___________ __ __ ___________ /\ ________\ /\ \ /\ \ /\ _______ \ \ \ \_______/ \ \ \ \ \ \ \ \ \_____/\ \ \ \ \_________ \ \ \____\_\ \ \ \ \____\_\ \ \ \_________ \ \ \ _______ \ \ \ _______ \ \/________/\ \ \ \ \_____/\ \ \ \ \_____/\ \ _______\_\ \ \ \ \ \ \ \ \ \ \ \ \ \ /\___________\ \ \_\ \ \_\ \ \_\ \ \_\ \/___________/ \/_/ \/_/ \/_/ \/_/ S W E D I S H H A C K E R S A S S O C I A T I O N Presents <----------------------------------------------------------------------------> Released Editor: Mr Big Annual Year Protocol #4 28-Feb-92 (c) 1992 <----------------------------------------------------------------------------> --------- - Index - --------- Introduction............................................. Voice of the Editor...................................... Voice of the Members in S.H.A............................ Inside story at court - S.H.A. member stands trial....... New S.H.A. board......................................... Royal Institute Of Technology............................ S.H.A. Member busted..................................... Operation Sundevil, by Knight Lightning (guest writer)... Cray II Attacked by S.H.A................................ Milnet and Goverment computers attacked by S.H.A......... Guidelines for System Operators.......................... FSF/MIT Closing down the shop............................ Short World Wide news.................................... Blue Boxing.............................................. Carding today............................................ S.H.A's rules and advices for other hackers.............. Demoralized Youth, by Tormentor (guest writer)........... S.H.A. Official Summer Party 1991........................ Prof of S.H.A. Hacking Activities........................ S.H.A. Body Guards....................................... Investigation of S.H.A................................... Back Chat................................................ Messages to System Operators............................. The Future............................................... Releases 1992............................................ How to contact S.H.A..................................... Editors final note....................................... Disclaimer............................................... ---------------- - Introduction - ---------------- Welcome to another annual year report from the only true hacking group in Sweden today, The Swedish Hackers Association. In this public release we have not included any detailed information about any attacks made by members of S.H.A. since the Police and other goverment agencies will receive this file in one way or another. Sorry if this cause any trouble, but we have our reasons and we are not interested in busting invidual members in S.H.A. Thank YOU for your cooperation. All companys and goverment agencies are welcome to contact us for assistance and help with their computer security. The following persons have been involved in the creation of this 4th protocol, and to whom we are gratefull to. Thank you and keep up the good work. Mr Big - S.H.A. Lixom Bah - S.H.A. Phearless - S.H.A. The Chief - S.H.A. D.O.C. - S.H.A. Tormentor - Guest Writer, Demoralized Youth Knight Lightning - Guest Writer Note: No handles of members in S.H.A. are public and only those who are writers and editors have their handles published in this file, since they are already known to the public and the Swedish Police. ----------------------- - Voice of the Editor - ----------------------- Yet another year of interesting events has passed away. I can still remember how it was one year ago; chaos and disorder, could the 3rd protocol be released in time? and so on. Imagine, we have already released 4 annual year protocols. 4 years of full documented hacking activity in Sweden by the very best hackers ever existed in our country. Let it stay that way. Our protocols used to be released in January/February each year, but this time we have waited to release the material due to a trial against one of our members. (we don't want to support the prosecutor with more information, do we?). One of the main issues in this protocol will be the trial which was held the 8th of January 1992. That should be included in the 5th protocol, but we just couldn't wait ONE YEAR to publish it. Another thing that has happend during the year is the bust of a couple of SHA members. The "main" bust was at the 3rd of May 1991, when a small part of our group were visiting the Royal Institute of Technology. This resulted in some police searches at our houses one month later, and we were brought for interrogation. From a hacking point of view, 1991 has been a successful year of penetrated computers, long nights and a lot of new knowledge. The Swedish Police is currently investigating the organization S.H.A. (we have indications that points in that direction. More about this later) Because of that, we have to be very careful about what we write in this stupid file. We have even thought of cancel this release but has finally reached the decicion to continue, and take the consequences. We have written it so nothing can be held against anyone in SHA in court, (that's why you might find it a little bit odd.) This whole protocol wasn't written overnight at the end of 1991. We have been writing and re-writing it time after time during this year until we decided that THIS is what we want to release to the public. We will try to cover everything from real system hacking news to intervjues with some of the virus creators in Sweden. A major drawback for SHA was in the summer 1991 when the Swedish police raided one of our members place and confiscated his computer system which where hosting one of our bulletin boards we where running. Tragic but not a disaster. Atlast, I would like to say: - All events and people in this file are all fiction and creation of our fantasies and any matching with real people and events are only coinsident as any other story or fiction. But I'm sorry that I can't. All stuff are true and all events have taken place. Anyway, nothing in this file can be tied to any invidual members of S.H.A. and S.H.A. as an organization can not be blamed for actions taken by invidual members of S.H.A. This protocol are also distributed as a paper magazine in about 5000 copies. So if the goverment are trying to seize our equipment used for the production of this protocol, they are violating federal laws about press freedom and freedom of speech. So basically: - Goverment agencies, you are shit out of luck. We hope you will enjoy this protocol, and find it interesting. If you haven't read any of our previous protocols. (1989, 1990 and 1991) I suggest you try to get hold of some copies. The same goes for our other releases about Hacking, Phreaking and Carding. ---------------------------------- - Voice of the members in S.H.A. - ---------------------------------- Here have the members in S.H.A. their "freedom of speech". They can write anonymously or by their handles, it is up to them. But I guess they will write anonymously. Who can blame them? /Ed --> Written by a anonymous member who do not want to be busted Another year has passed with great hacking events. Many new computer systems and operating systems have been penetrated. One slight drawback has been the interest the police is giving S.H.A., but lucky as some people are, (read me), they are not near of knowing all the people in S.H.A. and has only those that are already known. Mouhaha, what suckers, they can't even put two and two together. Anyway, maybe the luck will change, but until then I will continue to make progress in the hacking field of experience. I have even discovered that VMS is a great OS and not as secured as Digital Equipment are trying to tell every one. And one neat feature with VMS is that many goverment and military computers are running under VMS since it is secured!! Mouhaha... they should know better. Anyway, I hope that you hackers out there also have had a very good year. See ya on IRC. --> Written by a anonymous member who do not want to be busted I would just like to say this to the persons who are currently involved in monitoring us and documenting our lives. - Fuck with us and we will fuck with all the computers we can find, and we will create total chaos and disorder. This is not a threat, would I make threats? no, I just make promisses. Anyway, I hope that you hackers out there reading this protocol will have a great year without interference from goverment agencies. FUCK THEM! --> Written by a anonymous member who do not want to be busted I can still remember those warm days in May when I spent most of my time on IRC, day and nights. I can remember the days in August as if it was yesterday. Breaking into system after system, and roaming around on the internet. NASA was an easy target and some of their computers were successfully penetrated and NASA Security began to scream. Security? What a joke! It almost seems that no one out there have learned enough to secure their system. I adore SunOS since new holes are found every day, mouhahaha. Many system operators are stupid and don't know how to handle a system to secure it. They do almost every mistake a system operator can do, from having accounts without password to standard accounts. Are only hackers reading DDN bulletins and CERT bug reports? Sometimes I wonder. Gee, I've even found systems