Mark Abene (Phiber Optik) sentenced
forwarded message follows: 8<--------- cut here ------------ From: risks@csl.sri.com (RISKS Forum) Newsgroups: comp.risks Subject: RISKS DIGEST 15.22 Date: 6 Nov 93 01:57:47 GMT Sender: daemon@ucbvax.BERKELEY.EDU Reply-To: risks@csl.sri.com Date: 04 Nov 93 17:37:14 EST From: "Mich Kabay / JINBU Corp." <75300.3232@compuserve.com> Subject: Master of Disaster Phiber Optik sentenced Mark Abene, 21, widely known as Phiber Optik, was sentenced to a year and a day in prison. He will serve 600 hours of community service. He pleaded guilty last July to conspiracy, wire fraud and other federal charges relating to his activities as one of five Masters of Disaster indicted for breaking into telephone, educational, and commercial computer systems. [Perhaps in a few years more, they will be Doctors of Disaster?] [PGN Excerpting Service, drawn from the Associated Press and Reuters, both on 3 November 1993] The Reuter article give background information, including o the charges against MoD marked the first use of wiretaps to record both conversations and datacomm by accused hackers. o the hackers attacked phone switching computers belonging to Southwestern Bell, New York Telephone, Pacific Bell, U.S. West and Martin Marietta Electronics Information and Missile Group. o they broke into credit-status reporting companies including TRW, Trans Union and Information America, stealing at least 176 TRW credit reports. o the young men were apparently competing with each other and other hacker groups for "rep" (reputation) and were also interested in harassing people they didn't like. o the Reuter article mentions that "they wiped out almost all of the information contained on a system operated by the Public Broadcasting System affiliate in New York, WNET, that provided educational materials to schools in New York, New Jersey and Connecticut" and left the message, ""Happy Thanksgiving you turkeys, from all of us at MOD." Michel E. Kabay, Ph.D., Director of Education, National Computer Security Assn 8<---------- cut here --------- Cheers. _____________________________________________________________________________ Paul Ferguson Mindbank Consulting Group fergp@sytex.com Fairfax, Virginia USA ferguson@icp.net
o the charges against MoD marked the first use of wiretaps to record both conversations and datacomm by accused hackers. This I find quite interesting... As a guess, if I were to attempt such monitoring, I would start with a pair of off-the-shelf modems, but I don't know the details of modern compression (v.42) or wire encodings to know how easy that would be to make work... Anyone have more details on how the tap was accomplished?
_Mark_ <eichin@paycheck.cygnus.com> ... just me at home ...
... NOTE when Tapping and recording FAX or Hi-Speed MODEMS... A ANALOG recorder simply doesnt work.... BUT A modern SONY DAT works beautifully... the analog recorders have too much flutter and wow to reproduce the signal faithfully cheers kelly... --
o the charges against MoD marked the first use of wiretaps to record both conversations and datacomm by accused hackers. This I find quite interesting... As a guess, if I were to attempt such monitoring, I would start with a pair of off-the-shelf modems, but I don't know the details of modern compression (v.42) or wire encodings to know how easy that would be to make work... Anyone have more details on how the tap was accomplished?
I'd just copy everything to tape as I'd been doing for years. You don't need anything new to tap the phone line to pick up the data. After that, you just need to figure out the baud rate, parity, and data compression (which could be done by trial and error pretty quickly) and then just play the tape into a modem that was set up correctly. Unless I'm missing something, it seems pretty simple. -David
I'd just copy everything to tape as I'd been doing for years. You don't need anything new to tap the phone line to pick up the data. After that, you just need to figure out the baud rate, parity, and data compression (which could be done by trial and error pretty quickly) and then just play the tape into a modem that was set up correctly.
Unless I'm missing something, it seems pretty simple.
I have heard that tapping high speed modems can be a little tricky because of the adaptive filtering done. The modems both have adaptive filters that adjust to the line as they see it. If you are tapping at some other point the filtering will not be optimimal for your case. I believe these filters take care of smearing and echos and things of that nature. Maybe someone in the know can elaborate and clear up all the bad data I probably just spewed :) Phil?
-David
I have heard that tapping high speed modems can be a little tricky because of the adaptive filtering done. The modems both have adaptive filters that adjust to the line as they see it. If you are tapping at some other point the filtering will not be optimimal for your case. I believe these filters take care of smearing and echos and things of that nature.
Hmm... As part of the tap, introduce just enough distortion or noise to cause the modems to fallback to a slower bit rate. This is somewhat intrusive of course and so it might be noticed, but it could make taping a line much cheaper. brad
It's not too technically difficult to tap modem connections at low speed, I played around with it a few years back, and I was able to add a third modem onto a 300 or 1200 baud connection and view what was being transmitted. Using the modem as a dumb interpreter of the signal works well to analyze the raw data being transmitted at low speeds, but when you use v.42 and LAPM, things get a bit more complicated. You need special hardware/software to interpret and decode the compressed & checksummed data packets.
It's not too technically difficult to tap modem connections at low speed, I played around with it a few years back, and I was able to add a third modem onto a 300 or 1200 baud connection and view what was being transmitted. Using the modem as a dumb interpreter of the signal works well to analyze the raw data being transmitted at low speeds, but when you use v.42 and LAPM, things get a bit more complicated. You need special hardware/software to interpret and decode the compressed & checksummed data packets.
Actually, there's another way if you can tap into the RS-232 pipeline itself. I've seen a box in a catalog that offers a three way RS-232 split. What I would do with it is to actually build something like that myself and take the send/receive lines and hook them up to another machine to capture the transfer of info between them. I could then capture any data coming through the lines. Uses for this: if you suspect someone is breaking into your machine or some other machine via a dial up line and want to capture some proof of it. (Cliff Stoll did this with a printer.) You can't actually tap into the phone line with this of course.. :-) But there are better things to do. For one, you can buy a portable DAT walkman and a large capacity DAT tape, and dump everything to the tape, then have your modem decode the conversation, but you have to filter out one side or the other. While this may be hard for Joe Hacker, it wouldn't be hard for Joe Rockwell who works in a modem factory and can build a special box based on the Rockwell (or other) chipset to spy on the modem conversation. A long long time ago, when a friend of mine was running a BBS (at 300bps) and his machine was down, he put a 300bps recording of his modem writing "Sorry the BBS is down" on an answering machine. The timing was a bit screwey, but the message got through most of the time. :-)
Paul Ferguson reports on the MOD case:
The Reuter article give background information, including <text deleted>
o the young men were apparently competing with each other and other hacker groups for "rep" (reputation) and were also interested in harassing people they didn't like.
Reuters doesn't mention, for some reason, that these defendants, and Mark Abene in particular, were primarily motivated by the desire to learn about the systems they were using.
o the Reuter article mentions that "they wiped out almost all of the information contained on a system operated by the Public Broadcasting System affiliate in New York, WNET, that provided educational materials to schools in New York, New Jersey and Connecticut" and left the message, ""Happy Thanksgiving you turkeys, from all of us at MOD."
No MOD defendant has admitted to doing this. In fact, it seems certain that this particular act was committed by a rival who wanted to frame the MOD members. --Mike
participants (9)
-
A1 ray arachelian -
Brad Huntting -
David Kovar -
ferguson@icm1.icp.net -
kelly@netcom.com -
Mark W. Eichin -
Matthew J Ghio -
Mike Godwin -
Timothy Newsham