-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- = = - WELCOME TO THE TWENTY-FOURTH ISSUE OF - = = - -=>PHANTASY<=- - = = - A PUBLICATION AND NEWSLETTER OF - = = - THE - = INTERNATIONAL = - INFORMATION - = RETRIEVAL = - GUILD - = = - Hacking, Phreaking, Anarchy, Survivalism, and Commentary - = = -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Volume Number Eight - Issue Number Twenty-Four - Dated 03/17/2000 Editor-In-Chief is Mercenary : iirg@iirg.org Staff Writers Are: Thomas Icom : ticom@iirg.org Black IC : black_ic@iirg.org --------------------- Table of Discontents: --------------------- # Selection Author - ------------------------------------ ---------------- 1. Legal Ease & IIRG Information The IIRG 2. The Myth of the "White Hat Hacker" Mercenary/IIRG 3. How To Set Up an Underground Wireless Data Network - Part I Thomas Icom/IIRG 4. Basic Phone Security Mob Boss Making and Breaking It 5. "Tribe Flood Network 3000" Mixter A theoretical review 6. The Nazi Files (Stories of the SS) The IIRG 7. IIRG Signal Intelligence Black IC/IIRG (SIGINT) Guidelines 8. The Rumor Mill Anonymous Sources 9. FREE the FISH Mercenary/IIRG 10. Letters to the IIRG N/A 11. IIRG and Phantasy Distribution The IIRG 12. Articles We Never Want to See Author Unknown -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Section [1]: Legal Ease & IIRG Information OFFICIAL DISCLAIMER... All Contents of PHANTASY Magazine are (C) Copyright by THE IIRG, all rights reserved. Nothing may be reproduced in whole or in part without written permission of the IIRG. Phantasy Magazine may also NOT be included on any CD-ROM collection without express written permission of the IIRG. All information published in PHANTASY is from USER contributed material. The Publishers and Editors of PHANTASY and THE IIRG disclaim any liability from any damages of any type that the reader or user of such information contained within this newsletter may encounter from the use of said information. All files are brought to you for entertainment purposes only! We also assume all information infringes no copyrights and hereby disclaim any liability. In the future PHANTASY Magazine will be made available quarterly to the Internet community free of charge. Any corporate, government, legal, or otherwise commercial usage or possession (electronic or otherwise) is strictly prohibited without written IIRG approval, and is in violation of applicable US Copyright laws. The IIRG (IIRG Mailing Address) 862 Farmington Avenue Suite 306 Bristol, Connecticut 06010 Here is the IIRG's Public Key: -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQCNAjE9nrYAAAEEAKuDXqGRyCw42PStHZMLjOVZ2QhTPklKXv5NK3u0hu/EcBYM Cib6/jIDwgr3uwRo9DVptYVtGAYIY7/3OXw+B+Vxmb846weUBwcY14mBPrRtAjhI EnSzHeS477sL1MklTQ+cxmDh8TyaAG8s5n+gKHc2qCQ+FTo6L1WIQPIFCJE5AAUR tBRJSVJHIDxpaXJnQGlpcmcuY29tPg== =onlg -----END PGP PUBLIC KEY BLOCK----- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Section [2]: The Myth of the "White Hat Hacker" By: Mercenary The White Hat Hacker does not exist. I propose that this classification is a myth. This can be proven with a definition, a brief analysis of why the term was created, and why this ridiculousness is still flung around in the media and hacker communities. First, lets look to see what the term "Hacker" means. The term "hacker" has been misused by the media since the mid 1980's. True Hackers are totally different people than what we have been represented as. One of our main ethics is to allow no harm to come as a result of our actions. For our purposes here, I will refer to "True Hackers" as "Classic Hackers". Classic Hackers are explorers, individuals whose sole interest is learning as much as possible about the electronic systems that fascinate us. Some hackers might take excursions into other computer systems, but Classic Hackers take the utmost care to disturb nothing. A Classic Hackers goal is not destruction, nor profit, nor revenge. Our goal is the pursuit of knowledge and the pursuit of conquest. A Classic Hacker believes that information should be free, and that pushing the envelope of what is possible should be a daily occurrence. We believe that every system is ripe for improvement, whether the system is a computer, a program, a set of traffic lights, or a government. The term "White Hat Hacker" is a self-proclaimed title of the Hacker turned businessman. It is a term created in an attempt to justify selling out to the business community" The most classic example of this is the "L0pht". If we look at their FAQ from 1998 we will see that they defined themselves as "just a bunch of hackers who got together and started working on projects together". They also claimed that "We're not in this for the money, or the glory". But as is the case with many former hackers, MONEY is the deciding factor when push comes to shove. As we can see in their latest FAQ they totally disregard their roots and now claim "We strived to be (and achieved) a pure R&D environment. Unfortunately pure research and development is not a very profitable arena." Of course hacking is not profitable. Nobody ever said it was. Unless you cross the line and become an actual "criminal", you can expect to make nothing off your activities. I have no problem with Hackers switching to security consulting. But if you become a security consultant, you are no longer a Hacker. By attempting to label yourself as a "White Hat Hacker" you are just trying to gain your acceptance to possible customers (victims). Security consultants are businessmen first and foremost, and they know their prey well. Can you see the pattern? A security consulting firm's job is not to protect your company, a security consulting firm's job is to make money selling protection to you from demons, real or imagined. In plain words, when they are working for you they are working for themselves and this is the case in the entire free market world. The security consultant title is designed to facilitate the deception that if you have enough money, someone will take care of your problem rather than you learning how to solve our own security issues. Now I am sure you have heard by now that the government is waging a major propaganda war against the on-line hacker community with the help of the socialist media. The government and the media are experts on psychology, psychological warfare, and brainwashing. Between the two groups they know more about the human mind and behavior, and how to control both. The anti-hacker movement's main propaganda themes seem to be that (1) Hackers are the root of all on-line evil. (2) That the government, (through more restrictive legislation) is the business community's only hope against the spreading plague of computer crime. To understand the anti-hacker movement, we must understand what propaganda is. Simply put, propaganda can be outright lies, distorted facts, and/or truth, combined to change a person's thoughts on a subject. Now it has been known for sometime by the Central Intelligence Agency that countries such as Russia and China are developing tools to attack commercial computer networks. Even FBI Director Louis Freeh says that we face a "very serious" espionage threat from China. Organized Chinese fraud rings on the mainland and overseas are hacking databases to compromise credit and identity details. "The Chinese gangs have moved into the electronic age where they're using hacking techniques and Internet theft," US Secret Service Special Agent Gregory Regan explained in testimony before the Senate Judiciary Subcommittee on Technology, Terrorism and Government Information. Yet with these undeniable allegations by the governments own lackeys, Janet Reno wants to go after the so called "evil 15 year old hackers", when it looks like they should have their sights targeted elsewhere. What makes this all so much worse is that the "White Hat Hackers" who once claimed that "We're not in this for the money, or the glory" are testifying before the Senate and strolling up to every TV camera they can find supposedly speaking for a community they have actually have no part in anymore. The main problem with the media is that they glorify what I like to call "hacking misfits". The only hackers, crackers, or script kiddies who get glorified by the media are those who messed-up and got caught. The media loves the term "White Hat Hacker", it lets them put across the propaganda of community cannibalism. Hackers turn against their own kind. Lets get the story right folks, these are not hackers, they are paid Security consultants out to make money selling protection to you for something you could easily correct yourself". If you have problems with a "hacker", it's not a Classic Hacker. You have a computer criminal on your hands. Hackers do not brag in public IRC channels. Hackers do not testify in front of Senate committees. If you've been hacked by a "Classic Hacker" and he's done it right - you'll never even know it. So lets get the terminology straight. 1. Security Consultant - what former hackers become when they sell out their ideals and community. 2. Computer Criminal - anyone who uses a computer for monetary gain or illegal activity resulting in damage. 3. White Hat Hacker - no such animal or mammal. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Section [3]: How To Set Up an Underground Wireless Data Network - Part I By: Tom Icom Introduction ============ Sending data over the airwaves actually predates the Internet. Back in the 60s, Hams were using a 5-bit code known as Baudot to communicate over HF amateur bands. The devices used were large electromechanical affairs known as Teletypes, and ran at speeds of 45 and 75 baud. Baudot is still used on HF, along with ASCII running at 110 and 300 baud, and other more modern digital modes such as AMTOR and PSK. Back in the late 80s, Packet Radio made its appearance running AX.25 (a ham radio version of X.25 used by packet switched networks) at 300 and 1200 baud. Hams set up a massive AX.25 digital network stretching on the east coast from Maine to Florida and inland to the Mississippi River. The rise of the Internet, however, caused the decline of packet radio's popularity. Packet radio requires an amateur radio license, where the Internet does not. Packet Radio's top speed for the average end user is generally limited to 9600 baud, with 1200 baud being most common. The average Internet user comes in at 56K baud over the phone lines, and faster if they use a cable modem. Packet radio requires more technical expertise to get up than Internet service. This is all beyond the means and intelligence of the average DOS/Exploit/Script "hacker", whose main concern appears to be acting his sexual frustrations out on random computer systems. Certain "white hat hacker" groups (AKA - Security Consultants) have been attempting to implement a wireless "underground" network. This has been unsuccessful to date because of their insistence of wanting a wireless high speed TCP/IP backbone with a ton of superfluous bells and whistles as the foundation of their network, legal issues with accessing the Internet via the Amateur Bands, short range and high cost of Part 15 wireless networking devices, and a general lack of serious interest among many of the "hackers" they recruit. With many "white hats" now doing infosec for corporate interests in a blatant manner, one must begin to wonder just how "underground" such a network would be if implemented. Other hobbyist organizations have implemented wireless Internet on a small scale in their locales. While this is all fine and dandy, I don't consider them underground networks due to the fact that they are operating in a totally overt manner and are connected to the Internet. Let's face it. The Internet is great for downloading technical and product support information, emailing friends and family, expanding one's non-computer hobbies, and getting the latest news and weather. As the basis for an underground network it quite frankly sucks, and I fully expect the Feds to step in and muscle more restrictions on it in the future. It is happening in the same way it started with our Second Amendment rights, highly-publicized incidents followed by a call to action by the "experts". If you're looking to be able to surf the web, and download megabyte multimedia files in 30 seconds while at the beach for only $19.95 + shipping and handling FORGET IT. If you want to be a part of an effective wireless underground network, then I will show you how, and it will work. The equipment is inexpensive, and is available off the shelf at any business that sells amateur radio equipment. The cost of the equipment can be as little as $200 per station PROVIDED you are willing to expend the effort to do so. Battery-operated stations are cable of being fitted into a .50 caliber military surplus ammo can with a solar powered trickle charger, and placed on a remote hilltop to act as relay stations for months of unattended operation. While this network does not have indigenous encryption, it will support the encryption system of your choice. This, like other aspects of the network, allows you to customize specifics to suit your needs, thus increasing OPSEC (operational security). I'm of the belief that telling the world what type of encryption you're using only gives your enemies one more thing with which to screw you with. While it may be fine and dandy for the white hat hackers and academic idiots to allow themselves to play with each other's crypto, we are simply interested in good COMSEC (Communications Security). There is plenty of information out there as to what works and what doesn't. If you decide to use a Caesar cipher on your system you have no one to blame but yourself. Equipment ========= You will only need the following to get up and running. You will need a radio. Most people acquire a 2m/70cm dual-band ham HT that has been modified for out of band use. These radios typically have a maximum power output of five watts over a frequency range of 140-174 and 420-470 MHz. You may also upgrade to a base/mobile unit which offers a power output of 25-50 watts depending on the make and model. You will need a Terminal Node Controller. This is a 1200 baud AX.25 radio modem that interfaces between your terminal and your radio. You will need an RS-232 terminal. You can use anything that has an RS-232 port; PC, Mac, C64, Atari, or even an old DEC VT-100 terminal if that's what you have. All the work is done via the TNC. You will need some sort of antenna system. All HTs come with a stock rubber duck antenna, but you should upgrade to at least a home-built dipole, 1/4 wave vertical, or j-pole antenna. With a good antenna, even running 5 watts will give you decent range. You will need a 12 volt power supply. For a little 5 watt HT you can get by with you basic 3 AMP Radio Shack supply. A 50 watt mobile will require a larger 20 Amp supply such as an Astron or similar make. Hooking all this stuff up is relatively simple. Specific instructions will be included with the equipment you purchase, but will be along these lines: \|/ Antenna /-----------------------+----------Power Supply | | | | +--------------+ /-----\ | Coax | |-Speaker----| | Computer Running \-Cable-| Radio |-Mic Audio--| TNC |-RS-232-- Terminal Program Feed | |-Mic PTT----| | +--------------+ \-----/ Not too difficult, is it? THAT is the foundation of the IIRG's network NEWNet: New England Wireless Network, and that's all you need in order to get access. With this simple set-up, you have the capability of both maintaining a local commo net with your group, and integrating with larger networks consisting of other groups in your region. In future issues of Phantasy, I will detailing more of the nuts, bolts, hints and kinks involved in setting up a functional underground wireless digital communications network. Comments and questions can be emailed to ticom@iirg.org and there is also a room dedicated to this purpose up on our telnet BBS PFTE (telnet: luna.iirg.org uid:BBS no p/w). ====================================================================== Thomas Icom, IIRG - International Information Retrieval Guild, "May Odin guide your way!" VMB: 877-570-5970 x570 ====================================================================== -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Section [4]: Basic Phone Security - Making and Breaking It By: Mob Boss The other day I was sitting in class and I was bored out of my head so I picked up a dictionary. I was curious to see how a hacker was defined, considering that seems to be one of the most passionately fought arguments, good against evil, hackers against crackers. I found the definition to be "A computer enthusiast, someone who breaks into computers". Not suprising but when I went to look for "Phreak" and "Phone Phreak", low and behold, it was not there. This seems to be common these days. Everyone is shaking in their boots about big, bad, evil hackers and what might happen to their home or business computer, but no one ever stops to think about the phone system. This article is not geared towards anyone specific, in fact this is just an abstract to guide all those who are interested in general security, privacy, and H/P. Whether your a small business owner, a homemaker, or an executive, there is something here that you should know, if you don't already. Phone Phreaking can be loosely defined as the exploration and exploitation of the phone system and everything that goes along with it. Back in the 60's and 70's there was blue boxing, back in the eighties and early nineties there was red boxing, but nothing compares to the things that are here now, in the early part of the 21st century. Seems everything is hooked up to the phone system one way or another these days. People are sporting voicemail, pagers, cell phones, home answering machines, fax machines, computers hooked up to the internet, cell phones hooked up to the internet, and there are plans to have cars on the internet pretty soon as well, (i.e. 2600 issue 16:4, I OWN YOUR CAR). 1984 is here, just a little late . Now considering all that why would someone ignore learning about the phone system considering the whole backbone of telecommunications is the phone system. That's a mistake a lot of companies and individuals make. Besides theft of phone service, as there are so many legal ways to make a free call these days, but how about privacy. How would you like someone monitoring your business via the voicemail system or maybe monitoring your house by using the remote access feature on your answering machine to actually listen in on what's going on. How about someone tapping your analog cell phone or old cordless phone? Now from the attackers point of view, what better way to watch a target? You want to break into a computer network, monitor the voicemail systems for possible technical information and logins. You want to break into a house, listen to messages on the answering machine to find out the patterns of those who reside there. Want to blackmail, extort, and steal, well then there are tons of possibilities for you. Lets start at home. What communication devices do you own? Cordless phone, PC, Fax machine, answering machine? I'm willing to bet you have at least one or all of those items in your home. First I will touch on answering machines, personally I could live without it. Most people hate talking on answering machines , and when its not meant to be its not meant to be. But I still own one and the first thing I did when I learned about breaking into answering machines was to check my manual to see if my machine had remote access. As it turned out, it did have remote access but lucky for me it has a strong security policy, two bad tries will boot you off, plus the code is a good one. Now machines I have encountered in businesses and homes were as easy as dialing 123 after the tone. So what you say? You have nothing to hide? Well privacy is privacy and either way I don't want some thug hearing when I'll be at the dentist or vacation. This is twice as bad if you're a business and you have customers leave orders on the phone after hours. Credit card fraud has been booming since the 1980's and two decades later its still a problem, and its a safe bet that it always will be a problem. Here is an easy to follow system for getting into an answering machine, out of the many techniques I have read, tried, or heard of this one is the most rewarding... after the tone start dialing this sequence, 9876543210000123456789 then 2000, 3000, till you hit 9000, then 1111, 2222, and so on till you hit 9999. That technique will break into answering machines in the homes of government officials, mail order stores, and places that should be more secure. Try that on your machine or a friends (with his permission of course) and see how secure that answering machine really is. Another problem that has been around for many years is that of people tapping cordless phones with simple frequency scanners. Now this problem has been dying out but when I flip on the Ol' Bearcat I still hear morons yacking away on there old, ten dollar, garage sale, cordless phones. These aren't wholesome conversations either. Drug deals, phone sex, and fights. I guess it all depends on where you live but just the same there are a lot of possibilities here. Like I said, this is not a new problem, but its still wide spread even though a whole decade of cordless terror has gone by. By programming the following frequencies into your scanner you'll here many conversations: Base Handset 1 43.720 48.760 2 43.740 48.840 3 43.820 48.860 4 43.840 48.920 5 43.920 49.000 6 43.960 49.080 7 44.120 49.100 8 44.160 49.160 9 44.180 49.200 10 44.200 49.240 11 44.320 49.280 12 44.360 49.360 13 44.400 49.400 14 44.460 49.480 15 44.480 49.500 16 46.610 49.670 17 46.630 49.845 18 46.670 49.860 19 46.710 49.770 20 46.730 49.875 21 46.770 49.830 22 46.830 49.890 23 46.870 49.930 24 46.930 49.990 25 46.970 49.970 Obviously you want to listen into the base frequencies so that you hear both sides of the conversation. Now you may say well I don't have an old phone, "I have a brand new cordless phone that runs on the 900mhz band and scrambles the conversation". The only thing I have to say to that is, what if your business partner, mistress, and/or accomplice are using a old cordless phone, then your security measures mean nothing and its out there. That's why you have to analyze security from afar, missing the big picture will really screw you up. Are you running a dialup server at your residence or small business? If you think its safe because no one but you had the dialup then you my friend are dead wrong. For years people have been using programs called war dialers (i.e. ToneLoc) to scan exchanges looking