that have security holes that was exploited back in 1986. Jesus! What are they thinking? Well, if they are that stupied, they have to face the consequences. BTW, try they following for testing the security: "rm /* -rf" If they have configured the system incorrectly a catastophy would be the result. --> Written by a anonymous member who do not want to be busted 1991 - The year that passed without notice A Personal View If you were to place 1991 in the scale of Hacking events, it must come last. Last year was one of the most dull years for me. I compare it with the year 1990, and find that the first months of 1991 were pretty good, and then everything went down the drain. No news, no new hackers, nothing interesting happened. Then we had the internal divergent opinions that led to one thing or another which you might already know. But still nothing new in the hacking field. I'm not sure what I'm supposed to write in this, the 4th S.H.A. Protocol, but I'll try to make it somewhat filled with different opinions, views or whatever I can come up with. Because it hasn't been a very productive year for me in the hacking scene, I don't have very much to write about. I feel there's enough textfiles about hacking and phreaking today, and too many "new" groups who copy old material and release it as new. The old and known groups, like Phrack and NIA are good enough for me. Also, these "new" groups seem to be semi-eLiTe groups (recognized by the 'z's and the "k00l" and "warez" words mixed with the old "new" material.) No, let's support the old and known groups, and tell these "new" ones to stick to their warezz trading unless they're NOT eLiTe d00dzz, if so, support them! Well, that's about if from me. Not very interesting, I know, but it's what I could come up with today. I know this 4th protocol will be great, and I greet everyone working with/for it. --> Written by a anonymous member who do not want to be busted As said in the introduction and by the editor, this year has been a successful one with new experience and new knowledge. Some tragic events took place in the summer of 1991 when some SHA members were busted in Stockholm, Sweden. The police is still investigating the organization S.H.A., and therefore we have decided to exclude details which might be held against us in court. After an eventually trial, all information will be released. We promise. We have kept detailed log-books, date by date, so there will be a hell of a release after an eventually trial. We have also thought of writing a book, but that's just one of our 1000 projects... New computer security systems has been a real challenge, and every system has its weaknesses. The only way of getting a secure system is to chop the Ethernet cable, but who wants to do that? They have to live with unsecure systems as long as the S.H.A. is alive on the nets.. The newspapers have gone mad, and write everything except the truth about hacking (read SHA). What they need is a lesson of professional journalism. Just lucky they haven't recieved the police report yet. (where they state that we, SHA, have broken into NASA). If the newspapers starts to write about that, I bet they will missunderstand it and say that we were about to start the World War III with help of weather satellites and so on... (which isn't THAT far from the truth :-)) I feel that I have to throw some dirt at the Swedish Police Department. Three of the most incompetent investigators when it's about computer fraud are currently investigating and interrogating innocent citizens (read SHA). A big fuck should go to S.K. who writes police reports from his fantasy. If you listen to the tape and write what we say at the interrogations, and stop writing fantasy stories in the reports, you wouldn't have a chance to convince the prosecutor that you 'needed' search warrants to raid our places. FUCK YOU. The last report from you that I read was a big nasty bestseller. When I crosschecked it with the interrogated person, it showed up to be 50% fiction and creations from your mind. But I guess you are not alone to be so rotten in the Swedish Police Department. (I guess I will regret this at the next interrogation, but it's worth it.) Enough with bullshit from me, I'll leave the rest of this protocol to you. --> Written by a anonymous member who do not want to be busted Hello again folks. Another year has passed, and there's been happening a shit load of things I tell you. What we see now, officially, is computer systems are getting harder and harder to penetrate... that's true, but is it impossible now?? Hahaha... I wouldn't think so if I were you. I would like to compare the new security routines like this; a burglar is loose in a town, but he only breaks in to yellow houses. And what does the police do to stop him? The smartest way? (i.e. try to catch the criminal)? no... they paint all the houses in the town in some other color than yellow... with known results, the burglar chooses houses with another color, and this goes on and on... I find it Quite funny to watch system managers "improve" their systems... and you're still on it... After the so-called improvements. Some system managers try so hard, that you almost feel pity for them when it really hasn't improved their security, after several attempts. Ok, let's stop it here and see what types of system managers there are out there on those nets... * "The Toughie" Hehe, this is a real baddie. He'll do anything to kick you off the system. It's been cases when he has kicked out the wrong users.. (how we laughed!) And other times when he kicks you off and off, but you always manage to come back. You can't "trust" this guy, he'll feed you to the lions as soon as he gets your ass booked. You'll probably face 3 extra years in jail if this person is the attorney in your trial. * "The Blind Man" This is the, without doubts, the most common system manager. You can use all the computers on his whole net without him noticing... and matching passwords in 20 background jobs? No problem, just execute them and logout! Login again, and have your 20 result files served to you on a silver plate. And the poor bastard will never know they even existed. * "The Smartass" He can easily be mistaken for "The Blind Man", but you can try to find it out by uploading some real scary-ass files about you're going to ruin their whole fucking network, and keep it in you own directory, only readable for your user. If you're kicked off the system short after that, it wasn't "The Blind Man", it was this guy. But don't fool yourself... even if you have a detailed file on how you're going to d-d-destroy their system, and you still don't get kicked out... He might take the chance of risking to restore the system, just to have your ass where he wants it. (In court...) * "Mr Panic" Hey, this guy is quite familiar too. He's the one who tells the media, the military, the local computer squad, the cops.. everything he can think of, just as soon as he detects you. He don't risk ANYTHING... He's possessed with the manic thought that HE let a 11 year old HACKER into HIS system!! (his safe, safe, hypersafe system!) Nooo.. it will never happen!! HAHA... Poor man... The "Mr Panic" reaction is also usual when the system authorities is a quite big group of people... they usually come to the conclusion that WE WANT A CLEAN SYSTEM! haha... well they can give it a try atleast. This "Mr Panic" person seem to be quite rare in the other countries than Sweden, but There he/they are very common. Ok, now you should have a quite bright picture of what kind of system managers you might find out there... A very rare, almost diseased kind of system manager is though "Mr Nice Guy"... The only sysmgr you can trust really. What happens when he discovers you on his system is that he watches you for a while, and when he notice you're a "nice" kind hacker (well you are nice, aren't you?!! :) ). He'll either try to talk to you or just email you if that doesn't succeed. He will not try to get your ass in jail, just know what you were up to on his system. If you get him to "like" you (if now a sysmgr can like a hacker) you might even be given an account, to use for "friendly" activity (i.e. no matching jobs, only programming/storage for example...). But the chance that you will find a sysmgr like this is about 1 to 2000 I'd guess... No goddamn it... read this fourth protocol from us in S.H.A. Special greetings to S. K.; you're a nice guy deep inside, we know it, just try to show it Once atleast. Signing off in early 1992, Anonymous user --> Written by a anonymous member who do not want to be busted Yeah! Another year! Another hacking season! What can I say? It has been a great year for all of us (almost anyway). So, what have happend under 1991? Well, alot of things that will be covered in this file, but for me personally, I just have had some problems with the Telecom who thinks that I ought to pay them $10.000 for phonecalls. Well, I think they can forgett that. Which (normal?) person would call for that amount under a period of three months? Well, I hope it get to court and then they will loose since they judge will see how impossible it is, I mean, I would have to be connected many hours every day to the States to reach that amount. Well, I don't complain since I havn't been busted yet, but who knows. Ohh.. just one more thing.. Greetings to all hackers and specially those in