UNITED PHONE LOSERS E-ZINE
issue no. 16 - November 25, 1999
this issue edited by linear
UPL016 was a big pain in the ass to release, for two reasons. One being some personal, uhm, issues, I was having with my now ex-girlfriend, and the second because I am just a complete dumbass. I accidentally wiped out my hard drive, deleting all submissions for UPL016. So if you sent me an article that isn't in here, it's probably because I lost it. So send it again for UPL017. This goes out to one submission in particular, written by Reverend Dope Hat.... your PBX article was origionally suppose to be in this issue, and I apologize for it's absence. Just send it again for the next issue. I think I'll aim to release UPL017 a little later than usually, because I want it out on January 1, 2000. And now, UPL016...
As a few of the people who frequent phonelosers.net may have noticed, the domain was recently hijacked by some ISP owner in Milwaukee who got himself into an IRC war with the regulars in #phonelosers. Before I go any further you should realize that I'm usually not into security issues like this but since this one affected me directly I felt that I should write a little about my experiences and how anyone who wants to can hijack just about any domain name they want.
On November 19th, 1999 I was contacted by linear who told me that phonelosers.net had been taken over by someone else. I did a /whois on it and found that someone using the name Erik Kirblack and a hotmail address was now the administrative, technical and billing contact for a domain that I paid for. Shit! So I checked my yahoo email account to see if someone had broken in but all I found was an email telling me that the changes to my domain had taken place.
I first assumed that my email account had been broken into but later decided that this wasn't likely since I only had the confirmation email in my box. So how did they do it and why did they take a cruddy little domain that only gets 26 visitors per month instead of a really cool domain like phonelosers.org? So finally I figured they must have been submitting the internic form from the web to make changes to an alternate address and then spoofing the confirmation address for the changes. And what do you know - I was right. I tried the same trick to steal back phonelosers.net and it worked. Twice.
Since then this person has taken phonelosers.net back and I had to steal it back AGAIN using the same method. He's also taken wickedphreaks.org and attempted to take kracked.com. So below I'll explain how it's done and how you can steal any domain that uses email as their only form of verification which is what most people use. I'm honestly hoping that by the time you read this it won't work anymore. I'm going to fax this article to internic before it even reaches UPL and although I'm sure they're aware of this problem I doubt they'll fix it anytime soon.
First decide which domain name you'd like to take over. Let's say you're going to steal the Public Library Association's site which is pla.org. Go to http://www.networksolutions.com and click on the WHOIS Search option. Enter in pla.org and you'll see all the contact information. The main thing you need is the Administrative Contact's e-mail address. Write this down.
Now go to to http://www.networksolutions.com again and click on the "Make Changes" option. Enter in the domain name pla.org and press Go. Now click on the Domain Name Registration Agreement option. You'll be asked for your email address and your domain name again. Enter in YOUR email address where you can get email and then enter the domain name again. Select "modify" and click the Proceed button.
Under the "Organization (Registrant) Information" enter in your new information. This part doesn't really matter so just put whatever you want in there. Under the Authentication Method choose "MAIL-FROM." Then for your contact information either enter in your internic NIC handle or scroll down a little and enter in some new information. None of the information you enter is really important except for the e-mail address. Make sure the new e-mail address you enter is your own. You can change the name server information if you want to put your own content on your new domain or just leave that information alone and mess with it later.
Submit the form and in a few minutes you'll receive an e-mail from internic with pla.org's new contact information. Now all you have to do is reply to this e-mail but make sure your reply appears to come from the Administrative Contact's e-mail address which in this case is gsouthard@ALA.ORG. You can either cut and paste the body of the message into an anonymous remailer or just change your return address to the contact's address. Send your mail and the domain will be yours tomorrow. The only catch is that whoever checks the mail at gsouthard@ALA.ORG is going to get a final confirmation that the domain has been changed so they'll obviously know that it's been hijacked. Now they just have to figure out what the hell they're going to do about it.
The default authentication scheme that internic uses is e-mail but there are other options and if your victim has chosen something other than email then this trick isn't going to work. The other options are to either use a password or to use a PGP key. Most people seem to use email though because, like I once did, they think it's secure as long as your email account doesn't get hacked. I would imagine that all the high profile sites like microsoft.com and aol.com use passwords but you never know...