for computers and just because times have changed and the internet seems to dominate all doesn't mean that people have stopped looking to their local exchanges either. In fact much can still be found by having a war dialer go for a few hours and attackers know this. A company can have a big fancy firewall but a dialup sticking out like a sore thumb a few numbers up from their main switchboard number. That kind of ignorance can be very, very costly and it would be wise to see how your computers are set up. If a dialup server is necessary be sure to pick strong passwords and keep up with a good policy for protecting that data, physically and remotely. Lets move on to your small (or large) business. Most businesses worth anything at least have a small PBX and voicemail system, plus the kind of stuff you may have at home, as all the same of rules of home security apply at the office as well. Its very important that a person takes his sweet time with setting up the phone system, baby it just as much you would the computer network because leaving the phone system open will lead the path to your precious network. If someone gets into your phone system what do you have to lose? Privacy, valuable information about customers (credit card information), use of your lines to call Europe and what not. I must say that PBXs are more challenging now then they were ten years ago but considering most voicemail systems run hand in hand with the PBX, having weak passcodes on your voicemail system can lead to exploitation of your PBX services. Meridian Mail, which is put out by Nortel (www.nortel.com), for instance has a nice little feature where you can set the operator assistance number, which in what I have seen is local numbers, just the same it can be useful for bouncing through to avoid tracing. I don't think anyone wants their phone system used as a jumping off point for attack against something big. The same rules of breaking into answering machines applies to voicemail, but one can get more creative here. There is usually multiple accounts on a system so if you can't get into one, move onto another. 999 or 9999 is usually an administrators box and 100 or 1000 is usually a general delivery box. Its been my experience that the general delivery box can be the most influential as that's where your general information can be obtained and that's also a very easy box to get into, a lot of the time the passcode is just 1000. In general though some passcodes to try are the number of the box as the passcode, 1234, 1111 to 9999, 1000 to 9000, the name of the person or company in DTMF, and the last four digits of the phone number. Knowing that, its possible to use these private phone networks for a lot of different things and I think its very clear why someone should take this into consideration. Ok now that its clear that your everyday conversations are at risk lets talk about some of the ways we can insure that our distant party is the only other person to hear the conversation. Remember the only secure conversation is one in person, free of any monitoring. Getting back to the point, one must consider what level of security is needed for a conversation before they begin to put security measures in place. For instance I doubt you need to encrypt a voice conversation with your grandmother (unless she works for a three letter agency) nor do I think you want to be on that old cordless phone while buying arms from third world terrorists (not that I'm advocating that). Lets say you are interested in securing voice communication, here are some ideas on what you can do to protect your privacy. The first method is accomplished through PGPphone, a nice little program from the makers of PGP (Pretty Good Privacy). This program allows for secure modem to modem or tcp/ip based voice communication. Using PGP keys at the strength preselected the conversation can be encrypted and secured from prying ears. Only drawback is that there is a little bit of lag and the stronger the key, the more static and breakup you will get. Another idea for shaking any taps on your phone line or your counterparts phone line is through the use of a number of payphone. If you keep a good list of payphone numbers in your area that allow for incoming calls you can be at a certain payphone at a preselected time to receive that call. If its busy you can always have a backup payphone not too far away or your contact will simply try back every two minutes. In my area at least there are still some neighborhood COCOTs (customer owned coin operated telephone) that still take in calls. Your best bet is to call a voicemail number that has ANI every time your at a payphone. When you get home call all the payphone numbers you accumulated and see which ones take in calls. Some owned by the Telco will not allow the call to go through, some COCOTs will have a modem pick up. As another approach you could always invest in one of those expensive communication devices that hook up to the telephone and allow you to call another telephone with the device. The price is definitely a drawback ($500 area) so using one of the less expensive methods is most likely the best way to go). Be creative and use your common sense, doing that you'll come up with many creative ideas. This was meant simply as a primer to phone security. Yes these are old problems but they needed to retouched on because it seems many people are still mystified by simple phone phreaking techniques. There are other phone risks, such as beige boxing and social engineering, but those topics have been covered already in some very well detailed articles that are available on sites all over the internet and fine BBSs like Ripco. I hope this has opened your eyes to the dangers out there or at least refreshed your memory. And to cut off all those flames that I ripped this information off and what not, I have spent many hours on the phone testing and perfecting these techniques, there is nothing here that I don't have first hand knowledge of. I'd like to leave off with these words that good friend recently told me, "When you take from one its plagiarism, but when you take from many its research.". Appendix PGPphone http://web.mit.edu/network/pgpfone/ Phreaking Info http://come.to/mobdomain http://www.phonelosers.org http://www.hackersclub.com/km -The Mob Boss; http://come.to/mobdomain Voicemail and fax: 1-877-203-3043 Special Thanks To... Deo Ryan Websulker (http://www.websulker.com) and anyone else I left out... -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Section [5]: "Tribe Flood Network 3000": A theoretical review By: Mixter -----BEGIN PGP SIGNED MESSAGE----- "Tribe Flood Network 3000": A theoretical review of what exactly Distributed DOS tools are, how they can be used, what more dangerous features can be implemented in the future, and starting points on establishing Network Intrusion Detection Rules for DDOS. Many technically uninformed people consider DDOS as a weapon, that should not be publicly evolved and distributed. This is the only further thing I'll be releasing to explain DDOS tools, comprehensible for EVERYONE, and future features that may be implemented in DDOS: a brief theoretical description. BTW: People with technical knowledge may skip over the most stuff in I. and II. I. What is distributed DOS, what can it be used for, how does it operate? II. What are DDOS features, what are future DDOS features, how is DDOS evolving? III. DDOS, an exploit or not? Should it be published? What is the main problem? IV. How can DDOS traffic be detected by Network Intrusion Detection (NIDS)? I. What is distributed DOS? Distributed DOS, like any distributed concept, will make it easy to coordinate a procedure that is launched from many computers. In this case it is Denial Of Service in form of packet flooding, to overload network links. DDOS IS NOT A HACKING TOOL CATEGORY. Distributed DOS tools are PENETRATION tools. They do not exploit security vulnerabilities, but they can demonstrate what amount of traffic a host can or cannot handle. Distributed DOS has been used a long time by professional security consultants for penetration testing. Before there were DDOS attack tools, there have been commercial, non-open-source programs out that could launch distributed packet floods. Those were used in the information security consulting business, to perform a security service called "Capacity Management". The purpose of Capacity Management is to determine how much traffic a network can handle, to see if the targets bandwidth has to be improved, or if it can handle enough traffic while providing service reliably. What can it be used for? It can overload, or flood if you want, network links. It sends meaningless packets, the overall amount of data being more that the network can process. The impact is that the targets can not be reached over a network. That is all. How does it operate? The basic concept is that you install a huge amount of DOS servers on different hosts. They will await commands from a central client. A central client can then message all the servers, and instruct them to send as many traffic as they can to one target. The tool distributes the work of flooding a target amongst all available DOS servers, therefore it is called a distributed concept. Before these tools were available, an attacker (or penetration tester) would have to telnet into all the hosts that he wanted to use, log in as a user, and manually launch a command to flood a target on each of the hosts that should flood, for example using the UNIX standard tool ping: 'ping -f target' II. What are DDOS features? The actual attack tools don't do simple flooding, but variations of it which involves using actual weaknesses in a protocol to a) make an attack more powerful b) make an attack harder to track back. First, current DDOS tools spoof source addresses. They are sending raw IP packets, and due to the nature of the internet protocol the source addresses can be fake ones, and single (not connection oriented) packets will still reach their destination. This is basically what makes backtracking of the attacks so hard. DDOS is also exploiting protocol weaknesses, it for example can open up half-open TCP connections by SYN flooding. This is a very old and well known protocol vulnerability, and feasible countermeasures are present. To make attacks more powerful, DDOS can generally use any protocol vulnerability that can be exploited by sending single, not connection oriented packet traffic to a host. What are future DDOS features? Things that can still be implemented, but have not in publicized tools, are protocol vulnerabilities as mentioned above. One of those is the "stream" attack (discovered by Tim Yardley, stream.c and spank.c demonstrate the vulnerability and are public). Stream attack sends TCP packets with either ACK or both SYN and ACK flags set. Because they are not part of a connection, they will "confuse" a target machine and take some time to be processed by the operating system. If this attack is used in a distributed way, the attacker can overload machines with less hosts. From what I've heard, distributed stream attack IS already implemented in private DDOS tools. It is very trivial to implement this feature. Possibility 2 that is not implemented yet are multicast addresses. Multicast addresses are routed (forwarded) specially by routers, they can multiply one