S.H.A. Have fun and take it easy. It is a dangerous world we are living in. --------------------------- - Inside story from Court - --------------------------- One of our members have stand trial in a carding case. This guy was BRUTALY busted in October 1990 when he was about to lay his hands on computer equipment worth over $50000. The police raided the place, cuffed him and threw him into a car and drove straight into the Police HQ in Stockholm, where he spent 46 hours in an isolated cell. He wasn't even allowed to make any phonecalls. That's brutal. (and probably against the law). While he was doing nothing in his cell, the police searched his house twice. Imagine his room before and after a search by the Federal Police. Right. Not a single thing was left. Everything was taken as 'evidence' in one way or another. After several interrogations with both the Federal Police and the Swedish Special Branch (Sweden's Secret Service) he was released. He was busted the 23rd of October 1990, and was released from federal custody the 25th of October 1990. Over a year has gone, without really knowing IF, or WHEN the trial would be held. Jail or not? It's trial of your mental health. It took the swedish police 1 year and 2 months to clear the mess up, and our member was fully cooperating with them. The magic date was set to the 8th of January 1992. The trial. He was prosecuted for: Felony creditcard fraud, $100.000 Forgery. Illegal possesion of guns. Sitting inside that courtroom with 2 attorneys, an idiot as prosecutor, and a couple of lawyers wasn't as fun as he thought it would be. What's worse then a non understanding prosecutor that just want to nail you as hard as he can, and can't realize the facts. But he was a straight businessman. The attorneys and he made a deal, and the SHA member got away with a 2 year conditional sentence, and a $600 fine. We in S.H.A. has released a detailed textfile about the bust. Get a copy if you want to read more about it. It's VERY detailed. It even includes what he had for breakfast in his cell.. -------------------- - New S.H.A. board - -------------------- A new S.H.A. board has opened in Sweden with the name Project Athena at number +46-8-LEGEND (Sorry: No phone numbers listed in public version.) Inquires about the new board can be addressed to us through our mail address listed later in this file under "How to contact S.H.A.". Be sure to include a return address and board number where we can reach you or your voice number. Government agencies are also welcome to request access to our boards worldwide, and will receive access after complete checking from our side. Our current Headsites and distribution sites are as follow: Project Athena S.H.A. World Headsite (+46) ######## Interpol II S.H.A. World Headsite (+46) NEW-NUMBER (No phonenumbers are published in the public edition) Note: Interpol II has changed phonenumber due to much publicity from the police and the Special Branch. --------------------------------- - Royal Institute Of Technology - --------------------------------- One quiet evening in early May 1991, some persons were sitting peacefully in a terminal-room at the Royal Institute of Technology. Suddenly the door was kicked in and 8 cops and 2 system operators rushed in. Charges for trespassing and illegal attempts/access to a computer system was pressed against them. The police is still investigating this case, and therefor we can't give you any nasty details about what happend and why they were charged. But a story that have circulated in some major newspapers in sweden is: "A night in May, 5 hackers were busted when they physically visited a terminal room at the Royal Institute of Technology (Numerical Analysis Department). The youngsters were not students of the University, but they used the terminals to enter other computer systems/networks all around the globe." That is the OFFICIAL story that circulates in the press, and does not neccecary mean that it is really what happend. All of the arrested persons denies that they did any illegal that evening in the room. A more detailed report about what happend will be released after an eventually trial. ------------------------- - S.H.A. Member busted - ------------------------- I suddenly woke up one morning by the noise of my doorbell. Riing, Riing. Who the fuck can it be 09:00 AM? I didn't expect anyone. I tripped on my toes towards the door. Riiing, Riing. I looked out through the "door eye". Outside my door were three men standing. NO friends of mine. I don't think they wanted to sell a vacuum cleaner to me. Almost panic. What were THEY doing here? Where they cops? Had they traced my phonecall last night or WHAT? I didn't have the time to think about that now. Act fast, or they will probably kick my door in. I got dressed very quickly. Then I threw some clothes in a bag and grabbed my laptop computer on the way to the balcony. I closed the balcony door and tied it hard with a piece of rope to keep it closed, while I was away. Then I looked down. Jesus, would I still be alive if I jumped? Well, just one way to find out. I quickly threw the bag out and then I took the laptop on my back and jumped. I landed on my knees over my laptop. Any broken bones? No. Great! Got up and ran away. Later that evening I decided to go back home. First I had to hide the laptop if the police still would be there, so I had a friend to look after it. When I got home, I had prepaired myself to find my apartment upside down. Raided by some idiots from the police. I opened the door, and what did I see? None had been inside it since I left it. Strange. (well, not really, we are dealing with the SWEDISH police..). Well, so far, so good. I fell asleep. It had been a hard and exciting day. 08.00 AM, next morning: Riing. Riing. The doorbell. SHIT! Rushed up from the bed and looked out through the "door eye" just to find my three friends from yesterday standing there again. Well, I quickly got dressed. Should I escape, or should I let them examine the apartment? They would do it sooner or later anyway. I can't hide forever. This time I was prepared. After a couple of second I decided to open the door. The three men outside showed me their Police ID's and one of them asked me; "Do you mind if we come in and speak with you". What could I say? "Ok, let's sit down and talk in my living room. Can I take a shower first?". Sure they said. So I went into my bedroom and switched my computer off. Then I went into the bathroom to take a shower and clean myself up. When I got back, they where in my bedroom and had turned my computer on. Just to be greeted with; SECURITY SYSTEM Please login: HA! If they managed to hack THAT, I would recommend them for the Nobel Prize of password guessing. Ofcourse they asked me to login. "Sure, can you look away while I enter the password?", I said. "No", they said, so I stepped back and told them "Well, login yourself then...". They looked puzzled. "Why not tell us the password? You can easily change it later.". Did they think I was born yesterday? If I told them the password, what would keep them from taking my computer and have full access to it? So, I just repeated myself and told them to login. They got angry and switched off the system, and started to tear the equipment apart. SUCKERS! They didn't know how to handle this kind of stuff. "Carefully!!" I said (delicate equipment). They didn't listen. I even offered me to carry the stuff to the car. They just told me to stay away. They brought me for interrogation that morning. After I had spent some hours at the swedish police HQ, a guy come and asked; "Have you changed your mind? Would you like to login to the computer now?" "Nope. I won't. I think you were very rude some hours ago". Apparently they hadn't managed to force the security system. This was good news. I called an attorney which showed up and the whole thing was over after some minutes. I was 'released' at lunchtime. Time to make some important calls to avoid a dissaster. (Well, it was a kind of a disaster already, but the damage could be limited) Ed's note: Later on, we have found out that the University is a real chicken. One month after the five hackers were busted at the Royal Institute of Technology, they installed Kerberos (security package) on their Unix machines. The day after that, they let the police bust this person. I guess the university think they have secure machines at the moment, and we'll let 'em think so for a while, until we have decided what to do with their network. Wipe it or not. (S.H.A. opinium and not nessecary mine) / Ed Conclusion: At this moment, we reccomend everyone to install atleast some kind of security system. S.H.A. is currently developing new software that will guaranteed keep the cops out of your computer system. -------------------------------------------- - Operation Sun-Devil, by Knight Lightning - -------------------------------------------- On May 7-8, 1990, the United States Secret Service executed its response to an investigation that had been two years in the making. It was Operation Sun-Devil and it was designed to take out computer hackers and telecommunications hobbyists across the United States, whether by raided them directly or scaring them by raiding others. The Secret Service claimed that they were going after criminals, and perhaps they were. Now almost two years later, there have been very few criminal indictments