TRW: Big Business is Watching You
TRW Information Services is America's largest credit reporting institute, containing the credit histories of over 90 million Americans online.
Recently it was reported that a password belonging to Sears, Roebuck, & Co. was stolen. TRW and the media are currently circulating several conflicting reports about the use of the account. Some reports insist that the account was never used illegitimately. Others say that "criminals" used the account to pillage credit card numbers to illegally buy goods and services while knowing the account limit. Another account of the incident(s) says it was merely hackers exploring a very interesting system. It seems hard to believe that hackers managed to infiltrate TRW, since the system is basically user spiteful, but they seem to have pulled it off.
Once the subscriber initiates a connection with one of the many dial-ups, located in most major cities, the system will identify itself with TRW. It will then wait for the subscriber to send an appropriate answer-back (such as a Control+G).
Once this has been done, the system will say CIRCUIT BUILDING IN PROGRESS along with a few numbers. After this, it clears the screen (Ctrl+L) followed by a Ctrl+Q. Once the Ctrl+Q is sent, the system is ready to accept the subscriber's request. The subscriber must first type a four-character preamble which identifies the geographical area of the subscriber's account. For example:
The subscriber then types a carriage return (followed by an optional three line feeds). On the next line, he must type his three character option.
Most requests use the RTS option. OPX, RTX, and a few others exist. Some of these, such as RTA, return you with an error saying that this option is used for credit bureau collection activity only. TRW will accept an A, C, or S as the third character.
After the option (RTS), a space must be skipped, and then a seven-digit subscriber code is typed in. The first two-digits represent the region in which the subscriber is located and the subscriber's industry, respectively:
Table 1 (First Digit) Table 2 (Second Digit) 1 - TRW Eastern Region 0 - Public Record 2 - TRW Midwestern Region 1 - Blank 3 - TRW Western Region 2 - Bank Credit Card 4 - Inquiries from Broker Customers 3 - Retail 5 - ? 4 - Credit Card 6 - Other Credit Reporting Agencies 5 - Loan Finance within Eastern Region & 6 - Sales Finance Commercial Credit Subscribers 7 - Credit Union 7 - Others Within Western Region 8 - Savings & Loan 8 - Others Within Western Region 9 - Service & ProfessionalUsing the tables above, it is evident that the stolen Sears password from Sacramento must begin with a 33, identifying it as from the Western Region and as being a retail store.
Once the subscriber enters his seven-digit subscriber code which is printed along on the reports, he then appends a 3-4-character password immediately after it.
(In the Sears example, the whole thing was: 3319122NXK. This code has allegedly been floating around hacker circles for at least two years!)
Following this, he must type a space and then the full last name of the person he wants a report on. This is followed by another space and the full first name. After this comes yet another space.
Now the subscriber has three optional parameters. He can just type three periods after the first name and space or he can fill them in. The first period can be replaced by the person's middle initial, the second by the spouse's first initial, and the third by an S or a J which indicates Senior and Junior respectively.
The last of the three parameters is followed by a comma. This is immediately followed by the house number and a space. After the space, he then places the first letter of the street name.
For example, he would type M for Main Street, a # for a P.O. Box, or 3 for 32nd Street. This single character is then followed by the five-digit ZIP Code (mandatory) and a final comma. After the ZIP Code, he would hit carriage return and an optional line feed.
There are some special conditions which can apply to the house number - if an institution such as a school, motel, or hospital is given as the main address, 33333 would be used as the house number.
When an address is General Delivery, 44444 would be the house number and G would be the street name.
Others: U.S. Air Force = 55555 A, U.S. Army = 66666 A, U.S. Coast Guard = 77777 C, U.S. Marines = 88888 M, U.S. Navy = 99999 N
Assuming the subscriber is calling from a California business and he is requesting a report on:
He would type the following after the Ctrl+Q:
In this case, the subscriber password was ABC and the account number was represented by 33XXXXX.
At this stage, he can request the report printout by typing a terminating Ctrl+S or he can tell the computer some information that it will then record into the account. This is known as using the second line, which is entirely optional.
The first option that can be specified here is a previous address. This can be done by typing P- followed by the house number, a space, the first letter of the street, another space, and the full ZIP Code.
For example, if Mr. Smith previously lived at 2600 Elm Street in New York City, the subscriber would type the following:
He can then type a comma after this and move onto another option.
If Mr. Smith had another previous address, the subscriber can enter it in the same fashion as above (after the comma) if he omits the P-. This is followed by a comma also.
He can then enter in Mr. Smith's Social Security number in the format of: S-1234567890
If this is followed by a comma, he can then enter A (age) or Y (year of birth, 4-digits, e.g., 1984).
The subscriber can next enter in information telling how much money Mr. Smith has requested and/or on what type of account.