packet into several ones. The concept would be to send out packets with a multicast (224.x.x.x) source. A target could send an error message back to multicast destinations, and multiply the bandwidth. This concept has also been mentioned by Tim Yardley. Another concept could be to purposefully send special strings in the flood traffic, strings that Intrusion Detection Systems (IDS) could falsely interpret as break-in attempts, the impact would be false alarms and affected IDS could get overloaded or crash. How is DDOS evolving? As I mentioned, the first tools that did distributed denial of service were commercial penetration tools. The origin of using general DOS is certainly IRC (Internet Relay Chat), where kiddies can take over control of channels if they temporarily take out computer systems with DOS. The first packet flooding DOS that involved multiple servers flooding was "smurf". Smurfing relied on mis-configured networks replying back to a broadcast address, sending one packet would result in hundreds bouncing back. Then, most of those networks were fixed, and attackers compromised a lot of hosts, preferably hosts with high bandwidth, and started flooding manually from them. Because this took a lot of time, attackers wrote servers which they installed on the hosts they had compromised. They no longer needed to log in, but only message those servers. The DDOS attack tools I know of are, in chronological release order: fapi (private, by ?), blitznet (public, by phreeon), trinoo (private, by phifli), TFN (public, by me), stacheldraht (private, by randomizer), shaft (private, by ?), TFN2K (public, by me), Trank (TRinoo + spANK.c?, private). The recent development has also continued in other ways, since people were monitoring traffic for very DDOS-program-specific traffic (like known character strings, known passwords, default ports), there have been many small variations made to the code of the above tools, by attackers, to prevent being detected. III. DDOS, an exploit or not? No. DDOS itself is not an exploit. It just makes an existing concept more easy. Take the distributed.net RC5 challenge and distributed password crackers. They are not exploits. But they are exposing a weakness, that many passwords can be brute forced faster than people think. DDOS shows that many networks are not as strong as they seem to be and can be overloaded faster than people used to think. Additionally, there are actual exploits implemented in DDOS exploits, that exploit security holes in network protocols currently used on the Internet. These security holes must not necessarily be exploited to make DDOS possible, but they do make the impact of DDOS attacks more powerful. Such exploits are the possibility of arbitrarily spoofing IP addresses, SYN flooding, IP stack attacks with bad fragmentation, header offsets and other "magic packets", the stream vulnerability, and missing authentication and security of traffic known as connection-less or stateless. Should it be published? That is for you to decide. It is your personal opinion. But people will continue to publish vulnerabilities. Hundreds of talented security analysts are professionally researching vulnerabilities in software, and posting exploit programs, which can often be used to instantly compromise a system running the vulnerable software at root level. The past has shown, that since security vulnerabilities were a problem on the internet, people have been ignoring advisories containing only the information THAT something was vulnerable to an attack, disregarding them as being "completely theoretic". Only when people wrote up and posted ready-to-(ab)use vulnerability exploits, the severity of vulnerabilities became clear, and people would make an effort to counter those vulnerabilities. What is the main problem? The main problem, that made attacks against sites as big as yahoo.com possible, is the bad overall security on the internet. With ONLY a DDOS tool in his hands, Joe Attacker cannot do anything. But security vulnerabilities are omni-present on the majority of hosts on the net. An awful lot of these hosts are not caring about their security, as a result they are running software that is KNOWN to be vulnerable, and against which public exploit programs exist. An attacker has only to run one of the public exploit programs and he is granted full access to such hosts. And various people have been able to compromise THOUSANDS of hosts with well-known, old vulnerabilities. Even high speed university networks, which originally built the foundation of internet architecture have proven to be insecure. With full control over thousands of hosts, it is easy to concentrate all of these hosts resources, and to be able to attack almost anything on the internet. IV. How can DDOS traffic be detected by Network Intrusion Detection (NIDS)? The mistake everyone has been making is to search for default strings of special DDOS tools, for default values, ports, passwords, etc. To establish Network Intrusion Detection capability in order to spot these tools, that operate via connectionless raw packets, people will have to start looking for general signs of DDOS traffic, signs that are obvious and traffic that is extensively anomalous and suspicious. There are two kinds of DDOS-generated traffic, control traffic (between DDOS client and servers) and flood traffic (between DDOS servers and DDOS victim). Credits to rain forest puppy, Dave Dittrich, and Axent Security Team for providing some initial hints I needed to write this up. Anomaly 0: This is not real "DDOS" traffic, but it can be a viable method of determining the origin of DDOS attacks. As observed by RFP, an attacker will have to resolve his victim's hostname before a DDOS attack. BIND name servers are capable of recording these requests. You can either send them a WINCH signal with 'kill', or you can specify query logging in the BIND configuration. A single PTR type query before an attack indicates the request was made from the attackers host, a great load of PTR type query for a DDOS victim before an attack indicates that the flood servers have been fed a host name and each server was resolving the hostname for itself. Anomaly 1: Amount of bandwidth exceeds a maximum threshold that is expected normal traffic for a site could cause. Alternatively, the threshold can be measures in the amount of different source addresses in the traffic. These are clear signs of flood traffic and ACL rules can be implemented on the backbone routers that detect these signs and filter traffic. Anomaly 2: Oversized ICMP and UDP packets. Stateful UDP sessions are normally using small UDP packets, having a payload of not more than 10 bytes. Normal ICMP messages don't exceed 64 to 128 bytes. Packets that are reasonably bigger are suspicious of containing control traffic, mostly the encrypted target(s) and other options for the DDOS server. Once (non-decoy) control traffic is spotted, one of the DDOS servers' location is revealed, as the destination IP address is not spoofed in control traffic. Anomaly 3: TCP packets (and UDP packets) that are not part of a connection. The stealthiest DDOS tools use random protocols, including connection-oriented protocols, to send data over non-connection-oriented channels. Using stateful firewalls or link-state routing can discover these packets. Additionally, packets that indicate connection requests with destination ports above 1024, with which no known service is registered and running, are highly suspicious. Anomaly 4: Packet payload contains ONLY alphanumeric character (e.g. no spaces, punctuation, control characters). This can be a sign that the packet payload is BASE64-encoded, and therefore contains only base64 characters. TFN2K is sending such packets in its control traffic. A TFN2K (and TFN2K derivatives) specific pattern is a string of repeating A's (AAAA...) in the payload, since the buffer size is padded by the encryption routine. If the BASE64 encoding is not used, and the payload contains binary encrypted traffic, the A's will be trailing binary \0's. Anomaly 5: Packet payload contains ONLY binary, high-bit characters. While this can be a binary file transfer (traffic transmitted over ports 20, 21, 80, etc. must be excluded if this rule is applied), especially if contained in packets that are not part of valid stateful traffic, it is suspicious of being non-base64 encoded, but encrypted control traffic that is being transmitted in the packet payload. - Mixter -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.1 iQEVAwUBOKdHVrdkBvUb0vPhAQGy2wf/XQ8d2VXKESzjyFzIqfRPd9S1RKXQZzGo 6yWnUADt3CuZRDmgJb9UYHJ/1Wf/J1V0PWik7GIJLD5zOXgUbgfdhYSOqJsPe14B K3HaqraRFyMHXjb8A4TBC0RTEX3kepWFrMNePOge9rLPD8rwfhWdIrnJuyHmmNiS rqVztFrPwfQl8FId5jjDjzXWlb5UuHgEpm1fNhrnjMh5XwFvVHN4MlJuuuk3ps9f BVpBFJbSqmdb5GHTXCrw4tHHUHtpE7Iu586A6ODCERT1oM7i2SEroZ2x2xO2ssOx cnyW3xFYcCNrJeJEzI9z+/VziYb1VqDl52MR7O1MSn/3SrAlVMvk2Q== =GKzb -----END PGP SIGNATURE----- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Section [6]: The Nazi Files (Stories of the SS) Compiled By: The IIRG ------------------------------------------------------------------------------- DISCORD IN THE SECRET SERVICE RANKS? Black Secret Service Agents To Sue for Discrimination By Gregory Vistica and Debra Rosenberg Newsweek, February 22, 2000 On Wednesday, lawyers for 50 African-American Secret Service agents, including several who have guarded the First Family, prepared to file a class-action suit with the Equal Employment Opportunity Commission in Washington. The suit will claim that blacks are discriminated against in the agency's promotion process, according to lawyers representing the agents, and will also allege that too few blacks hold Secret Service management jobs. The class action is an unusual public airing of complaints by employees of a necessarily secretive agency. The complaint will be filed first at the Department of Treasury, which oversees the Secret Service, before proceeding to the EEOC for review. To further try to correct what they view as a pattern of racial bias by their employer, several agents are now working to establish a formal association called BASS-Black Agents in the Secret Service-that will represent the rights of minorities. One agent involved with BASS says that as many as 100 African-American agents have expressed interest in joining the group. On Thursday, Secret Service agents involved in the class action are scheduled to hold a press conference with their lawyers at the National Press Club. They plan to describe the hurdles they have faced in their efforts to be promoted and to discuss the everyday difficulties for blacks in an organization that is predominantly white, says their attorney, David Shaffer, of Thelen Reid & Priest. Shaffer successfully represented minority FBI agents in their 1991 class-action suit against the law-enforcement bureau. Shaffer's co-counsel is John Relman and Associates, the law firm that represented black Secret Service agents in their lawsuit against Denny's restaurants. Shaffer describes those in charge of the agency's promotion process as "good-old boys" who consistently help their white friends win better jobs at the expense of qualified African Americans. He says the majority of Secret Service agents, black and white, score in the 90th percentile in job-performance rankings. Because of this, Shaffer says, personal