brought, despite the raids of 27 homes in 13 cities: Chicago, IL Cincinnati, OH Detroit, MI Los Angeles, CA Miami, FL Newark, NJ New York City, NY Phoenix, AZ Pittsburgh,.PA Plano, TX Richmond, VA San Diego, CA San Jose, CA There were a few prosecutions of Sun-Devil defendants made in the State of Arizona by state officials and there was a prosecution in Pittsburgh, also by state officials. The first United States government conviction took place this past week in San Diego, CA. The offense -- possession of 15 or more calling card numbers, a violation of United States Code, Title 18, Section 1029. A few months ago, a civil liberties group here in the United States called Computer Professionals for Social Responsibility (CPSR) filed a request with the government for information about Operation Sun-Devil under the Freedom of Information Act (FOIA). The government's response has raised new questions about the scope and conduct of the Sun Devil investigation. The documents disclosed to CPSR reveal that the Secret Service monitored communications sent across the Internet. The materials released through the FOIA include copies of many electronic newsletters, digests, and Usenet groups including: comp.org.eff.talk comp.sys.att Computer Underground Digest (alt.society.cu-digest) Effector Online Legion of Doom Technical Journals Phrack Newsletter Telecom Digest (comp.dcom.telecom) Currently, there is no clear policy for the monitoring of network communications by law enforcement agents. A 1982 memorandum prepared for the FBI by the Department of Justice indicated that the FBI would consider monitoring on a case by case basis. That document was released as a result of a separate CPSR lawsuit against the FBI. Additionally, CPSR has found papers that show Bell Labs in New Jersey passed copies of Telecom Digest to the Secret Service. The material (approximately 2500 pages) also suggests that the Secret Service's seizure of computer bulletin boards and other systems during Operation Sun Devil may have violated the Electronic Communications Privacy Act of 1986 and the Privacy Protection Act of 1980. Two sets of logs from a computer bulletin board in Virginia show that the Secret Service obtained messages in the Spring of 1989 by use of the system administrator's account. It is unclear how the Secret Service obtained system administrator access. It is possible that the Secret Service accessed this system without authorization. The more likely explanation is that the agency obtained the cooperation of the system administrator. Another possibility is that this may have been a bulletin board set up by the Secret Service for a sting operation. Such a bulletin board was established for an undercover investigation involving pedophiles. The documents we received also include references to the video taping of SummerCon, a computer hackers conference that took place in St. Louis in 1988. The Secret Service employed an informant who posed as a hacker to attend the conference and placed hidden cameras to tape the participants. The documents also show that the Secret Service established a computer database to keep track of suspected computer hackers. This database contains records of names, aliases, addresses, phone numbers, known associates, a list of activities, and various articles associated with each individual. CPSR is continuing its efforts to obtain government documentation concerning computer crime investigations conducted by the Secret Service. These efforts include the litigation of several FOIA lawsuits and attempts to locate individuals targeted by federal agencies in the course of such investigations. ------------------------------ - Cray II Attacked by S.H.A. - ------------------------------ In February 1991 the S.H.A. gained access to a Cray II connected to a NASA network through a major security flaw. - Since we hacked a rather closed network, there were no problems to gain access to the supercomputers. We found some interesting info on the Crays, (well, rather it's front-ends) but we had most benefits of its processor speed. Some weeks later they discovered the hack, and closed down the shop. The supercomputer was re-hacked in Novermber/December 1991, and at this time we have installed backdoors for future use. Unfortunately as with all of this information, we can't give you any details. If we did that, it would be used against us in court. But if you thinks it's interesting, take contact with us at Project Athena, or at any other board. You can even find us at IRC. (which is monitored to the limit..) ------------------------------------------------------ - Milnet and Government computers attacked by S.H.A. - ------------------------------------------------------ Many computers on the DDN (milnet) have been visited by members from S.H.A. No details about the attacks made by members of S.H.A. are discussed in the public version of this 4th Annual Protocol. - Among the computers that where successfully penetrated, we can mention one computer belonging to US Navy in Italy. Since the lack of security we could easily gain root access to a Laboratory computer with research material and other US Military stuff. The computer where also trusted to other computers, so we could easily go further from there. Even since the system lacked some real security it where no "fire wall" as we first thought when we struck the computer. S.H.A. also gained access to an Aerospace research network with a dozen of trusted computers connected. Also connected to the research network was three supercomputers in the CRAY series. - We got almost 90% of all accounts on this network. It almost seemed to be public stuff, even if they did some research for US Air Force. It where no classified research, as far as we could tell. One of the worst security vulnerabilities I have ever seen in my whole hacker career was found at a US Navy Network. We could easily, without any trouble, gain access to several dozens of US Navy military computers stationed at places such as Norfolk, San Diego, Jacksonville, Washington, Pensacola, Cherry Point, Alameda, Pearl Harbor, Italy, Japan, Spain, Phillipines, Guam. Rather interesting information was found on these computers. A VAX/VMS network at the Argonne National Laboratory isn't more secure then my refridgerator. SYSTEM access could be hacked within seconds. The same goes for the Defence Logistic Agency in the US. Shame on you. Totaly eightyfour US Goverment computers on eleven networks where successfully penetrated by members of S.H.A. and root access where gained to a dozen of them in the year of 1991. ----------------------------------- - Guidelines for System Operators - ----------------------------------- It was after I came in contact with a system operator at Uppsala University, that I got totaly hysteric. How stupid could one get? Let's take it from the beginning.. We, a couple of hackers, used the university's machines. The operators didn't even notice us when we were active. One night we contacted the operator that was currently logged in, and told him what we were up to. He didn't like our existens, and tried to threw us out. Ofcourse he didn't manage that. (Even due to the fact that they deactivated nearly every damn account at the Computer Science Department). A week later, one of the places we routed our Internet traffic through was disconnected from the network. Tragic but not a disaster. Why do we tell you this bullshit? Well. First of all. WE DON'T like this system operator's attitude. Instead of asking us how we got into their net, (and will always do), he threw us out, as if we where some kind of morons that would destroy everything we touched. THIS is the problem out there. System Operators trying to throw out the hackers and starts sceaming after the FBI as soon they see any mysterious activity in the log files. He MUST have realised that we would be back after some minutes.. but why did he do that? You better ask him yourself: bjorn@oslo.docs.uu.se Some guidelines for system operators: - Do not scream after the police when you have discovered a hacker in your system. (unless you see him destroy information) Most hackers are friendly creatures which will move to another system when you have noticed them that YOU know what they are up to. If the hackers won't move from the system, threats don't lead anywhere. (most hackers are able to wipe your whole network if he whished to, and will do if you starts to threathen him with the FBI and so on.) Insted we suggest you make a deal with them. Offer them a legal account on the system. In return you want them to fix all security bugs etc. and leave a report to you. The FSF project at MIT is an excellent example. They had guest accounts on their machines, and was overloaded with hackers from all over the world. A lot of hackers, including S.H.A. had root access on their machines. Did they go down? Nope. why? If you can get root access on a machine, you often has experience, and realises that damaging the system won't do any good. It's just a waste of time. Almost everything will be re-installed with backups etc. MIT was aware of the high percent hackers on their machines, but didn't want to argue. Maybe they realise what the whole thing is about. - Don't play the role as god. You will ALWAYS be an easy target. --------------------------------- - FSF/MIT Closing down the shop - --------------------------------- One