana, NorthCarolina, South Carolina and Florida.Riggs was a member of a group called the Legion of Doom. Members of thisorganization are hackers who illegally compromise the security of variouscomputer and telecommunications installations on a regular basis inorder to enhance their reputation within the computer underground.Once he gained access to the Bell South computer, Riggs stole a documentdescribing some of the workings of the emergency 911 service. On 23 January,1989 Riggs copied the file through the UUCP network to Jolnet, a public accessUnix system in Lockport, Illinois and made it available to Craig Neidorf, aneditor of an underground on-line magazine for hackers and phreakers(hackers who specialize in compromising telecommunications security).Phrack, the magazine edited by Neidorf, is published electronically throughthe UUCP and NSF-Internet networks and on numerous BBS's across the countrywhich specialize in disseminating information about hacking andphreaking. The magazine, a mainstream publication in the computer underground,is generally considered required reading for hackers and phreakers. Thecontent of Phrack ranges from actual and fictional accounts of breaking intocomputer systems to technical details of computer security andtelecommunications systems. Sources close to the Phrack publishers assertthat the magazine has always been careful to avoid publishing anything thatwas overtly illegal.Neidorf, a 19 year old political science major at the University of Missouri,used his userid on a school unix system to retrieve the Bell South 911 filefrom Jolnet. Once he got the file, he edited it, as advised by Riggs,to conceal its source. Neidorf and Riggs intended to eventually write anarticle about the 911 system in Phrack.The actual 911 file in question is a six page, 20 kilobyte document describingsome technical and administrative details of the emergency 911 system thatBell South uses for its nine state service area.Through the 911 system, Bell South customers can dial 911 and be instantlyconnected with a Public Safety Answering Point (PSAP). Computers calledElectronic Switching Systems (ESS's) are critical to telephone routing. Oncesomeone in the Bell South service area calls 911, an ESS ensures they areconnected with an appropriate PSAP. The 911 system then allows an emergencyoperator to determine automatically what number and address the caller iscalling from and alert the appropriate emergency service dispatchers.Obviously, the details of security around such a system should be very closelyguarded. The potential for loss of life and property if such a system weremaliciously compromised is enormous.The Plot ThickensUnknown to Riggs and Neidorf, Richard Andrews, the system administrator ofJolnet discovered the Bell South 911 file on his computer soon after it wastransferred there. Andrews sent a copy of the file through the UUCP networkto another computer system called "Killer" that was owned and operated by anAT&T employee, Charles Boykin. Andrews requested that Boykin forward thefile to the appropriate authorities. Andrews didn't prevent further access tothe file, delete it or frustrate the efforts of Riggs and Neidorf. He alsokept a copy of the file for himself.Several months later, Andrews received a call from someone at AT&T who askedfor another copy of the file. Not soon after that, the United States SecretService came paid him a visit. Andrews has been cooperating with theauthorities ever since. It is largely through his cooperation that federalindictments have been returned against five alleged members of the Legion ofDoom: Robert Riggs, Craig Neidorf, Adam Grant, Franklin Darden, Jr., andLeonard Rose.On February 3rd, 1990, after receiving Andrews' cooperation for over a year,the Secret Service raided Jolnet and seized it as evidence.Killer FallsIn 1989, the privately-owned UUCP node known as Killer, through which RichardAndrews alerted AT&T of the stolen 911 file, was moved to the Dallas Infomart.It was used by its owner, Charles Boykin and AT&T as a public demonstrationsystem. It was given a new name, AT&T Customer Technology Center, or ATTCTC.In the years since 1985, when it began operation, Killer/ATTCTC became acritical node on the national UUCP backbone. Computers throughout thesouthwest, and people who used them, depended on ATTCTC for Usenet news,electronic mail and UUCP file transfer services. On the 20th of February,1990, without any advance notice, ATTCTC was permanently shut down, leaving NTwith no UUCP access.AT&T claims that the closure was due to lack of funds, although the system wasprivately ... [ Pobierz całość w formacie PDF ]

The Secret Service, Komputer, More Hacking

Linki