Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker



Download 2,97 Mb.
Pdf ko'rish
bet34/121
Sana05.05.2023
Hajmi2,97 Mb.
#935282
1   ...   30   31   32   33   34   35   36   37   ...   121
Bog'liq
1 - Ghost in the Wires My Adventures as the World\'s Most Wanted Hacker issue 15th Aug 2011 ( PDFDrive )

Wow,
I gotta figure this out
.
From my earlier nocturnal visits to phone company offices, as well as
reading every telephone company manual I could get my hands on and
social-engineering phone company employees since I was in high school, I
had a well-developed knowledge of the different departments, processes,
procedures, and phone numbers within Pacific Bell. There probably weren’t
a lot of people inside the company who knew the structure of the working
organization better than I did.
I began calling various internal departments. My line was, “I’m with
Engineering. Does your group use SAS?” After half a dozen calls, I found a
guy in an office in Pasadena who knew what I was talking about.
For most people, I guess, the toughest part of a ruse like this would be
figuring out a way to get hold of the desired knowledge. I wanted to know
how to gain access to SAS, as well as the commands that would let me take
control of it. But I wanted to go about it in a safer way than Eric and Kevin
Poulsen had done; I wanted to do it without having to physically enter a
Pacific Bell facility.
I asked the guy in Pasadena who knew about SAS to pull a copy of the
manual off the shelf for me. When he came back on the line with it, I asked
him to open it up and read me the copyright notice.


The 
copyright
notice?
Sure—that gave me the name of the company that had developed the
product. But from there, I hit a snag. The company had gone out of
business.
The LexisNexis database maintains massive online files of old
newspaper and magazine articles, legal records, and corporate material. As
you might guess, the fact that a company has gone out of business doesn’t
mean that LexisNexis has deleted the files about it. I found the names of
some individuals who had worked for the company that had developed
SAS, including one of its officers. The company had been based in
Northern California. I did a telephone directory search in that area and came
up with the officer’s phone number.
He was home when I called. I told him I was with Pacific Bell
Engineering, that we wanted to make some customized improvements to
our “SAS infrastructure,” and that I needed to talk to someone who knew
the technology. He wasn’t the least bit suspicious. He said it would take him
a couple of minutes, then came back on the phone and gave me the name
and phone number of the guy who had been the lead engineer in charge of
the product development team.
One more thing to do before placing the crucial phone call. At that time,
Pacific Bell internal phone numbers began with the prefix 811; anybody
who had done business with the company might know that. I hacked into a
Pacific Bell switch and set up an unused 811 number, then added call
forwarding and forwarded it to the cloned cell phone number I was using
that day.
The name I gave when I called the developer was one I still remember:
Marnix van Ammers, the name of a real Pacific Bell switching engineer. I
gave him the same story about needing to do some integration with our SAS
units. “I’ve got the user’s manual,” I told him, “but it doesn’t help for what
we’re trying to do. We need the actual protocols that are used between the
SAS equipment in our testing centers and the central offices.”
I had dropped the name of an executive at his old company and was
using the name of a real Pacific Bell engineer. And I didn’t sound nervous; I
wasn’t stumbling over my words. Nothing about my call set off alarm bells.
He said, “I might still have the files on my computer. Hang on.”
After a couple of minutes, he came back on the line. “Okay, I found
them. Where do you want me to send them?”


I was too impatient for that. “I’m under the gun here,” I said. “Can you
fax them?” He said there was too much material for him to fax the whole
thing, but he could send a fax with the pages he thought would be most
useful, and then mail or FedEx me a floppy with the complete files. For the
fax, I gave him a phone number I knew by heart. It wasn’t to a fax machine
at Pacific Bell, of course, but it was in the same area code. It was the fax
number for a convenient Kinko’s. This was always a little risky because
many machines, when they’re sending a fax, display the name of the
machine they’re connecting to. I always worried someone would notice the
tag saying “Kinko’s store #267” or whatever: dead giveaway. But as far as I
can recall, no one ever did.
The FedEx was almost as easy. I gave the engineer the address of those
places where you could rent a mailbox and have packages held for you, and
I spelled out the name of the Pacific Bell employee I was claiming to be,
Marnix van Ammers. I thanked him, and we chatted for a bit. Chatting is
the kind of extra little friendly touch that leaves people with a good feeling
and makes after-the-fact suspicions that much less likely.
Even though I had been practicing the art of social engineering for years,
I couldn’t help but be amazed and a little dazzled by how easy this had
been. One of those moments when you feel that runner’s high, or as if you’d
won a jackpot in Vegas—the endorphins are rushing through your body.
That same afternoon, I drove to the mailbox rental store to set up a box
in Van Ammers’s name. They always require ID for this. No problem. I
explained, “I’ve just moved here from Utah, and my wallet was stolen. I
need an address where they can mail me a copy of my birth certificate so I
can get a driver’s license. I’ll show you the ID as soon as I get it.” Yes, they
were violating postal regulations by renting me a box without seeing my ID,
but these places are always eager for new business; they don’t really want
to turn anybody away. A decent explanation is often all it takes.
By that evening, I had the fax in my hands—the basic information that I
hoped would allow me to wiretap any Pacific Bell phone in all of Southern
California. But we still had to figure out how to use the SAS protocols.
Lewis and I attacked the puzzle of trying to figure out how SAS worked
from a number of different angles. The system gave a technician the ability
to connect to any phone line, so he could run tests to find out why a


customer was hearing noise on his line or whatever the problem was. The
tech would instruct SAS to dial in to the particular CO that handled the
telephone line to be tested. It would initiate a call to a part of the SAS
infrastructure at the CO known as a “remote access test point,” or RATP.
That was the first step. In order to hear audio on the line—voices, noise,
static, or whatever—the tech would then have to establish an audio
connection to the SAS unit in the CO. These units were designed with a
clever security provision: they had a list of phone numbers preprogrammed
into their memories. The technician would have to send a command to the
SAS unit to dial back to one of the preprogrammed numbers—the phone
number at the location where he was working.
How could we possibly bypass such a clever, apparently infallible
security measure?
Well, it turned out not to be all that hard. You’d have to be a phone
company technician or a phone phreaker to understand why this worked,
but here’s what I did. I dialed from my telephone into the phone line I knew
SAS would use to make its outgoing call, then immediately triggered SAS
to call back an authorized number programmed into its memory.
When SAS picked up the line to make an outgoing call, it actually
answered the incoming call from my phone. But it was waiting for a dial
tone and couldn’t get one because I had the line tied up.
I went 

Download 2,97 Mb.

Do'stlaringiz bilan baham:
1   ...   30   31   32   33   34   35   36   37   ...   121




Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling

kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha


yuklab olish