-=- United Phreaker's Incorporated Magazine -=- Volume Two, Issue Seven, File 1 of 19 Released Date December 31, 1992 Hello, ... Hello? yes we are still around, before anything else I would like to apologize for the incredible time it took us to produce this issue. As a result of the tremendous time between issue number six, and this issue, some of the articles in the UPi Underground Newsline may presently be quite ancient. We have no real excuse for this except that we had too many late night conferences with all our friends in australia. Right Anthony? However, let me now bring you up to date on what has been happening with the group. The Darkman, formerly NukE prezident applied to UPi the day of his retirement from nuke, he was accepted into the group. You will also see some other new names in the UPi members list. UPi magazine can now also be downloaded off five different anonymous FTP sites. When you venture further down the page you will come accross these addresses. The article from Black Flag on how to build the frequency modulator that was previously promised to be in this issue, will regretfully not be appearing. Black Flag apparrently did build a working modulator however once he was finished he never wrote the article! You can contact the editors of UPi at Voice Mail Box: 416-505-8636 Internet E-Mail: giac@gene02.med.utoronto.ca Ftp Sites: halycon.com in the /pub/mirror/cud/upi directory or kragar.eff.org in the /pub/cud/upi directory or mullian.ee.mu.oz.au in the /pub/text/CuD/upi or redspread.css.itd.umich.edu in the /cud/upi Article Article Name Writer(s) Size Number =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= 6.1 Introduction To UPi Magazine Arch Bishop (4k) 6.2 Mad Matt's Introduction To Explosives Anonymous (27k) 6.3 The Lighter Side: Aggravating Your Forbidden Nostalgia (13k) Neighbourhood Geek's, Exgirlfriends, Etc. 6.4 An Introduction To Trace Utility Of Opticon (16k) Virtual Memory Operating System 6.5 Summer Trashing Volume 1 Silicon Phreaker (6k) 6.6 Pyrotechnica Genghis Khan (52k) 6.7 Network User Addresses Information The Darkman (6k) Numbers 6.8 The Hacker's Code Of Ethics The Darkman (7k) 6.9 Build A Emergency Telephone Dialer The Lost Avenger (29k) 6.10 Research Experiment #1 Screw You All Rainbow's Gravity (21k) 6.11 From Whom Bells Toll The Lost Avenger (23k) 6.12 The Hacker Hood The Lost Avenger (21k) 6.13 Pumpcon Busted Anonymous (11k) 6.14 How To Social Engineer Pizza Pizza Major Thrill (4k) For CNA 6.15 UPi Underground Newsline Part 1 Arch Bishop (90k) The Lost Avenger 6.16 UPi Underground Newsline Part 2 Arch Bishop (77k) The Lost Avenger 6.17 UPi Underground Newsline Part 3 Arch Bishop (88k) The Lost Avenger 6.18 Member & Site Application Form UPi Editorial Staff (2k) 6.19 Member & Site Listing UPi Editorial Staff (3k) ------------------------------------------------------------------------------- -=- United Phreaker's Incorporated Magazine -=- Volume Two, Issue Seven, File 2 of 19 Mad Matt's Introduction To Explosives! (Editor's Note: The author of this articel wishes to stay anonymous.) Primary and High Explosives: Explosives are substances which go through rapid decomposition, and simultaneous release of energy, with some upon the application of heat but usually upon the application of a shockwave, (a sudden localized increase in mechanical pressure). Many High Explosives if ignited by flame will just burn, and a couple are not flammable at all. A stick of dynamite, if lit by a match will merely burn, but if placed on a metal anvil and struck with a hammer or blasted with a blasting cap, it will explode. The reaction is transmitted within the explosive, self-propagated by the pressure shockwave, not by flame. Explosives will detonate without any confinement, but are usually put into some sort of container to hold them in place for the shockwave, otherwise the first part of the explosion would just blow away the remainder of the explosive like dust in a wind storm, rather than detonating it. Other substances may be added to the explosive to increase or decrease its sensitivity to detonation, or to enhance its power. Detonating Cord, also called Fuze, (with a Z,) is a long tube (that looks like heavy wire,) that contains a Primary or High Explosive. It is used to transmit an explosive shockwave from the point of its detonation to the major explosive it in turn is to detonate. This is in contrast to Fuse, (with an S,) which is used to transmit flame. Detonating Cord is used professionally with explosives because of its much higher reliability in comparison with Fuse. Detonating Cord may occasionally be used to directly detonate a mass of High Explosive, though it is usually used to detonate a Blasting Cap of Primary Explosive with then detonates the High Explosive. Primary Explosive, (also known as Initiating Explosives,) are especially sensitive to shock, heat, flame and friction. Being so sensitive, they are extremely dangerous. They are sometimes more powerful than the High Explosives, and are typically more expensive to manufacture in quantity. Blasting Caps are mainly composed of Primary Explosives. Primary Explosives are used to convert the flame of a fuse or squib, or the shockwave of Detonating Cord into a very powerful shockwave to explode a mass of High Explosive. High Explosives are chemical compounds or mixtures similar in some ways to the Primary Explosives, but they are very much less sensitive to detonation. In small quantities most will just gently burn. For reliable detonation they should be exploded by a Primary Explosive (Blasting Cap). They are very much safer to handle, (from an explosion standpoint,) than the Primaries, and are usually much less expensive to manufacture in quantity. From a view to safety, High Explosives should make up the vast majority of any (but the smallest) explosive device you may decide to experiment with. Primary Explosives HMTD (Hexamethylenetriperoxidediamine) Materials Needed: 2 Containers (the smaller one should be glass) Hydrogen Peroxide Solution (3% or stronger -6% to 15% are best) Citric Acid Hexamethylenetetramine (see chemical synthesis section) Method: -Place a beaker or glass jar containing 60 ml (2 fluid ounces) of 6% Hydrogen Peroxide solution (twice as much if it is 3%) into a larger jar, containing crushed ice and a little water to cool the inner jar -Add 2 teaspoons (4 g) of Hexamethylenetetramine (Hexamine), and stir until dissolved -Add 3 teaspoons (6 g) of Citric Acid and stir until dissolved. -Do not add any more ice to the outside container. Allow the ice to melt. -Let the mixture sit for 24 hours and a white precipitate will have formed on the bottom of the jar. Pour this mixture through a filter paper and the white material will be left on the paper. Pour water through the filter to wash this white material. Throw away the liquid. Dry the white powder which is HMDT, Primary Explosive. This material will explode from a sharp blow or if quickly heated above 200xC (392xF). If heated over 70xC (158xF) for periods of time or if boiled in water it will harmlessly decompose. It is very flammable. HMTD is somewhat corrosive and is toxic. It is insoluble in water or alcohol. DDNP DDNP, diazodinitrophenol, is a primary explosive. It is extensively used in commercial blasting caps that are initiated by black powder safety fuse. It is superior to mercury fulminate in stability but is not as stable as lead azide. DDNP is desensitized by immersion in water. In Blasting Caps it can be used with a booster explosive such as RDX or Picric Acid (see the High Explosives section) Materials Needed: Picric Acid (see the High Explosives section) Sulfur Lye (Sodium Hydroxide) Sulfuric Acid, diluted Potassium Nitrite Water 2 Pyrex beakers Stirring Rod (glass or wood) Method: -In one of the beakers, mix 0.5 g of lye with 2 tablespoons (30 ml) of warm water. Dissolve 1 teaspoon (3.0 g) of Picric Acid in the water-lye solution. -Place 1/4 teaspoon (1 ml) of water in the other beaker. Add 1/2 teaspoon (2.5 g) of sulfur and 1/3 teaspoon (2.5 g) of lye to the water. Boil this second solution over heat until the colour turns dark red. Remove from the heat and allow this solution to cool. -In three portions, add this sulfur-lye solution to the Picric Acid- Lye solution; stir while pouring. Allow the new mixture to cool. -Filter the mixture through a paper towel into a container. Small red particles will collect on the paper. Discard the liquid -Dissolve the red particles in 1/4 cup (60 ml) of boiling water. Remove and filter the mixture through a paper towel (or filter paper) but this time discard the particles left on the paper and save the liquid. -Using an glass eyedropper, slowly add the sulfuric acid to the filtered solution until it turns orange-brown. Add 1/2 teaspoon (2.5 g) more of sulfuric acid to the solution. Allow the solution to cool to room temperature. -In a separate container, dissolve 1/4 teaspoon (1.8 g) of Potassium Nitrite, in 1/3 cup (80 ml) of water. Add this solution, while stirring, to the orange-brown solution. Allow the mixture to stand for 10 minutes. The mixture will turn light brown. [CAUTION: AT THIS POINT THE MIXTURE IS A PRIMARY EXPLOSIVE. KEEP IT AWAY FROM FLAME.] -Filter the mixture through a paper towel or filter paper. Wash the particles left on the paper with 4 teaspoons (20 ml) of water. -Allow the particles to dry (approximately 16 hours) [CAUTION: EXPLOSIVE IS SHOCK AND FLAME SENSITIVE. STORE THE EXPLOSIVE IN A CAPPED CONTAINER.] Lead Picrate Material Needed: Picric Acid (See the High Explosives preparation section) Litharge (See the chemical synthesis section) Methyl Hydrate (Methanol) Method: -Weigh out typically 2 g of Picric Acid and 2 g of Lead Monoxide -Add the Picric Acid to 2 teaspoons (10 ml) of methanol in a container and stir -Add the lead monoxide -Continue stirring and allow the methanol to evaporate. NOTE: The mixture will suddenly thicken -Carefully break up this mixture and stir occasionally until a powder is formed (a few lumps will remain). -Remove and spread out to air dry Lead Picrate is easily detonated by shock, spark or heat. Tetramminecopper (II) Chlorate Materials Needed: Sodium Chlorate (see chemical synthesis section) Copper Sulfate Ammonium Hydroxide (Household ammonia) Alcohol (Ethanol/Ethyl Alcohol 93% or better purity) Method: -Measure 1/3 teaspoons (2.5 g) of Sodium Chlorate in a wide mouth bottle and ass 10 teaspoons of the alcohol - Add 1 teaspoon (4 g) of Coper Sulfate and stir the mixture just under the boiling point for 30 minutes (heat can be supplied by a pan of hot water). The mixture will change colour. CAUTION: KEEP THE SOLUTION AWAY FROM FLAME -Keep the volume of the solution constant by adding additional alcohol about every 10 minutes. Remove solution and let cool. Filter through folded paper towels or filter paper into another wide mouth bottle or beaker. Keep the liquid. -Add 1 cup (250 ml) of ammonia to a narrow mouth bottle, (pop bottle, or a flask). Place tubing so that it extends about 4 cm inside the bottle, then seal the tubing to the bottle with wax (clay, gum, etc). -Place the other end of the tubing into the beaker (or wide mouthed bottle from the earlier step. Heat the sealed bottle containing the ammonia in a pan of hot water (not boiling) for about 10 minutes. -Bubble ammonia gas through the first solution (in the beaker) until the colour of the solution changes from a light green to a dark blue (approximately 10 minutes) and continue bubbling for another 10 minutes. CAUTION: AT THIS POINT THE SOLUTION CONTAINS A PRIMARY EXPLOSIVE. KEEP IT AWAY FROM FLAME. -Reduce the volume of the solution to about 1/3 of its original volume by evaporating it in the air or a stream of air. You may wish to speed up the evaporation by pouring the solution into a flat glass casserole pan. -Filter the solution through a paper coffee filter and wash the crystals that remain in the paper with 1 teaspoon of alcohol and set the crystals aside to dry (approximately 16 hours) CAUTION: THIS EXPLOSIVE IS SHOCK AND FLAME SENSITIVE. STORE IN A CAPPED CONTAINER. HIGH EXPLOSIVES: PICRIC ACID Materials Needed: Aspirin (20 tablets, preferably the no-name A.S.A. tablets) Alcohol (Ethanol/Ethyl Alcohol 93% pure or better) Concentrated Sulphuric Acid Potassium Nitrate (Saltpetre) Method: -Crush 20 tablets of aspirin in a glass container and work into a paste with a teaspoon or water. -Add approximately 1/3 to 1/2 cup (100 ml) of alcohol with stirring and filter through filter paper into another glass container -Discard the solid left on the paper and pour the liquid from the container into a flat dish or glass casserole pan. Let the alcohol and water evaporate, leaving a white powder. -Take some sulfuric acid and boil it in a beaker or heat resistant Pyrex container until the fumes change to white fumes and immediately remove the heat at this point. This boils off the water leaving you with Concentrated Sulfuric Acid. -Add the white powder to 1/3 cup (80 ml) of concentrated Sulfuric Acid in a glass jar -Heat the jar in a simmering hot water bath for 15 minutes and remove. -Stir; the solution will gradually turn to a yellow-orange colour. -Add 3 level teaspoons (15 g) of Potassium Nitrate in three portions with vigorous stirring. The solution will turn red, and then back to a yellow-orange colour. -Allow the solution to cool to room temperature while stirring occasionally. -Slowly pour the solution, while stirring, into 1 1/4 cups (300 ml) of cold water and allow to sit for a few minutes. -Filter the solution through filter paper into a glass container. Light Yellow particles will collect on the paper. This is Picric Acid. It might take considerable time to filter. -Let the filter paper and the Picric acid dry. It may take 16 hours or more, (or you can keep it at 70-90xC/160-200xF for two hours). The yield should be about 4 grams of Picric Acid. Picric acid has about the same power as TNT. RDX (Cyclonite) Materials Needed: Concentrated Nitric Acid (90 to 100% concentration) Hexamethylenetetramine (see the Chemical Synthesis section) a 1000 ml (1 Litre, 5 cup) beaker or glass coffee pot an ice water bath (large enough to hold the beaker listed above) a hot water bath (large enough to hold the beaker listed above) Method: -Prepare the large ice water bath. 1/2 cup (125 ml) of Concentrated Nitric Acid are cooled, if necessary, to 20xC (68xF) in the beaker or glass coffee pot. 1 1/2 ounces (40 g) of Hexamethylenetetramine are slowly added over 15 minutes, while stirring and carefully watching the temperature. You will soak the beaker in the ice water bath to keep the temperature of the Nitric Acid between 20xC and 30xC (68xF to 86xF). You will need a glass thermometer to keep track of the temperature. The glass thermometer may also be used to stir the solution. When all of the Hexamine has been dissolved, place your beaker in the hot water bath, to heat up the Nitric Acid to 55xC (131xF). Let this hot water bath and beaker of chemicals naturally cool to within 10xC (18xF) of room temperature. Add 2 to 3 cups (500 to 750 ml) of cold water to the beaker of chemicals. White particles will begin to appear in the solution. Filter off the liquid and wash the white powder several times with cold water. (If you have Acid/Base Indicator Paper, continue washing the RDX until the water registers a neutral pH of about 7). Discard the liquid. This white powder is RDX High Explosive. RDX will detonate from very strong impact. It will not detonate, even if heated to 360xC (680xF). It is very poisonous. It is not soluble in water but 1 part RDX will dissolve in 10 parts Acetone. RDX is 1+ times as powerful as TNT. Plastic Explosive made from RDX Method: Thoroughly mix 10 parts by weight of motor oil to 90 parts dry RDX, to make a variation of C-4 (Military) Plastic Explosive. Chemical Synthesis and Supplies Alcohol (Ethanol, Ethyl Alcohol): is available in 93% concentration from all Pharma Plus Drug stores (make sure you are getting the ethyl alcohol and NOT the isopropyl alcohol which is usually a 70% concentration. It is sometimes labelled as rubbing alcohol but make sure you are getting the correct type of alcohol.) Ammonia (Household Ammonia, Ammonia Water, Ammonium Hydroxide): is available at any grocery store Citric Acid: a white powder used in food preservation, available from drug stores and some food stores Copper Sulfate: Is available from school chemistry labs, hobby or science shops for plating items with copper, and at some farm and garden suppliers as an anti-fungicide. Formaldehyde: Farm and Gardening Suppliers as an anti-fungicide for seeds Hexamethylemetetramine (Hexamine): is an easily produced substance used in the manufacture of HMTD (primary explosive) and RDX (high explosive). This should be manufactured outside because of the smell. Add 1 volume of Formaldehyde (37% solution typically,) to 4 volumes of Household Ammonia. Mix thoroughly and let this smelly pair evaporate. You might want to do this in a flat container (like a glass casserole pan) to speed things up. You may also wish to put this container into a hot water bath to speed things up further. After several days of evaporation, you will be left with a fairly dry powder, which is Hexamethylenetetramine. Hydrogen Peroxide (Hair Bleach): A clear liquid, 3 to 6% solutions are available from drug stores, up to 15% concentrations are available from beauty supply shops. Lead Monoxide (Litharge): Is used in the manufacture of Lead Picrate primary explosive. To make this material see Potassium Nitrite. Lye (Sodium Hydroxide): Is available at most hardware stores Methyl Hydrate (Wood Alcohol, Methanol, Methyl Alcohol): Available at Hardware stores (it is poisonous, DO NOT DRINK IT) Nitric Acid: A Clear or Yellowish liquid, extremely corrosive, available from school chemistry labs, (can easily be stolen from the University of Toronto Chemistry building, Wallberg Building, 184 College Street, the basement labs and supply rooms are your best bet,) or you can manufacture as follows: Concentrated (95 to 100%) Nitric Acid may be produced from Concentrated Sulfuric Acid and Potassium Nitrate (Saltpetre). Add 100 g. (about 1+ volumes) of Potassium Nitrate to 35 ml (or 1 volume) of Concentrated Sulfuric Acid. If this mixture is gently heated it will boil off the Nitric Acid as fumes which can be condensed back into Concentrated Nitric Acid. Your final volume of Concentrated Nitric Acid should be about the same as the original volume of Concentrated Sulfuric Acid. Beware: Nitric Acid and its fumes are toxic and extremely corrosive. They will not affect Glass or Teflon but will eat through most other materials, including skin. Try to do these procedures out-of-doors. Many chemistry texts books give further information on the equipment needed to distil Nitric Acid. Potassium Nitrate (Saltpetre): Is available at most drug stores Potassium Nitrite: Used in the manufacture of DDNP primary explosive This can be manufactured (along with litharge/lead monoxide at the same time as needed for lead picrate) as follows: Materials needed: Lead metal (available as lead shot for rifle shot refills, or in hobby shops for stained glass work) Potassium Nitrate (Saltpetre) Methyl Hydrate Iron Pipe Method: -Mix 3 parts by weight of Lead with 1 part by weight Potassium Nitrate. Place the mixture in the iron pipe and heat in a hot bed of coals or by a blow torch for an hour -remove the container and allow to cool. Chip out the yellow solid with a screwdriver, put into a jar and add 1/2 cup (120 ml) of Methyl Hydrate, giving an orange-brown creamy colour. -Heat the container with the mixture in a hot water bath until it reacts giving a darker colour. -Filter the mixture through filter paper -The solid left on the paper is Lead Monoxide (Litharge). Take the paper and place it over a different (and empty) glass container wash it through the paper twice, using 1/2 cup (120 ml) of hot water each time, then air dry this Lead monoxide before using it to prepare Lead Picrate. -Place the jar with the original liquid (not the washing water) in a hot water bath until the Methyl Hydrate has evaporated. The remaining snowy white sludge is water and Potassium Nitrite. Keep this in a closed container as it has a tendency to absorb additional moisture from the air. Use this material in the manufacture of DDNP. Sodium Chlorate: An oxidizer for incendiaries, rocket propellants, and in the manufacture of Tetramminecopper Chlorate explosive. It can be obtained from school or manufactured as follows: Materials Needed: Two Carbon Rods Salt Water Sulfuric Acid (Diluted) 12 volt car battery charger (or a car battery while engine is running) Method: -Mix 1/2 cup of salt with 3 cups (3 litres) of water in a glass container. -Add 2 teaspoons of battery acid to the solution and stir vigorously for 5 minutes. -Connect the two carbon rods using heavy wires to the 12 volt power source. Make sure the two rods stay 4 to 5 cm (1+ to 2 inches) apart at all times. DO NOT ALLOW THE RODS TO SHORT OUT! -Submerge 5 to 15cm (2 to 6 inches) of length on the rods into the solution. Do not allow the copper wires to touch the solution. -Apply power for two hours then stop for two hours, then repeat for two days. -Filter this solution through filter paper and throw out the solid material captured in the filter paper. -Take the solution and place it in a flat pan and allow the water to evaporate. (Placing the pan in a hot water bath can dramatically speed up the evaporation.) The powder that remains is Sodium Nitrate. Sodium Nitrite: Can be used instead of Potassium Nitrite in the manufacture of DDNP primary explosive. It can be manufactured by heating Sodium Nitrate in a pyrex test tube or beaker over a flame for 10 to 15 minutes. It will give off oxygen, and Sodium Nitrite will remain. (Do not use this method for Potassium Nitrate as it will NOT give you Potassium Nitrite, but instead Potassium oxide.) Sulfuric Acid: can be bought from Jeweller, Chemical or Metal Plating Suppliers and is usually 98 to 100% pure (Concentrated). Car Battery Acid is available from Automotive Supply Shops (but not Canadian Tire,) and is only 40% Sulfuric acid and 60% water. Gently boil this in a Pyrex glass container, such as a beaker or a glass pyrex coffee pot, until the temperature rises above 120xC (248xF) and/or white fumes start to be given off. Let it cool and store it in its original glass container. This is now Concentrated Sulfuric Acid and is 98 to 100% pure. Filter Paper: You can get real filter paper from school, or use Paper Coffee filters available at any grocery store. You may also use a few layers of paper towelling but this usually doesn't filter very well. Blow up a Bank or school today . . . HAVE PHUN! SOME MORE PHUN INFORMATION TO USE ON YOUR PARENTS! A List of Plant Poisons Autumn Crocus: The bulbs cause vomiting and nervous excitement. Azaleas: All parts produce nausea, vomiting, respiratory distress, prostration and coma. Fatal. Be Still Tree: All parts produce lower blood pulse, vomiting and shock. Fatal. Bleeding Hearts: Foliage and roots, fatal in large amounts. Buttercups: All parts may severely injure the digestive system. Camara: Green berries affects lungs, kidneys, heart and nervous system. Fatal. Campanilla : Be Still Tree (q.v.) Camotillo: Deadly Toxic. (Solanine) Fatal. Castor Beans: Produces vomiting, purgation, delirioun and coma. Contains ricin. Fatal. Common Oleander: All parts toxicc attacks heart. Fatal. Cherries: Wild and domestic twigs and foliage. Releases cyanide when eaten. Shortness of breath, excitement and fainting within minutes. Fatal. China Berry Tree: Attacks nervous system via fruit. Narcotic. China Tree: China Berry Tree (q.v.) Crab's Eye: Seeds, subcutaneous emplacement. Fatal within four hours. Crow Fig: Seed produce convulsions. Contains strychnine and brucine. Daphne: Berries have killed children. Fatal. Diefenbachia: All parts produce burning and irritation to tongue and mouth. Swollen tongue may block throat death can occur. (Under circustances, fatal.) Divine Mushroom: Produces hyper sensitivity, hallucinations and melancholia for several hours. Deliriant. Dutchman's Breeches: Bleeding Hearts (q.v.) Dumb Cane: Diefenbachia (q.v.) East Indian Snakewood: Produces convulsions. Contains strychnine and brucine. (Death possible due to exhaustion.) Elderberry: All parts except berry produce vomiting and digestive distress. Elephant Ear: Diefenbachia (q.v.) False Upas Tree: All parts produce convulsions. Contains strychnine and brucine. (Death possibel due to exhaustion.) Fish Poison Tree: Excites nervous system, causes spasms followed by deep sleep. Contains piscidine. Foxglove: Leaves stimulate the heart. Contains digitalis. Produces circulation disorder and confusion; may be fatal. Gabon Arrow Poison: Produces incapacitation through vomiting and purgation. Contains strophanthin and incine. Gloriosa Superba: All parts contain narcotic superbine and deadly poison colchicine (fatal dose 3 grains). Golden Chain: Bean-like seed capsules induce staggering, convulsions and coma. May be fatal. Guiana Poison Tree: CURARE taken from bark. Contains curare, strychnine and brucine. Produces respiratory collapse. Fatal - 1 hour. Hyacinth: Bulbs produce vomiting and purgation. Exhaustion may be fatal. Ipecacuanha: Root is powerful emetic also depressant. Iris: Stems cause severe but not fatal digestive distress. Jack-in-the-Pulpit: Roots contain crystals of calcium oxalate that cause intense irritation to mouth and tongue (similar to dumbcane) Jamaican Dogwood: Fish Poison Tree (q.v.) Jasmine: The berries produce severe nervous and digestive upest. Can ve Fatal. Jequiritz Bean: Crav's Eye (q.v.) Jimson Weed: All parts cause delirium. Has proven fatal. Kachita: Crow Fig (q.v.) Lantana: Camara (q.v.) Larkspur: Seeds and young plants produce severe nervous and digestive upset. May be fatal. Laurels: Azaleas (q.v.) Mayapple: Roots contain 16 active toxic substances. Fruit may cause diarrhea. Mexican Tuber: Camotillo (q.v.) Mistletoe: Berries - Fatal. Monkshood: Roots produce digestive upset and nervous excitement. Moonseed: Berries may be fatal. Narcissus: Hyacinth (q.v.) Nightshade: Unrie berries produce intense digesive and nervous upset. Fatal. Nux Vomica Tree: Crow Fig (q.v.) Oaks: Foliage and acorns affect kidneys; symptoms delayed days or weeks. Pain and discomfort. Oleander: Leaves and branches produce upset and induce heart attacks. Fatal. Extremely poisonous. Ololiuqui: Jimson Weed (q.v.) Poinsettia: Leaves Fatal. (One leaf will kill a child.) Poison Hemlock: All parts. Used as an executionary plant in ancient times. Fatal. Poison Ivy: Milky sap is skin irritant. Contains toxicodendrol. Poison Nut: Crow Fig (q.v.) Poison Tanghin: Causes voniting purgation and paralysis a.k.a. Ordeal Tree for obvious reasons. Contains cerberin and tanghinine. May be fatal. Potato: Vines and foliage produce severe digestive and nervous disorers. Contains alkaloid poisons. Pride of India: China Berry Tree (q.v.) Psychic Nut: Raw seeds produce violent purgation; death caused by exhaustion. Red Sage: Camara (q.v.) Rhubarb: Leaf blade produces convulsions followed by coma. Fatal. (large amounts, raw or cooked) Rosary Pea: A single pea has caused death. Castor Bean (q.v.) St. Ignatius' Bean: Produces convulsions. Contains brucine. Star of Bethlehem: Bulbs cause vomiting and nervous excitement. Thorne Apple: Jimson