What can we learn from all this? Don't get in IRC wars with guys that are from Milwaukee, of course! Oh, and always put a password on your domain name unless you want it to get stolen by scary IRC guys. I called internic and explained to them what happened and they didn't sound the least bit concerned. She just told me that if it happened again that I would need to fax them a copy of the request to change my information on a company letterhead and include my signature with it.
The guy who stole our domains is Chris Byrnes and he runs an ISP called jeah.net. Apparently he got into a fight with a few people in #phonelosers and claimed that he could shut down our domains if we pissed him off enough. He spent the evening ping flooding people and boasting that he had a T1 and you couldn't touch him. I called his business and he claimed that it was one of his customers impersonating him but that later proved to be untrue. The email header on my internic confirmation email showed that someone at jeah.net spoofed my address to steal phonelosers.net but the other domains were stolen using an anonymous remailer after Chris found out that we were able to see jeah.net in the headers.
Chris is obviously more of an expert at this kind of thing than I am and any technical questions would best be directed at him. He can be reached in the evenings by calling his business at 414-762-0991 or his dad's line at 414-762-5995 if you have any questions or comments about domain name hijacking. Now get cracking! You're about to be the proud owner of any domain you want. Maybe if enough domains are stolen internic will eventually fix this serious problem.
--- by rbcp (http://www.phonelosers.org/rbcp)
Why do I need a fake ID?
You may be asking yourself "Self, Why do I need a Fake ID?" Well There are several reasons, the most common being age. But there ARE other reasons. If you want an account at an Entertainment store you need some form of photo ID, Want to check out the Pool balls at the Hotel, We need to see some ID. You Get the picture. BUT if you can make a Fake ID you can keep the stuff. You can be 17, 18, or even 21.
Can't I just buy one?
Yes, you can! BUT there are ways that are Cheaper, Less Risky, More Realistic, and If YOU make them, then you can sell them and make money!
Who Makes The Best?
Your local Tag Agency, you know the place where they make the REAL ones. Thats right you to can have an ID that will fool everyone, EVEN THE COPS! How do you conveince them to make you a fake ID?? YOU DON'T!! Simply go to friend of Legal age (If your 14 youll NEVER pull off 21!) and borrow there Social Security Card and Birth Certificate. This works in like 40 states. IT WILL NOT WORK IN CALIFORNIA! In California they require a fingerprint!
Want To Make Your Own?
Of course you do thats why your reading this Article!! This is a little more tricky. Here it goes...
THINGS YOULL NEED:
--- Bela Lagousi
Many of us here at UPL are fans of David Letterman. In fact, we got a tip from an anonymous source at CBS (Hans I. Siebesitzen, the night janitor) that Dave's crack writing staff works so hard that they have jokes for Dave written sometimes two or three months in advance. So naturally we h4x0red CBS' Gibson computers and were able to pull this script for a future Letterman bit from a garbage file. Enjoy, and remember, you saw it here first!
EXCERPT FROM "LATE NIGHT with DAVID LETTERMAN," MONDAY, JAN 3 2000
[RETURN FROM COMMERCIAL BREAK]
[CAMERA 2 CENTER IN ON DAVE AT HIS DESK]
DAVE: Welcome back. Now, uhh, Paul, you may have heard this, that notorious hacker Kevin Mitnick..
PAUL: Kevin Mitnick.
DAVE: Kevin.. Mitnick.
PAUL: Kevin Mitnick.
DAVE: Kev-vin... Mitt-nick.
[DAVE PULLS FACE #47]
DAVE: Kevin Mitnick was finally released from jail on Saturday.
PAUL: Released from jail.
DAVE: Released.. from jail.
DAVE: Yep, and we're all very happy for him, arent we? He's been through a
DAVE: But this does present a problem to the hacker community in general.
PAUL: It does in-deed.
DAVE: Now, uhh, some of you out there have seen these..
[DAVE PRODUCES "FREE KEVIN" STICKER FROM BEHIND DESK]
DAVE: Now this is, uhh, this is a bumper sticker, that was sold to raise money for Kevin's legal battles.
DAVE: But now that Kevin is free, millions of generous hackers the world over now don't know what to do with these puppies.
PAUL: They don't.
DAVE: No, and that is why we have to help.
PAUL: Help the hackers.
DAVE: We're gonna help the hackers.