relationships among managers, the majority of whom are white, are the key factor in who gets rewarded with a management job. "You have to know the higher-ups," Shaffer says, if you want to win a promotion. There are approximately 2,300 non-uniformed agents who work around the world; some 200 of those agents are black, Shaffer says. But African Americans hold just 22 management jobs. Agents complain that all but a few of the top management jobs in large U.S. cities, including New York, Los Angeles and Chicago, are held by white agents. The exceptions, they say, are Atlanta and Dallas, cities in which blacks have had senior postings in the past. "Certainly we're concerned," says Jim Mackin, a spokesman for the Secret Service. By late Wednesday, he said the agency had not yet received a copy of the complaint. Mackin said that the Secret Service has tried to maintain a diverse work force and provided some statistics that show black agents have indeed held senior posts. Of the seven assistant directors, two are African-American, he said. In addition Mackin said black agents head four of the eleven largest field offices. A number of black agents who have worked on President Clinton's security detail could join the suit. Among them is Reginald Moore. Shaffer says Moore was passed over for the job of director of the Secret Service's operations center, though he was serving as its acting director. The man who got the job, says Shaffer, was white and was not as qualified as Moore, who was then transferred to the Dallas field office. Moore couldn't be reached for comment. Then there's Larry Cockell, formerly the lead agent on President Clinton's secret service detail, who was forced to testify by Ken Starr, the independent prosecutor. Cockell was reportedly in the running to be head of the Secret Service, but lost out to another candidate. Through Mackin, Cockell says he "is in no way associated with the complaint" and has no further comment. The lawsuit may prove to be something of an embarrassment to the Clinton administration, which has made a concerted effort to court blacks for top jobs. Unfortunately, perhaps, for his security detail, the president has no power over which agents win promotions. ----------------------------------------------------------------------------- CLINTON EVACUATED FROM HOTEL AFTER FIRE ALARM Friday February 25, 3:06 pm Eastern Time Clinton evacuated from hotel after fire alarm WASHINGTON, Feb 25 (Reuters) U.S. President Bill Clinton was evacuated from a Washington hotel along with about 800 people attending an awards ceremony on Friday after a fire alarm went off. Clinton joked about the buzzing that began just as he started speaking at the event in a hotel ballroom. But when three fire officials entered the room, the Secret Service decided to evacuate the president and others. The president was escorted outside, got in his limousine and left the hotel in his motorcade for the White House. It was not immediately clear if there really was a fire. The fire alarm first started while Secretary of Commerce William Daley was speaking but stopped for a few minutes before Clinton started to speak. The president spoke through the fire alarm for a few minutes, apparently expecting the buzz to stop. ``Somebody tell me what the deal is. Is it a fire alarm, are we supposed to leave? Not yet...that's not an encouraging answer,'' he said to laughter. ``Unless somebody starts singing 'Smoke gets in your eyes' we may just start and go on,'' he said. A few moments later he broke away from his speech to say: ``They're coming to get us. It really is a fire alarm... Thank you.'' IIRG NOTE - In a private interview with a hotel staff employee, it was learned that Secret Service decided to evacuate the president because he apparently soiled his pants upon hearing the fire alarm. He was rushed to the limousine after Secret Service agents grabbed several hotel bath towels in an attempt to hide the presidents "accident". Our contact claims hotel staff was sworn to secrecy and that several Secret Service agents returned to the hotel afterwards to retrieve the bath towels. One agent was heard muttering, "We need those god damned towels. After Monica's dress we don't need any more physical evidence." ----------------------------------------------------------------------------- SECRET SERVICE HARASSING BERNIE S AGAIN 03/17/00 Five years to the day after Bernie S. was arrested at gunpoint and subjected to nearly 17 months of imprisonment by the United States Secret Service, agents of the USSS have again begun some kind of cat and mouse game, the nature of which has yet to be revealed. A Special Agent from the Secret Service showed up unannounced at Bernie's workplace and told his employer they wanted to question Bernie, who happened to be out sick that day. When Bernie returned to work the following day and discovered the Secret Service wanted to talk to him, he surprised the agent by calling him. What followed was an extremely strange and circular conversation. At first the SS agent wouldn't talk to him at all. Then he called Bernie back and said they needed to talk with him at his home at 7am the next morning. When Bernie explained he was just getting over a serious illness and that this was an unreasonable hour, the agent suggested 6am. Bernie repeatedly offered to answer their questions at several neutral locations, but they said any place other than his home was unacceptable. Bernie told them he had nothing to hide, but that he was not comfortable having Secret Service agents poking around inside his house and that they would have to get a warrant before he'd let them in. The agent then said he had to go and would talk to him later. About ten minutes later, a second, more polished, SS agent called Bernie and continued trying to persuade him to let them inside his home. The agent tried to goad Bernie by implying he must have something to hide, and that if he didn't then there was no reason why they shouldn't be allowed inside his home. At this point, Bernie tried to explain by saying if you asked 100 people on the street if they'd want federal agents in their living room and bedroom, almost everyone would say no and that he was no exception. The SS agent disagreed, saying people have no legitimate fears about such a visit. Bernie repeatedly tried to get the SS agents to tell him what they wanted. Finally, the second agent said, "I need to check to see if your telephone and Cable TV wiring is hooked up properly." This preposterous claim made Bernie actually laugh out loud. But as a further gesture of cooperation, Bernie offered to allow Bell Atlantic and Comcast Cable TV technicians to inspect his house wiring for them. The SS agents said that, too, would be unacceptable. It became clear the SS agents were simply trying anything they could to get a foot in his door. Needless to say, after Bernie's previous horrendous experience with the Secret Service, their feet are not welcome in his home. He then gave them his attorney's name and telephone number and told them to address future inquiries directly to his lawyer. So what is this all about? We don't know yet, but clearly something is up. And the way the Secret Service has played sick games with people's lives in the past, we felt it would be wise to alert everyone now so we can all keep a closer eye on them before they try any further outrageous actions under the veil of secrecy. ------------------------------------------------------------------------------- Friday March 17, 2000; 3:10 PM EST Hillary's Secret Service Agents Rough Up Reporters as St. Pat's Crowd Boos Secret Service agents protecting first lady Hillary Clinton roughed up several reporters along the route of New York City's St. Patrick's Day parade, WABC Radio reported Friday afternoon. To make matters worse, the United States Senate candidate was booed at several points along the Fifth Avenue parade route. A crowd of holiday revelers gathered at St. Patrick's Cathedral shouted "Go back to Arkansas" and "Find your own state." "Secret Service agents literally are pushing press to the ground," reported WABC's Glenn Shuck. "They get back up again. Mrs. Clinton stops to shake hands again along the route and she's mobbed again by Secret Service." According to Shuck, Mrs. Clinton's security got rough with reporters at several points along the parade route. "At one point one (Secret Service agent) grabbed me on my right side with his hands, and kind of grabbed my coat to hold me back, definitely forcefully," Shuck told afternoon drivetime talk show host Sean Hannity. "The Secret Service just lost their minds, in my opinion," said Shuck. "I mean they just started pushing and shoving; female camera people five feet tall were getting thrown to the ground, cameras flying. Myself, I was grabbed by the shoulder, I was thrown back over. I think somebody from Channel 11 landed on my back. From that point it really didn't get any better." Minutes after Shuck's interview with Hannity, WABC's in-studio reporter George Webber announced, "Hillary Clinton's Secret Service agents today roughed up several members of the news media trying to cover the first lady's visit to the St. Patrick's Day parade. At least six reporters, including WABC's Glen Shuck, were pushed and tossed to the ground as they tried to get quotes from Mrs. Clinton." The first lady's reaction: "I love being a New Yorker. And this is the first time I've been able to march in this parade as a New Yorker. I could not be happier to be here." -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Section [7]: IIRG Signal Intelligence (SIGINT) Guidelines By: Black IC - BEGIN PROJECT - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- ////// ////// /////// //////// // // // // // // // /////// // //// // // // // // // ////// * ////// * // // * ///////// The International Information Retrieval Guild -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- The International Information Retrieval Guild Signal Intelligence (SIGINT) Guidelines Rev. 1-2000-2-A Part A: Summary The purpose of this project is to confirm publicly available frequency lists and update frequency listing and usage on undisclosed frequencies. Part B: Requirements 1. Scanner with or as close to the following ranges: 27 - 54.000 MHz 108 - 136.975 MHz 137 - 174.000 MHz 406 - 512.000 MHz 806 - 823.937 MHz 851 - 868.937 MHz 896 - 956.000 MHz 2. Good antennae with good reception. 3. Working knowledge of "your" scanner. 4. Commitment and patience in terms of monitoring. 5. Commitment and initiative in terms of documenting. 6. We need to know your general area of living. (i.e. North East, Mid-West). Though some frequencies are national some are localized and this will allow us to cater to your area. Also knowing your scanners make and model will help in giving you frequency lists that you can work with. Part C: Procedures You will receive a list of frequencies in order of priority that you will monitor. These frequencies will have a duration period on how long you will monitor and possibly what times. When you are done monitoring you will move to the next frequency. Upon completion of your list please submit your findings to black_ic@iirg.org Please find enclose your documentation procedures and frequency list catered to your capabilities. Due to FCC regulations we are not interested in the content of the traffic other than the parties involved and at what times they were involved. Though FCC frequency allocations are public the parties they are reserved for change there usage and sometimes use undisclosed frequencies that are not listed in the public sector. 