Weed(q.v.) Common cause of poisoning. Tomato: Vines and foliage produce digestive upset and nervous disorder. Related to Nightshade (q.v.) Contains alkaloid poisons. Trailing Poison Oak: Poison Ivy (q.v.) Upas Tree: Milky sap produces vomiting purgation and paralysis. Contains antiarin and used as arrow poison (Malaya). Fatal. Water Hemlock: All parts produce violent and painful convulsions. Many have died from Water Hemlock poisoning. Fatal. White Wooly Kombe Bean: Gabon Arrow Poison (q.v.) Wisteria: Seeds, pods produce digestive upset Yellow Oleander: Be Still Tree (q.v.) Yew: Foliage. Death occurs without any preliminary symptoms. Fatal. HELP STOP THE POPULATION EXPLOSION . . . POISON SOME ASSHOLE TODAY! ------------------------------------------------------------------------------- -=- United Phreaker's Incorporated Magazine -=- Volume Two, Issue Seven, File 3 of 19 =-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-= =-= United Phreakers Incorporated presents .... =-= =-= =-= =-= =-= =-= The Lighter Side: =-= =-= =-= =-= =-= =-= Aggravating Your Neighbourhood geek, =-= =-= Ex-girlfriends, etc =-= =-= =-= =-= =-= =-= Written by : Forbidden Nostalgia =-= =-= 7/21/92 =-= =-= =-= =-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-= UPi is a very serious H/P group but once in a while one needs a good laugh. Many of the satirical text files have been utter bullshit and just for a laugh. But I have come up with a few ideas of things you can do to aggravate your neighbourhood geeks, ex- girlfriends, etc. Most of these I have tried and all of them are realistic. This file is written for those who are not experienced in certain types of phreaking such as canning therefor if you can't figure this stuff out don't even bother reading UPi again. Of course this is just for information purposes and I do not support you doing this stuff in any shape, way or form. Phone Bills ------------ ------------------------------------------------------------ This would be best done when the parents are on vacation, or late at night to reduce being caught ------------------------------------------------------------ Step 1 Make a beige box. For those illiterates out there a beige box is just a handset basically. You can either steal one from a Bell van or just go to a Biway and buy the cheapest phone you can find that has a dialer on the handset (where you speak into). With that cheap phone cut off the wires connecting the handset to the rest of the phone and connect alligator clips to the end (Any further information can be found in countless Beige Box text files on a H/P/A/C/V board near you). One thing you might want to look for is a phone that lights up the dialer pad to a certain degree (reduces the need for a flashlight). There is one alternative. You can buy at Radio Shack a thing that emits DTMF through it. I bought a watch that did the same thing. This mean you can use any type of handset even without a dialer but hanging up will be made more difficult. You will have to disconnect the alligator clips or make a dift box. Anyways as I said before you can find more on beige boxing elsewhere. Step 2 Do a quick look over the victims house (exterior) during the day and locate his bell box (Make sure you have indeed found the bell box and not his electric meter or something). Now go back home and return at nightfall. Now move over to the box and hit it upwards (like hit the bottom of it on the edges). Now it will lift up and you will see a minimum of 2 wires (if this guy actually has a damn phone!). So you will have to fool around with the negative and positive clips on the wire but soon you will get either a dial tone or someone speaking. If someone is speaking just listen in (But if the person starts wandering where the noises of the cars are coming from hangup if you want to play it safe). If you get a dial tone continue to step 3. Step 3 Now the fun starts. If you want to be bland call up one of your LD friends(preferably in Australia or Europe) and just talk. This will give the guy a might big phone bill but with a certain degree of persuasion they will be able to get bell to drop the bill. Plus from recent news Bell has figured out a way to match numbers and shit so if you thing your own line might be under surveillance it isn't a good idea to call everyone you do on your own line. So fuck that and go onto step 4. Step 4 The best way to get there parents after them is by calling up Gay/Lesbian lines (1-800-Not-STR8 or whatever they are). Imagine there parents faces . It sure will take them a hell of persuasion. Of course you don't want to listen to this shit (Unless you are a flaming homosexual) so just keep the line open all night (if you are smart you can figure it out (and DON'T leave your handset). Step 5 Ordering features to ones phone has always been an interesting and fun thing to do. I recently got a book in the mail that showed all of the features that were offered. There are presently 10 or 11 features offered by Mother Bell and if you ordered all of them it would end up being anywhere from 30$-45$ a month (so if they are on holiday or something it will rack up). But that isn't the purpose of it since it is much easier to create a huge phone bill by starting up a conference (In Canada call the operator then ask for the tele-conference operator). The reason for this is to totally fuck them up. In general it will take a few days for Bell to set it up if that makes a difference to you. (Oh BTW don't call the operator to get services. I believe you must call Customer Service (look on your own phone bill on in the phone book for the number in your area)). After all is set up they won't be able to figure out what button does what on there phone any more. And if possible find out what features they have already (generally easy from your handset). There are many ways to use your beige box to screw people up but I figure chances are if you don't have one already you won't make one so the rest of the file is dedicated to those who don't know a thing about anything. Legal Trouble -------------------- Legal trouble is always the best way to screw your neighbourhood geek. Step 1 Go find yourself a credit card number (It isn't difficult if you leave close to a business/commercial district). If you can't figure out how to get a hold of a number read a text file on Trashing. Step 2 This is quite an awkward approach to carding but order to the guys house tonnes of stuff. Like everything the is possible to card. The more you card to his house the better. The best part about this is if the guy keeps the shit and gets nailed he can't say he didn't do it because he has the stuff in his house! And if the guy doesn't get nailed you can always steel it from him later. Step 3 Back to the beige box. Use it to call up RCMP/FBI/CIA/SCOTLAND YARD/RCMP whatever. Any legal organization. Then use your imagination. These numbers are a little harder to get a hold of but if all else fails there is always the local police. There are two things to watch for. Don't do any false calls. That will require a large amount of police/firemen. By doing this you might end up killing people who actually need it. But if you like killing innocent people go ahead. And the second thing is to make sure you get the hell out of there quickly. It would be a real pain if the cops come and you are seen on the side of the house with a phone in your hand. If you are a little horny you can always call up the operator and have a chat with her . Step 4 There is another way to get back at someone that wouldn't necessary bring them legal trouble but I suppose it could if you did it properly. What one does is order food to someone's house. I mean not a little but a lot. Like 3 pizza's from one place. Chinese from another, etc. The best way to do this is just call from a Pay Phone (Make sure that it will except incoming calls because some of the newer ones don't). Give them the Pay Phone number as call back. Now stick around for a few minutes incase they need to call back for verification (Don't stay for more the 5 minutes). Now go to your victim's house (The best person to do this to is the person across the street to your house since you can sit in the comfort of your living home to watch). This is one of the most humorous things I have done so far so if you are a little risk taker go for it. Otherwise continue to live you boring life. Scaring the shit out of people ------------------------------------------- Anyone can do a normal prank/threading call as anyone in a UPi run conference will have found out. The real trick is to scare the shit out of them. One way to do this is to connect your beige box (I think I should have dedicated this file to 101 things you can do with your beige box) to your enemy's phone line and while they are on the line just break into it and either threaten them (say you are in the house or something) or get a tape recording of some tonnes and make yourself seem like the operator and tell them you have an urgent phone call on the line. Now pass the handset to you friend and get him to act like a doctor and bullshit about there parents being killed in a car crash or something . Now of course they will believe who you say you are if you interrupt there call because 99% of the people out there don't even know they have an exterior telephone box. Ofcourse having a friend with you while doing all of this adds to the humour/excitement. However if you are a loner and need something to do on a Friday night there you go. I gave you something that will keep you busy for a few weekends. Vandalism ---------- There are many ways to vandalize someones property. But if you want to mix both vandalism with some pyrotechnics then here is something for you. I found this out by accident basically (Just felt like sticking some extra things into a bomb. Anyways included is a plan of the suggested layout for the bomb. I have found the best thing to use is a piece of PVC pipe (You can vary the length depending on the effect you want). Drill a hole the size of your fuse around the centre of the pipe). On one end stick a PVC cap and stuff some tissue paper (or newspaper which ever is easier to obtain). You only need a little bit of this and it is just to absorb a bit of the pressure and to prevent the powder from going where you don't want it to. For the powder you can use whatever you want. If you can't get ahold of anything one easy method of obtaining explosive powder is hardware stores sell shells for nail guns. There are many kinds depending on the force that one would want to drive the nail in (and depending on the material you stick it in). So if you are going use this method experiment with the burning rates,etc. The best is to stick the fastest burning near the wick if you want it to explode quickly). Anyways the problem with this method is that they are EXPENSIVE. Is you buy the ones in the shell just compress one end (the one that opens) slightly and the pry it open. This is a VERY stupid thing to do because enough friction can occur for it to ignite. So be careful if you do it. There are also ones that come in strips and have little round tablets of gunpowder. If you get this type you will have to crush them. Stick some time a fuse in a hole that you made in the centre of the tube (Atleast one inch in). Once you fill the tube up with fuel oxidizer use a pencil or something of that nature to pack it. Now fill the other end with blue chalk (This is used in chalk lines for construction and can be bought at a hardware store in 2 colours Blue and Red) If you combine the colours somehow i am sure you can do something interesting but I have yet to try 2 colours. Anyways squirt some of this powder on the other end and pack it once again. Now close this end up with some tape (Any type will be fine. Once again experiment since it will change the type of explosion you get) Here is what the finished product will look like Plastic Cap Tape 3 33 / ZDDDDDDDDBDDDDDDAADDDDDDDDDDBDDDDDDD? 3 Tissue Blue 3 3 Paper 3 Gun powder 3 Chalk 3 3 3 @DDDDDDDDADDDDDDDDDDDDDDDDDDADDDDDDDY That is it for now. If you have any comments/suggestions for this column of UPi please E-mail me on The Cathedral or through any other UPi member. Look in next's month issue of UPi for The Lighter Side. ------------------------------------------------------------------------------- -=- United Phreaker's Incorporated Magazine -=- Volume Two, Issue Seven, File 4 of 19 --An introduction to the Trace Utility of the Virtual Memory Operating System-- by Opticon ...now why an "introduction" to a utility which is available on every VMS? Simply because you can use it ONLY if you have already system access.. So I assume that it won't be on every hacker's capability to do so. Of course any "intruder" can spend sometime on the System Manuals or use the on-line help but getting the manuals is really difficult for most people and, on the other hand, using help for a matter like that is not the best and most secure way to do it. Furthermore I have found A LOT of people not knowning even it's excistence. Please allow me here to copy someone elses words; " HOW TO BUILD AND USE A MAGENTA BOX. Designed and Written by Street Fighter. First of all I named this the Magenta Box because all of the fags that made boxes, whose only purpose is adding a hold button to your phone, used all of the fucking colors. I can afford a fucking piece of shit Radio Shack 2-line phone with hold. A box's purpose is to fuck with the Telco., not to add a fucking hold button to your phone. Anyway I will get on with this.... " Thank you Street Fighter ('thow i dont know u personally). Trace is an awesome utility which can really allow you to inflitrate the system you are already in (with system account) and let you hack even more cluster (...and not only) systems (ANY kind of system. And that includes UNIX or whatever you like, which are linked to your host using PSDN, ethernet, TCPIP..) The only trouble you will probably come out with, is a "clever" (...hehehe...) sysop or manager who has not "forget" the existence of "trace" and who uses it too. In that case an action of his/her's which looks like that may "raise some eyebrows" ; NETTRACE> SHOW TRACE %NETTRACE-I-CONNECTING, connecting to trace collector... Tracing on node MALATESTA on 4-AUG-1992 00:31:07 Collector Collecting to Tracepoints BAKUNIN$NETTRACE DUA3:[USERS.BAKUNIN]X25.DAT X25L3LINE. %NETTRACE-I-SHOW_DONE, SHOW command complete - press RETURN to continue NETTRACE> Warning: If you are NOT an an-archist (?! HOW STRANGE! WHY AND HOW A NON ANARCHIST READS THAT?) dont worry about the username and the nodename. But if you are (and that's what i'm expecting) and nothing comes to your mind when reading those names, then you'd better GO AND READ SOME THEORY AS SOON AS POSSIBLE! (back to our subject) He/she can even use trace for checking all the in-coming calls and see your actions...And dont forget that there are simple ways (like finger, show process /id=xxx or external programs like WATCH) for checking users processes. If u dont know already how and what to do with it, it wont be just bad luck if someone notices you phuckin' up with things you shouldnt even know about. There are three flags for Trace. 1) Trace /psi Allows you to monitor the flow of PACKETS -and thats IMPORTAND! I repeat: PACKETS,TO and OUT of your VAX's Packet Switching Interface. 2) Trace /router In that case you monitor the flow of data on your DEC router or X.25 router. 3) Trace /VOTS ...which invokes the vots trace utility. If you do not specify anything of the above u can run trace and enter commands at the NETTRACE> prompt. Now...A very good thing to start up with is this; NETTRACE>start /live/data=ascii/width=132 tracepoint (132 columns are REQUIRED if u want to see the flow of information without loosing anything) Where "tracepoint" u must put one of these, depending on what you want to monitor (taken directly from the on-line help utility); tracepoint You may specify one or more tracepoints, separated by commas. Tracepoints have the following formats: [node::]ETHERNET [node::]DDCMP.line-id [node::]NSP [node::]ROU_ETHERNET [node::]ROU_SYNC.circuit_name [node::]X25L2.dev-c-u [node::]X25L3LINE.dev-c-u [node::]X25L3CHANNEL.circuit_name [node::]X25GAP.channel X25GATEWAY.network.LC-n [node::]LLC2LINE.dev-c-u [node::]LLC2CHANNEL.channel TRANSPORT INTERNET MAC If you specify more than one tracepoint, they must all be on the same node. Note that you need not specify the tracepoint name in full. The second part of the tracepoint name may be shortened or omitted altogether. For example X25L3LINE.KMX will trace all KMX lines at level 3. The default tracepoint is X25L2, which traces all PSI lines at level 2. That may already have been what most people would like to do. I have rarely used other tracepoints than the X25L3LINE one. Continuing i give what help says about the tracepoints in specific. ETHERNET DDCMP NSP ROU_ETHERNET ROU_SYNC X25L2 X25L3LINE X25L3CHANNEL X25GAP X25GATEWAY LLC2LINE LLC2CHANNEL TRANSPORT INTERNET MAC ETHERNET This starts tracing the Ethernet line. There are no options for use with this tracepoint and only one channel can be traced. DDCMP DDCMP.line-id This starts tracing the synchronous lines on line line-id. If the line name is not specified, all currently defined lines are traced. NSP This starts tracing the NSP logical links. There are no options for use with this tracepoint. ROU_ETHERNET This starts the tracing of routing on the Ethernet circuit. There are no options for use with this tracepoint and only one channel can be traced. ROU_SYNC ROU_SYNC.circuit_name This starts the tracing of routing on the synchronous circuits. If the circuit name is not specified, all currently defined circuits are traced. X25L2 X25L2.dev-c-u This starts tracing at level 2 (Frame level) on line dev-c-u. Both level 2 and level 3 headers will be captured (but see START /CAPTURE_SIZE). X25L3LINE X25L3LINE.dev-c-u This starts tracing at level 3 (Packet Level) on line dev-c-u. X25L3CHANNEL X25L3CHANNEL.circuit_name This starts tracing at level 3 (Packet Level) on the named virtual circuit. circuit_name TRACE START tracepoint X25L3CHANNEL circuit_name The format of circuit_name depends on the type of circuit being traced. . For PVCs, circuit_name is the name of the PVC. . For outgoing SVCs, circuit_name is the NW: device unit number (for example, NWA23). . For incoming SVCs, circuit_name takes the format dev-c-u_lcn_nn, where: dev-c-u is the name of the line on which the call arrived, lcn is the logical channel number of this virtual circuit (in hexadecimal), nn is a 2-digit sequence number. X25GAP X25GAP.channel This starts tracing the Gateway Access Protocol (GAP). To trace on an Access system specify channel in the form HOSTnnn. To trace on a Multi-host machine specify channel in the form GATEWAYnnn. As with all tracepoints, the channel name can be shortened or omitted altogether. X25GATEWAY X25GATEWAY.network.LC-n This starts tracing on an X.25 Gateway. See the VAX P.S.I. Problem Solving Guide for full details. LLC2LINE LLC2LINE.dev-c-u This starts tracing at the Medium Access Control (IEEE 802.3) level for the LLC 2 (IEEE 802.2) line dev-c-u. Both the MAC and LLC 2 frame information will be captured. LLC2CHANNEL LLC2CHANNEL.channel This starts tracing at the LLC2 (IEEE 802.2) frame level. Both LLC 2 (IEEE 802.2) frame level and L3 packet level information will be captured. channel TRACE START tracepoint LLC2CHANNEL channel To trace a particular LLC 2 data-link connection, specify the corresponding DTE address as the channel name. TRANSPORT TRANSPORT This starts tracing at the OSI Transport (ISO 8073)* level. INTERNET INTERNET This starts tracing at the OSI Internet (ISO 8473)* level. *ISO Networks (just for an example and for informational purposes only) There are two parameters provided for use with an IS 8208 PSDN. (IS 8208 is the International Standards Organization's definition of the CCITT X.25 recommendations.) The two parameters are interface and interupt timer.Interface specifies if the PSI acts like a DTE, a DCE or BOTH. Interupt timer specifies how long an interupt may remain without confirmation. It is specified in seconds. If it gets no answer within this time the circuit resets. MAC MAC This starts tracing at the OSI Medium Access Control (IEEE 802.3) level. If you "start /live..." trace wont keep any records.Start /output=filename will record everything in a data file which then you can read by invoking the NETTRACE>analyze filename What WE wont to do is start a tracepoint, log-out of the system, come after sometime and analyze it. What you can see in there includes usernames, passwords, confidential information you would like to hack but never had an idea where the users has them,things you wouldn't like your mom to hear etc etc. The limitations are not many. If the system your in has a lot of users logging in from several sources or using it for a gateway, then you gonna get REALLY interresting stuff, even privileged accounts from other systems. BRILLIAND ! Isn't it?! But still pretty CONFUSING ! I will now try to explain most of the acronyms... ("most?! what do u mean MOST???") ACE - Access Control list Entry ACL - Access Control List ACP - Ancillary Control Process BCUG - Bilateral Closed User Group CPU - Central Processing Unit CSMA/CD - Carrier Sense Multiple Access with Collision Detect CUG - Closed User Group DCE - Data Circuit-terminating Equipment DCL - Digital Command Language DDCMP - Digital Data Communications Message Protocol DDN - Defense Data Network DECSA - Digital Ethernet Communications Server DLM - Data Link Mapping DNA - Digital Network Architecture DTE - Data Terminal Equipment FAL - File Access Listener FPU - Floating Point Unit FTP - File Transfer Protocol tFTP - trivial File Transfer Protocol TCP/IP - Transmition Control Protocol / Internet Protocol GAP - Gateway Access Protocol INTERNET - A collection of Networks.A subset of them is the DDN. ISO - Internation Standards Organization LAN - Local Area Network LAT - Local Area Transport LCN - Logical Channel Number LEF - Local Event Flag MOP - Maintenance Operation Protocol NCB - Network Connect Block NCP - Network Control Program NFS - Network File System NICE - Network Information and Control Exchange OPCOM - OPerator COmmunication Manager PAD - Packet Assembly/Disassembly PAK - Product Authorization Key PSDN - Packet Switching Data Network PSI - Packet Switching Interface PSIACP - Packet Switching Interface Ancillary Control Process PVC - Permenent Virtual Circuit RCF - Remote Console Facility SLD - Satelite LoaDer SVC - Switched Virtual Circuit SYSMAN - SYStem MANagement utility UAF - User Authorization File UETP - User Environment Test Package UFD - User File Directory UIC - User Identification Code USAAF - United States of America Air Force VMS - Virtual Memory System 'nough! More things you can do with trace include; o ANALYZE (a datafile) o ATTACH (to a process) o BACK (retypes the last screen of ANALYZED -and only- data) o CLEAR (clears the screen.Also as ctrl-L) o DEFINE (define/key keyname string) o DELETE (delete/key keyname) o EXIT (...obvious...Also as ctrl-Z) o NEXT (next screen of analyzed data) o REFRESH (refresh screen .Also as ctrl-W) o SHOW (many things...try "show key /all" , "show tracepoint" etc) o SPAWN (to a proccess) o START o STOP (stop a tracepoint ie NETTRACE>stop bakunin$nettrace) These are the default keys; NETTRACE> sh key/all Key Name Description DEFAULT Key CTRLL = "CLEAR" DEFAULT Key CTRLW = "REFRESH" DEFAULT Key PF1 = "" (state="GOLD") DEFAULT Key PF2 = "HELP KEYPAD DEFAULT" DEFAULT Key PF3 = "SHOW KEY/ALL" DEFAULT Key PF4 = "SHOW TRACE" DEFAULT Key KP0 = "NEXT" DEFAULT Key KP2 = "START " DEFAULT Key KP3 = "STOP" DEFAULT Key KP4 = "ANALYZE /DATA=ASCI/NOSELE/NODISP/NOTRUN" DEFAULT Key KP6 = "ANALYZE /DISP=ALL/WIDTH=132" DEFAULT Key KP7 = "ANALYZE/DATA=ASCII" DEFAULT Key KP8 = "ANALYZE/DATA=HEXADECIMAL" DEFAULT Key KP9 = "ANALYZE/DATA=OCTAL" DEFAULT Key MINUS = "ANALYZE/DATA=DECIMAL" DEFAULT Key COMMA = "ANALYZE /TRUNCATE" DEFAULT Key PERIOD = "BACK" DEFAULT Key HELP = "HELP" DEFAULT Key E5 = "BACK" DEFAULT Key E6 = "NEXT" GOLD Key PF4 = "SHOW TRACE/FULL" GOLD Key KP0 = "ANALYZE/SCROLL" GOLD Key KP2 = "START/LIVE " GOLD Key KP6 = "ANALYZE /NODISP" GOLD Key COMMA = "ANALYZE /NOTRUNCATE" GOLD Key E6 = "ANALYZE/SCROLL" The following is an example of what you should see in a live tracing or analyzing. -----------+----+-----+<--------Packet-------->+---------...---- ( 80 columns ) Time |Evnt|Data |Chn Q Type P P |Data hh mm ss cc| |Size | M R/S R/S | -----------+----+-----+<---------------------->+---------...