[H[70C5 target for hackers because the firm stores personal credit information on about 130 million Americans and 11 million businesses -- data many people would love to get hold of.[K [KMaxfield estimates that the hacker problem has increased by a factor of 10 in the last four years, and now seems to be doubling every year. "Nearly every system can be penetrated by a 14-year old with $200 worth of equipment," he complains. "I have found kids as young as nine years old involved in hacking. If such young children can do it, think of what an adult can do." [KTener estimates that there are as many as 5,000 private computer bulletin boards in the country, and that as many as 2,000 are hacker boards. The rest are as for uses as varied as club news, customer relations, or just as a hobby. Of the 2,000 about two dozen are used by "elite" hackers, and some have security features as good as anything used by the pentagon, says Maxfield. [KThe number of hackers themselves defies estimation, if only because the users of the boards overlap. They also pass along information from board to board. Maxfield says he has seen access codes posted on an east coast bulletin board that appeared on a west coast board less than an hour later, having passed through about ten boards in the meantime. And within hours of the posting of a new number anywhere, hundreds of hackers will try it. [K [75C[H[70C6 [K"Nowadays, every twerp with a Commodore 64 and a modem can do it, all for the ego trip of being the nexus for forbidden knowledge," sighs a man in New York City, known either as "Richard Cheshire" or "Chesire Catalyst" -- neither is his real name. Cheshire was one of the earliest computer hackers, from the days when the Telex network was the main target, and was the editor of TAP, a newsletter for hackers and phone "phreaks". Oddly enough, TAP itself was an early victim of the hacker upsurge. "The hacker kids had their bulletin boards and didn't need TAP -- we were technologically obsolete," he recalls. So who are these hackers and what are they doing? Tener says most of the ones he has encountered have been 14 to 18 year old boys, with good computer systems, often bright, middle class, and good students. They often have a reputation for being loners, if only because they spend hours by themselves at a terminal, but he's found out-going hacker athletes.[K But Maxfield is disturbed by the sight of more adults and criminals getting involved. Most of what the hackers do involves "theft of services" -- free access to Compuserve, The Source, or other on-line services or corporate systems. But, increasingly, the hackers are getting more and more into credit card fraud.[K [K[75C[H[70C7 Maxfield and Cheshire describe the same process -- the hackers go through trash bins outside businesses whose computer they want to break into looking for manuals or anything that might have access codes on it. They may find it, but they also often find carbon copies of credit card sales slips, from which they can read credit card numbers. They use these numbers to order merchandise -- usually computer hardware -- over the phone and have it delivered to an empty house in their neighborhood, or to a house where nobody is home during the day. Then all they have to do is be there when the delivery truck arrives.[K "We've only been seeing this in the last year," Maxfield complains. "But now we find adults running gangs of kids who steal card numbers for them. The adults resell the merchandise and give the kids a percentage of the money." [KIt's best to steal the card number of someone rich and famous, but since that's usually not possible it's a good idea to be able to check the victim's credit, because the merchant will check before approving a large credit card sale. And that's what makes TRW such a big target -- TRW has the credit files. And the files often contain the number of any other credit cards the victim owns, Maxfield notes. [K The parents of the hackers, meanwhile, usually have no idea what their boy is [75C[H[70C8 up to -- he's in his room playing, so what could be wrong? Tener recalls a case where the parents complained to the boy about the high phone bill one month. And the next month the bill was back to normal. And so the parents were happy. But the boy had been billing the calls to a stolen telephone company credit card. [K [K"When it happens the boy is caught and taken to jail, you usually see that the parents are disgruntled at the authorities -- they still think that Johnny was just playing in his bedroom. Until, of course, they see the cost of Johnny's play time, which can run $50,000 to $100,000. But outside the cost, I have never yet seen a parent who was really concerned that somebody's privacy has been invaded -- they just think Johnny's really smart," Tener says. [KTRW will usually move against hackers when they see a TRW file or access information on a bulletin board. Tener says they usually demand payment for their investigation costs, which average about $15,000. [K [KTales of the damage hackers have caused often get exaggerated. Tener tells of highly publicized cases of hackers who, when caught, bragged about breaking into TRW, when no break-ins had occurred. But Maxfield tells of two 14-year old hackers who were both breaking into and using the same corporate system. They had an argument and set out to erase each other's files, and in the [75C[H[70C9 process erased other files that cost about a million dollars to replace. Being juveniles, they got off free.[K [KAfter being caught, Tener says most hackers find some other hobby. Some, after turning 18, are hired by the firms they previously raided. Tener says it rare to see repeat offenders, but Maxfield tells of one 14-year-old repeat offender who was first caught at age 13.[K [KMaxfield and Tener both make efforts to follow the bulletin boards, and Maxfield even has a network of double agents and spies within the hacker community. Tener uses artificial intelligence software to examine the day' traffic to look for suspicious patterns. TRW gets about 40,000 inquiries an hour and has about 25,000 subscribers. But that does not address the underlying problem.[K [K"The real problem is that these systems are not well protected, and some can't be protected at all," Maxfield says. [KCheshire agrees. "A lot of companies have no idea what these kids can do to them," he says. "If they would make access even a little difficult the kids will go on to some other system." As for what else can be done, he notes that at MIT the first thing computer students are taught is how to crash the [75C[H[69C90 system. Consequently, nobody bothers to do it.[K [KBut the thing that annoys old-timer Cheshire (and Maxfield as well) is that the whole hacker-intruder-vandal-thief phenomenon goes against the ideology of the original hackers, who wanted to explore systems, not vandalize them. Cheshire defines the original "hacker ethic" as the belief that information is a value-free resource that should be shared. In practice, it means users should add items to files, not destroy them, or add features to programs, rather than pirate them.[K [K"These kids want to make a name for themselves, and they think that they need to do something dirty to do that. But they do it just as well by doing something clever, such as leaving a software bug report on a system," he notes. Meanwhile, Maxfield says we are probably stuck with the problem at least until the phone systems converts to digital technology, which should strip hackers of anonymity by making their calls easy to trace. [KUntil someone figures out how to hack digital phone networks, of course. -TCM [K[23C[1K Typed for PWN by Druidic Death [75C[H[70C1 ______________________________________________________________________________[48D[1K ==Phrack Inc.==[K [K Volume Two, Issue Eleven, Phile #12 of 12 [KPWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN *>=-{ Phrack World News }-=<*[22CPWN PWN[73CPWN PWN Issue XI PWN PWN PWN PWN Written, Compiled, and Edited PWN PWN [24Cby Knight Lightning[27CPWN PWN[73CPWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN [KComputer Bulletin Boards [14CJanuary 8, 1986 ------------------------ By The KTVI Channel 2 News Staff in St. Louis [K Please keep in mind that Karen and Russ are anchor persons at KTVI. [75C