1. Главная
  2. Книги
  3. Sterling Bruce
  4. The Hacker Crackdown
  5. Страница 71
Выбрать главу

There are no access codes in the Document. There are no computer passwords. It does not explain how to steal long distance service. It does not explain how to break in to telco switching stations. There is nothing in it about using a personal computer or a modem for any purpose at all, good or bad.

Close study will reveal that this document is not about machinery. The E911 Document is about *administration.* It describes how one creates and administers certain units of telco bureaucracy: Special Service Centers and Major Account Centers (SSC/MAC). It describes how these centers should distribute responsibility for the E911 service, to other units of telco bureaucracy, in a chain of command, a formal hierarchy. It describes who answers customer complaints, who screens calls, who reports equipment failures, who answers those reports, who handles maintenance, who chairs subcommittees, who gives orders, who follows orders, *who* tells *whom* what to do. The Document is not a "roadmap" to computers. The Document is a roadmap to *people.*

As an aid to breaking into computer systems, the Document is *useless.* As an aid to harassing and deceiving telco people, however, the Document might prove handy (especially with its Glossary, which I have not included). An intense and protracted study of this Document and its Glossary, combined with many other such documents, might teach one to speak like a telco employee. And telco people live by *speech* -- they live by phone communication. If you can mimic their language over the phone, you can "social-engineer" them. If you can con telco people, you can wreak havoc among them. You can force them to no longer trust one another; you can break the telephonic ties that bind their community; you can make them paranoid. And people will fight harder to defend their community than they will fight to defend their individual selves.

This was the genuine, gut-level threat posed by *Phrack* magazine. The real struggle was over the control of telco language, the control of telco knowledge. It was a struggle to defend the social "membrane of differentiation" that forms the walls of the telco community's ivory tower -- the special jargon that allows telco professionals to recognize one another, and to exclude charlatans, thieves, and upstarts. And the prosecution brought out this fact. They repeatedly made reference to the threat posed to telco professionals by hackers using "social engineering."

However, Craig Neidorf was not on trial for learning to speak like a professional telecommunications expert. Craig Neidorf was on trial for access device fraud and transportation of stolen property. He was on trial for stealing a document that was purportedly highly sensitive and purportedly worth tens of thousands of dollars.

#

John Nagle read the E911 Document. He drew his own conclusions. And he presented Zenner and his defense team with an overflowing box of similar material, drawn mostly from Stanford University's engineering libraries. During the trial, the defense team -- Zenner, half-a-dozen other attorneys, Nagle, Neidorf, and computer-security expert Dorothy Denning, all pored over the E911 Document line-by-line.

On the afternoon of July 25, 1990, Zenner began to cross-examine a woman named Billie Williams, a service manager for Southern Bell in Atlanta. Ms. Williams had been responsible for the E911 Document. (She was not its author -- its original "author" was a Southern Bell staff manager named Richard Helms. However, Mr. Helms should not bear the entire blame; many telco staff people and maintenance personnel had amended the Document. It had not been so much "written" by a single author, as built by committee out of concrete-blocks of jargon.)

Ms. Williams had been called as a witness for the prosecution, and had gamely tried to explain the basic technical structure of the E911 system, aided by charts.

Now it was Zenner's turn. He first established that the "proprietary stamp" that BellSouth had used on the E911 Document was stamped on *every single document* that BellSouth wrote -- *thousands* of documents. "We do not publish anything other than for our own company," Ms. Williams explained. "Any company document of this nature is considered proprietary." Nobody was in charge of singling out special high-security publications for special high-security protection. They were *all* special, no matter how trivial, no matter what their subject matter - - the stamp was put on as soon as any document was written, and the stamp was never removed.

Zenner now asked whether the charts she had been using to explain the mechanics of E911 system were "proprietary," too. Were they *public information,* these charts, all about PSAPs, ALIs, nodes, local end switches? Could he take the charts out in the street and show them to anybody, "without violating some proprietary notion that BellSouth has?"

Ms Williams showed some confusion, but finally agreed that the charts were, in fact, public.

"But isn't this what you said was basically what appeared in *Phrack?*"

Ms. Williams denied this.

Zenner now pointed out that the E911 Document as published in Phrack was only half the size of the original E911 Document (as Prophet had purloined it). Half of it had been deleted -- edited by Neidorf.

Ms. Williams countered that "Most of the information that is in the text file is redundant."

Zenner continued to probe. Exactly what bits of knowledge in the Document were, in fact, unknown to the public? Locations of E911 computers? Phone numbers for telco personnel? Ongoing maintenance subcommittees? Hadn't Neidorf removed much of this?

Then he pounced. "Are you familiar with Bellcore Technical Reference Document TR-TSY-000350?" It was, Zenner explained, officially titled "E911 Public Safety Answering Point Interface Between 1-1AESS Switch and Customer Premises Equipment." It contained highly detailed and specific technical information about the E911 System. It was published by Bellcore and publicly available for about $20.

He showed the witness a Bellcore catalog which listed thousands of documents from Bellcore and from all the Baby Bells, BellSouth included. The catalog, Zenner pointed out, was free. Anyone with a credit card could call the Bellcore toll-free 800 number and simply order any of these documents, which would be shipped to any customer without question. Including, for instance, "BellSouth E911 Service Interfaces to Customer Premises Equipment at a Public Safety Answering Point."

Zenner gave the witness a copy of "BellSouth E911 Service Interfaces," which cost, as he pointed out, $13, straight from the catalog. "Look at it carefully," he urged Ms. Williams, "and tell me if it doesn't contain about twice as much detailed information about the E911 system of BellSouth than appeared anywhere in *Phrack.*"

"You want me to...." Ms. Williams trailed off. "I don't understand."

"Take a careful look," Zenner persisted. "Take a look at that document, and tell me when you're done looking at it if, indeed, it doesn't contain much more detailed information about the E911 system than appeared in *Phrack.*"

"*Phrack* wasn't taken from this," Ms. Williams said.

"Excuse me?" said Zenner.

"*Phrack* wasn't taken from this."

"I can't hear you," Zenner said.

"*Phrack* was not taken from this document. I don't understand your question to me."

~ 71 ~