---- ( 80 columns ) Sigh! And this the end! Flames to: o All the lamers worldwide who call themselves blue boxers only because their dad is rich enough to buy them a phucking sound card and claim that they dont make a Digital to Analog converter because "the quality is not as good" o To all the "anarchists" who dont seem to KNOW (they never read books) that anarchy is AGAINST racesism, the powerfull and the rich, the laws, the states and generally against ANY kind of exploitation. o And a last flame to digital underground dudes who "would like to find some time and write a book with their adventures" to increase their popularity and make some money. Respect & Greetings to: LOD/H, Dr Dissector, Black Flag, AiT, USi, CNT, iWA, FAi, iFA and all the anonymous (and not only) an-archists and phreaks out there. Thanks to: Laser_Brain, Basil Chesyr, Bayernpower, Direct, CHaOS, D'yer Mak'er, Tea_Cups, Machine, SaNDman, Gogol, Hackerberry Finn, to the sysops and all the friends on Pegasus BBS and to all those people who helped me on my way... BREAK DOWN THE WALL ------------------------------------------------------------------------------- -=- United Phreaker's Incorporated Magazine -=- Volume Two, Issue Seven, File 5 of 19 Summer Thrashing Volume 1 ______________________________ Author : Silicon Phreaker This File is a Property of UPi ______________________________ Ok. This took me a long time to write because of the fact that I have tried everything in this file, and that I got into a fight (relating to a stunt described below) and got my wrist metal plated & screwed down. So take all this as a sequel to my other files. Remember: If you get arrested, decked, buttfucked in jail, I'm not responsible for anything. I wasn't there when you did it. So, on let's carry on with the file, and remember : You only live once, and we're not coming back ! PARTY !!!! ______________________________ Party Kick Start ______________________________ Ok... You arrived... If the party is Semi-Formal, you're probably dressed up like a pogo... Tie, Vests and shit like that... And mostly everybody looks like you... Time to fix that up a bit... You may shoot people off with your paintgun, which would get you into trouble... If it's an outside party, get a few friends to make a Drive-By shooting, with paintguns. Spike the punch with the vodka... Put it in a Plastic Bad, drop the bag in the punch bowl, and pierce it with a fork... The vodka will slowly disolve in the punch, makin' it stronger as it get sipped away. The party has already started to be more liveable ? Cool... Peoples are drunk like shit ? Lot Cooler that way... They puke ? MARVELOUS!! Here comes the time for the use of the firecrackers... Locate a big green spill of puke, jam a firecracker in it, light it off and run... Move on to the most occupied place of the house... The bathroom... Steal some ketchup envelopes, and fold them in two, place them carefully under the toilet lid... As soon as someone sits on it to have a dump, he'll get ketchup splashing in his pants. Put some mineral water on the seats... Will show up like the dude has pissed in his pants... Fill a dead rat with black powder, put a firecracker in his mouth, put it on the buffet table, and light it... One "Rat Flambe" on the way... Ok... Now you're pissed... Fine... Get a camera and hide it somewhere in the bedroom, from where you can see the bed pretty good. I bet you can see what I want you to do right ? Next time that two dweebs will want to fuck in the room, you will be able to look at it on tape afterwhile. You might want to send a tape to the PO's parent. For them to see what their bedroom was used for. Fire Up the swimming pool... Use some gas, drop it very carefully in the pool and light it up... Guaranteed pleasure... Make sure that someone is in the pool at the moment you do it... Hang the cat, dog or whatever animals which will be found inside the house. Steal the stereo system... Spill ketchup off everybody that's smaller then you... The party should be a total waste by now... So go to the owner and thank him for the radical night you had... Say you hope he invites you to his next party... And then, paintball him... ______________________________ Outside Tricks ______________________________ Now that you can thrash any party, let's move on to heavier shit. Your beloved neighborhood. Or someone else's ... - Car Bashing You want to get at someone ? Does he have a car ? Yes ? GOOD ! What better way to let him know you hate him then bash his car ? Raping his girl is cool too but a bit out of it. So lets stick to killing the car. Use a jack and lift the car off ground. Put cement block underneath it to hold it, and take the bolt off his tire, then steal them. You can even make some spending money by selling them if they're magnesium wheel. (BTW : Looking for (4) Dodge Caravan WHITE mag. Paying 400$ CDN for them.) Take a screwdriver and make a tiny hole in his gas tank, then, put a piece of Silly-Putty in the hole. Gas will eat it's way through the putty and he'll choke up on the highway. Ram a broomstick up the exhaust pipe. If it jams, use a hammer. Get inside the car, and open the hood. Now the real fun begins. You can steal the battery, or can do some cool stuff as : - Invert the flasher's so that Left = Right and Right = Left. Guaranteed accident. - Connect the High Intensity Beams to the horn. Nice Effects on a country road. - Shortcut the battery, and GET THE HELL OUTTA' THERE. - Put chewing gum in the fuel injectors. - Put some ethylic alcohol in the radiator. - Put some indian ink in the windshield washer tank. - Connect wipers to horn. - Disconnect wipers, and bypass the windshield washer pump's wire to be on permanently. - Mix sparkplugs wire within each other. On Some car, it'll completely de- phase it. Inside the car you can pull some nice tricks too. - Replace the dome light with a flashing light ($1.99 / RadioShack) and arrange it so it's always on. Real pain in the butt. - Arrange the radio so the volume is ALWAYS to the max level. And screw the bass so it's only going to pour tweeters in his poor motherfucking ears. - Pour some REALLY stinking substance in the A/C and Heater outputs. hopefully he'll be splashed with it when he turns it on, and it's gonna smell for ages in his car. - Smoke a bud in his car, and hide some marijuana in the glove compartment. When he'll get arrested for his car plate, he's in deep trouble. ____________________________________________________________________________ Ok, well. That is about it for this time. I wrote this for the deadline, and it's the best that I could think of. Anyway. It's better then some of my old article, which was a tad bit outdated. Have fun, party, smoke pot and don't get caught. ____________________________________________________________________________ ____ / /\ \ ( /--\ )NARCHY INC. IF IT GOT A PUSSY, WE'LL FUCK IT ! X____X ` ' ____________________________________________________________________________ ------------------------------------------------------------------------------- -=- United Phreaker's Incorporated Magazine -=- Volume Two, Issue Seven, File 6 of 19 ZDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD? 3 3 [[3 3 [[3 Pyrotechnica 3 [[3 3 [[3 _ _ 3 [[3 Pyrotechnics (pi'ro tek 'niks), n. 1. The art of 3 [[3 making, or the manufacture and use of, fireworks 3 [[3 for display, military signaling, etc. 3 [[3 3 [[3 Disclaimer: This material is presented solely for 3 [[3 informative purposes, under protection of the first 3 [[3 amendment to the Constitution of the United States of 3 [[3 America. The actual use, construction or possession 3 [[3 of the articles described herein and/or the actual 3 [[3 implementation of the information contained herein or 3 [[3 techniques described herein may be in violation of 3 [[3 federal, state and/or local law! Furthermore, any 3 [[3 attempt to use the information herein may be 3 [[3 extremely dangerous and liable to result in serious 3 [[3 and/or permanent bodily injury or DEATH, even if the 3 [[3 instructions are followed exactly! The publisher 3 [[3 and any succeeding vendor(s) or distributors hereby 3 [[3 disclaim any responsibility for any harm resulting 3 [[3 from any such use of the information contained herein 3 [[@DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDY [[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[ _______________________________________________________ (C) 1992 All Rights Reserved Written and Produced by Fireball & Genghis Khan. This file is a division of Genghis Khan Presents Unlimited (r). =-=-=-=-=-=-=-=-=-= W O R L D R E C O R D S =-=-=-=-=-=-=-=-=-=-=-= Fireworks: The largest firework ever produced was Universe I exploded for the Lake Toya Festival, Hokkaido, Japan on August 28, 1983. The 928-lb shell was 42.5 inches in diameter and burst to a diameter of 2,830 ft, with a 5-color display. Worst Accidents & Disasters In The World: Fireworks: More than 800 people died at Dauphine's wedding, Seine, Paris, May 16, 1770. Greatest Explosion: The greatest explosion (possibly since Santorini in the Aegean Sea c. 1470 BC) occurred c. 10:00 a.m. (local time), or 3:00 am G.M.T., on August 27, 1883 with an eruption of Krakatoa, an island (then 18 sq mi) in the Sunda Strait between Sumatra and Java, in Indonesia. A total of 163 villages were wiped out, and 36,380 people killed by the wave it caused. Rocks were thrown 34 miles high, and dust fell 10 days later at a distance of 3,313 miles. The explosion was recorded 4 hours later on the island of Rodrigues, 2,968 miles away, as "the roar of heavy guns" and was heard over 1/13th part of the surface of the globe. This explosion has been estimated to have had about 26 times the power of the greatest H-bomb test detonation, but was still only a fifth of the size of the Santorini cataclysm. Largest "Conventional" Explosion: The largest use of conventional explosive was for the demolition of the fortifications and U-Boat pens at Heligoland on April 18, 1947. A net charge of 4,253 tons was detonated by Commissioned Gunner E.C. Jellis of the Royal Navy team headed by Lt F.T. Woosnam aboard HMS Lasso lying 9 miles out to sea. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= In order to write a text file that will deal with pyrotechnics, it is first necessary to make distinctions between certain words. While a firework can be considered an explosive, in this file we will separate the two words. When the term explosive is used, it is referring to any substance which can decompose suddenly and produce large amounts of gaseous products and thermal energy (heat). While in retrospect, a firework will be known as any device containing explosives and other combustible material that, when ignited, produce light or loud noise. When the term incendiary is used it is referring to both explosives and fireworks. To produce an incendiary device, it is necessary to take proper precautions. The incendiary will not be much fun if you lose your limbs preparing it. Therefore, I am including a vast safety section. Do not skip this section, as it could very well save your life. This text file has been created by Genghis Khan. However, Fireball has given much information, and credit should be given equally to both parties. Fireball will soon be in the underground... On another note, this text file is the result of knowledge obtained from periodicals, books, and other reference material. There is a bibliography at the end. The material that is following is not plagiarized. All credit is given in full at the conclusion of this file. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= A Note To Government Employees The material in this text file is currently available through microfiche, magazines, chemistry books, and other reference material. The information in this file is not illegal, and is not intended for use. It is intended to further other people's knowledge of chemistry and the history of incendiaries. Under no means do I encourage the use or attempted use of any of the substances listed. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD Table Of Contents Page DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD Disclaimer 1 World Records 1-2 Purpose 2 A Note To Government Employees 2 Safety 3-4 Characteristics of Explosives 4-5 Home Production Method for Black Powder 5-7 Home Production Method for Nitroglycerine 8-9 Nitrocellulose/Smokeless Powder 9 Shell Fillers 9-10 Thermite 10 Nitric Acid 10-11 Sulfuric Acid 11-12 Where To Get Chemicals And Laboratory Supplies 12-14 Major Firework Companies In The United States 14-15 Bibliography 15 DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Safety DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD The most important part of pyrotechnics and explosives is safety. The safety procedures for all explosives are nothing more than common sense and reasoning. Yes, smokeless powder is stable, but if you put it in the oven, it will explode. That may sound stupid, but a 14-year- old in Ohio did it and killed himself. Plastique is a very stable explosive compound, but it needs to be softened before use. Some guy in New Jersey softened his plastique with a hammer, and he is no more. TNT can be burned and it will not explode (most of the time) where gunpowder will ignite with the smallest spark. Moral: Each explosive has it's own characteristics. Make sure that you know of all the properties before the incendiary is produced. Read the following and take it into consideration. Explosives are intended to cause damage to something. Whether it be in a war zone, destroying bridges, and enemy fortifications, or in common everyday use, in mining, ditch digging, and more. Remember this when you are making it. If the explosive can destroy a bridge or enemy fortifications, you better believe it will destroy you. Always be paranoid. Being paranoid is only going to save you. If you think everything over and watch your back, everything will be fine. However, if you decide that no one cares about what you are doing, and that you know it all, you will either hurt yourself or someone else, or get busted. Keep away all sources of ignition. This means no cigarettes, no electricity, or other things that may be capable of igniting a fuse or mixture. By saying no electricity, I am talking about stray voltage or static electricity. That doesn't mean shut off your power. Generally, electricity is not a problem... so don't worry about it too much. Use common sense. It is a proven fact that men who are alert, who think out a situation, and who take correct precautions have fewer accidents than the careless and indifferent. It is important that work be planned and that instructions be followed to the letter; all work should be done in a neat and orderly manner. In the manufacture of incendiaries, equipment must be kept clean and such energy concentrations as sparks, friction, impact, hot objects, flame, chemical reactions, and excessive pressure should be avoided. Don't be erratic. Do not use or create explosives or pyrotechnics while drunk, falling asleep, angry, or any other strange mood that may hinder your ability to think. Try to make all explosives outside in a secluded area. Never, I repeat, NEVER try to make explosives in your house, unless it is somewhere where no one goes, or no ones cares about. Sometimes a garage may work well, but in the case that something would go off, your oxygen could be depleted quickly depending on what you are making. Try to find a place on your property, or in a wooded area that is near a residential area (in case of an emergency) but out of the sight of nosy neighbors, pigs, and other curious people. If you are making explosives in a wooded area, don't be an idiot and burn the forest down. Always have an idea how you will put something out if it happens to go off. Water is not always the best fire extinguisher. On a hot explosion or fire, the water will vaporize leaving oxygen and hydrogen, which will only add to the fire's wrath. Wet sand or a fire blanket will work, but if possible, use a carbon dioxide fire extinguisher. Know first aid. If something goes off in your hands, be prepared to treat it quickly. You can buy burn creams and other medical supplies for treating burns and abrasions. Use extra care when packing an explosive with shrapnel. Locate a unique and secure place for storing chemicals and explosives. You will want to choose a place close enough for you to watch, but not close enough, or important enough of place, to be a hazard. Take extra precaution in securing the area so that if someone was around they could not tamper with anything. Do not store blasting caps, electrical caps, detonators, or primers in the same containers with any other form of high or low explosives. If one thing goes off, you will be looking at a chain-reaction. Do not store fuses or fuse lighters in a wet or damp place, or near the storage of flammables such as oil, gasoline, cleaning solvents or paints. Fuses should also be kept away from radiators, steam pipes, stoves, or any other source of heat, because the very nature of non-electrical fuses is such that any one of these things could start a large fire. Metals should be kept absolutely away from explosives, meaning that metal tools should not be stored in the same container with explosives. These metals will kill if the explosives would go off. Spontaneous combustion is a real problem when storing explosives. For this reason, do not allow leaves, grasses, brush, or any debris to collect or accumulate around the explosives storage area. Certain types of explosives require certain types of storage, including temperature regulation and other controls. Be sure that you understand all aspects of the compound's nature before handling or storing it. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Characteristics of Explosives DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD Most explosives are nitrogen compounds which may be set off by: 1. ignition; 2. slight shock; and 3: severe shock. Explosives are either solid or liquid, either mixtures or single compounds, and act by explosive chemical reaction, liberating at high speed, heat and gas, which causes tremendous pressure. According to speed of reaction they are classed as: 1. Low explosives, Propellant explosives or Propellants (as gunpowder, flash powder, and smokeless powders) 2. High explosives or Disruptives (as dynamite, amatol, picric acid, tetryl, and TNT). Permissible or Permitted explosives are those passed by public authority for use under prescribed conditions, especially those permitted for blasting in mines (sometimes called safety explosives). The chief classes of explosives are: (1) Mixtures of combustible but nonexplosive material with an oxidizing agent, especially a nitrate, a chlorate, or a perchlorate (ordinary gunpowder, blasting powder, etc.). (2) Organic nitrates, as nitroglycerine or guncotton; also, mixtures containing these, as dynamite. The smokeless powders contain cellulose nitrate as the sole or chief ingredient. (3) Nitro substitution products or mixtures containing these, as TNT and lyddite. (4) Fulminating powders, as mercury fulminate and lead azide, used as detonators. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Low Explosives - Low explosives generally fit into class one or two of the above table. They are commonly used as propellants in fireworks (such as bottle rockets). If detonated in the air it will simply burn or deflagrate. In order for any low explosive to have the ability to produce a blast wave (or shock wave in water) it is necessary to contain the explosive. This containment can be as simple as a cardboard container (such as firecrackers), to metal pipes (as pipe bombs). The stronger the container which holds the explosive, the larger the blast wave should be. In addition, say for instance, you create a pipe bomb with one quarter of the pipe filled with gunpowder. It will take a short period of time before this pipe fills with enough gas for it to explode. Generally low explosives are "fun" to play with, but, if used correctly, can be as powerful as some high explosives. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= High Explosives - High explosives fit into categories 2, 3, and 4 in the above table. Some high explosives can be detonated with a fuse, but it is more reliable to use a blasting cap. A blasting cap is simply a small explosive that is detonated to start the larger explosive on it's way. These generally contain mercury fulminate. If high explosives are to be used in a container, such as a pipe, use extreme caution. The explosion will be tremendous. Overall, if high explosives are to be used, make them in small quantities. Follow directions EXACTLY when making high explosives, and whatever you do, do not take short cuts. Even if you don't get hurt from an explosive, many are powerful enough to seriously hurt your hearing. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Black Powder aka Gunpowder - Low Explosive - Deflagrating - Class I DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD One of the oldest pyrotechnic compositions, black powder, serves as both the propellant and explosive charge in modern firework shells. The Chinese developed black powder (the original gunpowder) more than 1,000 years ago for use in crude missiles and firecrackers. Awareness of black powdered traveled west during the Middle Ages. The English monk Roger Bacon disclosed a formula for the explosive mixture in 1242 as part of his defense against accusations of witchcraft. He considered it such a dangerous material that he wrote about it in code. As the formula became more widely known, black powder revolutionized quarrying and construction. Weapons such as muskets and cannons, developed during the 14th century, exploited black powder as a propellant. The basic formula for black powder has persisted essentially unchanged throughout the centuries: an intimate blend of potassium nitrate (commonly known as saltpeter), charcoal and sulfur in a 75:13:12 ratio by WEIGHT. It may in fact be the only chemical product that is produced today using the same ingredients, the same proportions and the same manufacturing process as were used in the time of Columbus. This constancy reflects the fact that black powder is a nearly ideal pyrotechnic substance. It consists of abundant, inexpensive chemicals that are relatively nontoxic and environmentally safe. The mixture is so stable that it can be stored for decades without deteriorating, if kept dry. Black powder is easily ignited by means of a moderate jolt of energy, such as a spark or a small burning fuse. The ideal black powder burns very quickly. You may find that black powder in the 75:13:12 ratio may burn rather slowly. If this is the case, simply add more sulfur. Record the amounts of sulfur you put in, and continue to experiment with different amounts of sulfur until you have created your own perfect blend. The sulfur burns very hot and acts as sort of a catalyst. Because of it's extreme high temperature it makes the rest of the mixture burn much faster. While black powder is nice and dandy, it is more a firework. In order for it to have "explosive" power it must be in a container. Under pressure black powder can be very destructive. If put into a pipe and sealed it will explode with tremendous force. A CO2 cartridge works fine as well. The equation for black powder is: 2KNO + 3C + S -> K S + 3CO + N 3 2 2 2 202 + 36 + 32 = 270 202/270 = 75% KNO3; 36/270 = 13% C; 32/270 = 12% S Black powder can be made by simply adding the potassium nitrate, sulfur, and charcoal together, or by the process described below. Either works equally well. Improvised Black Powder Black powder can be prepared in a simple, safe manner. It may be used as blasting or gun powder Material Required: DDDDDDDDDDDDDDDDD Potassium nitrate, granulated, 3 cups (3/4 liter) Wood charcoal, powdered, 2 cups (1/2 liter) Sulfur, powdered, 1/2 cup (1/8 liter) Alcohol, 5 pints (2-1/2 liters) (rubbing alcohol, etc.) Water, 3 cups (3/4 liter) Heat source 2 Buckets - each 2 gallon (7-1/2 liters) capacity, at least one of which is heat resistant (metal, ceramic, etc.) Flat window screening, at least 1 foot (30 cm) square Large wooden stick Cloth, at least 2 feet (60 cm) square Procedure DDDDDDDDD 1. Place alcohol in one of the buckets. 2. Place potassium nitrate, charcoal, and sulfur in the heat resistant bucket. Add 1 cup water and mix thoroughly with wooden stick until all ingredients are dissolved. 3. Add remaining water (2 cups) to mixture. Place bucket on heat source and stir until small bubbles begin to form. VDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD7 : CAUTION: Do not boil mixture. Be sure ALL mixture stays : : wet. If any is dry, as on sides of pan, it may ignite. : SDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD= 4. Remove bucket from heat and pour mixture into alcohol while stirring vigorously. ________ / \ 3 3 3 ________ 3 3/********\3 3|********|3 3 \*******|3 \D\*****// // MixtureDDDDDDDD|****| // _|****|__ //-Wooden Stick / \**/ // 3\_________/3 3 ____ 3 3 / \ 3 3 \ / 3 3 /____\ 3 3 \_ __/ 3 \___3_____/ 3 3 \Alcohol 5. Let alcohol mixture stand about 5 minutes. Strain mixture through cloth to obtain black powder. Discard liquid. Wrap cloth around black powder and squeeze to remove all excess water. 6. Place screening over dry bucket. Place workable amount of damp powder on screen and granulate by rubbing solid through screen. VDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD7 :NOTE: If granulated particles appear to stick together and: : change shape, recombine entire batch of powder and repeat: : steps 5 and 6. : SDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD= 7. Spread granulated black powder on flat dry surface so that layer about 1/2 inch (1-1/4 cm) is formed. Allow to dry. Use radiator, or direct sunlight. This should be dried as soon as possible, preferably in one hour. The longer the drying period, the less effective the black powder. VDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD7 :CAUTION: Remove from heat AS SOON AS granules are dry.: : Black powder is now ready for use. : SDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD= =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Nitroglycerine - Dynamite - High Explosive - Detonating - Class 2 DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD Nitroglycerin (also nitroglycerine) is made by treating glycerol (glycerin) with a mixture of nitric and sulfuric acids. It is a dense, oily liquid that is extremely sensitive to shock. The slightest jarring may be sufficient to cause it to decompose with enormous force. Dynamite is a solid mixture made by absorbing nitroglycerin in wood flour mixed with sodium nitrate. The dynamite is usually encased in cardboard cylinders to form "sticks." In this way the hazardous property of nitroglycerin is lessened, while its usefulness is retained. The chemical equation for making nitroglycerin is: C H (OH) + 3HNO -> C H (NO ) + 3H O 3 5 3 3 3 5 3 3 2 At this point a measure of sulfuric acid is added which absorbs the water and makes the reaction go much quicker. This is more fully explained in the section about sulfuric acid. Nitroglycerine has a specific gravity at 15 degrees Celsius of 1.5931. Nitroglycerine is such an effective explosive because of the positive oxygen balance during detonation. This means that more than enough oxygen molecules are available to oxidize the carbon and hydrogen while the nitrogen is being liberated. Also because of the high nitrogen concentration. (18.5%) One pound of nitroglycerine produces 156.7 cubic feet of gas. The blast wave moves at 7700 meters/second. Nitroglycerine is extremely sensitive to shock and rapid heating; it begins to decompose between 50-60 degrees Celsius, becomes volatile at 120 degrees C and explodes at 218 degrees Celsius. A serious problem in the use of nitroglycerine as an explosive is its relatively high freezing temperature (13.2 degrees Celsius, 56 degrees F) A major problem with the manufacture of nitroglycerine is that the nitration produces a good deal of heat, and if the mixture is not kept cool, the temperature of the nitroglycerine could rise to extreme instability. Nitroglycerine, to be somewhat safe, should not go above 10 degrees C or 50 degrees F. Nitroglycerine is a VERY TREACHEROUS explosive. I highly recommend against making it. If you do decide to make it you do not value your life very much. If you make it make it in SMALL AMOUNTS! I recommend a blast shield of some sort. Be cautious on what you use. If the nitroglycerine is powerful enough it will make the blast shield into a sort of shrapnel. Materials Needed: 50 mL Kimax Beaker High School Chemistry Labs Small Pipette or Eye Dropper High School Chemistry Labs Glass Rod High School Chemistry Labs Celsius Thermometer High School Chemistry Labs Lab Supply Company Kitchen? (for making candy) Bowl (Must be larger than Mother's Kitchen the beaker) Ice Freezer Water Faucet 98%+ Sulfuric Acid High School Chemistry Labs Chemical Supply Houses Car Batteries 68%+ Nitric Acid High School Chemistry Labs Chemical Supply Houses Art Class (used to oxidize pewter) Fill the bowl with ice and COLD water. Put the beaker in the water. Make sure the beaker doesn't float around. You may have to hold the beaker. Put the thermometer in the ice water and read the temperature. Make sure it is well under 25 degrees Celsius. If it is not, then continue to add more ice until it is between 10-25 degrees. Wipe off the thermometer. ALL PROPORTIONS ARE FOR 100% PURITY 1. Put 3 parts Sulfuric Acid in beaker. 2. Add 1 part Nitric Acid. 3. With the pipette drop 1 drop of glycerin into the beaker. (ADD ONLY 1 DROP! See 3a below) 4. GENTLY stir the solution with the glass rod. 5. While stirring, insert the thermometer in the solution. Read the temperature. If the temperature is 50 degrees or more than the nitroglycerine is unstable and could detonate at any time. If the temperature is 40 degrees and is starting to rise, dump the solution in the water. Watch the temperature closely and if it gets to 30-35 degrees Celsius start adding ice. 6. Continue to stir for about 2 minutes or until you feel the glycerin has been exposed to most of the nitric acid. The longer you wait the better. If you don't give it enough time, and continue to add glycerin the mixture will become volatile and could detonate at any moment. 