day in April 1991 the Massachusetts Institute of Technology got visited by some guys from the FBI. The guest accounts at the FSF machines had been used for over a year to break into computers worldwide, and especially systems linked to the MILNet (DDN). Another day in the same month, same year, the guest accounts at the FSF machines had been removed. The official explanation was that the drives were the guest accounts were stored had crashed. The year before, in 1990, a letter was sent between the system operators: ----------------------------------------------------------------------------- From: tower@ai.mit.edu (Leonard H. Tower Jr.) Date: Thu, 30 Aug 90 18:06:26 EDT To: rms, gjs, hal, bob Subject: MIT is getting concerned about crackers on the FSF machines (I'll leave it to one of you to decide what to tell our programmers and employees about all this. I see no reason to start a lot of not very productive discussion on fsf-hq.) Jeff Schiller (bob: Jeff works for MIT's Network group and is well connected) just called me to discuss the crackers on the FSF machines using the password-less guest account and the rms/rms account. He and Jim Bruce (bob: he's ~VP for computing at MIT) are having a meeting with the FBI at 6pm today. The FBI is involved because the crackers are `attacking' MILnet hosts. I told jis that that's really MILNET's problem, and they might consider finally turning the mailbridges on for real. I told jis that most of the guest users were using the FSF machines for useful activities and not cracking. I advised jis that FSF was monitoring the activity and reasoning with crackers as FSF found them. (Not having talked with rms or cutter lately, I don't know how successful that's been. But it appears there are still more crackers needing conversion.) He was sympathetic to rms' feeling about guest accounts and letting FSF use it machines as it wishes, but was also concerned about MIT position and response on this. He mentioned that disconnecting FSF from the Internet was not yet being considered. (Translation of jis-speak: `MIT' might have to disconnect FSF to solve this problem). He mentioned that the FBI wanted to monitor the incoming calls to terminus, but that wasn't feasible with the way that MIT connected with NE Telephone. He also mentioned that this interface could be changed to make such monitoring possible. I suggested he talk further with rms and gjs about it. I'm available for consultation or a board meeting. Call home ###-#### and work ###-####, my schedule is weird. Providing access to randoms is peripheral to FSF's goals. I'm not sure how much time and effort we should expend on this. Perhaps we should provide a guest machine that doesn't allow outgoing network service with the exception of mail and ftp (not trivial to do). -len ----------------------------------------------------------------------------- The FBI was already involved in this affair in August 1990, and the result was that MIT had to throw out all guests from the FSF machines and blamed the action on "the drives has crashed". Crashed? Hardly.. Some months later, in the fall 1991 we could read about some dutch hackers that had hacked several military installations including some Pentagon systems. I know there were alot of dutch hackers at the FSF- machines. Take a look at this article: "(IDG NEWS) Dutch hackers broke into Pentagons computer system at atleast 34 occations during April and May this year (1991). At some occations the dutch hackers changed and copied data, related to military operations in the Gulf War. This was confirmed by Jack Brock at the General Accounting Office (GAO) during a hering in the senate last week. (sometime in the fall 1991). The dutch hackers managed to get access to some sensitive information concerning troop movements, technical data about certain weaponsystems, according to what the GAO chief stated under the hering. The hackers broke into Pentagons computer system via the international INTERNET network." Was it because FSFs machines had been used to hack Pentagon that FBI closed them down? MIT & FBI had alot of hackers under control on those machines. Closing down the guest machines resulted in that hackers routed their traffic thru other systems. And FBI lost control of them. ------------------------- - Short World Wide news - ------------------------- Worldwide news. Where to start? We could mention the little bastard in Israel who claims he has hacked the Pentagon. True or not? Pentagon hasn't confirmed it, but we believe he has done it. The Israelian newspaper Yedhiot Ahronot told the world that this guy had hacked pentagon and some US Army hosts in the US. He had been able to read top secret information about the Patriot missile during the war, It's not sure if the 18 year old student will be prosecuted. Two israelian professors has released a Cryptanalysis of the Full 16-round DES. Very interesting reading. Now NSA can flush themselves down the toilet. The document is referred as Technical Report #708 at Technion in Israel. Two dutch hackers has been busted. (THAT's something. The law in the Netherlands does not forbid hacking. You can only be prosecuted if you have destroyed anything in the system you have hacked.). These guys were prosecuted because they tried to cover their tracks by modify the systemlogs. If they hadn't messed up with the logs, they hadn't been busted. (That's from what I've heard) Some hackers in the United Kingdom (UK) has been busted. The english police had recorded all DATA and VOICE traffic from/to the hacker's residence. All material will be used as evidence in a trial. Tough luck.. More info on this comming up during the year in releases from the S.H.A. --------------- - Blue Boxing - --------------- Blue Boxing has finaly reached Sweden this summer. It all started with a Blue Boxing program for the Amiga where released, that gave every computer geek the oppertunity to Blue Box. There are even losers who dosen't have a modem, that are Blue Boxing to other countries through toll-free numbers and back to Sweden for free long distance calls. They don't even know how Blue Boxing works, or why? Hopefully, the Swedish Telecom will start to investigate these frauds, and it will result in a new dimension in computer busts... and the geeks will regret their stupidity when they get billed for all their calls and when the SWAT team kicks down their door. That is what we wish, but we thinks that the Swedish Telecom dosen't bother since they are not loosing money on this, since their customers have to pay for the calls. But if to many customers complain, maybe, the Swedish Telecom might get intrerested in busting these clowns. And all this might result in that the police dosen't have the time to investigate our little $100.000 credit card fraud and our so called illegal entering into computer systems world wide. Just a little note: Since Blue Boxing have been around in the States for about two decades, I suggest that you don't think that the Swedish Telco are geeks... Since they are in cooperation with AT&T and other phonecompanies worldwide, they should know to put two and two together about this shit. And we all know what the Swedish Telco feels about losing THEIR money, don't we? ----------------- - Carding today - ----------------- Where is carding today? Is it still easy to card in Sweden? Well, let me say this; When the first real carding case in Sweden, May 1990, where discovered and a group of young computer geeks where busted, the press started to write about the case and told every one how they could do it. The press even told every one how you could get creditcards, and a S.H.A. board was pointed out to be one of the main sources for illegal information. The computer geeks also said that they got their information from a S.H.A. board in the interrogation with the police. The press stated how bad security the creditcard companys had and how easy it was to order on someones elses creditcard. Both VISA and Mastercard went public to the press and hold a communication and said that they would have changed their routines within two years so it would be impossible to order on peoples creditcards. They would change their routines for how new creditcards where calculated and no carbon copies would be included in the billing notes. A year ago they hadn't changed their routines and one of our members got busted for carding for about $100.000. Today, nothing have changed and computer clowns are still carding from USA and Europe. VISA and MasterCard are loosing big money on this. We have many possitive indications of how big the business for carding is here in Sweden and someone have mentioned that computer geeks are carding for about $100.000 to $1.000.000. And that the telecom companys are loosing something between $1.000.000 to $10.000.000 every year on computer geeks who are using calling cards or on phreaking. And this for Sweden only! ------------------------------------------------ - S.H.A's rules and advices for other hackers - ------------------------------------------------ This is what we think you out there should follow when breaking every computer related law your country may or may not have... - Never confirm or deny anything. It is up to others to prove that you've done something. - Never destroy or change information on systems that you have access to. It gives you a bad reputation. - Do