1. Tune in to initial frequency on list. 2. Adjust reception and squelch as needed. 3. Listen to said frequency for instructed time at instructed time. 4. Document any traffic using the follow notations: A. Time (Military Time (GMT, EST, etc) B. Parties Involved (FBI, Media, PD, Pager) C. Code & Signals D. Duration of Transmission Part D: Personal SIGINT Frequencies: The IIRG'00 May Odin Guide Your Way... - END PROJECT - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Section [8]: The Rumor Mill ----------------------------------------------------------------------------- THIS IS THE OFFICIAL ANNOUNCEMENT FOR THE SECOND ANNUAL RUBI CON GROUP DATA AND NETWORK SECURITY CONFERENCE AKA RUBI CON 2000 Last updated on 2/23/2000 ----------------------------------------------------------------------| | ____ __ ______ ____ __________ _ __ | | / __ \/ / / / __ )/ _/ / ____/ __ \/ | / / | | / /_/ / / / / __ |/ / / / / / / / |/ / | | / , _/ /_/ / /_/ // / / /___/ /_/ / /| / | | /_/ |_|\____/_____/___/ \_____\____/_/___/ ___ ___ | | |_ | / _ \ / _ \ / _ \| |************************************/ __/****/ // /***/ // /***/ // /| | /____/ \___/ \___/ \___/ | |---------------------------------------------------------------------- ----------------------------------------------------------------------- Who: IT professionals and computer hackers What: Three days of speakers, classes, games, and more Where: Romulus, Michigan Why: To teach, to learn, to understand When: April 28-30, 2000 (Friday, Saturday, Sunday) Cost: $100.00, $40.00 for students Info: http://www.rubi-con.org ----------------------------------------------------------------------- 1. Rubi Con 2000 is a data and network security conference held annually in metro Detroit. Three days of expert speakers, workshops, games and contests, all with a casual, open atmosphere and a very unique goal. Our intention is to bring together the two sides of system security: those on the outside trying to get in, and those on the inside trying to keep everyone else out. In the real world, it's IT professionals and security experts versus "underground" crackers and computer hackers. These two sides have much more in common than they often realize, and can learn more from being in each other's presence than they might believe. Rubi Con is here to bring them into contact with each other. But we exist to provide information rather than an ideology. For while you may learn how to break into computers at Rubi Con, you will also learn how to fortify and defend them. We do not endorse illegal activity, only the value of information. 2. Rubi Con offers three full days of expert speakers in both large group and intimate classroom settings. Rubi Con speakers will offer sessions on such diverse topics as advanced AS/400 security measures and the philosophy of the modern computer hacker. All sessions are intended to be highly interactive; questions and dialogue are encouraged to create a more intimate and friendly atmosphere. Our speakers are professionals and experts in their fields, many have Ph.D.s and nearly all have been involved in information technology for decades. We also offer unique games and contests to test your knowledge. Our hacking contest is a race to break into secure network servers. Trivia games offer fun prizes in exchange for obscure information. Do you have a duck? You will if you play our (in)famous scavenger hunt. 3. Rubi Con occurs yearly in the metro Detroit area. This year we will be at the Wyndham Garden Hotel in Romulus Michigan, right at Detroit Metro Airport. The hotel is at 8600 Merriman Road, Romulus, MI 48174, United States. You can contact them at (313) 728-7900, or for reservations at (877) 999-3223. Wyndham Hotels has a web site here: http://www.wyndham.com. Rooms have been reduced to $80.00 per night for our group. Mention Rubi Con to receive the discount. The Wyndham requires that rooms be rented by credit card only, no cash unless you are over 21. See someone here if you are under 21 and are having trouble renting a room. 4. Rubi Con 2000 will occur Friday, April 28, Saturday, April 29, and Sunday, April 30, 2000. The conference will run 24 hours a day, and enough caffeine will be kept on hand for those who want to run 24 hours a day, too. Registration begins at 3:00 PM on Friday. We shut our doors late on Sunday, and all classes will run during the day, between the hours of 11:00 AM and 7:00 PM. 5. Tickets are $100.00, or $40.00 for students. Advanced tickets will cost $90.00 and $30.00, respectively. See our website for details on ordering tickets now. Advanced tickets will not be accepted after March 28, or one month prior to Rubi Con. The cost of a ticket covers all events, classes and speakers at Rubi Con 2000. You get a professional looking ID badge, and perhaps other goodies. Swanky RC2K T-shirts sold separately. ----------------------------------------------------------------------- OTHER INFORMATION: http://www.rubi-con.org info@rubi-con.org tickets@rubi-con.org The above URL is the official Rubi Con web site. It contains all pertinent information about this event such as current speaker listings and topics, event schedules, information on games and contests, advanced ticket sales, and more. The above email addresses are intended for general information and ticket questions, respectively. Both are monitored by living, breathing humans at all times. ----------------------------------------------------------------------- CALL FOR SUPPORT: We are always receptive to more speakers and presenters. If you have any interest in teaching something at the next Rubi Con, contact our operations director at tantalo@rubi-con.org. We are looking for people with a background in information technology and with an interest in data security. If this is you, send us a message. If you think you or your company may be interested in donating resources or equipment to Rubi Con 2000, please contact our business director at deline@rubi-con.org. We are looking for support from companies with network bandwidth, guest speakers, equipment, advertisement/promotional materials, and any other contributions. If you or your company wants to help make Rubi Con 2000 happen, send us a message. ----------------------------------------------------------------------- READ & DISTRIBUTE & READ & DISTRIBUTE & READ & DISTRIBUTE & READ & DISTRIBUTE ]]]]]]]]]]]]]]]]]] ]]] ]] ] ]] DEF CON 8 Initial Announcement ]]]]]]]^^^^]]]]]]]]]]]]] ]] ] ] DEF CON 8 Initial Announcement ]]]]]]^^^^^^]]]]] ] ] ] DEF CON 8 Initial Announcement ]]]]]^^^^^^^^]]]]] ]] ] DEF CON 8 Initial Announcement ]]]]^^^^^^^^^^]]] ] ]]]]]]]] ] DEF CON 8 Initial Announcement ]]]^^^^^^^^^^^^]]]]]]]]]] ] DEF CON 8 Initial Announcement ]]^^^^^^^^^^^^^^]]]]]] ]] ] DEF CON 8 Initial Announcement ]]]^^^^^^^^^^^^]]]]]]]] DEF CON 8 Initial Announcement ]]]]^^^^^^^^^^]]]]]]]] ] ]] DEF CON 8 Initial Announcement ]]]]]^^^^^^^^]]]]]]] ]]] ]] ] DEF CON 8 Initial Announcement ]]]]]]^^^^^^]]]]]]] ] ] ] DEF CON 8 Initial Announcement ]]]]]]]^^^^]]]]]]]]]]] ]] ] ] DEF CON 8 Initial Announcement ]]]]]]]]]]]]]]]]]]]]]]]]]]]]]] ] DEF CON 8 Initial Announcement READ & DISTRIBUTE & READ & DISTRIBUTE & READ & DISTRIBUTE & READ & DISTRIBUTE WTF is this? This is the initial announcement and invitation to DEF CON 00, a convention for the "underground" elements of the computer culture. We try to target the (Fill in your favorite word here): Hackers, Phreaks, Hammies, Virii coders, programmers, crackers, Cyberpunk Wannabes, Civil Liberties Groups, CypherPunks, Futurists, etc.. WHO: You know who you are, you shady characters. WHAT: A convention for you to meet, party, and listen to some speeches that you would normally never hear. WHEN: July 28th - 30th, 2000 WHERE: Las Vegas, Nevada @ Alexis Park Resort What is DEF CON? DEF CON is an annual computer underground party for hackers held in Las Vegas, Nevada, every summer for the past six years. Over those years it has grown in size, and attracted people from all over the planet. Well, no one from North Korea has shown up (that we know of) but if they did I'm sure we would convince them to tell us elite government secrets. That's what it is all about. Meeting other spies, er, people and learning something new. We are not trying to teach you to learn how to hack in a weekend, but what we are trying to do is create an environment where you can hang out with people from all different backgrounds. All of them interested in the same thing, computer security. To do this we have taken over the complete hotel at the Alexis Park Resort. Does all of this seem interesting? Then it can be yours for the low, low price of only $50 at the door. If you want a greater idea of what it is all about, and what other people have had to say about the convention please visit the previous year's archives sections and read what the media and attendees have had to say. There has been an awful lot of press written about DEF CON over the years. Some of it good, most of it too fixated on the attendees green hair. If you want to see what people have written, check out the previous years archives for the links. Current Speakers ---------------- There is currently a call for speakers. Please email DTangent if you want to exhibit, or sponsor DEF CON 8 ------------------------------------------------------------------ Gregory B. White, Ph.D. The USAFA Cadet Hacking Case: What both sides should learn about computer forensics Basically I'll discuss the case that went to trial in the spring of 99. I was the Deputy Head of the Computer Science Department at the USAF Academy at the time and was asked by the cadet accused of "hacking" to help with his defense. I testified at the trial as an expert witness for the Defense. I sat at the Defense table throughout the trial serving as their "computer expert". Basically the trial was a comedy of errors by the prosecution. law enforcement, and the cadet's attorneys alike. The cadet was involved in IRC but the law enforcement types and prosecution became convinced that he was the "hacker" (afterall, everybody KNOWS that IRC is nothing more than a place for hackers to trade information on how to break into computers -- the actual sentiment expressed by the investigators). I had up to that point spent the majority of my time in the Air Force trying to protect systems and to catch those who broke into AF systems. This case really shook me as I saw the LE types latch onto the smallest of indicators and blow them into a full blown felony case (the cadet faced 15 years in Leavenworth had he been convicted of all counts). What I will cover in the talk is: 1) Background of the case 2) The "evidence" the prosecution thought they had 3) The many possible areas where clues might have been found had either side known where to look (or asked anybody who knew anything about it) 4) What lessons can be learned from this case. Those from the government and industry need to know where to look if they want to catch folks (and if they want to make sure they don't make fools of themselves) and those who might find themselves accused someday need to know how to help their attorneys find clues that could exonerate