7. After you feel the first drop has had enough time, add another. Keep your eye on the temperature and be ready to dump the solution if temperatures become hazardous. 8. Once you have made enough nitroglycerine to please you, use it soon. DO NOT STORE IT! If you want to store it for a short period of time, then add sodium nitrate to it. About 2 parts sodium nitrate to 1 part nitroglycerine. Under no means should you store the finished nitroglycerine in your house, or anywhere for that matter. If circumstances were to occur which would inform the police or bomb squad that you have nitroglycerine in your house, the nitroglycerine could be detonated inside your house, along with an area wide evacuation. Don't fuck up your life... \ ZDDDDDDDDDDDDDDDDDDDThermometer \ \ ZDDDDDDDDDDDDDDDBeaker With Nitroglycerin Z Z \ ? ? 3OoOoOoO3////3oOoOoOo3 3oOoOoOo3////3OoOoOoO3 3OoOoOoO@DDDDYoOoOoOo3DDDDDBowl With Ice And Water @DDDDDDDDDDDDDDDDDDDDY Nitroglycerin is not something to play with. Many other explosives can be made that are more stable and can be just as exciting. You may not feel cautious now, but wait till you are the one who has to stir. Buahahahahahahahah =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Nitrocellulose/Smokeless Powder - Low Explosive - Deflagrating - Class I DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD Smokeless powder, or Nitrocellulose, is made by treating cellulose with nitric and sulfuric acids. It differs from Nitrocellulose plastics in that the cellulose is more thoroughly nitrated. It is a low explosive and must be confined when detonated. When smokeless powder burns, the colorless products, carbon dioxide, carbon monoxide, water vapor, and nitrogen, are formed. Hence the name "smokeless" powder. I have never made nitrocellulose. However, the reaction should be quite similar to that of nitroglycerin. The sulfuric acid, H2SO4, is used to absorb the water vapor formed, which would dilute the reactants and slow the reaction. The nitric acid, HNO3, nitrates the cellulose, (C6H10O5)n. So if you are to try to make smokeless powder, read the section on nitroglycerin and instead of using glycerin, use cellulose. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Shell Fillers - Detonators - High Explosives - Class 4 DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD The explosive used inside an artillery shell must be able to stand the shock of the propellant which starts it on its course. It must also be capable of exploding with great force when it reaches its target. Explosives of this type, requiring severe shock to set them off, are called shell-fillers. Trinitrotoluene (try-ny-troh-tol-you-een), usually abbreviated TNT, is the most commonly used shell filler for military purposes. Picric acid is also used as a shell filler. Detonators are extremely sensitive explosives which are set off by shock and which decompose with almost incredible rapidity. They are used in small amounts in cartridges and shells to start the main explosion. Mercury fulminate is a well-known detonator. It is a very treacherous explosive that may be set off by heat, friction, or shock. Lead azide is a detonator that is used in car airbags. Upon impact, this detonator decomposes rapidly and gives off an immense amount of gas. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Thermite - Class I DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD A mixture of coarsely powdered aluminum and iron oxide will react if it is raised to a high enough temperature to start the chemical change. A tremendous amount of heat is set free when the reaction occurs. Such a reaction between aluminum and the oxide of a less active metal is called the Thermite Reaction. 390 kilocalories of heat are set free during the formation of one mole of aluminum oxide. The heat of formation of ferric oxide is 191 kilocalories. When the Thermite reaction occurs, an amount of heat equal to the difference between these values is set free for each mole of aluminum oxide formed. The equation is: 2 Al + Fe O -> Al O + 2Fe + 199 Kilocalories 2 3 2 3 The liberation of such a large amount of heat so suddenly produces a very high temperature. The temperature of the Thermite reaction is estimated at 3500 degrees C. Reactions of this type are sometimes called aluminothermy or aluminothermics. ZDDDDDDDDDDDDD Magnesium Ribbon 3 3 | | Y | | | | | \ ^o^^o^^o / | |--------\ ^^o^o^ /--------| | \ ^o^/ | | \/ | | | o=Aluminum |____ ____| ^=Iron Oxide /| / \ |\ /____/ \____\ Thermite may be purchased commercially from the Frey Scientific Company with 1992-93 prices at 1 lb. - $9.75; 5 lb. - $31.50. The igniting mixture to start the Thermite reaction (instead of using a magnesium ribbon) is 8 oz. - $10.00. It is sold by the name Thermite in the catalog. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Nitric Acid DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD Nitric Acid - HNO3 Molecular Weight - 63.01 Density - 1.5027 Melting Point - -42 degrees Celsius Boiling Point - 83 degrees Celsius Solubility, in grams per 100 cc Cold Water Hot Water Other Solvents Infinity Infinity Decomposes violently in alcohol; soluble in ether Pure HNO3 is a colorless liquid, about 1.5 times as dense as water. It fumes in moist air and boils at 83 degrees Celsius. The 100% HNO3 is unstable, and for that reason, the concentrated nitric acid of commerce is a 68% solution (42 degrees Baume') of HNO3 in water. Such a solution boils at 120 degrees Celsius. A more dilute solution boils at a lower temperature, losing water and becoming more concentrated. Chemical Properties of Nitric Acid 1. Stability. Nitric acid is not very stable. When boiled, or even when exposed to sunlight, it decomposes to some extent. Water and nitrogen dioxide, NO2, are two products of its decomposition. The deep yellow color of laboratory bottles of nitric acid is caused by small amounts of dissolved nitrogen dioxide which are formed when the acid is exposed to light. In water solution the acid is more stable. Fuming red nitric acid, a very corrosive liquid, has a red color due to considerable amounts of dissolved nitrogen dioxide. It fumes in moist air and burns the skin painfully. 2. Acid properties. When dilute, nitric acid has the usual properties of acids. It reacts with metals and the oxides of metals. It reacts with hydroxides, forming salts known as nitrates. Nitric acid stains the skin yellow, forming xanthoproteic (zan- thoh-proh-tee-ick) acid. It produces the same effect with any protein, and for that reason is used as a test for proteins. A drop of nitric acid added to a slice of hard-boiled egg white will show the test perfectly. The color deepens to a bright-orange when ammonia- water solution is added. Nitric acid may be prepared in the laboratory by the action of sulfuric acid on sodium nitrate. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Sulfuric Acid DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD Sulfuric Acid - H2SO4 Molecular Weight - 98.08 Density - 1.841 Melting Point - 10.36 degrees Celsuis Boiling Point - 338 degrees Celsius Solubility, in grams per 100 cc Cold Water Hot Water Other Solvents Infinity; Infinity Decomposes in Alcohol Evolves heat Concentrated sulfuric acid is a dense, oily liquid which is sometimes called oil of vitriol. The concentrated acid, which contains about 2% water, has a specific gravity of about 1.84 and a boiling point of 338 degrees Celsuis. Pure sulfuric acid is colorless, but commercial acid may have a yellow color, or it may be brown or almost black because of the presence of impurities, especially organic matter. When sulfuric acid is added to water (you must never add water to sulfuric acid) a great deal of heat is evolved because of the formation of the hydrates H2SO4 . H2O and H2SO4 . 2H2O. Sulfuric Acid's dehydrating properties The strong affinity of sulfuric acid for water makes it an excellent dehydrating agent. Gases may be dried by bubbling them through concentrated sulfuric acid. Lumps of pumice stone soaked in sulfuric acid may be used in the lower part of a desiccator. In fact, sulfuric acid is such an active dehydrating agent that it will take hydrogen and oxygen, in the proportion needed to form water, from such substances as sugar, C12H22O11, or cellulose, (C6H10O5)n, leaving the carbon uncombined. C12H22O11 + 11 H2SO4 -> 12 C + 11 H2SO4 . H2O In the same manner, concentrated sulfuric acid chars wood, paper, cotton, starch, and other organic compounds. In making some products commercially, water is formed as a by- product. Let us illustrate this with the reaction for making nitroglycerine, C3H5(NO3)3 C3H5(OH3) + 3 HNO3 -> C3H5(NO3)3 + 3 H2O In the manufacture of this explosive, concentrated nitric acid is used. Since the nitric acid is reacting with a non-electrolyte, the reaction is slow. To prevent dilution of the acid, which cause the reaction to proceed more slowly, sulfuric acid is always mixed with the nitric acid. The sulfuric acid acts as a dehydrating agent. It absorbs the water as fast as it is formed and greatly speeds the rate of the reaction. This same principle takes place in nitrocellulose or smokeless powder. Dilute sulfuric acid may be obtained from some car batteries. Due to sulfuric acids high boiling point, it can be boiled to concentration without the use of a retort or other glassware. The boiling point will continue to drop the more dilute the acid is, until reaching 0% sulfuric acid, 100 degrees Celsuis, and retrospectively, 640.4 degrees F (338 degrees C) with 100% purity. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Where to get chemicals and laboratory supplies DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD The information I have just gave you is useless without a source to obtain the chemicals from. Here are just a few. Check your local library for more, and believe me, there are MORE! Frey Scientific 905 Hickory Lane, P.O. Box 81o1 Mansfield, Ohio 44905 8oo.225.FREY Specializes in Low, Low prices to schools. You must be a school to order from them. GFS Chemicals P.O. Box 23214 Columbus, Ohio 43223 8oo.858.9682; 614.881.55o1 Specializes in high quality reagent grade chemicals. Leading producer of Perchlorate chemicals in the country. GFS has a reputation for the quality of their goods, but they are quite expensive. Generally, for the pyrotechnic device, you do not need reagent quality chemicals. However, GFS sells some of those...hard to find chemicals like Cyanuric Acid, C3H3N3O3, (2,4,6-Trihydroxy-1,3,5-triazine), a convenient lab source for Hydrogen Cyanide gas, HCN. Look around in your library for chemical supply houses. Ones that pop into my head are Fisher Scientific, Nasco, and a load of others. Compare prices. And buy from the cheapest. Perhaps the best source for chemicals is from a local company. Look in your business white pages under chemicals and see if there is anything there. Then look in the yellow pages for chemicals. In big cities there are generally a few supply houses. From here on, I am going to tell a story of Fireball and my adventures with Pyrotechnica. I have a friend who has a Masters degree in Biology and a Bachelors degree in Chemistry. If you have any friends who are scientists, ask them where to get chemicals. Tell them you are doing a science experiment or that you are in a band or have been asked by a band to do stage effects. My friend directed me to a local chemical supply company, that he said would have all the chemicals I would need. I was really happy. So I called up this place, and told them a few chemicals that I needed. The man replied that he really didn't have any chemicals, and that mainly he sells pH indicators and other materials for industrial uses. Well, I knew that my friend wouldn't lie to me, so I told Fireball and we went down to the place. The signs were weathered, and it was someplace you wouldn't leave you door unlocked. There was a computer printout above the door that said the company's name. We finally found our way to it, and it was one room, about 20' by 50' and junked up immensely. We almost turned around and left. But we decided to check it out anyways. Once inside we told the old man that we needed chemicals and he immediately remembered the phone call and said that he didn't have any chemicals. Yeah right. I think it was more like he didn't think he had many chemicals, but he had to have AT LEAST 150 different chemicals and a bunch of assorted glassware and other products. There were 2.5kg bottles of potassium nitrate, KNO3, which he said he didn't have. Powdered zinc, about 300 mesh, which we bought for $12.00. Powdered iron, which we bought for $1.50. Potassium nitrate, technical grade, 95%, $1.50 a pound. We bought all he had...2 lbs. Potassium Permanganate, KMnO4, we bought a little bit, but it was expensive. We also bought 500g of Lampblack carbon (charcoal). 500 g of it is a lot! And it was only $1.50. We also purchased a flask, a beaker, a graduated cylinder, some filter paper, an alcohol burner, and some other things I can't remember. We also got our first bottle of nitric acid there, 42 degrees Baume, 68% concentration. Moral: Don't judge a book by it's cover. I wrote this text file in PFS: Professional Write. I only have 640k memory installed, and this is about as long as I can make one text file. So, look for my future text files. I'll be going straight from this one to a new one, with a complete analysis of Ammonia Tri-iodide, NH3NI3, physical constants of many pyrotechnics substances, a bit about the BATF, and other law enforcement agencies, purification of KNO3, formulae for colors, Mercuric Fulminate, and much, much more. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Major Firework Companies In The United States DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD American Pyrotechnics Association Chestertown, MD. 8o1.778.6825 Atlas Enterprises, Fort Worth, Texas. 817.237.3371 Fireworks by Grucci, Brookhaven, NY 516.286.oo88; 8oo.227.oo88 Performance Pyrotechnics Associates St. Louis, Missouri, 314.285.1500 Pyro Spectaculars, Rialto, CA. 714.874.1644 8oo.322.7732 Southern International Fireworks, Woodstock, GA. 8oo.327.1771 Vitale Fireworks Display Company, New Castle, Pennsylvania 412.654.9841; 8oo.245.o359 Zambelli Internationale Fireworks Manufacturing Company New Castle, Pennsylvania; 412.658.6611; 8oo.245.o397 Phantom Fireworks: Chicago/Indiana - 219-947-1984 3820 East Lincoln Highway (Route 30) Merrillville, Indiana, 40410 (Go wander) Take I-65 to Route 30 (East Lincoln Highway). Follow Route 30 East 1 1/2 miles. Showroom is on the left (North) hand side. Chicago - 20 miles; Milwaukee 110 miles Louisville - 812.285.o633 Located next to River Falls Mall 1421 Cedar Street Clarksville, Indiana Take I-65 to exit 4, at exit light make right (west) on to US 131. Go 2 blocks just past Bob Evans Restaurant. Make right onto Cedar Street. The showroom is 150 yards on the left hand side. Columbus, Indiana - 65 miles; Evansville, Indiana - 130 miles; Frankfort, Kentucky - 54 miles ; Indianapolis - 100 miles; Louisville, Kentucky - 4 miles; Lexington - 86 miles Cincinnati, Ohio - 812.537.4oo5 1400 US Highway 50 East Lawrenceburg, Indiana Take I-275 to Exit 16. Make a right onto Route 50 and go 100 yards and turn right into driveway. Go to the second building in driveway. Be sure to look for Phantom signs as they are not associated with the first building in driveway. Cincinnati - 20 miles ; Columbus, OH - 125 miles Covington, KY - 22 miles; Hamilton, OH - 28 miles Lexington, KY - 87 miles Ohio/West Virginia/Kentucky - 614.867.2222 Route 217 Scottown, Ohio 45678 Just across the Ohio River from Huntington, West Virginia. Travel route 775 North to Star Route 217 to the Ohio River ShowRoom. Charleston, WV - 85 miles; Huntington, WV - 20 miles; Parkersburg, WV - 130 miles =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Bibliography DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD Modern Chemistry. (c) 1958. Henry Holt and Company, Incorporated. CRC Handbook of Chemistry and Physics. 55th Edition. 1975-76. Printed by the Chemical Rubber Company (CRC) NIOSH Pocket guide to Chemical Hazards. September 1985 Printed by U.S. Department of Health and Human Services Public Health Service, Centers for Disease Control, National Institue for Occupations Safety and Health. Scientific American Magazine. July 1990 Websters New International Dictionary - Second Edition Copyright 1934, G. & C. Merriam Co. The Anarchist's Cookbook. (c) 1971 - William Powell Improvised Munitions Handbook - U.S. Government Various Other Publications. Fireball's Psychotic Mind. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= THE END =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= ------------------------------------------------------------------------------- -=- United Phreaker's Incorporated Magazine -=- Volume Two, Issue Seven, File 7 of 19 Network User Addresses Information Numbers Note: This file was previously released in the NuKE InfoJournals: As it is my creation, I reserve the right to continue updating and releasing this file. v7.5 OD's ONLY @DDDDDDDDDY Baud ACN Rate OD Number CDDD4 CDDDD4 CDDDDDDDDDDDD4 201 2400 311020100022 202 2400 311020200117 203 2400 311020300120 206 2400 311020600021 212 2400 311021200412 213 2400 311021300023 214 2400 311021400022 215 2400 311021500022 216 2400 311021600120 217 2400 311031400020 301 2400 311020200117 303 2400 311030300021 305 2400 311030500112 312 2400 311031200024 313 2400 311031300024 314 2400 311031400020 403 ALL 302040300901 404 2400 311040400022 408 2400 311040800110 414 2400 311041400120 415 2400 311041500023 415 2400 311041500011 415 2400 311041500108 416 2400 302041600900 503 2400 311050300120 514 ALL 302051400903 602 2400 311060200026 612 2400 311061200022 617 2400 311061700026 703 2400 311020200117 713 2400 311071300024 714 2400 311071400124 714 2400 311071400121 714 2400 311071400024 718 2400 311021200412 801 2400 311080100012 813 2400 311081300124 815 2400 311031200024 817 300 311021400117 816 2400 311081600113 818 2400 311081800021 913 2400 311081600113 916 2400 311091600012 919 2400 311091900124 Global Out-Dial CDDDDDDDDDDDDDDD4 31106170002602 (Quite Busy) PAD CDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD4 311020100141: Switzerland, PW: PAD Chat and Game Systems @DDDDDDDDDDDDDDDDDDDDDY System Name NUA CDDDDDDDDDDDDDDDDDDDDDDDDDDDDD4 CDDDDDDDDDDDDDDDD4 SamNet1: Samantha 22222950098 SamNet2: Samantha ][ 302085700900 SamNet3: Giorgia 22228010133 SamNet4: Guilietta 22224510172 SamNet5: Unknown 22225190087 Lutzifer 26245400080177 Arthemys/ArtBrain 22226700381 Edicom's Vienna Chat-Board 23226181139 QSD/LOAD 208057040540 ItaPac: Xware Software Systems 22222950213 The Multi-User Island Adventure 23422020010700 Pegasus 228475212574 Node Lina 22222800173 Kanome: Japan 440881807401 Adonis: Russia 2502040600 Other Systems @DDDDDDDDDDDDDY System Name NUA CDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD4 CDDDDDDDDDDDDDDD4 Villa BBS: IceLand 274011991000 Teletex & Computers: Hamburg 26245400050570 MCOMM Internationnal BBS 208076020367 AusPac 505273720000 Auspac RMIT User Access Code 236023008 L.A. Times InfoLine 310600584410 BBB BBS: Norway 2422450134 Gandalf: PW= NRC 302085701427 CBCNet 22222600183 CoiNet 102030066 UniNet 655011101207 PrimeNet: PW= Login 30291600122 VicNet 50523602300 USSR Nat. Centre for Data Xchange 2502030300 I thank all those who helped me in compiling this list, and would like everyone who is willing to contribute to this list, to feel free to do so. I can be reached on my own system, The Nuclear Development Corporation, or on any reputable H/P system across North America Greets To: Matrix (207) Mechanix (514) The Lost Avenger (416) White Knight and PoT (604) DarkMan Productions, June 1992 ------------------------------------------------------------------------------- -=- United Phreaker's Incorporated Magazine -=- Volume Two, Issue Seven, File 8 of 19 The Hacker's Code Of Ethics... By The DarkMan As one of the people on an Alliance once said, " We (the hackers) may be considered unethical to some people, but as a small and growing community, we have our own code of ethics." When he pointed this out, which I may say was greeted with much enthusiasm on the Alliance, I got the idea of releasing this file on exactly that: The Hacker's Code Of Ethics. We live in the age of computers. Everything is controlled by massive mainframes; Our water distribution system, rail-road control, airline control, electricity control, telephone companies, etc, etc, etc... Imagine the fun someone can have in one of those systems!!! Just the fact of getting in them can sometimes be a major accomplishment. But my point is, what people do once they are in... The one thing I hate, is the way some self-appointed hackers find there way into a system, and ruin the name of the rest of us by destroying everything they can find. Now that is pathetic. First of all, as I said, it ruins the name of the rest of us. The word "Hacker" has forever been tarnished because of those people. All you have to do is mention "Hacker!" to the computer manager of a company, and he'll keel over in an epileptic fit! Let me tell you what my fun is. This idea I got from my good friend Matrix, in the 207 NPA. What I do, is get in the system first of all... That's when the fun starts... I take care of all the security features, hiding my passage, and then leave the SysAdmin a little message, something like this: " Dear System Administrator. I find that the security of your system is somewhat neglected, which could bring a serious downfall of your data should one of my more destructive "brothers" find there way here. You should change or emphasize the importance of security in your office. I will call back in exactly one week to check out the changes. Signed, The Happy Hacker :) " I've pulled this trick off a few times, and it worked... But of course, by then, I had alreay created a few superuser accounts, so I had no trouble getting back in... I would just like to see the face ONCE of a system administrator that reads that message!!! My next point, is the attitude some hackers have towards each other. We are of a dying race. There are not many of us left that actually know what we are doing and most importantly why we do what we do. The importance of sticking together and protecting one another should not even be brought up. We should know it. But no... There will always be some asshole considering himself a hacker that will pull another hacker's CN/A... The one thing a hacker cherishes beyond all is his need for privacy... If one of us does not what to be hassled, bothered or otherwise harassed, it is his own right! We do not have the right nor is it to our advantage to betray that right. It will only aggravate that person, and make him aggressive towards the rest of us... Also, some hackers have this massive ego problem... I must name one here, for that problem, and he is Corporal Punishment... I have had numerous run-ins with this guy. He seems to think he is a God, constantly running everyone into the ground. He even went as far as saying "PHRACK sucks!" But he isn't the only one with that problem... Some feel that if they put others down, they will elevate to a higher level. Sorry to burst you bubble guys, but your only viewed as massive ego-maniacs that deserve nothing less than being run down yourselves... One other thing some "hackers" have loads of fun with, is pulling other hackers CBI Information, and posting it public. Now that is one of the most pathetic attempts at getting even I have ever seen. And what's worse, if the hacker in question is a minor, then the person wanting to pull the CBI will try and get the PARENTS credit info! The parents, who have absolutly nothing to do with this, will either: Turn in they're own child ( which has happened in many cases ), take away the entire computer set-up, or try a kamikaze attack on the whole computer underground ( if they're really frustrated ). The last thing I will mention, will be hackers turning in other hackers to federal crime agencies, or to the PhoneCorp security offices, or any other type of company that deals with computer related phraud. This activity, refered to as Narcing, is getting to be to popular for a hackers good... You may be saying, " Come on, no hacker in they're right mind would turn another on in ". And your right... It's once again those self proclaimed hackers, or the ones who think they are who will do this to get "Even"... Listen to this... Those who are familiar with the current events in our community will have heard of this little story. This 15 year old "hacker" uses Leech Z-modem every where he goes, then get's caught, and then leaves that BBS never to call back again. This other "hacker" who unfortunatly for him, used to be a respected person in the H/P community, decides to get even in an affair that never did concern him. He pulls the 15 year olds parent's CBI information, and posts it public. The 15 year old gets pissed off, so calls Patricia Sisson, of SprintNet security, whom the CBI puller had already had problems with. Thus, a Narc attack... Well, fortunatly for him, the CBI puller managed to lie and worm and wiggle himself out of trouble once more, but lost all the respect he had accumulated because of the CBI pulling... Like I said, I named not anyone, but people who keep in contact with the news know who it is... And one more thing I'd like to clear up... I'm sure some of you people have had trouble logging into some local wares boards, or something like that, because of the fact that your a hacker... The thing that goes through that SysOp's mind, is that your comming here to crash his system. Thus, once again, the "Destructive Computer User" Stereotype... A board crasher is no more a "hacker" than my grandmother is. We, of a dying comumunity, have an obligation towards those who follow in our footsteps. We must show them how a hacker acts, how a hacker goes about his activities, what a hacker is supposed to be! We must not try to kill each other off by reporting each other to the law, or by destroying our private life. We must stick together in times when doing what we do becomes difficult... We must also prove to the media, who seem to have the idea that all computer owners are hackers, and that hackers are all teenage under-achievers, that a hacker is much more, so very much more than they're stereotyped hacker is...And to those who think to themselves " But why do you hack? " I say, " Why in the hell are you reading this? " I believe I have said enough. If anyone wishes to comment on this file, or otherwise wants to get in contact with me, can reach me on my system, The Nuclear Development Corporation, or on any other reputable H/P system across North America. DarkMan Productions, June 1992 ------------------------------------------------------------------------------- -=- United Phreaker's Incorporated Magazine -=- Volume Two, Issue Seven, File 9 of 19 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= = = = Build An Emergency Telephone Dialer = = = = By The Lost Avenger/UPi = = = =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Ok guys I saw this article in Popular Electronics in September 1992 originally published by Anthony J Caristi. This looks like a neat little circuit that relates to electronics and telephones. So I decided to type it up for the magazine. Well here it is, enjoy it and if you have any questions on it please e-mail me either on The Cathedral or on my Internet E-Mail address. Oh yeah by the way this article is re-published without permission. (Like I would really get waste my time to get permission anyways.) Safeguard you home or office with a security system that calls when there is a problem. Imagine having an electronic device that would guard your home or office while you're away, and automatically alert you by phone if there is a break-in or some other problem requiring your immediate attention. Well, imagine no longer; for Teleguard, which we'll show you how to build, will do just that. Teleguard accomplishes that task by monitoring an open-loop or closed-loop sensor switch located in the protected area. When the sensor detects a problem - such as a break-in, fire, heating-system failure, flood, etc. - Teleguard dials whatever telephone number has been programmed into its memory. When the phone is taken off hook, Teleguard emits an unusual tone to alert the party on the receiving end that something is amiss. The circuit is not hampered by busy signals when a call is placed; it automatically redials the number again and again (about once a minute) until it get through. In addition, Teleguard can also automatically dial a number in the event of a medical emergency; for instance, where a mobility-impaired person is unable to dial the telephone. That can be accomplished by adding a "panic" switch to the circuit. Programming the telephone number to be called is quick and easy, and the pre-programmed telephone number remains in the circuit's memory as long as it is connected to the telephone line. In spite of its ability to retain its programming, the number to be called can easily be changed whenever desired. Another feature of Teleguard is that it does not require an internal power supply; but instead derives its operating power directly from the telephone line. And the circuit, although telephone-line powered, won't interfere with normal telephone use, so it can be left activated at all times. Imagine the secure feeling you will have with Teleguard at you service! About The Circuit A schematic diagram of the Teleguard circuit is shown. At the heart of the circuit is an MC145412 pulse/tone repertory dialer (U5), which has a built-in, last-number-redial function. Integrated circuit U5, which generates dual-tone multi-frequency (DTMF) signals, is controlled by a common 3 x 4 matrix-type keypad. When ever a telephone number is keyed in, U5 retains that number in memory as long as power is uninterrupted. The circuit is connected to the telephone line through a fullwave-bridge rectifier, composed of D1-D4, making the circuit insensitive to telephone-line polarity. The output of the bridge rectifier is applied to R7, D5, and C3, which form a network that supplies power to the rest of the circuit as well as providing a memory-retention voltage to U5, ensuring that it will retain the programmed telephone number. That voltage is also used to maintain the logic levels of U2, U3, and U4 when the circuit is in the standby mode. Sensor switch SEN1 is an open-loop sensor switch that is used to monitor the protected area. The sensor switch is selected to suit your application. When the circuit is in the standby mode (has not been triggered), the output of U2-d is low. That low travels along two paths. In one path, that low is applied to U1 (a 555 oscillator/timer) at pin 4, keeping it off, and to pin 1 of U4-a. The output of U4-a is applied to pin 12 of U5. In the other path, the low output of U2-d is inverted by U2-b and applied to pin 15 of U3 (a 4017 decade counter/divider with decoded outputs), causing U3's 0 output at pin 3 to go high. Because there is nothing connected to that output, it has no affect on the circuit. When SEN1 is closed (by an intruder entering a protected area, for example), pins 12 and 13 of U2-d are pulled low, forcing its output to go high, enabling U1, while pin 12 of U5 goes low, placing U5 in the off-hook condition. At the same time, the output of U2-c is driven high. That high is applied to Q2, causing it to conduct. With Q2 conducting, Q1 is forward biased, causing it to conduct too. That causes LED1 to light, providing a visual indication that Teleguard has seized the telephone line. As U1 oscillates, U3 begins to count upward, and continues to count (repeating its 0-9 count) as long as SEN1 remains closed. The logic levels generated by U1 at pin 3 and U3 pins 4 and 7 pass through U4 (a-d), producing two output pulse trains; the on-hook/off-hook pulse train that is applied to pin 12 of U5, followed by a redial pulse train that is applied pin 2. The redial pulse occurs about a second after U5 goes off hook, to allow time for the telephone network to respond to Teleguard's connection and establish a dial tone. When pin 4 of U4-b goes high, Q3 and Q4 are forward biased, pulling pins 2 and 16 of U5 low. That's the redial logic required for U5 to output its stored telephone number. The circuit then remains dormant until the next on-hook/off-hook pulse is applied to pin 12 of U5. The cycle repeats (dialing the stored number) about once a minute. During the time between dialing, the called party has time to answer the telephone. Whether or not the call is answered, Teleguard will continue to redial the number about once a minute as long as SEN1 remains closed. That ensures that the call will eventually get through should the called number be busy, or if no one is immediately available to answer the call. Integrated circuit U6 (another 555 oscillator/timer), configured as an astable multivibrator operating at about 1 kHz is active only when Teleguard has made connection to the telephone line. The output of U6 is capacitively coupled to the phone line, alerting the called party that Teleguard has made its emergency call. Switch S1 is used to initialize the circuit with the preprogrammed emergency telephone number. When S1 is placed in the setup position, pin 12 of U5 is pulled low. That forces U5 to go off hook, and activates Q1 to seize the telephone line. The desired telephone number (including a "1" and area code if necessary) is then manually entered via the keypad. After entering the number, S1 is set to the arm position to deactivate the circuit while retaining the preprogrammed telephone number. Construction The majority of Teleguard was assembled on a printed circuit board, measuring 2 by 4 7/16 inches, with the remainder of the circuit (the keypad and two switches) connected to the circuit board through lengths of insulated wire. Once you've gathered the parts listed in the Parts List and prepared your circuit board, construction can begin. When assembling the circuit, it is recommended that sockets be provided for all of IC's. Begin assembling the circuit by installing sockets where IC's are indicated. Do not install any IC's until instructed to do so. Once the sockets are in place, install the jumper connections. Be careful during this operation; one misconnected jumper can render your circuit inoperative. After that, install the passive components (resistors, capacitors, etc.) followed by the active components (transistors and diodes), making sure that all polarized components (diodes, transistors, and electrolytic capacitors) are properly oriented. If a polarized component is installed backwards, the circuit will be inoperative and could possibly self-destruct, taking several other components along with it. Once all of the on-board components have been installed, connect a length of quad telephone line cord to the circuit board. For the line cord, you can use either a commercially available modular plug-to-plug telephone cord, or make your own. If you make your own you'll have to connect a modular plug to one end of the cord. If the commercial unit is used, cut it in half and strip the insulation from the free end of one piece. Then carefully tin the red and green wires of the cord and solder them to the points indicated. Next connect the keypad - a standard telephone 3-by-4 matrix type - to the board. The keypad can be salvaged from one of the many low-cost telephones that are available, or it can be purchased from one of the mail-order houses. In any event, the keypad has 4 row connections (identified as R1, R2, R3, and R4) and 3 column terminals (identified as C1, C2, and C3). Simply connect the row and column terminals of the keypad to like terminals on the circuit board; C1 to C1, R1 to R1, and so on. After connecting that task, check the wiring very carefully, especially between the keypad the circuit board. An error in wiring the keypad to the circuit will cause misdialed numbers! While you are at it, inspect the circuit carefully for the proper placement of all parts, cold solder joints (which appear as dull blobs of solder), and shorted or opened circuits. It is far easier to correct a problem at this stage of the game than to attempt to locate and correct a problem later. The circuit can be housed in any enclosure of suitable size. The keypad, S1, and LED1 should be mounted to the side of the enclosure for easy accessibility. Prepare the enclosure to accept the off-board components, but do not mount the circuit in its enclosure yet. You must first fins out if the circuit is functioning properly. Test Setup The operation of the circuit can be tested by connecting Teleguard to telephone line, or using a well-filtered 40 to 50-volt DC power supply to simulate the power that would otherwise be devired from the telephone line. The power supply is simply connected to your Teleguard with a 1k, 2-watt resistor connected in series with the positive output of the DC supply. The positive output of the power supply (with its series resistor) is then connected to the L1 terminal of the Teleguard circuit board. The negative power supply output is then connected to the L2 terminal. If the telephone line is used for test purposes, a resistor is unnecessary, and polarity is not important; simply connect the projects modular plug to the telephone line. A digital voltimeter or VOM with an input impedance at of least 10 megaohms with be needed to measure voltage levels within the circuit. A telephone and modular duplex adapter - which allows both Teleguard and the telephone to be plugged into the telephone line simultaneously - are also required for testing. The adapter allows the telephone to be used to verify that U5 generates a DTMF signal in response to each number keyed via Teleguard's keypad. At this point, all IC sockets should be empty; if not, remove all IC's from the board. Set S1 to the arm position and connect the project to the DC supply or telephone line. The LED should be unlit. Allow a minute or so for C3 to charge, then measure the voltage across that unit. You should get a reading of about 5 to 6-volts DC. If your reading is somewhere out in left field find and correct the problem before proceeding. If the voltage is within specifications, disconnect power and discharge 3. Then inset all IC's into their respective sockets. being very careful to properly orient and seat them in their sockets. Set S1 to the arm position. Apply power to the circuit, again allowing a minute or so for C3 to charge. Set S1 to the setup position; LED1 should light. Do not proceed with the final test if LED does not light when S1 is placed in the setup position. Continue the checkout by double-checking the orientation of LED1, Q1, Q2, D6, D7, and C5. Measure the voltage across C3, making sure that the voltage across it is at least 5-volts. Set S1 to arm position for a minute or so. Flip S1 to the setup position and press each key of the keypad (one at a time) while examining the waveforms generated at pin 18 of U5 using an oscilloscope. Each time a key is depressed, a DTMF signal (about 1 volt peak-to-peak) should be generated. Next test Teleguard's programmability and operation under program control. Program the circuit by momentarily setting S1 to the arm position, and then return it to setup. Key in any telephone number using the keypad. Then set S1 to the arm position, simulate a problem situation by shorting pins 12 and 13 of U2 to ground. Maintain the short while monitoring the oscilloscope. A few seconds after pins 12 and 13 are grounded, a series of DTMF bursts should appear at pin 18 of U5 in rapid succession. Allow the circuit to remain dormant for about a minute. The series of DTMF bursts should reappear. The cycle should repeat about once a minute as long as pins 12 and 13 of u2-d remain grounded. If Teleguard preforms as described, proceed to the final phase of testing; otherwise troubleshoot the circuit to locate and repair the fault. If U5 fails to generate DTMF signals in response to the keypad entry, carefully check the wiring between U5 and the keypad. Closure of any keypad switch must short one row to one column wire in accordance with the keypad matrix. If in doubt, disconnect power to the circuit, remove U5 from its socket, and use an ohmmeter to verify that each keypad button shorts the correct terminals of U5. If the keypad has been properly connected, verify that U5's crystal oscillator is functioning properly by holding down any key while examining the waveform at pins 8 and 9 of U5. You should get a 2 or 3-volt peak-to-peak, 3.58-MHz waveform only when a keypad key is depressed. If no oscillation is present, verify the presence of 5-volts at pin 1 (the supply input) of U5. Try a new IC and crystal if possible. Final Test Temporarily remove U6 from its socket to disable the 1-kHz oscillator. Using the duplex adapter, connect both Teleguard and a telephone to the telephone line. Leave the handset on hook, set S1 to arm, and allow a minute for C3 to charge. The LED should be unlit. Set S1 to setup; LED1 should light, indicating connection to the telephone line. Pick up the telephone handset and listen as you key in a number via the project's keypad; DTMF tones should be heard in the handset in response to the keystrokes. Place the telephone handset on hook, momentarily place S1 in the arm position, and then switch it back to setup. Then, with the telephone handset on hook, key in (via the Teleguard keypad) any key telephone number. If possible key in the telephone number of an associate who can then verify that the circuit is operating properly. Once Teleguard has dialed out, you can then use the telephone to engage in normal conversation. If that checks out, remove power from the circuit and reinstall U6 in its socket. Apply power to the circuit and reprogram Teleguard, as before, by switching S1 from arm to setup, keying in the desired telephone number, and then switching back to arm. The automatic redial function can be checked by shorting pins 12 and 13 of U2-d to ground to simulate an emergency condition. After a few seconds, the programmed number will be dialed. That can be verified by listening to the earpiece of the telephone handset. If an associate answers the call, he or she should hear the 1-kHz tone. If no DTMF signal is generated by the circuit, review the troubleshooting procedure to locate and repair the fault. If the automatic-redial feature is not functioning, carefully check U1 to U4, Q3, Q4, and their associated components. if the 1-kHz is absent, check U6 and its associated components. Using Teleguard Teleguard may be connected to any available telephone jack. A pair of wires must be run from the circuit to the sensor(s) at the protected door, window, etc. If you will be using the circuit to detect fire, flooding, or other emergencies, use appropriate sensors in your sensor loop. For normally open sensor loops, multiple sensors can be connected in parallel and tied to the circuit to allow detection of a breach at any number of entry points. If normally closed sensor switches are used, multiple sensors can be series connected to the circuit through an inverter to monitor several different areas. It is important that no part of the sensor loop be allowed to make contact with ground though pipes, electrical appliances, etc. The sensor-loop ground is derived from Teleguard's circuit board, so use insulated wire to connect the sensor loop to the board. A phone is not required for use with Teleguard. The circuit can be left connected to the telephone, without having any adverse affects on the normal operation of the phone system. Note that anytime the unit is disconnected from the line, the number programmed into U5 will be lost. Programming Teleguard With the sensor loop in the safe or dormant condition - normally open sensor switches open or normally closed sensor switched closed - and connected to the circuit, set S1 to the arm position and connect Teleguard to the telephone line. Allow about 1 minute charging time. Place S1 to the setup position. The LED should light, indicating connection to the telephone company central office. Key in the desired telephone number (including a 1 and area code if necessary). After keying the number, immediately set S1 to the arm position. The LED should go out. This completes the setup procedure and among of the circuit. To change the telephone number at any time, simply repeat the programming sequence. If a sensor is triggered after the circuit is armed, Teleguard will immediately go off-hook and call the programmed number. It will continue to do so, about once a minute, until the protective circuit is restored. When the call is answered, the 1-kHz tone will be heard in the handset at the receiving end, alerting the called party to a problem condition at the protected area. Of course, be sure to alert others who may pick up the phone about the special tone should Teleguard call. Schematic Diagram Sorry guys I tried to reproduce this schematic diagram as well as I possibly could. I had to split the schematic diagram into two parts as I couldn't fit it within the 80 column limit. So if you have any questions about this schematic or the article please e-mail me either on Internet or my The Cathedral. ZDDDDDDDoDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDoDDDDDDDDDDDDDDDDD> 3 3 3 3 3 3 ZDD> R2 100K 3 3 3 3 3 3 3 3 13 143 ZDDDDDDDDDDDDDDDDDDDDDEDDDDDDDDDDDDDDEDD> oDDDBDDDADD?11 3 ZDDDDDDoDDDD? 3 ZDDDDDDDDDDDDEDD> 3 123 U2-d oDDDDDDoDDo 3 3 3 3 3 3 Off ZDDDDoDDDADDDBDDY 3 34 63 R2 100K 3 3 3 3 o o On 3 73 CD4001B 3 ZADDDDDDDA?3 3 3 3 3 1 3 SEN1 C1 10 3 1/4 3 3 CDDDDDEDDDDEDEDoDDBDDDDDD? 3 o 3 3 3 3 U1 37 3 3 3 3 23 U2-a oDDoDD> @DDDDoDDDDDDDY 3 3 LM555CN CDDDDDo 3 3 @DDADDDDDDY 3 3 3 3 3 3 3 Cd4001B Ground 3 3 CD? R3 10K 3 3 1/4 3 @BDDDDDDDBY 3 3 3 3 3 31 2@DDoDDDY 3 3 ZDDDDDDDDDDDDD? 3 3 3 3 3 3 3 3 3 C2 47 3 3 3 3 3 3 3 3 3 3 3 3 oDDDDDDDDDDY 3 3 3 D1DDDDoDDDDD2 3 3 3 3 CD4001B 3 3 3 3Ground 3 3 5 1/4 3 3 3 @DDDDDDDDDDDDDDDDDDDDDDEDEDoDDBDDDDDD? 3 3 3 3 3 3 63 U2-b oDDDDD> 3 ZDDDDo oDDDDoDDDDD? ZDDDDDDDEDY @DDADDDDDDY 3 3 3 3 3 3 3 3 3 Ground 3 3 3 R7 1Meg 3 @DoDDDDDDoDDDDoDDDDD> 3 3 3 3 3 3 D7 3 34 63 3 D3DDDDoDDDDD4 3 oDDDDDDDDDDDoD1N4004DDo ZDADDDDAD?8 3 3 3 3 3 3 ZD4 C6 CDDD> 3 3 3 3 C3 300 3 333 LM55CN CDDD> 3 3 3 3 D5 3 3 3 @DBDDDDBDY7 o L1 o L2 3 @D1N52348DDDoDDD? 3 C6 31 32 To Telephone 3 6.2V 3 3 .1 3 @DDDDD> Line 3 Ground 3 3 3 oDDDDDDDDDDDDDDDDDDDDDDDDDDDEDDo 3 D1 to D4 = 1N4004 3 3 3 CDDDDDDDDDD> R8 3 3 Ground 220Ohms 3 @DDDDDDDDDDDDDD> 3 3 ZDDDDDDDDDoDDDDQ1 2N5401DDDDDDDDLED1DDoDDDDDDD? 3 3 3 3 D6 R9 D9 C5 2200 1N4758A 1.5K 1N52318 3 56V 3 5.1V 3 3 3 3 3 Ground 3 @DDDDDDDoDDDDD? 3 Ground @D? 8 Q2 10ZDDDDDDBDD? BS170DDR10 100KDDDo U2-c 39 3 3 @DDDDDDADDoDDDDDDD> Ground >DDDDDoDDDDDDDDDDDDDDDDDDDDDDDoDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD? 3 12 3 3 >DDDDDEDDDDDBDDDDDD?11 2 314 U4-a to U4-D = 4011B 1/4 3 3 133 U4-d oDDDDDBDDDDAD?3 3 3 ZDADDDDDDY 13 U4Da oDDDDDDDDDDD? 3 >DDDDDEDDDEDDDDDDDDDDDDDDADDDDDDY R11 3 >DDDDDEDDDEDDDDDDDBDDDDDD?10 ZDDBDDDDDD?4 10K 3 3 3 93 U4Dc oDDD4 53 U4Db oD? 3 ZDDDDDDDDDDDDDDDDo 163 43 7ZDDDADDDDDDY @DDADDDBDDY 3 3 3 3 ZADDDADDDA? 8 6 37 3 3 3 3 143 U3 3 Ground 3 3 3 ZDDD8 1N4004DDo >DDDD4 CD40178 3 ZDDDDDDDDDDDDDDDDDDDDY 3 3 3 3 @BDDDBDDDBY ZDEDDDDDDDDDDDDDDDDDDDDDDDo 3 3 3 153 133 83 3 3 3 3 oDDR6 100OhmsDY 3 oDDDY 3 oDR4 470KDDDQ3 BS170D? 3 3 3 3 3 3 3 3 3 3 3 3 3 Ground 3 3 Ground 3 3 3 3 3 ZDDDDDDY 3 3 3 3 oDDDDDDDDDD? 3 3 R5 3 3 3 3 3 3 3 470K 32 31231 318 3 3 3 3 ZADDADDADDAD? 3 3 3 @DQ4 BS170DBDDDD? 3 310 3 3 3 3 3 3 U5 CDDD? 3 3 3 Matrix Ground 3 3 MC145412P 36 3 3 >DDDDDY 3 Keypad 3 3 CDDDo 3 3 ZDDDDDDDDDDD? 3 163R1 3 3 3 R12 3 3 1 2 3 CDDDDDDDoDDD4 3 Ground 3 >DD47KDD? 3 3 3 153R2 3 3 3 3 3 4 5 6 CDDDDDDDDDDD4 3 3 3 3 3 3 143R3 3 3 >DDDDDDDo 3 3 7 8 9 CDDDDDDDDDDD4 3 3 >DDD? 3 3 3 3 133R4 3 3 3 R13 3 3 * 0 # CDDDDDDDDDDD4 3 3 3 22K 3 @DDBDDBDDBDDY 3 3 3 >DDDoDDDY 3 3 3 3 3 3 3 3 3 3 3 3 53C3 3 3 C7 .01 3 3 3 @DDDDDDDDDDDDDD4 3 3 >DDDY 3 3 3 43C2 3 3 3 3 @DDDDDDDDDDDDDDDDD4 3 3 >DDDDDDD? 3 3 33C1 3 3 3 3 @DDDDDDDDDDDDDDDDDDDD4 3 3 3 3 @BDDDDDDDDDBY 3 3 3 38 39 3 3 3 @DDXTAL1DDY 3 3 3 3.579MHz 3 3 3 3 @DDEDDDDDDDDDDDDDDDDDDDDDC4 10DDDDDDDDDDDDDDDDDDDDDDDY 3 3 Arm 3 o 3 S1 >DDDDDDDDDDoDDDDDDDDo oDDD? Setup Ground Parts List For The Teleguard Semiconductors U1, U6 LM555CN CMOS oscillator/time, integrated circuit U2 CD4001B quad 2-input NOR gate, integrated circuit U3 CD4017BE decade counter/divider, integrated circuit U4 CD4011B quad 2-input NAND gate, integrated circuit U5 MC145412P pulse/tone reportory dialer, integrated circuit U7 CD4001B or CD4011B quad 2-input NAND gate (optional see text), integrated circuit Q1 2N5401 PNP silicon transitor Q2-Q4 BS170 or equivalent enhancement FET D1-D4, D7, D8 1N4004 1-amp, 400-PIV (or similar) silicon rectifier diode D5 1N5234B 6.2-volt, 0.5-watt Zener diode D6 1N4758A 56-volt, 1-watt Zener diode D9 1N5231B 5.1 volt, 0.5-watt, Zener diode LED1 2-volt, 20-mA, red Light-emitting diode Resistors (All resistors are 1/4-watt, 5% units unless otherwise noted.) R1, R2, R10 100,000-ohm R3, R11 10,000-ohm R4, R5 470,000-ohm R6 100-ohm R7 1-megaohm R8 220-ohm R9 1500-ohm R12 47,000-ohm R13 22,000-ohm R14 1,000-ohm, 2 watt (used in testing only) R15 2.2-megaohms (optional, see text) Capacitors C1 10-fF, 10-WVDC, electrolytic C2 47-fF, 10-WVDC, electrolytic C3 330-fF, 10-WVDC, low-leakage electrolytic C4 10-fF, 50-WVDC, electrolytic C5 2200-fF, 6.3-WVDC, electrolytic C6 0.1-fF, ceramic-disc C7 0.01-fF, ceramic-disc C8 0.1-fF, ceramic-disc (optional, see text) Additional Parts and Materials S1 SPST toggle or slide switch SEN1 Normally open or normally closed sensor switch (see text) SEN2-SEN5 Sensor switch (optional, see text) XTAL1 3.578-MHz, color-burst crystal Printed circuit materials, enclosure, telephone-type 3 x 4 matrix keypad (see text), telephone line cord with modular plug, IC sockets, wire, solder, hardwire, etc. Note: The following parts are available from A. Caristi, 69 White Pond Road, Waldwick, NJ 07463. Etched and drilled PC board, $14.95; U5, $14.95; all other IC's, $2.00 each; Q1, $1.75; Q2, Q3, and Q4, $1.95 each. Please add $3.00 postage/handling. New Jersey residents, please add appropriate sales tax. ------------------------------------------------------------------------------- -=- United Phreaker's Incorporated Magazine -=- Volume Two, Issue Seven, File 10 of 19 Research Experiment #1 Screw U All ----------- Purpose : How many systems one can infect while creating havoc in the BBS local bbs community (WWIV BBS's) Hypothsis : The above will happen.... Materials : 1: Computer 2: Phone line & modem 3: A good collection of virues and utilities 4: A shity local WWIV net 5: An ounce of sense (No pun intened!) Expirment #1: Log onto your local lame WWIV BBS and check out the network getting the numbers to the other bbs that are on the same beg for popularity list. Log onto the other bbs also using some far out cool name like (coff coff Gravity's Rainbow). Leave for validation a LD number most of the time 14 year old kids can't call to validate and they think it is koolaid, ummm no I mean K-Rad awesome have a LD user they can't brag about.. After getting access to the k-rad tranfers section start upload virues that have been Encrypted. May I suggest No-where mans utilities (tm NukE). Name the virues under K-Rad utilities that every lame WWIV sysop wants, I.E. Registration to WWIV, be creative, ususally they will run them. This expirment usually pisses off users also. Expirment #2: * When you finally figure out what the sysops bbsing hours, which by the way is 24 hourz a day cuz they have no life, log onto the BBS and upload "Coff Coff" to directory "gag gag" and hit "ack spu" .....now your in DOS. Look at the results at the end of this expirment list * Expirment #3: Upload under the sysop account a good virus that is not detectable by the current version of scan (Use should had fuck with that too!). Drop to DOS and run the virus. The sysop won't pick it up for awhile, then watch him bitch on the local elite WWIV sysop net. (Hey guys I have seen it ALL! "We must stop him!") Maybe if you are lucky other sysops will donwload stuff from each other and spread diffent viruses to each. For an example upload a good virus like Devils Dance to one sysop and maybe something like Dark Avenger to another and see if they can reinfect each other like homos! Observation: All the sysops in these expirment did all the ABOVE! Conclusion: The first time local lammer can be hit always. They do seem to get a little bit smart as time goes on. If you are a good decker (hacker) then you will always be one step infront of them with tricks. Study Question: 1) Should one run WWIV? NOT! 2) Should one crash a WWIV BBS if one sees one? ALL THE FUKN TIME! 3) Are local nets lame? YES! 4) What is Grim Reapers password on the COVEN? DPT009 5) What is the Ultimate ones password on Anarchy's BBS? WCSPEC 6) What is The LORD HIGH GONZOES voice number? 804-794-3099 7) What is GRIM REAPERS voice line? 804-741-0005 8) How many viruses has GR upload to area BBS's? 7! 