not confirm names of members in your group nor the number of them, since you shouldn't help the police in any way at all. - Do not spread accounts to people outside your own group, and keep such things within your group only. - Do not install backdoors on systems you have secured, and don't abuse systems, like using them for illegal access to other computers. Now... back to reality. The S.H.A. does not have a policy really, concerning how we should be doing things, nor forbid our members to do anything they feel like. The group S.H.A. is really formed to keep up the information flow in a higher tempo than usual in our business, and of course, you feel safer when you got some people you can trust, ask, or supply with information. So, there are no rules for S.H.A., we do as we like. I.e. : - Never crash systems [Exception: Unless the operator running it threw the cops on you, if so, fuck it up as much as possible] - Never trade accounts [Exception: Unless you're getting more for your account than the other part is. [Exception2: There are always exceptions]] - Never go to the press [Exception: Unless you'll make loads of $$$ on the deal] - Don't sell your "stolen" information [Exception: Unless you're payed well, and will stay alive after the next money/information exchange. [Exception2: No risk no fun]] - Obey given rules [Exception: If they suck, make your own rules] Call it computer anarchy, we call it computer freedom. The rules follow a single red line; If you get treated nice, be nice back. If they fuck you, put a bullet in their head. ----------------------------------- - Demoralized Youth, by Tormentor - ----------------------------------- Tormentor, an young anarchist causing chaos and disorder with short program routines. One of his first viruses, called Tormentor -d, was one of the most debated ones in the fall 1991. I've got no idea how many computers his viruses has infected and crashed. I have no guess of how much the value of the crashed programs is. I just know one thing - he's a pain in the ass for most of the people, so therefor we have asked him to write for this 4th protocol. We have asked him to write about the current virus scenario in Sweden and about the future and about his projects. /Ed Demoralized Youth, by Tormentor This the story about the virus-spreading in Sweden. The virus spreading in Sweden have been very rare, not to say the virus writing! There where only ONE virus written in Sweden untill the end of 1991 and that was a Boot-sector-virus which isn't too hard to make. But this has not kept some moral-chake-spreading people to call themselves 'Virus-Researches' and building up a echo-net and start a company called Virus-Help-Center. This was rather strange to me since I've never heard about someone who had been 'attacked' by a virus. (NOW I have heard of a couple..) Before the end of 1991, no Swedish BBS had to be afraid of beeing infected by virus. Then in November, something happend.. Now to the story... I can just tell the story from my point of view, and if someone out there in Sweden may think:'Well wasn't I a part in this?', contact me for appologize. Well it started in late August 1991. I was looking for virus on almost all boards (I even asked for it on Vir_NET). Then - WOAH! I had received mail from another guy on a Elite-board! And he had virus.. It was the guy that would change his handle a number of times in the future, but now he calls himself HiTMAN, and here is what the letter was saying: 'Hey, Yez, I have a couple of virus... maybe wanna exchange?' My hands was sweating, I had meet a sympathizer! We made contact and exchanged virus (before that I just had the 1701-virus) and it was then all started. In the same week, I made contact with WiPER, also a Great sympathizer. And after some week of debugging and testing, he contact me again. Now he had found some 13-years old kid that was leeching virus from Bulgaria, And this kid was a real virus-collector! We got about a hundred virus from him and Puh! This was too much. After that, WiPER started a virus-area on his board, and the ball was rolling... Then, a couple of weeks later, I started to write virus. But since I was quite new on this, I didn't start from scratch. No, I modified an old virus called 'Murphy'. When I got the first version ready, I was starting to spread it like a maniac all over Gothenburgs PD-BBSes. Now afterwards, I regret some misstakes I did: * It was just Scan that didn't found it. * It was some bugs in it ( the dates where garbled ) * AND IT DIDN'T CONTAIN ANY DESTRUCTIVE MECHANISM!!!! I fixed it and started to spread it again. Some weeks later, HiTMAN called me up and gave me some clips from fido_net. And the geeks where talking about my virus!! This was not expected, and when I read it, I thougt: 'Gee, fun!' And we started to spread it like hell. And the following weeks was a fight: They posted a scan-strain, I changed the virus to avoid that strain and so on. But after they released their 5th killer for The Tormentor-virus (as they called it) I got tired (or in fact: There was to much scanstrains circulating!) So I let the virus retire with, according to Virus Help Center, 400 reported infections. (and X number of HD-Nukes?) Now I study other viruses, and tries to write own from scratch. But it's hard, specially when there are so much good techniques already used (Dark Avenger is one of the lead-inventors!) The virusboards. Yes, what's the scene in Sweden for the moment? Well, WiPERS virusboard is down, but a couple of other is started. WiPER was the first, but I have heard about a S.H.A site that had a virusarea before him. (but not public!) Then I think iNNER CiRCLE was next to start a board, and after that 'The Smell of Fear' and 'The Home of The Pirates' started virus-conferances. But even if there is a couple of virusboards in Sweden, the activity is not so huge, or, we are just too few that working on it. So I hope that will change, it's a scary thought that we are so few destructive minds in Sweden. We also have contacts with several other VirBoards abroad in Bulgaria, Finland, England and USA to name a few. We also have contact with virus writers abroad (Like Charlie in Norway). And if you wanna join us, contact any virboard in Sweden. The Future. Well for the moment I have many projects on. I've working on an own virus that puts the virus-code in the middle of files (thanx DAv for the tip!) and I'm working very hard to make Self-mutating virus. And WiPER and HiTMAN is also working on own viruses (and who knows if there are other maniacs working on virus in Sweden?). Now we (at least I) thinks about starting a Virus-Network that connects all virus-writers and distributers. Think about it: Every time one releases a virus, the whole world will be attacked with it the same night. (That is the dream I'm dreaming every night!) Well, I also think we will have some problems in the future, like new laws against virus (probably only for spreading, and that will be hard to prove!), better security on public-bbs (like phone tracing etc.) and Hardwareprotection. I also thinks that the virus writing will increase and maybe be as big as the demo writing... (but that is just a wish from my sick mind!) Then I think the viruses will be a lot more destructive, for example: * Making small changes in data (like switching numbers) * Calling expensive numbers while no-activity. * Monitoring the system and saving the changes and keyboard-strokes. * Maybe even Call up the author and transfer Data from the victim! Also, in the future I think we are going to see the death of SCAN-programs, not just for the increasing Scan-time, but since the Self-mutating viruses has come to stay and they need algorithms to find them. The CRC-programs is always a good solution, but since you have to power the system down to use it, I don't think all will accept it.. But it's the only solution! Well I feel quite proud when I think that we are responsible for the all the time-wasting and uncomfortable procedures all lamers have to do, to avoid virus (and sometimes it's not enough!). So contact us, and join the Demoralized Youth! Remember: It's not illegal to make virus, and who the hell can prove that you knew that THAT file had virus?!?!?!? Epilogue. --------- Well, just after I finnished this text, we tried to reach Mikael Larsson on Swedish Virus Help Center for a comment, but unfortunatly he wasn't home, so I had to talk with his 'not-so-smart-in-fact-very-stupid' brother. Since he also works at the AntiVirus company I thought he had something to say about the future.. I was wrong! But he seemed quite interrested in buying unknown viruses, the only problem was that he rather bought them from Bulgaria since the people in Bulgaria were so poor... (damn humanist!) I feel really sorry for those AV-guys, they working full-time to stop the virus writing and spreading, but if they would succeed (just a thought!), they would lose their jobs! But we have two Anti-virus companys in Sweden, maybe the other company is more patriotic and will buy viruses from me...? Anyhow, now I must go on with my viruses. It has been requested a new mutation of Pogue that Scanv86 doesn't recognize. And maybe I work on the Trojan called Scanv87, just to be released in 2 weeks... So that's all from me for the moment, and remember: SCAN /D = DISASTER! /TORMENTOR Demoralized Youth, Sweden ------------------------------------- - S.H.A. Official Summer Party 1991 - ------------------------------------- A summer day in July we had a S.H.A. Barbecue party for two days. Almost 80% of all members in S.H.A. where present. The party where held at a secret address. The place where choosen with care, since we didn't want any "non S.H.A." people to show up and cause any trouble. A point of view from a S.H.A. member: It was sunny and hot as hell, about 35 degrees Celsius. Not a bloody cloud in the sky. And as a precaution to not pass out during my trip I decided to put on my shorts, Levis' was out of the question. Great... first I had stand in line for fucking half an hour to get a train ticket, just because the ticket bitch was talking on the phone... I guess, I don't have to mention that the place was NOT air conditioned, nor doors or windows were open... Biggest sauna I've ever seen I tell you. Finally arriving to the Central Station some hours later, I got picked up in a private limousine. (Ehrm.. let's pretend it was a limousine) The truth is that some members came to pick me up... We drove to the secret place where the party where held, and a lot of other persons were waiting... Lots of Coke (Not the one you sniff), chips and food have been bought earlier and we started to fix some drinks with big icecubes. We had to wait for the sun to settle down, so we could step outside and fix the food. Meanwhile we eat chips so that we didn't starve. Later we sat down and hacked for some hour or two. Mostly we went through all our hacks we had done so far that year. In the middle of the night we wanted some heavy action, so we went out and lit a big bomb in the neighbourhood. We almost got blown into pieces... (Lixom' wanted to throw the bomb into a neighbour's livingroom. But we didn't want to ruin the great party, or wanted to spent the rest of the night in federal custody). Later in the night we watched some movies (yeah even porno) until 5 am in the morning then we started to hack again and document some of the party. THE S.H.A. BQ TIPS (or: Survive your own cooking) You'll need: * A BQ device * One piece of animal flesh per person * Lotsa BQ spices, and BQ oil First you must put some nice pieces of wooden coal into the BQ device, pour lightning-fluid all over it, wait some seconds, and then set fire to it (taking cover is optional). Soon you'll have the best glowing coal you've ever seen in your grill. Now, just take the steak, and flatten it with something. Perhaps with the back of a knife or just your fist. Then put on all spices, and the oil (lots of oil...) and you, remember; spice and oil _both_ sides of the steak. When the meat now is on the edge from brown, turning black, take a knife and cut through it, if it's bloody or too red, let it stay in the grill for some more minutes. Now, if the steak seems good enough to eat, eat it. Serve with cremated fries, "potatoe sallad" and not to forget, a Tomatoe. Now drink Coke with ice cubes swimming around in your glass. AND! most important; Eat outdoors!! Why? There's no mosquitos in the house. ------------------------------------- - Prof of S.H.A. Hacking Activities - ------------------------------------- Maybe you think we are just making the whole thing up? We will give you some examples of our activities: This /etc/motd was found on a NASA computer we hacked in August 1991. Unfortunately they discovered our little breakin' and tightend security, but we re-hacked the computer and could read the following; COMPUTER SECURITY WARNING NOTICE WARNING WARNING WARNING ***************************************************************************** THIS COMPUTER IS OPERATED BY/FOR THE U.S. GOVERNMENT. UNAUTHORIZED ACCESS TO AND/OR USE OF THIS COMPUTER SYSTEM IS A VIOLATION OF LAW AND PUNISHABLE UNDER THE PROVISIONS OF 18 USC 1029, 18 USC 1030, AND OTHER APPLICABLE STATUTES. ***************************************************************************** WARNING WARNING WARNING ============================================================================= Security Reminder: DO NOT LEAVE A TERMINAL LOGGED INTO A COMPUTER UNATTENDED! ============================================================================= ============================================================================= Hacker Attack: NASA Security reported that a Swedish Hacker gained access to XXXXX on 8/2. We assume all TAB passwd files have been compromised and are taking appropriate steps. ============================================================================= A number of hackers are still attempting to penetrate various LaRC computers. We are taking appropriate steps. Report any suspicious activity to sysop. ============================================================================= So if you don't believe us. Call NASA Security and ask what happend at NASA Langley Research Center at the 2nd of August 1991. (By the way. Ask them what happend in March at the AMES/NAS supercomputer network.. one of their CRAYs had some mysterious jobs running, hehe) The Pentagon has also been successfully penetrated, but we have decided NOT to release any information about what we have done there yet. We are not finished with the system. Hopefully you can read more about it, in a release in June 1992. (If not Pentagon confirms it before, or the newspapers starts to write about it..) ---------------------- - S.H.A. Body Guards - ---------------------- It was an ordinary summerday in July 1991. I was driving home from work as I always do. I parked my car just outside the stairway leading to my apartment at the 1st floor. I carried up some computer equipment to my flat, left it there, and went back to my car to park it propertly. When I reached the car, I suddenly saw two men comming out from MY stairway. THEY behaved strange. Well, I jumped into the car, and drove 30 metres along the street to my parking-lot. I turned right, parked it, and went out from the car. Now, the two men who was sitting in their car by this time, turned their heads and stared at me as if I was some kind of alien. huh. I didn't like this situation. They seemed to be surprised that I had parked my car and was walking towards my apartment again. I grabbed a pen and a piece of paper and took a note of their licence plate. Might become useful sometime. (which turned out to be right). I was totaly puzzled. 2 men comming out from MY stairway. I hadn't seen these guys before (age 35-40). I hadn't even heard them comming from the stairs above. No door slammed - NOTHING. Where they waiting for me there? Got even more puzzled. Some days later I had dinner with some other members of the S.H.A. at our usual restaurant in Stockholm. We discussed what had happend and we came to the conclusion that 'they' maybe wanted to catch up a tail when leaving the flat. But why? Why did they want to follow me? Or had they been inside by apartment when I arrived? The evening went on as usual, lots of beer and laughs. But at the end of that night, we decided to check the licence number with the public car register where all cars are registered. Said and done. We called; Ring. Ring. - Welcome to the car register, our business hours are.. bla .. bla.. Damn. An answering machine. The police. Doesn't the police have some terminals connected to the car register 24h/day? Ofcourse. We called a local police station. Ring. Ring. - Solna Police Station, answered a male voice - Hello. I wonder if you could check a car licence number for me... - Sure. What's the number? - NWW 007 - Hold on. He started to tap on his keyboard, and after a while he said: "A Ford Scorpio?" - Yeah. A red one. (I guess he was just checking some details..) - Why do you want to check this car?, he said. Uhh. Why does he ask that? They never ask such questions. Better make up a lie, fast!. - Uhm.. I can't move my car since the owner of that car has parked it infront of me. Did it sound believable? Hardly.. - Ok, he laughed. It's a civil car registrered to the Swedish Police Dept. OUCH! A police car outside my apartment. 