them. Gregory B. White, Ph.D. - Vice President, Professional Services. Gregory White joined SecureLogix in March 1999 as the Chief Technology Officer. Before joining SecureLogix, he was the Deputy Head of the Computer Science Department and an Associate Professor of Computer Science at the United States Air Force Academy in Colorado Springs, Colorado. While at the Academy, Dr. White was instrumental in the development of two courses on computer security and information warfare and in ensuring that security was taught throughout the computer science curriculum. During his two tours at the Academy, he authored a number of papers on security and information warfare and is a co-author for two textbooks on computer security. Between his Air Force Academy assignments, Dr. White spent three years at Texas A&M University working on his Ph.D. in computer science. His dissertation topic was in the area of host- and network-based intrusion detection. Prior to his Academy assignments, Dr. White was a student at the Air Force's Advanced Communications-Computer Systems Staff Officer Course in Biloxi, Mississippi. He was awarded both the AFCEA and Webb awards for student leadership and academic excellence and was a Distinguished Graduate of the course. Before attending the course in Biloxi, Dr. White served as the Branch Chief of the Network Security Branch at the Cryptologic Support Center in San Antonio, Texas. His first assignment in the Air Force was as a systems analyst at the Strategic Air Command Headquarters in Omaha, Nebraska. Dr. White obtained his Ph.D. in Computer Science from Texas A&M University in 1995. He received his Masters in Computer Engineering from the Air Force Institute of Technology in 1986 and his Bachelors in Computer Science from Brigham Young University in 1980. He separated from the Air Force in 1999 and is currently serving in the Air Force Reserves at the Defense Information Systems Agency. Ron Moritz, Chief Technology Officer Finjan Software, Inc. Proactive Defense Against Malicious Code Anti-virus software is an important part of a well-devised security policy, but reactive virus detection is not versatile enough for the demands that will be made on businesses engaged in e-commerce. The year 1999 began with the birth of the Happy 99 virus - a harbinger of things to come. Happy 99, plus Melissa, PrettyPark and the Explore.zip worm are all examples of third generation of malicious replicating code, designed to exploit the Internet for their rapid proliferation. A variant of Explore.zip, called MiniZip, managed to hide itself from antiviral utilities and spread at an amazing rate around the Internet at the end of 1999. Such programs, which launch new malicious code attacks, create "first strikes" against systems and networks. Allowing untrusted code to execute on the corporate network may not be suitable for your organization. But corporate security policies that block network executables adversely affect the evolution of the Internet, extranet, and intranet. While no security implementation is absolute, functionality is not achieved by disconnecting users from the network and preventing access to programs. Therefore, proactive defense against first-strike attacks is required today. Almost all web sites today contain mobile code. Many of the powerful business (ecommerce) applications you need and use are written with mobile code. Consequently, net-enabled malicious software is likely to increase in prevalence and successful utilization. The factors accounting for such a prediction are the ease by which users are duped into double-clicking on malicious e-mail attachments and, the ease by which the sources on malicious e-mail attachments and, the ease by which the sources of those e-mails are automatically spoofed to seem to come from a boss or from an e-mail or instant message friend. Traditional pattern matching approaches are incomplete, out-of-date, and ineffective and were never designed in preventing a series of new generation attacks based on malicious mobile code and Trojan executables. Ron Moritz is the Chief Technology Officer at Finjan Software where he serves as primary technology visionary. As a key member of the senior management team interfacing between sales, marketing, product management, and product development, Ron helps establish and maintain the company's technological standards and preserve the company's leadership role as a developer of advanced Internet security solutions. Ron was instrumental in the organization of Finjan's Java Security Alliance and established and chairs Finjan's Technical Advisory Board. He is currently chairing the Common Content Inspection API industry standards initiative. Ron is one of a select group of Certified Information Systems Security Professionals. He earned his M.S.E., M.B.A., and B.A. from Case Western Reserve University . He earned his M.S.E., M.B.A., and B.A. from Case Western Reserve University in Cleveland, Ohio. WHERE THIS THING IS: -------------------- It's in Las Vegas, the town that never sleeps. Really. There are no clocks anywhere in an attempt to lull you into believing the day never ends. Talk about virtual reality, this place fits the bill with no clunky hardware. If you have a buzz you may never know the difference. It will be at the Sahara Hotel. Intel as follows: Hotel Location The Convention will be held at the Alexis Park Hotel and Resort We are taking over the complete hotel! The Alexis Park Hotel and Resort is across the street from the Hard Rock Hotel, and is a block off the main strip. Located at 375 E Harmon Ave in Las Vegas, NV 89109. The Alexis Park is a non gambling hotel, so people 18 years and older can get a room there. This is the first time that has ever happened for us! If there are any problems with this please email me! HOTEL COSTS: Room rates are 85$ for a two bed suite, but you can get up to four people in one. RESERVATIONS: On-line or by phone: 800-453-8000 We have the whole hotel space, so unless you reference the DEF CON show the Alexis Park will tell you they are sold out. We have all the rooms at the Alexis Park, and a bunch next door at the San Tropez. We are working on a block of rooms at the Hard Rock Hotel. At last count about 20% of the rooms at the Alexis Park were already booked. Sign up early if you want to stay at the main hotel! We start Friday, but many people get in Thursday night and hang out before the fun begins. We get our convention room rate from Wednesday night through Monday night for those wanting to stay longer to check out the attractions. Cheap Airfare Information We've got great discounts on airfare from Montrose Travel, who book bulk air travel for cheap. If you need to still book tickets give these guys a call first and compare. Montrose Travel 1-800-301-9673 http://www.montrosetravel.com or email Montrose Travel with questions. They currently have deals for DEF CON attendees from the US and International on the following airlines: America West Southwest Delta American Southwest Airlines United Airlines and other smaller carriers and even International Airfare rates. Expect rates lower than published. When calling make sure you refer to DEF CON as the group name. COST: Cost is whatever you pay for a hotel room split however many ways, plus $50.00 at the door. There are fast food places all over, and there is alcohol all over the place, the trick is to get it during a happy hour for maximum cheapness. ----------------------------------------------------------------------------- Hope 2000 is Coming. http://www.h2k.net July 14th to July 16th, 2000. New York City ----------------------------------------------------------------------------- Postcards From The Edge BBS Formerly a Renegade DOS Based Dial-Up BBS is now and has been available via telnet at luna.iirg.org PFTE carries an eclectic topic structure surrounding SIGINT, Telephony, RF Hacking, UNIX, Kit Bashing, and others. No restrictions on applying. Just login and be apart of an on going history surrounding this board. The present life of this board is running Citadel. You can access this system via telnet or the web. www.iirg.org/pfte.html luna.iirg.org Login: bbs Password: Any questions: black_ic@iirg.org -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Section [9]: FREE the FISH By: Mercenary with assistance from BoW http://www.bow.org/trout/ .a@&$$$ .a@&$&@a. .a&$$$$ .a&$$$$ .a@&$$$ .a$$$a. .a@&$$$ a$$ $$a $$$$$$$ $$$' `$$$ $$$$$$$ $$$$$$$ $$$$$$$ $$$$$$$ $$$$$$$ $$$ $$$ $$$ $$$. .a&$' $$$' $$$' $$$ `$$$$$' $$$$. $$$ $$$ $$$$$$ $$$$$$$' $$$$$a $$$$$a THE $$$$$$ .aaaaa. `$$$$a. $$$$$$$$ $$$ $$$ `$$a. $$$. $$$. $$$ $$$$$$$ `$$$$ $$$ $$$ $$$ $$$ `$$$a. $$$$$$$ $$$$$$$ $$$ $$$$$$$ $$$$$$$ $$$ $$$ $$$ $$$ `$$$' `$$$$$$ `$$$$$$ $$$ `$$$$$' "$$$$$" $$$ $$$ I guess that for 2600 Magazine to offer you any support, you must have to have a book written about you or be a high profile media grabbing celebrity. Yet when Jason Mewhiney's (AKA - Tr0ut) defaced NASA's main page on March 5th 1997 and offered support to 2600 Magazines two poster boys (Kevin Mitnick and Ed Cummings - AKA Bernie S), wouldn't you think that Eric Corley (AKA - Emmanuel Goldstein) might offer just a little support or media exposure to Jason? Well this support hasn't surfaced yet. Please read the following information and offer Jason the support that 2600 Magazine hasn't. ----------------------------------------------------------------------------- About Jason Mewhiney's Case NASA V. JASON MEWHINEY I. Proceedings to Date Jason originally faced fifty one charges and a $70,000 fine for his alleged involvement in the defacement of NASA's main page on March 5, 1997. This is however simply the culmination of years of harassment that Jason has faced from both the American and Canadian authorities. A. Jason's current situation Jason is currently serving a six-month prison sentence in Canada after entering into a plea agreement that reduced his charges. In sentencing him, Justice John Poupore said, "You sir, are a convicted criminal. That is a distinction you will carry with you for the rest of your life. It is nothing to be proud of." This is true -- there will be no badge of pride on Jason's sleeve when he leaves prison. When he does, it will be as convicted computer-criminal, potentially facing similar restrictions to those faced by Kevin Mitnick upon his release. Jason began his sentence in a medium - maximum security prison in Sudbury, Ontario. Everyone in the prison was about twice his age. Most of them hard-core criminals, including several convicted murders serving 2 back to back life sentences. About 2 weeks ago he was transferred to a facility in timmins ON, which according to Jason, is at least 10 times worse than the first prison. Jason has been forced to endure countless hardships in the short time he has been incarcerated. Despite the comparatively benign nature of his crimes, he is placed in same environment as murderers and rapists. He is only allowed 1 visit per week at 15 minutes per visit. His family has tried to bring him reading material -- harmless magazines like People -- but the prison has disallowed it. In a recent incident, Jason went to brush his teeth after finishing his work as a cleaner at the prison. He saw another inmate cleaner come out of one of the bathrooms. Assuming the bathroom was free, the other he went in and brushed his teeth. A guard