9) What were the names of the viruses upload to area BBS's? Dir-2, Devils Dance, Dark Avenger, 1701 Mutantion Engine, 666-B, RNA, 1605 TSR 10) What were the names of trojan uploaded to area BBS's? Gulf 1991, Nice Girl, Ansi Pic's, Duploscan 11) What different handles did GR use to upload all this shit as? Sam Moore, Cold Steal, Lifeguard, The Lord High Warlock, The Ultimate One, Trey Meadows, Anarchy, Mr. Athletic, Biniaca, The Dark Night. True/False 1) WWIV BBS's are kool? FALSE 2) Anarnet is kool? FALSE 3) WWIV is a very secure BBS package? FALSE 4) Your systems are clean of virues? FALSE 5) Lord High Gonzo has a normal size nose? FALSE 6) It's all been fun? TRUE! 7) There are many back doors into WWIV? TRUE! 8) Lord HIgh Gonzo felt stupid when he saw me fucking up his BBS under his account? VERY TRUE! 9) Knowone knows who Gravity's Rainbow is? TRUE! 10) Gravity's Rainbow really fucked up BBS disneyland for Richmond? TRUE! ! -*-This is a very good example of what you can get when you drop to DOS! ! Thanx High Lord Gonzo for the donation of your bbs for this experiment LHW user list is also my GREETINGS!! Name: The Lord High Warlock #1 RN : God PH : 804-794-3099 Age : 16 M PW : STAFF SL : 255 DSL=255 SySu: 0 Exem: 255 AR : ABCDEFGHIJKLM OP DAR : ABCDEFGHIJKLMNOP Name: Gravity's Rainbow #1 1/2 <=--Thats me!! RN : William Gibson PH : 804-343-3227 Age : 7 N/A *** KEEP LOOKING DOWN! *** PW : LICKME Note: :) Hi! Just wanted an account here! ! ! SL : 255 DSL=255 ! SySu: 0 ! Exem: 255 ! AR : ABCDEFGHIJKLMNOP ! DAR : ABCDEFGHIJKLMNOP ! ! ! ! ! ! ! Name: Changeling #2 ! ! ! RN : Co-God ! ! ! PH : 804-323-0377 ! ! ! Age : 16 M ! ! ! PW : ELEKTRA !!! ! SL : 255 DSL=255 Exem: 255 AR : C MNOP DAR : ABCDEFGHIJKLMNOP Name: Vanguard #3 RN : Chris Refvik PH : 804-794-9419 Age : 16 M PW : CAPDT SL : 60 DSL=60 Exem: 255 AR : P DAR : P Name: Archangel #4 RN : Marc Godbolt PH : 804-741-2419 Age : 16 M PW : WARLOCK SL : 255 DSL=255 Exem: 255 AR : A M P DAR : ABCDEFGHIJKLM P Name: Thanatos #5 RN : john PH : 804-794-3099 Age : 14 M PW : DEATH SL : 150 DSL=150 Exem: 255 AR : ABCDEFGHIJKLMNOP DAR : ABCDEFGHIJKLMNOP Name: Anarchy #6 RN : stuart long PH : 804-353-8377 Age : 15 M PW : ACTOR Comp: IBM 80386 SL : 50 DSL=200 AR : P Name: Genghis Khan #7 RN : David Branch PH : 804-379-1958 Age : 15 M PW : GRANDAD SL : 30 DSL=30 Name: Ouroborus #8 RN : Ken Underwood PH : 804-794-2483 Age : 17 M PW : IAM GOD SL : 60 DSL=255 Exem: 255 DAR : ABCDEFGHIJKLMNOP Name: Reddevil #9 RN : fredrik astrom PH : 804-794-2679 Age : 17 M PW : ASSS Name: Bianca #10 RN : Jennifer McGrath PH : 804-272-2841 Age : 16 F PW : ROSE SL : 60 DSL=60 Name: The Immortal #11 RN : Brennan Maynard PH : 804-794-6460 Age : 14 M PW : 1QAZ SL : 50 DSL=30 AR : D Name: Yoho Yip #12 RN : Eric Wirt PH : 804-744-2176 Age : 15 M PW : REMEMBER SL : 255 DSL=255 Exem: 255 AR : M P DAR : ABCDEFGHIJKLM P Name: Darkling Lord #13 RN : Leon Mays PH : 804-739-2654 Age : 15 M PW : DRUID SL : 255 DSL=60 SySu: 0 AR : P DAR : P Name: Megadeath #14 RN : Brian PH : 804-739-4161 Age : 15 M PW : ???? SL : 40 DSL=40 AR : P DAR : P Name: Steel Viper #15 RN : Josh PH : 804-379-8980 Age : 15 M PW : DUDES SL : 50 DSL=50 Name: Cutter John #16 RN : Shawn Musick PH : 804-323-1041 Age : 19 M PW : RUNES SL : 100 DSL=100 Name: Shade #17 RN : Joe Grau PH : 804-794-6021 Age : 17 M PW : SNARF SL : 100 DSL=100 Name: Mr. Athletic #18 RN : Michael Sellers PH : 804-264-1432 Age : 26 M PW : MIAMI SL : 70 DSL=70 Name: Bladerunner #19 RN : Aaron Freeman PH : 804-598-4523 Age : 16 M PW : PENNY SL : 40 DSL=40 Name: Peter Martin #20 RN : peter martin PH : 804-794-3360 Age : 16 M PW : 4YDDIC SL : 80 DSL=80 Name: The Beast From The East #21 RN : Steven Manson PH : 804-598-2514 Age : 19 M PW : REVVER Comp: Commodore SL : 30 DSL=30 Name: Lazy Dragon #22 RN : David Caran PH : 804-272-0377 Age : 13 M PW : QAWSZZ SL : 40 DSL=40 Name: Ali #23 RN : Justin Toney PH : 804-285-7050 Age : 15 M PW : 87264 SL : 20 DSL=20 Name: The Messiah #24 RN : andrew PH : 804-285-4712 Age : 19 M PW : QUORUM SL : 110 DSL=110 AR : P DAR : P Name: Grim Reaper #25 RN : Seth Rosenthal PH : 804-741-0005 Age : 25 M PW : DPT009 SL : 90 DSL=90 Name: Michael Wallstreet #26 RN : Andy Brocato PH : 804-794-3853 Age : 16 M PW : HOGAN SL : 40 DSL=40 AR : P DAR : P Name: Universal Mind #27 RN : wells oliver PH : 804-379-6444 Age : 14 M PW : COVER SL : 30 DSL=20 Name: Wood Rat #28 RN : Charles Justice PH : 804-744-1647 Age : 44 M PW : KADY SL : 10 DSL=5 Name: Der Blitzkrieger #29 RN : peter hluchan PH : 804-379-1810 Age : 16 M PW : ANNE SL : 30 DSL=30 Name: Chester The Child Molester #30 -What a sick name!! **STOP**!! RN : STEVE NIXON PH : 804-323-1423 Age : 18 M PW : BITCHES SL : 251 DSL=250 Name: Shwoog #31 RN : walied mahmoud PH : 804-346-8571 Age : 24 M PW : SILVER SL : 110 DSL=60 AR : P DAR : P Name: Dragonbane #32 RN : Chris Box PH : 804-739-4931 Age : 15 M PW : HELLO SL : 30 DSL=30 Name: Josh Upton #33 RN : JOSH UPTON PH : 804-379-9330 Age : 13 M PW : FUCK SL : 30 DSL=30 Name: Ric Flair #34 RN : Richard Anderson PH : 804-794-9319 Age : 18 M PW : STORMBBS SL : 30 DSL=30 Name: Wok With Yan #35 RN : Allen Saunders PH : 804-739-0488 Age : 15 M PW : KUMQUAT SL : 20 DSL=10 Name: Trenchcoat #36 RN : Keith 'CPU505' Tims PH : 804-323-5813 Age : 23 M PW : BADGER SL : 120 DSL=30 Name: Seth #37 RN : seth PH : 804-741-0005 Age : 24 M PW : TEST SL : 10 DSL=5 Name: Mr. Private #38 RN : Derek Durkovic Call: KA5MLD PH : 804-379-9808 Age : 17 M PW : MANTRA SL : 90 DSL=90 AR : P DAR : P Name: Hawkeye #39 RN : Kyle Salus PH : 804-272-0736 Age : 16 M PW : CERIC SL : 60 DSL=30 Name: Richie Rich #40 RN : RICH FRIEDBERG PH : 804-378-8602 Age : 12 M PW : RICH SL : 30 DSL=30 Name: Punisher #41 RN : J.M. UPTON PH : 804-379-9330 Age : 11 M PW : RAD Comp: IBM 80386 SL : 30 DSL=10 Name: Harlequin #42 RN : Mike Carroll PH : 804-379-2739 Age : 16 M PW : DREAMER SL : 70 DSL=255 DAR : C *** HEY RIGHT HERE!! *** Name: The Avatar #43 RN : John Petty PH : 804-744-5822 Golly good chomp! Age : 15 M PW : GRAVE SL : 30 DSL=30 Name: Sean Braudrick #44 RN : Sean Braudrick PH : 804-598-3668 Age : 22 M PW : GOLF SL : 30 DSL=70 Name: Kal Zakath #45 RN : God part II PH : 804-794-3099 Age : 16 M PW : GARION SL : 255 DSL=255 <--- Come on SYSOP this is stupid!! **STOP** Name: Bill Mcintosh #46 RN : Bill McIntosh PH : 804-598-5581 Age : 35 M PW : R99959 SL : 30 DSL=30 Name: Troll #47 RN : Joe Blackburn Where did this guy come from! PH : 804-794-3261 Age : 17 M PW : PEACE SL : 40 DSL=40 Name: Baphomet #48 RN : kris norris PH : 804-739-6955 Age : 13 M PW : PRINCE SL : 5 DSL=0 Name: Davey Allison #49 RN : Kendall Biggs PH : 804-598-5426 Age : 15 M PW : Q94WRVQ SL : 30 DSL=30 Name: Sdasd #50 RN : Jonathan Youngblood PH : 804-323-6700 Age : 18 M PW : NCC-1701 SL : 30 DSL=30 Exem: 1 Name: Ted Bundy #51 RN : Michael Beaman PH : 804-378-0970 Age : 13 M PW : ACE SL : 40 DSL=40 AR : P DAR : P Name: Mike Dude #52 RN : MIKE MURPHEY PH : 804-794-3582 Age : 12 M PW : FUN Comp: IBM 80386 SL : 30 DSL=30 Name: Traveler #53 RN : james quigley PH : 804-744-7261 Age : 16 M PW : JFDK7B SL : 70 DSL=60 Name: Jeff Leach #54 RN : JEFF LEACH PH : 804-379-5959 Age : 12 M PW : JEFF SL : 30 DSL=30 Name: Berek Halfhand #55 RN : kenneth bader PH : 804-768-1257 Age : 37 M PW : 2315KB1 SL : 80 DSL=60 Name: J.L. #56 RN : J.L.HARRIS PH : 804-598-3234 Age : 34 M PW : LIGHT SL : 40 DSL=40 Name: Michelle Leach #57 RN : michelle leach Call: 379-59 PH : 804-379-5959 Age : 15 F PW : 8NDSET SL : 70 DSL=60 Name: Musicman #58 RN : Stephen Wright PH : 804-353-2550 Age : 19 M PW : CHORUS SL : 40 DSL=40 Name: Bman #59 RN : Brian Mueller PH : 804-580-4448 Age : 17 M PW : SIR1112 SL : 30 DSL=30 Name: A Shadow In The Darkness #60 RN : roger PH : 000-0012 Age : 91 M PW : FUCK123 SL : 0 DSL=0 Name: Dribble Warrior From Vaporlock #61 RN : David DeWell PH : 804-330-5762 Age : 18 M PW : DESTRUCT SL : 60 DSL=40 Name: David Lee #62 RN : david lee PH : 804-346-0214 Age : 15 M PW : TAIWAN SL : 40 DSL=40 Name: Ultimate One #63 RN : Mike Davis PH : 804-744-6045 Age : 13 M PW : WCSPEC <----------*** USES THIS PASSWORD EVERYWHERE *** SL : 50 DSL=30 Name: Payton #64 RN : payton Call: TURBO PH : 804-672-2727 Age : 12 M PW : OCNFVZ SL : 0 DSL=0 Name: Stocking Cap #65 RN : TOMMY STOVER PH : 804-744-5788 Age : 14 M PW : SK8R SL : 10 DSL=0 Name: Rad Wrecker #66 RN : keith PH : 804-379-2710 Age : 18 M PW : PUZZY SL : 90 DSL=90 AR : P DAR : P Name: Dream Weaver #67 <---- Like the handle! RN : George P. Medows III PH : 804-794-1524 Age : 21 M PW : ADMIRAL SL : 30 DSL=30 Name: Blue Lightning #68 RN : Jeff Ludden PH : 804-794-3220 Age : 13 M PW : 10-23-78 SL : 30 DSL=30 Name: The Destroyer #69 RN : David Ahn PH : 804-745-2862 Age : 22 M PW : DESTROY SL : 30 DSL=30 Name: Kai #70 RN : Steffen Rau PH : 804-276-4586 Age : 15 M PW : KDTUH5 SL : 30 DSL=30 Name: Tomboy #71 RN : Karen Derrick PH : 804-794-6424 Age : 14 F PW : TOMMY SL : 30 DSL=30 Name: Akira #72 RN : Steve Bryant PH : 804-282-7138 Age : 15 M PW : TRI SL : 30 DSL=30 Name: Thoth #73 RN : paul hunting PH : 804-744-2928 Age : 15 M PW : THOTH SL : 30 DSL=30 Name: Hannibal Lecter #74 RN : Joe Turfle PH : 804-379-0727 Age : 17 M PW : DEKOONIN SL : 100 DSL=200 Exem: 255 Name: The Sentinel #75 RN : David Ciampa PH : 804-744-2850 Age : 15 M PW : MEEKS SL : 50 DSL=50 Name: Ragin Cajun #76 RN : matt thomas PH : 804-644-8726 Age : 22 M PW : FVCG12A SL : 90 DSL=90 AR : P DAR : P Name: Z-Man #77 RN : michael reid PH : 804-674-5783 Age : 13 M PW : STEMPELT SL : 30 DSL=10 Name: Stormchild #78 RN : Jonn Hartford PH : 804-794-1908 Age : 16 M PW : NIRVANA SL : 0 DSL=0 Name: Zaphod #79 RN : Matt PH : 804-744-5215 Age : 15 M PW : SQUIGGLE SL : 30 DSL=30 Name: Michael Myers #80 RN : Bill Carter PH : 804-794-5172 Age : 15 M PW : BASEBALL SL : 30 DSL=30 Name: Lobo #81 RN : John Taylor PH : 703-694-3293 Age : 13 M PW : JLOB SL : 0 DSL=0 Name: Windsurfer #82 RN : seth vidal <--- Ur time is going to come MILO MEADOW!! PH : 804-744-7084 GODDAM how lame can this get!! Age : 15 M PW : HUH SL : 40 DSL=255 DAR : ABCDEFGHIJKLMNO Name: Zoltan Kocsis #83 RN : Fredrick Astrom PH : 804-794-2679 Age : 17 M PW : DMINOR SL : 30 DSL=30 Name: Blade #84 RN : Jim PH : 804-740-4106 Age : 17 M PW : LAUDERDA SL : 30 DSL=30 Name: Romulus #85 RN : Matt Grainger PH : 804-282-3731 Age : 15 M PW : NERO SL : 30 DSL=30 Name: Astro Man #86 <--- Anarnet doesn't like you pal! RN : Jody PH : 804-741-2956 Age : 15 M PW : DEATH SL : 0 DSL=0 Name: Damocles #87 RN : Daniel Broxon PH : 804-794-3063 Age : 16 M PW : RIFFRAFF SL : 60 DSL=60 Name: Black Dragon #88 RN : James Convy PH : 804-748-4930 Age : 17 M PW : MINE SL : 40 DSL=40 Name: St.Thomas #89 RN : Brent Robinson PH : 804-744-5579 Age : 14 M PW : SPRAY SL : 30 DSL=30 Name: Unicorn #90 RN : NICOLE GALLUB <---I ready for a ride Call: UNICOR PH : 804-739-1257 Age : 13 F PW : RONKONKA SL : 40 DSL=40 Name: Beethoven'S Son #91 RN : keith abbott PH : 804-272-9385 Age : 23 M PW : WOOF SL : 60 DSL=40 Exem: 255 Name: Enterprise #92 RN : David Meacham PH : 804-323-6700 Age : 15 M PW : NCC-1701 SL : 60 DSL=60 Name: The Outlaw #93 RN : Jennifer C. Outlaw PH : 804-748-7794 Age : 21 F PW : RUINS SL : 30 DSL=30 Name: Scott Parker #94 RN : scott parker PH : 804-320-0838 Age : 15 M PW : HEIDI SL : 30 DSL=30 Name: Heavy Metal #95 RN : Daniel PH : 804-744-3429 Age : 14 M PW : 00HLC3 SL : 30 DSL=30 Name: Worm Rider #96 RN : brad powell PH : 804-741-2958 Age : 20 M PW : BMW2002 SL : 30 DSL=30 Name: Terminator X #97 RN : Tommy Stover PH : 804-744-5788 Age : 15 M PW : HAVEPHUN SL : 30 DSL=60 Name: Cat Lover #98 RN : samantha winters PH : 804-740-4768 Age : 21 F PW : SCRUFFY SL : 40 DSL=40 Name: Cutter #99 RN : John Randel PH : 804-744-7554 Age : 16 M PW : PHREND SL : 60 DSL=60 Name: Fastjack #100 RN : Steve Williams PH : 804-730-1805 Age : 23 M PW : DRQHV6 SL : 60 DSL=60 Name: Voodoo Child #101 RN : Nathan DeBard. PH : 804-741-3292 (Good size butterball!) Age : 15 M PW : STONED SL : 60 DSL=60 Name: The Kayzzer #102 RN : Zach Wily PH : 804-744-3546 Age : 15 M PW : NP10 SL : 40 DSL=40 Name: Roy Mcleod #103 RN : Roy mcleod PH : 804-330-2500 Age : 27 M PW : URPBK1 SL : 30 DSL=30 Name: Slightly #104 RN : Dale Rutledge PH : 804-744-8194 Age : 13 M PW : WEATON SL : 30 DSL=30 Name: Scubaman #105 RN : Robert Alexander PH : 804-379-8338 Age : 18 M PW : SCUBA SL : 50 DSL=50 Name: Elorgphzx 137 #106 RN : david heise PH : 804-737-6036 Age : 15 M PW : MR. OG SL : 40 DSL=20 Name: Dancing Bear #107 RN : charlie robinson PH : 804-261-4521 Age : 39 M PW : 1211 SL : 40 DSL=30 Name: Lord Terminator #108 RN : Louis Nguyen PH : 804-745-9741 Age : 14 M PW : CRAZY SL : 50 DSL=50 Name: Brook Hughes #109 RN : brook hughes PH : 804-794-4141 Age : 16 M PW : VIKING SL : 10 DSL=0 Name: Aardvark #110 RN : Danny Freer PH : 804-285-7034 Age : 15 M PW : COVOPUS SL : 40 DSL=40 Name: Hitman #111 RN : Joe Wilkerson PH : 804-739-8358 Age : 13 M PW : RYAN SL : 40 DSL=40 Name: Mexican Seafood #112 RN : lillian lai PH : 804-794-1908 Age : 17 F PW : SEAFOOD <---------------------** HOW ORGINAL!! Lamers are like Viruses they mutliply! SL : 50 DSL=40 Name: Grimalkin #113 RN : Mike PH : 804-744-5254 Age : 16 M PW : MACBETH SL : 40 DSL=30 Name: Ka0sman #114 RN : ralph machioo PH : 804-794-4238 Age : 13 M PW : XXXXX SL : 0 DSL=0 Name: Dark Prophet #115 RN : David Ciampa PH : 804-744-2850 Age : 15 M PW : FLOOD SL : 60 DSL=40 Name: Darth Vader #116 RN : Brad Howell PH : 804-740-2958 Age : 20 M PW : CITATION SL : 0 DSL=0 Name: Crescendo Man #117 RN : Jeff Dean PH : 804-744-3087 Age : 15 M PW : WIERD SL : 50 DSL=50 Name: Floyd The Barber #118 <--Your not in acid pal!! RN : nick PH : 804-794-1908 Age : 15 M PW : LUSH SL : 30 DSL=30 Name: Blarney #119 RN : David DeWell PH : 804-560-4820 Age : 18 M PW : CHIQUITA SL : 40 DSL=30 Name: Merlin #120 RN : martin parece PH : 804-320-4772 Age : 14 M PW : HACK ME SL : 0 DSL=0 Name: Yin #121 RN : Katey Knox PH : 804-358-7579 Age : 22 F PW : ELEANOR SL : 40 DSL=30 Name: Snow Monkey #122 RN : Macon F. Furr PH : 804-745-8268 Age : 15 M PW : JESUS SL : 30 DSL=30 Name: Orion #123 RN : Kyle Salus PH : 804-272-0736 Age : 16 M PW : CERIC SL : 60 DSL=30 Name: Starsong #126 RN : Jim James PH : 804-458-0281 Age : 26 M PW : G2MJ80 SL : 40 DSL=20 Name: Teth Ikarin #127 RN : James Bryce Howell PH : 804-768-7645 Age : 17 M PW : 11ZULU SL : 50 DSL=30 Name: Lao-Tzu #128 RN : Brian Knox PH : 804-358-7579 Age : 21 M PW : WUWEI SL : 40 DSL=40 ------------------------------------------------------------------------------- -=- United Phreaker's Incorporated Magazine -=- Volume Two, Issue Seven, File 11 of 19 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= From Whom The Bells Toll By The Lost Avenger/UPi =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Well guys I originally saw this article in the Forbes Magazine, August 3, 1992 edition. (Thanks go to Digital Justice for telling me about this article). Anyways I read through it and thought it was a total scream. Some of the things they said in it are so crazy I couldn't believe my eyes. Take a look for yourself and see what you think about it. This article pissed me off so much I think people should write this author of this article at Forbes Magazine and let him know how stupid the article really is. Anyways if you want to write Forbes Magazine here is the address: Forbes Incorporated, 60 Fifth Avenue, New York City, New York 10011. Oh yeah by the way this article is originally written by William G. Flanagan & Brigid McMenamin. This article was reproduced without permission (like you really give a flying fuck). "There are two kinds of (phone) customers: those who have been victims of tool fraud, and those who will be." -James Snyder, Secret Service Lawyer Turned MCI Lawyer. It's every executive's nightmare; One day you call your office and the phones don't work. In October it happened to Mario Ceste, president of Interplex Electronics, Inc. in New Haven. Interplex, like many companies today, lives by its 800 number, used by customers to make inquiries and place orders. Ceste was away in Dallas and called his home office on the 800 line. He got repeated busy signals. This was serious. Ceste called on another line to find out what was wrong. (TLA: Must be a cheap company, sounds like they only have one 800 line.) But the folks in sales insisted nobody was on the 800 line. At first neither AT&T nor the local company, Southern New England Telephone, could find anything wrong. Finally, a SNET repairman monitored the 800 line and heard people speaking Spanish and talking to faraway places. Interplex had been hacked. (TLA: No fucking kidding!) By the time the problem was fixed, the $6 million (revenues) company was struck with over $2,000 in bogus 800 calls and another $15,000 in long distance charges. (TLA: Serves these idiots right.) Worse, Ceste figures at least 100 customers couldn't reach the company with their orders. (TLA: Ah, poor baby.) He can't quantify how much business he lost. Interplex is hardly unique. The list of phone fraud victims includes giants customers like American Express, IBM, Procter & Gamble and large government agencies, right down to mom-and-pop businesses. Here are just a few recent victims; Avnet, Inc. (over $500,000), the Drug Enforcement Agency (reportably $2 million) and the U.N. ($1 million). And NASA confirms that it also fell victim to a toll fraud - outside estimates put the cost as high as $12 million - before it wised up to what was happening to taxpayers' money. What about recent reports that telephone toll fraud is now under control? The reports are at best premature. (TLA: You can say that again.) Telecommunications technologies are changing rapidly; every innovation creates new opportunities for the fraudsters. As Alfred C. Sikes, chairman of the Federal Communications Commission, said recently; "Without active work by all participants, the (toll fraud) problem can and will get worse as fraud migrates from one technology to another." Who are the culprits? Organized crime and drug dealers are the bug league telecrocks. (TLA: Not! These guys don't know the computer underground that well I guess. Oh well back to the article.) They cannot risk having their phone calls tapped or traced, so they use other people's numbers. Preferably numbers stolen from a major corporation or huge government agency, where it will take a while for the fraud to be noticed. The Drug Enforcement Agency still blushes over the fact that telecrooks got hold of its remote access number in Houston in 1989 and used it for almost 18 months. According to Toll Fraud and Telabuse, a study of the problem by John J. Haugh and others, the crooks rang up about $2 million in bogus charges, and a lot of those calls were made to drug exporting countries. The tab was paid by taxpayers. How does this pervasive and spreading racket work. Professional criminals swipe numbers in a variety of way. They bribe or intimidate telephone company employees or company insiders familiar with the phone system. In 1991 a Sprint supervisor in New York pleaded guiltily to selling up to 50 access codes a day to supplement his salary. The lucre is certainly tempting: The street price for a hot credit card number is $50 to $100. These numbers are good for only a day or so, before telephone company computers block additional calls. (TLA: Credit cards well don't they mean calling cards? The regular ones can last for only a couple days but it depends on how virgin the card is. The less people who have the card the longer it will last. But on the other hand the corporate cards can last anywhere from 2-3 months and maybe even longer but then again it depends on how many people have the card.) But the big money is in remote access number, which could have a shelf life of a month or more before shut down. Access codes can sell for as much as $10,000. Criminals also get numbers from "dumpsters divers," who root around in company garbage for buried treasure - such as 800 numbers and access codes. Organized crime is into technology, too, and pays technocrooks up to $10,000 per week to crack telephone systems with their computers, to pluck cellular telephone numbers from the airwaves or to alter the chips in cellular phones to charge illicit calls to unsuspecting customers. It's estimated that as many as one-third of all cellular phone calls place in the New York City area are fraudulent. Hackers will even sneak into voice-mail systems, where they can operate undetected for months and be as hard to get rid of as cockroaches. Meanwhile, fraud bills mount. At pay phones in cities like New York, Chicago and Los Angeles, you often see lines of immigrants at streetside pay phones. Is there a shortage of phones in these neighborhoods? No. The folks are queuing up to fork over $10 to $30 to call-sell operators, who will punch in a stolen access code or credit card number, (TLA: Calling card?) then dial the customer's overseas party. For the immigrants it's cut-rate telephoning, for the sellers of the numbers an illegal but lucrative business. In New York, a call-sell operator can rake in $1,000 a day. "There are neighborhoods in Brooklyn and the Bronx where the call-sell operator is the local phone company," notes John Haugh, a telecommunications lawyer and consultant based in Portland, Ore. Some immigrants know of no other way to call home. Perhaps the most daring call-sell operation on record was the so-called Coconut Connection case in 1988. Based in Honolulu, the operators sold long distance service at a discount to businesses and individuals throughout the US. The thieves claimed they were merely reselling "excess" long distance service purchased from other companies. The crooks sent out new access codes to their customers every few days. Unbeknownst to the customers, these numbers were stolen. (TLA: Yawn!) The Secret Service finally shut the operations down, arresting 20 people and seizing 12 computer systems and 3,500 stolen access codes. That operation alone accounted for $125 million in fraudulent call annually. Petty thieves get in the act, too. "Shoulder surfers" hang around bus, train and airline terminals in major cities and spy on people making long distance calls with credit cards or remote access numbers. With the help of binoculars or video cameras, or just good eyesight, they snatch the numbers and rapidly pass them along to call-sell operators or other crooks. There are now so many shoulder surfers and call-sell operators plying their trade in New York City bus and train stations that AT&T, Sprint, MCI and New York Telephone have blocked international calls from pay phones in the Port Authority Bus Terminal and from pay phones in other parts of the city where call-selling is commonplace. (TLA: Well up here in this part of Canada you can any international calls from any payphone no matter where you are. I am not sure how much of Canada has this restriction but I know this is true in Ontario and Quebec.) Shoulder surfing and call-selling are popular underworld pastimes not only because they are lucrative but also because apprehension is rare. Local police, the FBI and the Secret Service - which have jurisdiction over long distance telephone fraud - have other things to so. And under existing laws conviction is very difficult, anyways. The few perpetrators who are caught red-handed in expensive, time-consuming stings usually pay small fines and walk. But criminals, drug dealers and terrorists, who couldn't communicate without it, aren't the only ones committing telephone fraud. Computer hackers make their their bones - and get their sick jollies - doing it. They can do even more damage than professional telecrooks. (TLA: What a fucking joke. Yeah right I get my fucking jollies committing telephone fraud. I do it cause the fucking cost of calling long distance is so god damn expensive. If the price of long distance calling where much cheaper I sincerely believe their wouldn't be any telephone fraud committed.) Witness the horror show experience by International Data group, Inc., a $770 million (revenues) publisher and trade show operator. (Among its titles are Network World, PC World, GamePro and Computer World.) Once day in September 1990 virtually all 200 employees at IDG's Peterborough, NH office found that their voice mailboxes had been rifled. Their normal greeting had been replaced with funny voices or gibberish, and their messages had been erased and replaced with vulgar messages and even bomb threats. (TLA: Sounds like what I did to Logitech Mouse down in Southern California.) It took almost a full day to straighten out the mess. But it kept on happening for weeks. Some days IDG couldn't even use its voice mail at all. It estimates it lost $2.4 million in business. "It was an absolute nightmare," says Jane Creighton, corporate director of telecommunications at IDG. The culprits turned out to be a pair of teenage boys from New York's Staten Island, miffed at IDG because a poster they'd ordered through GamePro magazine had never arrived. They got slaps on the wrist from authorities. If your company has a plain vanilla PBX system, there are untold numbers of telecrooks out there who can easily crack your system. How? Most PBX systems offer direct inwards systems access (DISA), which enables travelling employees to call the home office, punch in a code and make long distance calls cheaper than with a credit card. Once you know the code, you can use the business telephones as if you were sitting in one of the company's executive offices. To figure out the codes, telecrooks use autodialers, widely available for $29. (TLA: Bullshit, you can get a autodialer from any underground BBS for virtually free and there are so many different ones to choose from. These people who wrote the article haven't a clue on what they are talking about.) Says Bob Fox, assistant vice president of corporate security for Sprint, "If your company has a remote access feature in your PBX, it is almost certain that someone, somewhere, at some time, will try to steal your service." Most PBX victims say they didn't even know they had remote access capability and had never used it themselves - until it was used to defraud them. That's what Salt Lake City-based Christensen Boyles Corp. days happened when the company was hit with $212,000 in toll fraud in 1991. Now the crooks are migrating into other area, learning how to swipe long distance service through automatic attendants and call diverters and also how to create mayhem via voice-mail systems. It's child's play for the computer-savvy. (TLA: Yup, I know the feeling of screwing a company over good.) The tab for all this fraud is horrendous - nearly $4 billion a year and building. AT&T, in its most recent annual report to the FCC, listed $1 billion in uncollectible charges, a substantial amount the result of fraud. Individuals, as distinct from businesses, are liable for only $50 worth of charges for illicit calling card calls, even if thousands of dollars' worth of calls are stolen. But businesses aren't so protected unless they are using calling cars. Business customers who are defrauded through their own switching equipment, such as the commonplace PBX systems, are held accountable for the calls. Once, before deregulation, AT&T then the only major long distance carrier, could simply eat fraud charges and then include them in its rate base - every customer simply paid a bit fraud charges and then include them in its rate base - every customer simply paid a bit more for service. Now business customers are expected to pay. Average fraud bill: $90,000 per hit, according to consultant Haugh. Local phone companies wash their hands of the problem completely. "If an armored car is robbed on the highway, you can't hold the highway department responsible," argues a Bell-South spokesman. So far, the courts and the Common Carrier Bureau of the Federal Communications Commission have backed the carriers in refusing to absorb the losses. How vulnerable is your own system? In all likelihood, very. "Most users aren't even aware of toll fraud, but the sad truth is that it's virtually certain that every large user either has been hit or will be hit sometime in the future," notes Haugh. "No system is 100% hacker-proof," warns Sprint's Fox. "Managers who think otherwise are frequently taught a costly lesson." When business customers get hit with the charges for fraudulent use of their PBX systems, they often balk at paying the bill. That usually means arguing with AT&T, which has about 63% of the long distance business in the US and, according to Haugh, bills about 80% of the PBX fraud. In some cases AT&T will offer some sort of compromise to ripped-off customers. But it continues to insist that the customer, not AT&T, is responsible. "The truth remains that the customer