This is done by typing T- followed by a two-digit account type, a three-digit terms, and a three-digit amount code.
For instance, for a: credit card account (which happens to be #18), with a limit of $100 (001), which is being financed for 24 (024) months, he would type: T-18024001
This information will show up as an inquiry under the subscriber's name on Mr. Smith's account.
There is one final option on line 2 which prints a heading at the top of the page (TRW supplies pre-printed forms with "nice" columns).
If the subscriber cannot afford to buy their paper, he would probably type H-Y to get the heading. The last option on line 2 is followed by a comma, carriage return, and an optional line feed. For example:
This can then be finally entered by typing a Ctrl-S.
But wait! That's not all!
The subscriber has one more option. He can specify the person's employer. Let's suppose that Mr. Smith works for NYTelco Security at 1095 Avenue of the Americas in New York City. The subscriber would then type:
After this he would enter the familiar carriage return and optional line feed.
(TRW emphasizes to their subscribers that this area is for the name and address of the employment only, not occupation or source of income. "Do not use terms such as 'housewife,' 'retired,' 'welfare' or 'unemployed' which could be considered damaging to the applicant," a special warning reads.)
Since this is the last bit of information that the subscriber can enter, he is now forced to type the inevitable Ctrl+S.
The first line of the actual printout sends the page number, the date, the time, the port number, and the H/V (?). It will then print the person's address and their employer. After this it should print the person's actual credit history. Each individual account entry takes up two lines.
In the first line, the account profile, subscriber's name and TRW account number, their association code, and the individual's account number with the subscriber are listed.
The A on the left is the account profile. A means that the subscriber (SAKS FIFTH, as an example) transmitted this information automatically from their computer (as opposed to an M, which means that the subscriber manually prepared forms with the info).
The position of the A (or M) indicates a positive, non-rated, or negative rating (PIN) of the account.
In this example, the A is under the P, therefore it reflects positively upon the account. The person has an account with Saks Fifth Avenue. Saks' subscriber number on TRW is 1347515. The person's account number with Saks is 26000000.
On the second line of each entry, the account status, date (last) reported, the date the account was opened, the type of account, the credit limit, current balance, and a credit profile are listed.
For example:
On the second line of the Saks entry, CURR ACCT indicates that it is a currently active revolving (REV) charge (CHG) account that was opened in October 1980.
The account has a $6700 credit limit and as of April 5, 1984, the person had a $55 balance on the account.
The C's and dashes (-) indicate how the person pays the account.
In March (one month prior to the balance data of 4-84), the account was paid on time.
In February, two months prior to the balance date, the account was also paid on time.
In January (3), the account was thirty days past due (1 = 30, 2 = 60, 3 = 90, etc.).
In December, the account was not reported by Saks as indicated by a dash.
In October, the account was sixty days past due. Court judgments, tax liens, and other interesting facts are also recorded.
The person may also have a 100 word or less statement in the file explaining certain entries in their account.
(There is also another TRW service for business reports (similar to Dun & Bradstreet) which has an entirely different set of subscriber codes and passwords, as well as access procedure.)
TRW doesn't like to be held up for anyone. Therefore, if the subscriber vegetates for more than a few seconds (i.e., he is neither sending nor receiving anything), TRW will abruptly say SERVICE INTERRUPTED; PLEASE REDIAL (EM) as it logs him off.
Incidentally, any information that the subscriber types on lines 2 or 3 (i.e. age, Social Security number, employer, etc.) is automatically recorded on that person's file. Any previous information on the option is discarded (in most cases).
Technically, if a hacker hacked out an account belonging to a supreme court or other such institution, he could use the T-option to hack out the code for judgments, tax, liens, and other neat things. He would then be able to modify anyone's account to report them bankrupt or that a judgment was handed down.
Hacking passwords is still reported to be very easy. Assuming that someone is trying to guess a password to a 3XXXXXX account, the following could be done:
TCA1 RTS 3000000AAA # Return, Control+S, and the system responds with: ** XX ** INVALID SECURITY PASSWORD # And the hacker types: TCA1 RTS 3000000AAB # Return, Control+S, and the system responds with: ** XX ** FORMAT ERRORThe hacker has correctly guessed the password - it accepted the password but didn't find a name field.
Since account numbers are very easy to get ahold of, the password is the only real challenge. That, and the fact that the system operates on half-duplex, even parity, 7-bits, and 2-stop bits (7E2), which might catch a few by surprise.
All accounts can do reports on anyone in the United States that has a file.
For example, if a California account requested data on a person in New York, the system would simply switch over to its New Jersey database to accommodate the request. A few states though, such as Tennessee, have government control over credit information. Thus, people from that state cannot be found on TRW. Can you be?