then came and said the bathroom was for guards only. He was written up for it, and given a reprimand for "misconduct". Three days were tacked onto his sentence as a result. This incident will likely jeopardize his parole -- which he may be up for soon -- but worst of all, they threw him in the "hole". Which according to Jason himself, isn't a bad enough description of the place. Solitary confinement in this prison consists of an unlit 11 x 6 room with no mattress, bed, or window. Other prisoners sneak drugs in by "sticking them in their ass and shitting onto magazines to get them out." Even the notorious Canadian serial-killer Karla Homolka is not forced to live in such a Dickensian environment. Update: You can write to Jason Mewhiney in Prison. Send any correspondence to: Jason Mewhiney Box 90 Monteith Ontario P0K 1P0 CANADA B. Sentencing Jason was sentenced to six months in jail after pleading guilty to twelve of the fifty one charges against him. After his prison sentence, it is likely that he may serve a time under "house arrest". While under house arrest, Jason will effectively be banned from any and all computer use. This leaves Jason without his one marketable skill and will create massive problems for him when he is released. In addition to the prison-term and the possible restrictions upon his release, Jason has also been ordered to pay a $6000 fine. Six thousand dollars is far short of the original seventy-thousand that was being sought by NASA, yet it will still remain as a considerable financial burden to someone who will be left effectively unemployable after his release. II. Analysis of the case The original charges that Jason faced were completely blown out of all proportions. NASA claimed that to copy the backup of their index page back and reinstall and secure the machine cost them an estimated $70,000. Anyone with any experience of computers and computer security can see that this is a grossly inflated figure. You can read NASA's statement on the whole incident at http://www.hq.nasa.gov/office/oig/hq/press/pr99025.txt During the course of Jason's trial and conviction, thousands of dollars of taxpayer money were wasted on frivolous and unnecessary actions sanctioned by both the FBI and the RCMP. The RCMP agents and Canadian authorities involved in the case were all flown down to NASA headquarters for what essentially added up to as a free tour. American authorities and NASA officials were flown up to Canada on several occasions simply to attend the occasional short bail-hearing or pre-trial motion. Everyone was flown up to Canada again for the sentencing hearing, despite their presence not being required. Who ends up paying for all of this air-travel and accommodation? The Canadian taxpayer, in the end. Unfortunately, this never came to light during any of the reporting on Jason's case. Even though Jason eventually plea bargained and managed to avoid the huge fine and long jail term that he was threatened with, we still have to ask ourselves whether someone should be imprisoned for what was essentially no more than a prank. Can we continue to allow corporations and government agencies to arbitrarily pick numbers out of the air when accounting for "damages" that occurred as a result of a mere web-page defacement? The Trout Defense Fund .a@&$$$ .a@&$&@a. .a&$$$$ .a&$$$$ .a@&$$$ .a$$$a. .a@&$$$ a$$ $$a $$$$$$$ $$$' `$$$ $$$$$$$ $$$$$$$ $$$$$$$ $$$$$$$ $$$$$$$ $$$ $$$ $$$ $$$. .a&$' $$$' $$$' $$$ `$$$$$' $$$$. $$$ $$$ $$$$$$ $$$$$$$' $$$$$a $$$$$a THE $$$$$$ .aaaaa. `$$$$a. $$$$$$$$ $$$ $$$ `$$a. $$$. $$$. $$$ $$$$$$$ `$$$$ $$$ $$$ $$$ $$$ `$$$a. $$$$$$$ $$$$$$$ $$$ $$$$$$$ $$$$$$$ $$$ $$$ $$$ $$$ `$$$' `$$$$$$ `$$$$$$ $$$ `$$$$$' "$$$$$" $$$ $$$ Defense Fund Jason Mewhiney has been financially ruined by the events surrounding his trial and incarceration. Jason's mother is bearing the brunt of the burden, facing thousands of dollars in Lawyer fees while Jason sits in prison. In addition to the debt incurred by the trial, Jason will have to deal with the six-thousand dollar fine he has been ordered to pay to NASA. Without any means of income, and more than likely no chance of gainful employment, this case is likely to haunt him financially for years to come. A Defense fund has been set up to help ease the burden placed on Jason and his family. If you care to donate, please send either a check or money order to: The Trout Defense Fund 2527 Farmcrest Dr. #404 Herndon, VA 20171 USA Any amount is greatly appreciated. We are currently working on setting up a dedicated account for the fund so that money can be directly transferred. Any moneys received will go directly to help cover Jason's legal bills. If you can't afford to donate, then why not take the time to write Jason a letter or send him some reading material? Anything sent to the defense fund will be forwarded to either Jason or his mother directly. Thank you for your support. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Section [10]: Letters to the IIRG (Fan Mail, Hate Mail, Letter Bombs) I receive so many letters and requests that it would be impossible to post all letters received. However, every now and than I get one that makes me laugh or vomit uncontrollably. I offer these to you..... ------------------------------------------------------------------------------ 1. I have a question about Phantasy Magazine... From: Pegasi17@aol.com Delivered-To: iirg@iirg.org Date: Sat, 10 Jul 1999 03:59:06 EDT Subject: I have a question about Phantasy Magazine... To: iirg@iirg.org Is Phantasy Magazine going to be continued or was the issue 22 the last issue that will be made? Thank you much... ---- Pegasi17 IIRG - Well the last issue was #23, and No... We are publishing again. ------------------------------------------------------------------------------- 2. Inquiry? Delivered-To: iirg@iirg.org Date: Sun, 25 Jul 1999 23:16:36 -0700 From: Erik Bos To: iirg@iirg.org Subject: inquiry I am looking for schematics for the following: ELF generator microwave weapon if in any back issues there is anything like this pls. email me with ordering info. Thank you Erik Bos IIRG - Sorry, but the technology to Microwave Elves has been patented and kept strictly confidential by the Keebler Corporation. Might I suggest you try a toaster oven instead? ------------------------------------------------------------------------------- 3. Are You for Hire? From: "Marie Estes" To: iirg@iirg.org Date: Sun, 24 Oct 1999 21:23:43 GMT I'm enjoying your prose on your website. I, however, am not one of your kind. I admire your exploits and ambition. I require your services and do not have the knowledge or expertise, nor temporal resources to do the job myself. Perhaps you might consider an innocuous mercenary act? You ARE for hire, aren't you? RSVP. IIRG - What did you have in mind Marie? And does it involve chocolate syrup and whip cream? ------------------------------------------------------------------------------- 4. Info? From: "DK" To: Subject: info Date: Sat, 25 Dec 1999 17:57:34 -0500 Hi I am looking for the code that will allow a webpage to reboot the viewer computer. Do you have or know any info that will help me find this coding? syburcat IIRG - Try putting this on your page to Crash Netscape 4 ============================= Smash Netscape
Smash Netscape

This page will crash Netscape Communicator 4!

Crash Netscape

================================== ----------------------------------------------------------------------------- 5. You Evil Hacker Survivalists You!!! Date: Thu, 02 Mar 2000 22:36:13 -0600 From: Richard Reed To: ticom@iirg.org Hi yes I think this page is a threat to our country therefore I have forwarded a copy of this page and a link to various government agencies. http://www.iirg.org/~ticom/survival.html TICOM - The only thing the Connecticut Survivalist Alliance Page is a threat to are totalitarians, socialists, close-minded idiots, and other such scum who despise the Bill of Rights. Since you are apparently one of those types you have my permission to go frolic in conjunction with yourself. My guess is that you are a terrorist, child molester, rapist, or serial killer who does not wish his potential victims armed with knowledge that they may use to defend themselves and maintain their self-reliance and determination. If not, then you are simply an idiot. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Section [12]: Phantasy Distribution Site -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Phantasy Distribution Sites Phantasy's Distribution Site's are continually changing, we apologize if you visit a site and it's not there. But always go to our main site and it will be there. 1. The IIRG's Main Phantasy Distro Site http://www.iirg.org/phantasy.html 2. L0pht's Phantasy Magazine Archive http://www.l0pht.com/%7Eoblivion/IIRG.html 3. EFF "Phantasy" Archive http://www.eff.org/pub/Publications/CuD/Phantasy/index.html If you'd like to set-up a Phantasy Distro site and be listed here and on the IIRG's link page, e-mail Mercenary at iirg@iirg.org -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Section [13] Articles We Never Want to See This Month - @MISTAKE PC Busters Forget about those nasty viruses and malicious hackers; the real threat to your PC is far more insidious. Your home computer may be host to a demon from Hell. You and your family may well come under its malevolent control. "While the Computer Age has ushered in many advances, it has also opened yet another door through which Lucifer and his minions can enter and corrupt men's souls," says Reverend Jim Peasboro, author of the upcoming book, The Devil in the Machine. That why the trained "White Hat Hackers" at the IIRG's @MISTAKE Corporation are coming to your aid. The IIRG's world renowned staff of trained demon killing Mercenaries will rid your PC of the nastiest spawns of Satan. Listen to these testimonials: "My wife who had never expressed an impure thought in her life was entering Internet chat rooms and found herself spewing foul, debasing language that she would never use normally" The IIRG came in with battle axes and completely destroyed her system. It was the best display of Information Warfare that I have ever seen." Winn Schwartau "My programs began talking directly to me, openly mocking me. It typed out, John, you are a liar and your book sucks.'" Then the printer went haywire and started printing out what looked like gobbledygook. I later had a college professor examine the text. He told me it was an ancient language and to contact the IIRG. It finally turned out to be a stream of obscenities written in a 2,800-year-old Mesopotamian dialect! Thank god the IIRG knows how translate ancient Mesopotamian." John Markoff The Reverend advises anyone suspecting that their computer is possessed to consult a clergyman, or, if that fails - contact the IIRG and the @MISTAKE Corporation. Their skilled Technicians can replace your hard drive and reinstall your software, getting rid of the wicked spirit permanently and installing numerous monitoring and backdoor programs on your system. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- PHANTASY(C) IIRG 1991 - 2000 May Odin Guide Your Way! -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- May You Be Feasting and Drinking in Valhalla For a Full Night Before the Christian God Knows You're Dead -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-