is the only one who can detect and eliminate all fraud, because the customer alone knows what calls are authorized or unauthorized," notes Richard F. Hope, senior attorney for AT&T. Right now all eyes are on a lawsuit brought by Mitsubishi against AT&T. Mitsubishi, which got hit with a bogus $430,000 bill in 1990, not only refused to pay the bill but also sued AT&T for $10 million, on the grounds that AT&T knew its PBX system was vulnerable to fraud but had failed to warn the customer or to move quickly once that fraud surfaced. If Mitsubishi wins, other victims of PBX fraud will doubtless hop on the bandwagon. In May Representative Barney Frank (D-Mass.) introduced a bill that would forbid long distance carriers to charge state and local governments for toll fraud unless users were negligent in the operation of their phone equipment. AT&T has finally steeped up security and has begun warning customers of the growing severity of the problem, in stern language: "Hackers. Phone phreaks. Petty criminals. Whatever you call them, they can cost your company big dollars in unauthorized long distance charges - and worse, in disruption of business operations," a recent AT&T brochure that preventing PBX fraud is the customers' problem. What about the other major carriers? Sprint has taken fraud seriously and has been able to slash its customers' PBX fraud charges by monitoring their systems more closely. MCI, too, is stepping up such efforts. Their problems are not as acute as AT&T's, of course. Unlike AT&T, they don't sell equipment and have fewer customers to monitor. Further, as new kids on the block reluctant to upset customers, they are more flexible about payment for fraudulent calls. So far Sprint has not sued to collect, and MCI offers customers a flat 30% off the cost of fraud calls for a first-time event. But the best strategy for long distance business customers, of course, is to make their own systems harder to crack. To make your system less vulnerable to PBX fraud: o Restrict long distance and international calling. (Especially if you seldom or never call the Caribbean or drug-exporting countries such as Pakistan and Colombia, for example.) o When installing or upgrading your PBX system, always ask the installer about its vulnerabilities and how to configure the system to best protect yourself. Don't accept risky features like Remote Access or External Call Forwarding unless you really need them. If you do, restrict or prohibit their use after hours and on weekends, when hackers attack and call-sell operators and telecrooks cash in on purloined numbers. o Don't rely on default passwords or default access numbers. Hackers know them. (TLA: No shit!) Use long, random numbers and change them often. o Explore ways to protect your remote maintenance port. Remote maintenance lets the serviceman monitor and fix your phone system without a trip to your office. But it also lets crooks disable and even take over your entire phone system. MCI special counsel James Snyder says this is "the number one problem facing business today." One possibility: Use a callback modem. o Monitor call detail records, and consider adding software that catches signs of hacking and alerts the systems operator right away. A few examples: Teltrol Systems' Fraud Finder, Phone Plus' Ultimate Fraud Detection Module and Moscom Corp.'s HackerTracker. o Read up on the subject. Two good sources: Toll Fraud and Telabuse, by John J. Haugh and others, $270 (call 1-800-435-7878); Voice Processing System Security, by Tom Fermazin and Marc Robins, $295 (call 212-614-9842). o Consider telefraud insurance, just introduced by Sprint and about to be introduced by AT&T. It's expensive and limited, and doesn't cover you against business losses if hackers paralyze your system. Only the bogus phone charges are covered. But it can save you from horrendous fraud charges. Sprint's plan limits your fraud liability to $25,000, provided your beef up your security. Cost? for a typical company with ten PBX locations, $1,000 to sign up and $1,000 a month after that. So far, roughly 40 major companies have inquired about the plan. AT&T recently responded with two similar plans. The first one limits your liability to $12,500 if you catch the fraud, $25,000 is AT&T catches it. A typical company with ten PBX locations would pay a $1,200 sign-up fee and $1,200 a month. If your company agrees to taken even tighter security measures, AT&T will relieve it of all liability for toll fraud. For that protection, the cost is a $2,250 sign-up free and $3,000 a month for a typical customer. But make no mistake about it: As the crooks become more expert in the rapidly changing telecommunications technologies, telephone toll fraud will get worse before it gets better. For sale: phone-phreaking tools From his remote outpost in Alamogordo, NM, John Williams makes a nice living telling hackers how to rip off phone and computer systems. Williams says he brings in about $200,000 a year in publishing books on everything from credit card scams and cracking automated teller machines to electronic shoplifting, cellular phone phreaking and voice mailbox hacking, each costing $29 to $39, and each complete with precise instructions. he even sells Robofones, which save hackers from doing a lot of dialing while they steal access codes. Isn't what he does illegal? Perhaps it should be, but it isn't Wrapping himself in the First Amendment, Williams is a member in good standing of the Alamogordo Chamber of Commerce and the New Mexico Better Business Bureau. He thumbs his nose at companies and authorities that would like to make him stop selling such secrets. "We don't promote fraud," he insists. "It's all sold for educational purposes only. If we didn't publish the information, it would still be out there." But last year Williams got a visit from the Secret Service, which was following up on a telephone fraud case in which one of his publications figured prominently. In Gainesville, Fla., in November 1990, two young men were locked up by police for hacking into voice-mail systems and then making calls to 900 numbers. One of the pair, known as the Shark, then 20, confessed to the crime but said he was on assignment for Williams' Consumertronics publication. The culprits could have been given five years on the fraud charge alone. But the victims didn't want any publicity, so the state them do 50 hours of community service instead. The Secret Service went to talk to Williams. Williams assured agent James Pollard that he'd never told the Shark to do anything illegal. nevertheless, says Williams, the agent implied that Williams and members of his gamily who work for him might be prosecuted for publishing voice-mail access codes. In the end, no charges were filed against Williams, who admits he has a thing against big business, especially the phone companies. "For decades, they financed right-wing regimes in Latin America," he rants. It's a crazy world, that of the telephone toll fraudsters. ------------------------------------------------------------------------------- -=- United Phreaker's Incorporated Magazine -=- Volume Two, Issue Seven, File 12 of 19 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= The Hacker Hood By The Lost Avenger/UPi =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Well guys it look's like Forbes Magazine has published another article about hacking & phreaking just recently. (Not sure exactly what the date that this article published on. But really I don't give a fuck and I don't think you would either). I read through it and it was just lame as the last article that was published, which made me decide to re-type it out for the magazine. So here it is. Take a look at it and check it out for yourself and decide for yourself if these two articles are really that lame. And once again this article was re-typed with permission. (Yeah, like I would really waste my tim in getting permission). Special thanks go out to Major Thrill for telling me about this article. Without him this article would have never been published. Computer crimes committed by a new generation of hacker hoods might cost anywhere from $500 million to $5 billion a year. (TLA: Really now? No fucking kidding.) Whatever the number, it's clear that a computer crime wave is reaching epidemic proportions. "The playground bullies are learning how to type" By William G. Flanagan and Brigid McMenamin Leonard Rose, a 33-year-old computer consultant and father of two, is also a felon. He recently completed 8 1/2 months in a federal prison camp in North Carolina, plus 2 months in a halfway house. His crime? Passing along by computer some software code filched from Bell Labs by an AT&T employee. Rose, who now lives in California, says he is still dazed by the harsh punishment he recieved. "The Secret Service," he says, "made an example of me." Maybe so. But if so, why are the cops suddenly cracking down on the hackers? Answer: because serious computer crime is beginning to reack epidemic proportions. (TLA: It took them this long to find that out?) The authorities are struggling to contain the crimes, or at least slow their rapid growth. Rose agrees the hacker world is rapidly changing for the worse. "You're getting a different sort of person now," he says of the hacker community. "You're seeing more and more criminals using computers." One well-known veteran hacker, who goes by the name Cheshire Catalyst, puts it more bluntly: "The playground bullies are coming infoors and learning how to type." Rose and the Cheshire Catalyst are talking about a new breed of computer hackers, These aren't just thrill-seeking, boastful kids, but serious (if boastful) cybercrooks. They use computers and telecommunications links partly for stunt hacking itself a potentially dangerous and costly game but also to steal valuable information, software, phone service, credit card numbers and cash. And they pass along and even sell their services and techniques to others including organized crime. Hacker hoods often extaggerate their escapades, but there is no doubt that their crimes are extensive and becoming more so at an alarming rate. Says Bruce Sterling, a notet cyberpunk novelist and author of the nonfiction *The Hacker Crackdown* (Bantam Books, 1992, $23): "Computer intrusion, as a nonprofit act of intellectual exploration and mastery, is in slow decline, at least in the United States; but electronic fraud, especially telecommunications crime is growing by leaps and bounds." Who are these hacker hoods and what do they do for a living? Take the 19 year-old kid who calls himself Kimble he is a very real person, but for reasons that will become clear, he asks us to mask his identity. Based in Germany, Kimble is the leader of an international hacker group called Dope. He is also one of the most celebrated hackers in his country. He has appeared on German TV (in disguise) and is featured in the December issue of the German magazine *Capital*. From his computer terminal, Kimble spends part of each day cracking PBX systems in the U.S., a lucrative form of computer crime. PBXs are the phone systems businesses own or lease. Hackers break into them to steal access numbers, which they then resell (TLA: Or trade?) to other hackers and, increasingly, to criminals who use the numbers to transact their business. Kimble, using a special program he has written, claims he can swipe six access codes a day. He says he escapes prosecution in Germany because the antihacking laws are more lax than in the U.S. "Every PBX is an open door for me," he brags, claming he has a total of 500 valid PBX codes. At Kimble's going price of $200 a number, that's quite an inventory, especially since numbers can be sold to more than one customer. Kimble works the legal side of the street, too. For example, he sometimes works for German banks, helping them to secure their systems against invasions. This might not be such a hot idea for the banks. "Would you hire a former burglar to install your burglar alarm?" asks Robert Kaine, president of Intrusion Detection, a New Your-based computer security consulting firm. (TLA: Well wouln't the former burglar know the ins and outs of bank security) Kimble has also devised an encrypted telephone that he says cannot be tapped. In just three months he says he has sold 100. Other hacker hoods Forbes spoke to in Europe say they steal access numbers and resell them for up to $500 to the Turkish mafia. A solid market. Like all organized crime groups, they need a constant supply of fresh, untraceable and untappable telephone numbers to conduct drug and other illicit business. Some crooked hackers will do a lot worse for hire. For example, one is reported to have stolen an East German Stasi secret bomb recipe in 1989 and sold it to the Turkish mafia. Another boasted to Forbes that he broke into a London police computer and, for $50,000 in Deutsche Marks, delivered its access codes to a young English criminal. According to one knowledgeable source, another hacker brags that he recently found a way to get into Citibank's computers. For three months he says he quietly skimmed off a penny or so from each account. Once he had $200,000, he quit. Citibank says it has no evidence of this incident and we cannot confirm the hacker's story. But, says computer crime expert Donn Parker of consultants SRI International: "Such a 'salami attack' is definately possible, especially for an insider." (TLA: Nice way to make easy cash!) The tales get wilder. According to another hacker hood who insists on anonymity, during the Gulf War an oil company hired one of his friends to invade a Pentagon computer and retrieve information from a spy satellite. How much was he paid? "Millions," he says. No one knows for sure just how much computer crime costs individuals, corporations and the government. When burned, most victims, especially businesses stay mum for fear of looking stupid or inviting copycats. According to *Law and Order* magazine, only an estimated 11% of all computer crimes are reported. Still, the FBI estimates annual losses from computer-related crime range from $500 million to $5 billion. The FBI is getting more and more evidence that the computer crime wave is building every day. Computer network intrusions one way of measuring attempted cracking of computer systems have risen rapidly. According to USA Research, which specializes in analyzing technology companies, hacker attacks on U.S. workplace computers increased from 339,000 in 1989 to 684,000 in 1991. It's estimated that by 1993, 60% of the personal computers in the U.S. will be networked, and therefore vunerable to intrusion. While companies dislike talking about being ripped off by hackers, details sometimes leak out. In 1988, for instance, seven men were indicted in U.S. Federal court in Chicago for using phony computer-generated transactions to steal $70 million from the accounts of Merril Lynch, United Airlines and Brown-Forman at First National bank of Chicago. Two plead guilty; the other five were tried and convicted on all counts. According to generally reliable press reports, here are some ways comouter criminals ply their trade: o In 1987 Volkswagen said it had been hit with computer-based foreign- exchange fraud that could cost nearly $260 million. o A scheme to electronically transfer $54 million in Swiss francs out of the London branch of the Union Bank of Switzerland without authorization was reported in 1988. It was foiled when a chance system failure prompted a manual check of payment instructions. o Also in 1988, over a three-day period, nearly $350,000 was stolen from customer accounts at Security Pacific National Bank, possibly by automated teller machine thieves armed with a pass key card. o In 1989 IRS agents arrested a Boston bookkeeper for electronically filing $325,000 worth of phony claims for tax refunds. o In 1990 it was reported that a Malaysin bank executive cracked his employer's security system and allegedly looted customer accounts of $1.5 million. o Last year members of a ring of travel agents in California got two to four years in prison for using a computer reservation terminal to cheat American Airlines of $1.3 million worth of frequent flier tickets. U.S. prosecutors say that members of a New York hacker group called MOD, sometimes known as Masters of Deception, took money for showing 21-year-old Morton Rosenfield how to get into the computers of TRW Information Services and Trans Union Corp. Caught with 176 credit reports, Rosenfeld admitted selling them to private investigators and others. In October he was sentance to eight months in prison. The newest form of cybercrime is extortion by computer give me money or I'll crash your system. "There is no doubt in my mind that things like that are happening," says Chuck Owens, chief of the FBI's economic crime unit. But Owens won't talk about ongoing cases. Many hackers are young, white, male computer jocks. They include genuinely curious kids who resent being denied access to the knowledge-rick computer networks that ring the globe, just because they can't affored the telephone access charges. (To satisfy their needs in a legitimate way, two smart New York young hackers, Bruce Fancher and Patrick Kroupa, this year started a widely praised new bulletin board called MindVox-modem: 212 988 5030. It's cheap and allows computer users to chat, as well as gain access to several international computer networks, among other things.) Then there are the stunt hackers. Basically these are small-time hoods who crash and occasionally trash supposedly secure computer networks for the sheer fun of it. They swap and sell stolen software over pirate bulletin boards. One of these hackers send Forbes an unsolicited copy of MS-DOS 6.0. (TLA: Oh whoopie do!) Microsoft Corp.'s newest operating system, which isn't even scheduled to be on the market until next year. (TLA: But has been ou in the pirate scene for ages.) It worked fine. (We first had it tested for viruses with Cyberlock Data Intelligence, Inc. In Philadelphia, an electronicdata security firm with a sophisticated new hardware-based system that's used to detect viruses.) The more malicious stunt hackers like to invade company voice mail systems and fool around with so-called Trojan horses, which can steal passwords and cause other mischief, as well as viruses and other computer generate smoke bombs, just to aise hell. This kind of hacking around can wreak tremendous damage. Remember Robert Tappan Morris. In 1988 Morris, then a 22-year-old Cornell University grad student, designed a worm computer program that could travel all over computer networks and reproduce itself indefinately. Morris says he meant no harm. But in November 1988 Morris released the worm on the giant Internet computer network and jammed an estimated 6,000 computers tied into Internet, including those of several universities, NASA and the Air Force, before it was stopped. Damages were estimaged as high as $185 million. That event was something of a watershed for the law enforcement people. In 1990 Morris was one of the first hackers to be convicted of violating the Computer Fraud and Abuse Act of 1986. He could have been sentanced to five years in prison and a $250,000 fine. Instead, Morrise got just three years' probation, a $10,000 fine, 400 hours of community service and had to pay his probation costs. Today he'd probably be thrown in the slammer. After the curious kids and the stund hackers, a third element in the hacker underworlds is made up of members of organized crime, hard-core cybercrooks, extortionists, shady private-investigators, credit card cheats, disgruntled ex-employees of banks, telephone, and other companies, and various computer- savvy miscreants. These are computer thugs who hack for serious dollars, or who buy other crooked hackers' services and wares. (TLA: Oh no warez d00ds.) One of the peculiarities of hackers is that many cannot keep their mouthes shut about their illegal exploits. They bost on their underground bulletin boards and in their publications about all the nasty things they can, and occasionally do, pull off. They brag to the press and even to the authorities. Witness Germany's Kimble and many of the other hacker hoods who talked to Forbes for this article. Over their own underground bulletin boards, hackers have brazenly broadcast all kinds of gossip, software and trophy files brought back like scalps from intrusions into other people's computers. The most famous example is the 911 file purloined from BellSouth, which prosecutors said had key information about the vital 911 emergency telephone network. The file turned out to be far less valuable than alleged. Nonetheless, its theft and, later, its mere possession got a whole raft of hackers including a group called the Legion of Doom in big trouble. Over the past three years, several of them have neem busted and their computer equiptment seized. A few drew stiff jail terms. The hackers even have their own above-ground magazines. One, *2600, the Hacker Quarterly*, is sold on newsstands. In the current issue, there is an article on how to crack COCOTS, customer-owned coin-operated telephones, and get free long distance service. While the publisher of *2600* advises readers not to try such schemes, the easy-to-follow instructions are right there, in black and white. The publisher of *2600*, Eric Corley (alias Emmanuel Goldstein), claims that he is protected by the First Ammendment. But readers who follow some of the instructions printed in *2600* magazine may find themselves in deep trouble with law enforcement. Notes senior investigator Donald Delaney, a well-known hacker tracker with the New York State Police: "He [Corley] hands copies out for free of charge to kids. Then they get arrested." An even bolder magazine, *Hack-Tic*, is published by Rop Gonggrijp in Amsterdam, a hacking hot-bed thanks in part to liberal Dutch laws. *Hack-Tic* is something like *2600*, bus with even more do-it-yourself hacking information. The hacker hoods stage their own well-publisized meetings and conventions, which are closely watched by the authorities. On the first Friday of every month, for example, at six cities in the U.S., *2600* magazine convenes meetings where hackers can, in the words of the magazine itself, "Come by, drop off articles, ask questions, find the undercover agents." Forbes dropped by *2600*'s Nov. 6 meeting in New York. It was held in the lobby of the Citicorp Center on Lexington Avenue, a sort of mini urban mall, with lots of pay phones-phones are to hackers what blood vessels are to Dracula. On this particular Friday the two or three dozen attendees consist mainly of teenage boys and young men wearing jeans and T shirts and zip-up jackets. Most are white, though there are some blacks and Asians. Most of these young people pretty much resemble the kids next door or the kids under your own roof. A few look furtive, almost desperate. (TLA: Yeah ok whatever you say.) Moving easily among the kids are a few veteran hackers and, watching them, some well-known hacker trackers, sometimes even New York State Police's Don Delaney. He might lurk on one of the upper levels of the Citicorp Center or stroll past the pay phones looking for a suspect wanted in New York. Don't the suspects stay away? Not necessarily. At one meeting Delaney walked right past three young men he had arrested, and not one of them even noticed him. "They're in their own world," he explains. On the edge of the crown stands a slight, intense young man wearing an earring and a neatly folded blue bandana around his head. Twenty-year-old Phiber Optik, as he calls himself, is currently under federal indictment in New York, charged with sudry computer crimes. According to federal authorities, he and other members of the hacker group called MOD sold access to credit reporting services and destroied via computer a television station's educational service, among other things. Phiber Optik claims that he's innocent. As the group grows, *2600* publisher Corley makes a dramatic enterance. He looks as if he's in his mid-30s and wears 1960s-style long black hair. A baby- faced assistant stands at his side, selling T shirts and back issues of *2600* magazine. Now and then Corley darts to the pay phones to take phone calls from other hacker meetings around the world. After taking one call he turns around with a worried look. He has just heard that the *2600* meeting at a mall in Arlington, Va. was busted by mall security and the Secret Service. Authorities there demanded the names of the two dozen or so attendees, confiscated their bags containing printouts and computer books, and booted them out of the mall. The group in Arlington was lucky compared with what happened to some hackers attending "PumpCon," a hacker convention held at the Courtyard by Marriott in Greenburgh, N.Y., over the recent Halloween weekend. Responding to a noise complaint, the police arrived, then got a search warrant and raided the hackers' rooms. The cops confiscated computer equiptment and arrested four conventioneers for computer crimes. Three were held in lieu of $1,000 bail. No bail was set for the fourth, a 22-year-old wanted for computer fraud and probation violation in Arizona. Around the country, computer users of every stripe are growing concerned that law enforcement officials, in their zeal to nail bigtime cybercrooks and computer terrorists, may be abusing the rights of other computer users. In come cases, users have been raided, had their equiptment confiscated, yet years later still have not been charged with any wrong doing nor had their equiptment returned. In 1990 Lotus Development founder Mitchell Kapoe and Grateful Dead lyricist John Perry Barlow, with help from Apple Computer co-founder Stephen Wozniak and John Gilmore, formerly of Sun Microsystems, started a nonprofit group called the Electronic Fronteir Foundation (EFF). Its aim is to defend the constitutional rights of all computer users. But if you know someone who likes to hack around, pass along this advice to her or him: While it is a common myth among hackers that the authorities will let them go if they reveal how they accomplished their mischief, the days of such benign treatment have dissappeared as the computer crime wave has built. "If it's a crime, it's a crime," warns the New Your State Police's Don Delaney, "The laws are for a good reason". (TLA: Ho hum...) For the most part, law enforcement is just reacting to the complaints from victims. ------------------------------------------------------------------------------- -=- United Phreaker's Incorporated Magazine -=- Volume Two, Issue Seven, File 13 of 19 ********** PUMPCON BUSTED!!! *********** 10/31/92 written by someone who was there who wishes to remain anonymous NOTICE: The word "Hacker" is used frequently throughout this file - it is to be interpreted as "a computer literate person", and NOT as "someone who engages in illegal activities using a computer". Friday, October 30, Pumpcon began, at the Courtyard of the Marriott, in Greenburgh, NY. All in all, about 30 hackers showed up, and had a great time. At least until the evening of Oct. 31st, when 8-10 members of the Greenburgh police force showed up and raided the Con. At the time of the raid, there were between 20 and 25 hackers in the hotel. 