TCA2 RTS 1234567ABC SMITH WINSTON ...,3 M 9003, P-2600 E 10001,1313 M 58102,S-1234567890,Y-1984,T-18024001, E-NYTELCO SECURITY/1095 AVENUE OF THE AMER/NEW YORK 10036 1 04-03-84 15:25:02 RN23 A55 SMITH TCA1 WINSTON SMITH 4-84 NYTELCO SECURITY 3 MAIN ST 1095 AVENUE OF THE AMER LOS ANGELES CA 90003 NEW YORK 10036 P / N SUBSCRIBER NAME SUBR # ASSN ACCOUNT # MONTHS PRIOR STATUS DATE DATE TYPE TERM ANT BAL BALANCE AMOUNT TO BAL DATE COMMENT REP'T OPEN DATE PAST DUE 123456789012 ------FILE IDENT: SS# IS 1234567890,SPOUSE INIT IS J,YOB IS 1984 A B OF A 3101344 5 12342600000000 TOO NEW RT 4-84 1-80 AUT 48 $8000 $600 4-10-84 A S P N B 3110260 0 260000000 CURR ACCT 10-Y 10-Y CHG REV $100 A CROCKER BANK 3120354 1 260000000 CURR ACCT 4-84 5-77 C/C REV $2000 $1219 4-17-84 A SEARS 3319842 0 260000000 CURR ACCT 3-79 10-Y ISC 14 $100 $0 CCCCCCCCCCCC A BROADWAY 3370300 1 26000000000000 CURR ACCT 4-84 3-83 CHG REV $1000 $0 4-02-84 -CCCCCCCCC A MAY CO 3370518 1 2600000000 CURR ACCT 4-84 8-81 CHG REV -$100 $28 4-16-84A CCCCC A BULLOCKS 3371400 1 26000000000 CURR ACCT 3-84 1-77 CHG REV $300 $133 3-09-84 A J W ROBINSONS 3371559 0 26000000 CURR ACCT 4-84 7-82 CHG REV $400 $0 3-09-84 CCCCC A CARTE BLANCHE 3425200 1 2600000000 CURR ACCT 12-83 5-81 CRC 1 $1400 $1484 12-31-83 CCCCCC ------*ATTN* FILE VARIATION: ZIP IS 90004/OTHER FILE IDENT: SS# IS 123333333, MID INIT IS Z,SPOUSE INIT IS S A CITIBANK 1391556 1 2600000 CURR ACCT 2-83 6-78 CHG REV -$100 $0 2-31-83 CCC---CCC-CC A SAKS FIFTH 1347515 1 26000000 CURR ACCT 4-84 10-80 CHG REV $6700 $55 4-05-84 CC1-C2CC3CC- A NORDSTROM 3390206 1 26000000 CURR ACCT 8-83 8-83 CHG REV UNKN $0 12-15-83 CCCCC A G E C C 3600711 4 260000000000000 CURR ACCT 12-83 8-83 CHG REV $1500 $1275 12-15-83 A CRSI/DESMOND 1391554 1 26000000000000 CURR ACCT 8-82 UNKN CHG REV -$100 $0 CCC-CCCCCCCC A T W A 2455618 0 2600000000 CURR ACCT 10-Y 10-Y CRC 24 $1500 A SECURITY PACIFIC NATL 3110954 0 2600000000000000 CURR ACCT 12-82 2-81 CRC REV $2000 $0 4-09-84 CCC A FIRST INTERSTATE 3270827 2 26000000000000000 CURR ACCT 4-84 6-81 CRC REV $2500 $65 4-25-84 CCCCCCCCCCCCC A CARTE BLANCHE 3425200 2 2600000000 CURR ACCT 12-83 10-Y CRC 1 $900 $97 12-31-83 CCCCCC A WESTERN AIRLINES 3457870 1 260000000000000 PAID SATIS 7-82 10-Y CRC REV $1200 A FORD CRED 3620155 1 CURR 26000000000000000 CURR ACCT 12-83 2-82 AUT 48$22200$17639 12-31-83 A GREAT WESTERN S & L 3851009 2 26000000000 CURR ACCT 1978 1974 R/C 30$29000 A AFFILIATED CREDIT 3980756 0 26000000 PD COLL AC 9-83 4-82 UNK UNK -$100 M HAWTHORNE MAZDA 3967686 INQUIRY 11-22-83 A MAY CO 3370519 INQUIRY 12-26-82 ISC A B OF A 3101344 INQUIRY 4-22-82 A FIRST INTERSTATE 3270827 2 26000000000000 PAID SATIS 7-82 UNKN CRC REV $2000 M CO SUP CT ANYWHERE CO 3010000 0 00000000000001 JUDGEMENT $2000 STATE TAX ------END