PAUL: Help the hackers.
DAVE: Help-ping the hack-kers.
[DAVE PULLS FACE #52, OR MAYBE #53, TO BE DECIDED AT STAFF MEETING]
[DAVE PRODUCES THE BLUE CARDS FROM THE DESK]
DAVE: So, ladies and gentlemen, I have in my hand tonight's top ten list!
[TOP TEN GRAPHICS & THEME]
DAVE: Okay, these are the top ten things to do with your Free Kevin stickers now that he's free.
# 10.... Great for unsticking pesky lint and pet hair from your good suit.
# 9..... Patch the holes in all your old, worn-out bright yellow-orange trousers.
# 8..... Stuck end-to-end, can be used by officers to block off crime scenes when they run out of "Police Line."
DAVE: You hear that, Paul? When they run out of "Police Line."
[DAVE TAP-TAP-TAPS HIS CARDS ON THE DESK, THEN PULLS A FACE FROM THE 25 - 35 RANGE]
DAVE: # 7..... Write in the borders and you have a note that can stick to a carrier pigeon's leg all by itself.
# 6..... Light sleepers now have an alternative to the classic night-time eye-mask.
# 5..... Cover up those rebellious-yet-embarassing tattoos at your next family pool party.
# 4..... Leave them sticky-side-up behind the fridge, they catch mice just as well as any commercial traps.
# 3..... They substitute for leg-waxing in a pinch.
# 2..... Turn upside-down and use as address labels for letters to your pen-pal in Uzbekistan, Nevik Eerf.
PAUL: Nevik Eerf.
DAVE: And, the #1 thing to do with your Free Kevin stickers..... Stick them to yourself to keep warm now that Y2K has knocked out the heaters!
[RAUCOUS LAUGHTER, APPLAUSE]
[TOP TEN ENDING GRAFX & THEME]
DAVE: Stay tuned, TV's Tom Wopat is coming up next!
[GO TO COMMERCIAL]
How does the telco trace all those prank calls you've been making to that op who really turns you on? Well, if you're smart, they won't be able to use CallerID to get your number, but it is a possibility, so let's examine that first.
The technical workings of CallerID are very easily found. A good text on it is available at http://www.flinthills.com/~hevnsnt/newbie/callerid.txt and tells you everything you'd never need to know is there. And it really would not make sense to write it all here, but here are the basics. When you make a call, it has a header (not unlike an ICMP header) which tells the CallerID box which every yuppie owns that you are calling from 1800-P00P-SEX and your name is Tom. This way, they can call you back, or bitch you out. But what if you're blocking CallerID info? How does that sexy op at Bell know your phone number? Well, either you gave it to her, or they used a service called ANI.
ANI stands for Automatic Number Identifier. You can use ANI too. What ANI does, is it reads back your number. That simple. Don't worry about HOW it works, but know it does. ANI numbers are useful for you naught beige boxers because it tells you the number you are calling from. This way, you can set up a conf for everyone in #2600. A close relative of ANI is ANAC.
ANAC is really just ANI but local to an area code, and sometimes open to the public. ANAC stands for Automatic Number Announcement Circuit. In most areas, ANAC numbers are like Directory Assistance and have a 3 digit code. In some places, it is 711 or 200. Dialing it will read back your number. Same uses as above. And one thing useful for messing with people along with these is CNA.
CNA is Customer's Name and Address. Any guesses as to what it does? It tells you the name of address of a specified phone number. I have successfully used 411 to do this, without a true CNA service, or something like infospace.com which I recommend highly. If you're (God forbid) stalking someone, and you are calling them constantly, and want to know where they live, you could get their CNA and then go to teir house and show them your willy. Note: CNAs are almost never open to the public, so you can try to get the bitch at 411 to doit for you, or you could use one, albeit illegal.
Something many people overlook is the ability to mess with someone through a combination of these, or get free 3-way-calling. What you do is, first, go to phreakers university in Canonsburg PA, remember, the Phone Fraud Fox says we are 'taught'. Take Social Engineering 1, 2, and 3. Now go to your neighbor's telco box, and hook up your beige box. Now call an ANI or ANAC and now you got their number. Next, get the CNA for that number. Now, call up the telco, its GTE here, soon to be Bell Atlantic ;-), and get them to add three way calling or ask them if its been installed yet, saying the service was giving you trouble. Act like the person whose name you got in the CNA record, and you're set. Now just run some line (you can get this by going with a friend, distracting the lineman, and having one of you grab a spool and toss it into a bookbag) to your house, and hook it into the rack of modular jacks, patch cable, and switches, and the light which tells if the line is in use. Now, whenever you want to three way call, clip after where you connected your line (could install a device which open/closes the circuit) so they cant pick up, and three way call your 31337 friends.