3 of the 4 rooms rented by Con attendees were raided. All the occupants of these rooms were taken to a conference room, and then another hotel room (255) where they were held approximately 6-8 hours for questioning. The police all came in unmarked police cars, and parked on all 4 sides of the hotel. No one noticed they were there, until they were standing in the hall where all 4 rooms were located. The officers stood in the hall outside the doors, but did not enter the rooms right away. They waited about five minutes, for some unknown reason, which was just enough time for them to be noticed by the hackers in at least one of the rooms. Unfortunately, there was no way the hackers in one room could warn the other rooms - the fone lines were busy, and the cops in the hall kinda left the "walk down and tell 'em in person" option out. The police produced copies of a search warrant to search rooms 246, 233, and 237. Room 246 was the one where everyone was hanging out; it was pretty much THE room. It was where the computers were located, and where most of the Con attendees were 99% of the time. The other two rooms were rented by attendees of the con, and were simply used for sleeping quarters. Before too long, the police entered the rooms, and began rounding up people. My recollection of this time period is a bit faint, and I don't remember all the minute details. All I know is that we all ended up in a conference room, and then room 255. A few hackers who had been out driving around during the time of the bust returned a few hours later, and when they were seen by police, they were immediately taken to 255 and questioned. (They were walking down the hall, when a cop appeared, and told them to step into a room) The cops asked them if they were hackers, and when they didn't answer, one police officer reached into the coat pocket of one of the people, and produced an auto dialer. This in itself was enough to send the three to room 255, where the rest of the hackers were being held for questioning. My question to you - isn't that just a bit illegal? Bodily search without probable cause OR a warrant? Ooops - I'm forgetting - we're HACKERS! We're ALL BAD! We're ALWAYS breaking the law. We don't have RIGHTS! Room 255 was packed. No one was allowed to smoke, and everyone was nervous as hell. One by one people were called to be interviewed, with some interviews lasting 5 minutes, others lasting 30 or 45 minutes. Some people were sleeping, others were conversing, and still others were shaking, and looked like they were about to puke at any second. Even though the situation was quite serious, a few joked around, saying things like "So guys, I guess PumpCon '93 won't be held here, eh?". No one knew who was going to be arrested, or when they would be released. The 2 cops in the room with them were actually pretty cool, and answered any questions they could to the best of their knowledge. They weren't the guys in charge of the investigation; they were simply there to make sure we didn't leave. Of course, as friendly as they seemed, they were still cops... All the people who were detained were held until between 5:45 and 6:30 am. Four hackers were arrested, 1 because 2 of the rooms were registered in his name, a second because he signed for the rooms, and the others for previous crimes, apparently. No one knows as of yet. As of this message, no news on what will become of those arrested is known. They have not yet been arraigned. The other hackers were all searched, questioned, and then released pending further investigation. Those under the age of 18 had their parents notified. To my knowledge, there were no federal investigators there at the time of the bust. However, people kept mentioning the FBI and the Secret Service, and it is very possible that they will be called in to investigate. Actually, it's more than just possible, it's almost guaranteed. The police said that although most of those detained were released, there will most likely be more arrests in the near future, as more is learned about the alleged illegal doings. 3 computers (2 Amigas, and 1 AT&T dumb term) were confiscated, along with anything which looked like it could have been involved in phone fraud. For some odd reason, although Auto Dialers were listed on the search warrant, not all of them were confiscated. I actually don't know if ANY were, I do know that not ALL were. ;) In one of the rooms, there were about 2 dozen computer magazines which were apparently confiscated, although the warrant did not specify that magazines could be taken. But, when you're busting HACKERS, I suppose you can take what you want. After all, hackers are evil geniuses, and don't have the same rights as NORMAL criminals do. As of yet, the actual charges against the hackers are not known. The raid apparently stemmed because the hackers were ALLEGEDLY using stolen calling card numbers and/or access codes to obtain free phone calls. One of these card numbers or codes was rumored to have tripped a flag at AT&T, which alerted security personnel that something was possibly wrong. This assumption about the calling card fraud is made because the police confiscated any calling card found during their searches, and some of the questions they asked the detained centered entirely around calling card theft and use. A few other questions asked me were "Do you know what computer systems were accessed?", "Do you refer to each other with handles?", "Who was primarily responsible for this meeting?", and "Where did you hear about this meeting?" My interview lasted only about 10 minutes, and it started at about 5:50 am. Everyone was dead tired, and the cops wanted to get everything over with as fast as possible so they could get some sleep. After the interviews were over, everyone left, to wait and see what the next few days will bring. I am releasing this file now, to prevent any rumors from starting, and to try to make the outside world aware of what happened during PumpCon. I have left out any specific incidences and references to specific people as a precaution, since the investigation is only beginning. We were hoping to write a file of all the attendees of PumpCon, to share with the world the names of those who were there. However, as you can obviously see, that would be highly stupid. For anyone who WAS there who is reading this, rest assured that the running list of names which was kept made a very tasteless dinner for the one who had it in his pocket. Oh, BTW, one of the cops who was apparently in charge made a comment to me... he said "You can post a message on the boards telling your friends to stay out of Greenburgh". Well boys, you heard him - PumpCon '93 will be held in Greenburgh, at the Courtyard Marriott.... *--------------* The following is a word for word copy of the search warrant issued to each person who was detained and questioned. No spelling errors were corrected, but I probably made a few when I typed this in. Oh well. TOWN of GREENBURGH POLICE DEPARTMENT WESTCHESTER COUNTY, NEW YORK ORDER OF SEARCH AND SEIZURE +----- ( signed here by Det. Hugh F. Gallagher #103) ---------------------------------------------- JUSTICE COURT, TOWN OF GREENBURGH WESTCHESTER COUNTY, NEW YORK ORDER ----- IN THE MATTER OF Room 233, 237, & 246 Westchester Marriott Courtyard THE APPLICATION FOR AN ORDER OF SEARCH AND SEIZURE OF: (Specify) Computers Diskettes Computer Printers Computer Terminals Auto Dialers Diskettes Calling Card Computer Systems & Wire Computer Printouts Disk Drives Modems Hand Written Notes About Credit Co. " " " " Computer Service. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++X IN THE NAME OF THE PEOPLE OF THE STATE OF NEW YORK TO: ANY POLICE OFFICER OF THE TOWN OF GREENBURGH POLICE DEPARTMENT PROOF by affidavit having been made before me this day by Det.H.Gallagher #103 ___________(Affiant) of the Town of Greenburgh Police Department that certain property, which is (stolen/unlawfully possessed, used to commit an offense...) and which constitutes evidence and tends to demonstrate that an offense has been committed and that a particular person participated in the commission of an offense will be found at the location captioned above. YOU ARE THEREFORE COMMANDED, ** (Between the hours of 6:AM - 9:00 PM / AT ANY TIME OF DAY OR NIGHT) ** ** (WITHOUT GIVING NOTICE OF YOUR AUTHORITY AND PURPOSE)** TO MAKE A SEARCH of the above described (location/person)** for the following property: (describe fully) Room # 233, 237, & 246 of the West. Marriott Courtyard and all its occupants as listed on this attached affidavit. >><< Suspects name was written here >><< AND if any such property is found, you are hereby directed to seize the same and without unnecessary delay, return it to the court, together with this warrant and a written inventory of such property subscribed and sworn by you. THIS COURT DIRECTS THAT this SEARCH WARRANT and ORDER issued this 1 day of NOV. 1992 is valid and must be executed no more than ten (10) days after the date of issuance. << illegible justice's name here >> ____________________________________ Justice Name Signature ** Strike if N/A UF91B ------------------------------------------------------------------------------- -=- United Phreaker's Incorporated Magazine -=- Volume Two, Issue Seven, File 14 of 19 How To Social Engineer Pizza Pizza For CNA By Major Thrill -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- I am writing this file for numerous reasons, one being that 416 is dead of any new information. Two because one day this may come in handy when you for some reason MUST do a CNA and can't get the address out of the regular CNA numbers. Let me explain why we can use Pizza Pizza for this purpose. There is a 95 per cent chance that the number you are trying to check has ordered pizza from Pizza Pizza. (If they haven't, then maybe they couldn't remember the phone number.) Pizza Pizza keeps track of who orders pizza by using a computer program. Now, when you call Pizza Pizza to order a pizza, the ask for your phone number. This phone number then is matched with your home address, which is usually there if you have ordered pizza from them before. This method is used by them to prevent prank pizza orders, and undoubtably to speed up the process and get your pizza there in 30 minutes or whatever the guarantee is. Now the question you are asking is, how do I get my hot little hands on that info for a number? Simple. You are dealing with bored feebs. The trick is to amuse their small minds enough to casually slide in a request for CNA. Here is a typical scenerio of what we have experimented with and have found to work. 1. First, set up a 3-way of all your phriends, (try to get about 5 on as a minimum.) Conferance works even better, but this will do. 2. Call Pizza Pizza, (use a divertor if you are paranoid.) and hopefully you will get a female on who is extremely bored. 3. This gets even funnier, but it works. Now talk very loudly in an English accent and say "Hullo, Your're on conferance!" "Who's this?" 4. The trick is to get them thinking they are talking to people all over the world. (One I used 3 different types of accents with one other person on the line) This usually excites them, because it is no longer monotonous answering the phone. Now here is where you get them talking, be upbeat and entertain them a bit, all the while being courteous to them and including them in the conversation. Now if you are lucky, they will be enjoying the change of pace as opposed to answering telephones and asking if you want pepsi with your order. 5. Now, if all is going well, you should ask them about their computer (tell em your phone phreaks or hackers in the beginning.) system and is it really true they can tell what address your phone number is at. 6. This can go two ways, they will either oblidge you, or think they are working at the fucking pentagon. Now, if they tell you about it, casually bring up a number you'd like to check. 7. Hopefully at this point you will have got what you called for in the first place. I even had one of them tell me how many pizza's the person ordered. But in any case do not just hang up on them after you get the number. Get their name again if you forgot it, and ask them if it would be okay to call them again. There, you got yourself an in at Pizza Pizza. Don't treat them rudely and NEVER burn your bridges. Don't be afraid to try other methods of social engineering with these people, or anyone for that matter. Social engineering saves alot of time and trouble on your part. I suggest using a payphone when social engineering for more tough-to-get info or a divertor or PBX. BTW-At last check the regular CNA offices no longer give out address. As well I understand that 241 Pizza has also implemented this computer system. Hope you enjoyed this textfile. <<-MAJOR THRILL->> This textfile is for informational purposes only. The author claims no responsibilty for the actions of the reader. This file is dedicated to all my collegues in 416. Special Greets to Arch Bishop, Lost Soul, Soltan Griss. This has been a production of The Terminal Terrorists December 24th 1992 -Merry Cristmas 416 This file may not be altered in any manner. (C) 1992 TTT Prod. ------------------------------------------------------------------------------- -=- United Phreaker's Incorporated Magazine -=- Volume Two, Issue Seven, File 15 of 19 The United Phreaker's Incorporated Underground Newsline Part 1 By Arch Bishop & The Lost Avenger U.S. Phone Companies Face Built-In Privacy Hole ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [ Courtesy of 2600 Magazine Winter 1991-1992 ] Phone companies across the nation are cracking down on hacker explorations in the world of Busy Line Verification (BLV). By exploiting a weakness, it's possible to remotely listen in on phone conversations at a selected telephone number. While the phone companies can do this any time they want, this recently discovered self-serve monitoring feature has created a telco crisis of sorts. According to an internal Bellcore memo from 1991 and Bell Operating Company documents, a "significant and sophisticated vulnerability" exists that could affect the security and privacy of BLV. In addition, networks using a DMS-TOPS architecture are affected. According to this and other documents circulating within the Bell Operating Companies, an intruder who gains access to an OA&M port in an office that has a BLV trunk group and who is able to bypass port security and get "access to the switch at a craft shell level" would be able to exploit this vulnerability. The intruder can listen in on phone calls by following these four steps: 1. Query the switch to determine the Routing Class Code assigned to the BLV trunk group. 2. Find a vacant telephone number served by that switch. 3. Via recent change, assign the Routing Class Code of the BLV trunks to the Chart Column value of the DN (directory number) of the vacant telephone number. 4. Add call forwarding to the vacant telephone number (Remote Call Forwarding would allow remote definition of the target telephone number while Call Forwarding Fixed would only allow the specification of one target per recent change message or vacant line)." By calling the vacant phone number, the intruder would get routed to the BLV trunk group and would then be connected on a "no-test vertical" to the target phone line in a bridged connection. According to one of the documents, there is no proof that the hacker community knows about the vulnerability. The authors did express great concern over the publication of an article entitled "Central Office Operations - The End Office Environment" which appeared in the electronic newsletter Legion of Doom/Hackers Technical Journal. In this article, reference is made to the "No Test Trunk." The article says, "All of these testing systems have one thing in common: they access the line through a No Test Trunk. This is a switch which can drop in on a specific path or line and connect it to the testing device. It depends on the device connected to the trunk, but there is usually a noticeable click heard on the tested line when the No Test Trunk drops in. Also, the testing devices I have mentioned here will seize the line, busying it out. This will present problems when trying to monitor calls, as you would have to drop in during the call. The No Test Trunk is also the method in which operator consoles perform verifications and interrupts." In order to track down people who might be abusing this security hole, phone companies across the nation are being advised to perform the following four steps: 1. Refer to Chart Columns (or equivalent feature tables) and validate their integrity by checking against the corresponding office records. 2. Execute an appropriate command to extract the directory numbers to which features such as BLV and Call Forwarding have been assigned. 3. Extract the information on the directory number(s) from where the codes relating to BLV and Call Forwarding were assigned to vacant directory numbers. 4. Take appropriate action including on-line evidence gathering, if warranted." Since there are different vendors (OSPS from AT&T, TOPS from NTI, etc.) as well as different phone companies, each with their own architecture, the problem cannot go away overnight. And even if hackers are denied access to this "feature", BLV networks will still have the capability of being used to monitor phone lines. Who will be monitored and who will be listening are two forever unanswered questions. Hacker Is Charged With Espionage ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [ Courtesy of Belleville News Democrat December 11, 1992 ] San Jose Calif-(AP) A 28-year old computer whiz who reportedly once tested Departement of Defense computer security proceedures has become the first alleged computer hacker to be charged with espionage. The government says that Kevin Lee Poulson stole classified military secrets should go to prison. But his lawyer calls him,"an intellectually curious computer nerd.". Poulsen of Menlo Park,Calif., worked in the mid-1980's as a consultant testiing pentegon computer security. Because of prosecution delays, he was held without bail in a San Jose jail for 20 months before being charged this week. His attorney, Paul Metzer, said Thursday that Poulson did not knowingly possess classified information. The military information had been declassified by the time prosocuters by the time Poulson obtained it, Meltzer said. Poulson was arrested in 1988 on lesser, but related, hacking charges. He disappeared before he was indicted and was re-arrested in Los Angeles is April 1991. Under an amended indictment, he was charged will illegal possession of classified documents. CRTC Orders Free Per-Call Blocking ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [ Courtesy of Bell News May 18, 1992 ] The CRTC has ordered Bell and other telephone companies under its jurisdiction to offer free per-call blocking with Call Management Service (CMS). The companies have been asked to file proposed tariffs by June 1. Implementation dates have not yet been determined. The CRTC's May 4th decision refines the orginal decision made in 1990 that allowed CMS to be offered with a $0.75 operator-assisted blocking option. Bell and other companies under the CRTC's jurisdiction, have until June 1 to file trafiffs and an action plan for the following: o Automated free per-call blocking to customers who request it in all CMS area served by DMS technology (customers will have to dial a code before placing a call) o Free per-line blocking in those CMS areas served by old technology (until they switch to DMS technology) o Free pre-line blocking for shelters of victims for domestic violence, (Please note that shelters are already exempt from the $0.75 charge). This decision simply eliminates the intermediary when placing the free call o Call Trace "on demand". This would allow customers request their line be enabled with the service. (Call Trace is a monthly subsciption service. If it were offered on demand, customers would pay for the service only when they used it. A fee for Call Trace "on demand" will be proposed in the trafiff filing of June 1. Bell is presently assessing the implications of the CRTC's decision. AT&T Begins Direct-Dial Service To 15 Former Soviet Republics, With More Circuits Than Any Other Company ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [ Courtesy of Businesswire May 19, 1992 ] NEW YORK--(BUSINESS WIRE)--AT&T Tuesday began direct-dial service to all 11 members of the Commonwealth of Independent States, previously republics of the Soviet Union, and to the states of Georgia, Lithuania, Latvia, and Estonia. This will make it easy and economical for Americans - consumers and business people alike - to reach the largest land-mass in the world, which spans 11 time zones. With more than 400 circuits, AT&T has by far the largest direct-dialing capacity of any long-distance carrier now serving the region. Americans can make direct-dialed calls to all of the more than 2000 cities in this vast area. Callers who wish to reach the 15 states served by AT&T direct-dial long-distance service should dial 011, then 7, then a city or region code, and the local number. Rates can be as low as $1.55 per minute, depending on the time of day a call is made. AT&T provides service through a combination of cable, Intelsat, and Intersputnik satellites, and other countries' facilities. This diversity of call-routing helps ensure reliability of long-distance calling, AT&T said. The 11 members of the Commonwealth of Independent States are: Russia; Ukraine; Byelorussia; Moldova; Uzbekistan; Kazakhstan; Kyrgystan; Tajikistan; Turkmenistan; Azerbaijan; and Armenia. AT&T was the first long-distance company to provide direct-dial service to frequently called areas in the old Soviet Union. The company began direct-dial service to Moscow in 1984 and Armenia in 1991. In addition, AT&T became, in 1991, the only provider of direct-dial service to Sovintel, which operates a network linking hotels and business centers in Moscow. Provision of direct-dial service is the latest example of AT&T's nearly 50-year commitment to this region. The company installed its first circuits to the Soviet Union in 1943. Between 1978 and 1985, the year Mikhail Gorbachev took office, AT&T long-distance traffic between the United States and the Soviet Union increased 280 percent. Between 1985 and 1991, the increase was nearly a thousand percent. In addition, AT&T has formed important alliances to help bring the region's communications infrastructure into the 21st century. These include a joint venture in Ukraine that will build, operate, and own a long-distance network there, and a joint venture with Dalnya Sviaz (DALS), the Russian telecommunications company, to market, sell and service telecommunications equipment. Other initiatives include an agreement with the Moscow Local Telephone Network to distribute AT&T's Spirit (r) small business communications system in Moscow, and one to provide the Kazakhstan Ministry of Posts and Telecommunications with ATT's 5ESS switches during the next 10 years to help the state increase the size of its telecommunications network. AT&T provides long-distance service to more than 250 countries worldwide, with direct-dialing to more than 190. AT&T Direct-Dial rates to former Soviet Republics Economy (2 a.m. - 7 a.m.) 1st minute: $1.70 Addl. minute: $1.55 Discount (7 a.m. - 1 p.m.) 1st minute: $1.85 Addl. minute: $1.72 Standard (1 p.m. - 2 a.m.) 1st minute: $2.25 Addl. minute: $2.01 Callers only pay for the minutes they actually talk, and are billed in one-minute increments. There is no minimum charge. Selected City Codes State City City Code 1. Russia Moscow 095 2. Ukraine Kiev 044 3. Byelorussia Minsk 0172 4. Moldova Kishinev 0422 5. Uzbekistan Tashkent 3712 6. Kazakhstan Alma-Ata 3272 7. Kyrgystan Frunze 3312 8. Tajikistan Dushambe 3772 9. Turkmenistan Ashkhabad 36322 10. Azerbaijan Baku 8922 11. Armenia Yerevan 8872 12. Georgia Tbilisi 8832 13. Luthuania Uilnius 0122 14. Latvia Riga 0132 15. Estonia Tallin 0142 To make a direct-dial call from the United States, the caller dials 011, then 7, and the city code and local number. CONTACT: AT&T, Basking Ridge Mark Siegel, 908/221-8413 (office), 201/366-6863 (home) AT&T Has Record 11 Days; Over One Billion Calls Handled ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [ Courtesy of Businesswire June 08, 1992 ] NEW YORK--(BUSINESS WIRE)--Managers at the AT&T Network Operations Center in Bedminster, N.J., had to revise their volume records Saturday following the completion Friday night of the busiest 11-day calling period in the history of the communications and computer company. Spurred by price reductions by the nation's major airlines, the AT&T long distance network handled an unprecedented 1.6 billion calls during the period, about half of which were placed to 800 service numbers, the company reported. Monday, June 1, set the all-time record, with 177.4 million calls. In all, five days during the airline fare promotion surpassed the previous record day, December 2, 1991, the Monday following last Thanksgiving, when 157.8 million calls were placed. On an average business day, the AT&T Worldwide Intelligent Network handles 135 to 140 million calls. Call volume data for the 10 busiest days on the AT&T long distance network: Date Calls (in millions) Event 6/1/92 177.4 Air Fare Promotion 6/2/92 170.7 Air Fare Promotion 6/3/92 165.2 Air Fare Promotion 6/4/92 164.1 Air Fare Promotion 5/28/92 159.6 Air Fare Promotion 12/2/91 157.8 Monday after Thanksgiving 5/29/92 157.1 Air Fare Promotion 6/5/92 156.3 Air Fare Promotion 7/8/91 156.2 Monday after July 4 1/6/92 156.0 Monday after New Year's Day CONTACT: AT&T John Skalko, 908/234-5256 (Office) or 201-729-8202 (Home) Ron Bravo, 908/234-5257 (Office) or 908/560-0424 (Home) AT&T Network Systems Unveils 5ESS(a)-2000 Switch ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [ Courtesy of Businesswire June 09, 1992 ] CHICAGO--(BUSINESS WIRE)--AT&T Network Systems Tuesday announced plans for the next generation digital switching platform that will continue the evolution of the highly successful 5ESS central office switch. As the heart of AT&T's Service Net-2000 family of products, the 5ESS-2000 platform will enable telephone companies to upgrade network infrastructure and develop the advanced services they want to offer in the 90s, while taking full advantage of existing network equipment. Plans for the 5ESS-2000 Switch include a new SONET-compatible switching module that can grow to 30 times the network capacity of today's technology, and software that will continue to improve the reliability and cost performance of the 5ESS Switch. ``Distributed intelligence has always been the hallmark of the 5ESS Switch,'' said Joseph S. Colson Jr., AT&T Network Systems vice president - Switching Systems, U.S. ``In 10 years of rapid, real-world change, this design has proven its value time and again, by allowing us to transform the 5ESS Switch and to keep pace with customers' changing requirements,'' he said. ``And in the process, we have continuously improved its quality and reliability.'' Any existing 5ESS Switch can be upgraded to the 5ESS-2000 platform with the simple software and hardware additions normally associated with growth and retrofits. ``Customers can make the changeover incrementally, when they're ready,'' said Colson. ``The concept behind the 5ESS-2000 Switch is to ensure that our customers g