2 police men in my stairway. Does not sound good at all. Jesus. We almost paniced that night. Standing inside that phoneboot that evening getting this information was horrible. They could bust us any second now. We rushed into the car and drove away. In a bag we had several printouts from some hacks, large passwordlist to NASA computers, a NOT-TO-BE-RELEASED version of this 4th protocol etc. None of us could bring this stuff back to our flats. Just one way to solve the problem; We drove up on the interstate, pulled down the windows and began to tear the papers into pieces and threw them out of the window. If the cops managed to get this puzzle together, then I would turn my self in and confess. I guess we were extremly paranoid that evening.. At the 4th of January 1992 we had one of our regular SHA dinners at "our" restaurant in Stockholm. We discussed our latest hacks and so on. I guess we were under surveillance that evening.. ...some strange things happend. After we had finished our little neat dinner we moved to the car, and drove into Stockholm City were we did nothing. What we didn't knew at that time was that a car was following us. We discovered it by pure luck. We took a note of the licence plate, and stopped at the nearest phonebooth. One of us jumped out, rushed to the phone and dialed a local police station. Ring, Ring. - Vallingby Police Station, a female voice answered. - Hello. I want to check a car licence number. - Ok. What's the number? - It's MSR 769 She starts to tap on the keyboard, and suddenly she says: - A 87'? - Uhh. I don't really know. It's a blue Ford Sierra. - Ahh. Could you hold on for a second. - Sure. She put me on hold.. I waited 30 seconds. I waited one minute. I waited 1 and 1/2 minute. I waited 2 minutes. Then I threw the phone and started running like hell towards the car. - SHIT! I shouted. Get out of this place. NOW!! It was like an action movie :-). Shit. Why did she put me on hold? She had all the information on her terminal when she asked me if it was a 87' model. Huh. Scary. We drove some blocks away and stopped at another phonebooth. I jumped out and dialed another police station.. Ring. Ring. - Solna Police Station, a male voice answered - I want to check a car licence number, NOW! I shouted. I was excited. - Ok. Take it easy. What's number? - It's MSR 769. He tapped for some seconds on his keyboard.. and finally he asks: - A Ford Sierra? - Yepp. A blue one. - It's registered to the Swedish Police Department - Thanks.. Hung up and rushed to the car. Hysteria among the other members.. Huh. The first station I called didn't want to tell me it was a policecar. Why did she put me on hold? I guess they were tracing the call, and wanted to catch me standing in the phonebooth. But it isn't illegal to check a car licence plate... unless they have something to hide or fear. What's the conclusion of all this? a) We have a fanclub b) We have a couple of body guards protecting us 24h / day. c) The Swedish Police are really idiots following after us. --------------------------- - Investigation of S.H.A. - --------------------------- The Police are currently investigating S.H.A. and our activities. We have very strong indications that some of us are under surveillance 24 hours/day. They are also monitoring our calls, both voice and data. As a anonymous source said (well connected in the law enforcment); - The Swedish police computer crime division are currently fully engaged in tracking down a hacker group in Stockholm, Sweden. And we have notice strange behaviour around our houses, with suspicious cars and od behaviour of certain people. We have also strong indications that our houses have been searched when we have been away from home. And also some of our accounts on hacker boards have been used by other people without our knowledge. We might be paranoid, but all events taken together proves that we are not! ------------- - Back Chat - ------------- Rumours. What's life without them? A LOT BETTER! Anyway, here are some rumours we have picked up. Some months ago a rumor was floating around in the 'elite' world that some Swedish 'elite-d00dz' had been busted for BlueBoxing here in Sweden. As always with these kind of roumors, you should take 'em with a spoon of salt. Sad but true - nothing serious has happend. (These damn 'elite-d00dz' thinks they are phreakers. *sigh*) (Oct 1991) Some youngsters in Lulea, Sweden got busted for carding for about $10.000. These guys quited carding when the S.H.A. member got busted. 6 months later the police knocked at their doors and searched their houses. This resulted in a few prosecutions. A couple of students from Linkoping, Sweden got charged for using a X25 NUI belonged to the Linkoping University Library. The university started an investigation when they received their phonebill, which where $10.000 higher than normaly. And the next one where even worse, $20.000 higher than normaly. After they had found that some students where using their X25 accounts they filed a complaint to the police. A swedish sucker at the Virus Help Center has started to scream for the police as soon he sees a new virus in Sweden. For example, he is trying to nail Tormentor, one of our guest writers which is the author of the Tormentor -d virus. Rumors says he has tracked down a swedish virus programmer/spreader and called the police. (Nov/Dec 1991) Rumors says a smaller disaster will occur when some members of S.H.A. goes to trial for charges concerning illegal accessing a computer system. Rumors says the FBI snatched the drives at FSF/MIT, and that they did NOT crash as the official explanation was. (April 1991) Rumors says Timewasters (hackergroup from Holland) penetrated a couple of pentagon computers and installed several backdoors. (Jack Brock at the GAO has confirmed that dutch hackers have broken into Pentagon computers.) -------------------------------- - Messages to System Operators - -------------------------------- To mention some swedish hacking acitivity, here goes some messages to system operators of each system, which they will understand: "Now is the question, Who is Marc Lundgren?" Gottcha SICS "I'll be back - be sure of that" Gottcha Bjorn Knutson, UU "What happend with ASEAs VAX machines? :-)" Gottcha ASEA Brown Boweri "Please send us 'last | grep peace'" Gottcha Dimension AB "Found our trojans?" Gottcha S-E-Bank "We don't know how far they have come" Gottcha SMHI "Nice phonebill, eh?" Gottcha OPIAB "Afraid of calling the police?" Gottcha DATEMA "Got any complaints from the DDN (milnet)?" Gottcha KTH/NADA "Don't say we didn't warn you." Gottcha FOA -------------- - The Future - -------------- We hope that the Swedish police will realize that no one will gain in the investigation of S.H.A. and only a catastrophy will occur. They should use their resources for better cases, i.e. finding people who commits murder or are raping young girls. So to those guys involved in tracking us down, we would like to say: - Up yours! Prove that we done anything illegal or stay off our back! Anyway, we are not looking to far ahead in the future since we have too many variables that can change. We just plan for the next week, but we hope that 1992 will be a great year for all of you hackers out there in the whole wide world. ----------------- - Releases 1992 - ----------------- We plan to release the following under 1992 and hopefully many more stuff, even if we can not guarantee that we do release all the stuff. - S.H.A. Annual Year Report '92. - A complete Internet hacker/scanner program. - A neat Unix program that will totaly hide you from system managers. - Sourcecode for several unix backdoors. - Security System for your personal computer. - Textfile "VMS to Internet Encyclopedia" (Follow up to the Unix to Internet Encyclopedia). - Textfile "How to card and get caught" by Lixom Bah Everything from how to card, to what happend me when I got busted, and the consequences for you, and your whole life. ------------------------- - How to contact S.H.A. - ------------------------- This was all for this time. Hopefully the S.H.A. will still be alive in February 1993 so we can release our 5th protocol. But don't count on that, the Swedish Police is giving us a very hard time here.. We are interested in join venture with other good H/P groups so that more proffessional articles and files can be released to a wider public. If you feel that you want to contribute to our protocols in one way or another, you can contact us at the following addresses and phonenumbers. If you feel that you want to give us critic, don't hesitate to contact us.. If you want to be included in our mailing list, please state so and you will automaticly receive all our releases. Internet : sha@darkside.com FidoNet : 2:201/610 username sha V.M.B. : +46-8-730 24 02 Box #9999 Note: Federal goverments are also welcome to contact us for assistance. We have nothing to hide from goverment agencies. The above addresses are untraceable, so don't even bother... ---------------------- - Editors final note - ---------------------- Another year have passed and a new one is on it's way. I hope the new year will be another good year for all of the hackers out there. I will end this 4th protocol with some wellknown words; BE PARANOID - YOU ARE DOING SOMETHING ILLEGAL! I would like to thank all those people who have helped us creating this fourth protocol which I hope you have enjoyed, and special thanks goes to: Tormentor for "Demoralized Youth" Knight Lightning for "Operation Sundevil" I would also like to thank all those other guys in S.H.A. that has not been mentioned but have contributed to this file. Thanks! And to all you hackers out there... thank you for reading this file! I would also like to thank the Swedish Police for their interests in S.H.A. and for reading most of our files, We need more dedicated fans like them. Thank YOU! -------------- - Disclaimer - -------------- The material in this document is NOT ment to encourage hacking, cracking or illegal entering to computer systems. The Swedish Hackers Association can NOT be blamed for any abuse caused by it. The Swedish Hackers Association is formed only to inform the public what hackers and hacking really mean, and to report all hacking news and events to the readers. <----------------------------------------------------------------------------> ALL MATERIAL IN THIS DOCUMENT ARE COPYRIGHTED (c) 1992 BY S.H.A. USE OF THIS DOCUMENT WITHOUT S.H.A. PERMISSION IS STRICTLY PROHIBITED UNDERGROUND BOARDS ACCEPTED BY S.H.A. ARE ALLOWED TO USE ALL S.H.A. FILES <----------------------------------------------------------------------------> & .H.A. ARE ALLOWED TO USE ALL S.H.A. FILES <--------------------------------------------------------------------------- .  ... g