Back in UPL004, I wrote about all different ways to make a red box. I mentioned that you could probably make one out of a Diamond Rio Portable MP3 player, but couldn't back that up, as I had never used a Rio before. But recently, I have become the owner of an all new, shiney Rio PMP300. And I was right in my assumption that it would make a good red box.
If you know what an MP3 is, you probably know what the Rio Player is. But for those of you who don't....... An MP3 is a sound file of CD quality that you can play like a CD track on your computer. Many people use this to bootleg CDs on their Computer. Now the Rio Player lets you take MP3s off your computer and listen to them while your away from the computer. It works much like a Discman only it's a lot smaller.
It's incredibly easy to turn this thing into a red box. All you have to do is find red box tones in .wav format, convert them to MP3s with the software included with the Diamond Rio, and transfer them to your Rio the same way you would any other MP3. Go read your Rio's instructions to find out how, dumbass. If you're too lazy to go get red box .wav files, email me and I can hook you up.
Now you have a RioRedBox. But there are a few things you should remember when using your Rio
Step One: Take it out of the box.
Step Tow: Plug it in.
Step Three: There's no step three! There's no step three!
Have you ever wanted to cut someone's phone off? Like to know how? Of coarse... see contrary to public, beleif, it is simple to do. Matter of fact, some times I shut phones off for fun or practice. HOW!? Read on...--- ClayGucci
When a technician is doing work to your phone line he must call the RCMAC<Recent Change Memory Administration Center or something similar depending on where you live> to adivce the internal people that work is being done to the lines and to "busy the line out" which will result in your phone being offline until he calls and tells them to "idle" the line, which puts the phone back in service. The reason for this is so no incoming calls are reseived once he is touching wires and he gets shocked.
So all you have to do is to know some lingo and have confidence in your voice. I know, your thinking "Yeah..he's tried it once and got lucky" WRONG, on a conference i was on last night I shut 5 phones off from Bellsouth, GTE, USWEST, and PacBell using the excact same lines on each one! I even got bored and decided to shut one down and forward all his incoming calls to a Long Distance partyline. Once this was done we called his house and made his phone connect us to the partyline and basically ran his bill up.
Ok lets get started, I can not supply you with the tech numbers, BUT they are easy to get, you could basically call any of the phone companies numbers and get transfered with this story. Ok..once getting there here is the script.
Op: Pacbell what is the area code and nu-
Me: Hey! Yeah, I'm working on a trouble ticket and need some help.
I know this aint the right number to call but I dont have my list and
my former told me that this number can be called in case that happens.
Me: Aright then, like i said im on a trouble ticket, I will probly be working
for the better part of an hour, Oh, yeah.. The ticket is new and probly
wont be on record, here it is xxx-xxx-xxxx I need you to busy this out,
last time I got shocked because yall boys idled the line in 30 minutes,
so let me call you when it's done, OK?
Op: Ok no problem
Me: Ok btw- whats your name?
Op: Marissa<blushing because im a phreak pimp>
Me: <writing down info>I might have to speak to you more often.
Op: <still blushing> oh..ok.
More can be done... get creative. Imagine forwarding a mail order computer store to a few numbers which loop and result in calling you. You then "could" pose as an employee and act like you are taking orders. You would then aquire many credit card info's and depending on your skill level either get very wealthy very quick or go to jail fucking around with shit you know nothing of. But just imagine.
Imagine forwarding a phone to the sheriff's office and telling them that you are trapped in your house and give a description of the "attackers" <which would match your enemy>... The ANI of your victim would appear on the sherrif's computer. Hahahaha Have fun......
Your actions are your responsibility. We do not condone or encourage anything described within this text file. Anything that happens because of what you do, is because YOU did it. In short, none of it is our fault if you get locked in prison for four years without trial.
Jaded el caco
Rufus T. Firefly nawleed