This is a representation of someone's thought. Thoughts cannot be owned or controlled. You may modify this thought as you see fit. many have attempted to censor the thoughts and ideas of this writer, none have succeeded. ...nor will they ever.





Before I get Started, I want to Thank a few people who have played key roles in the dissemination of this information, or who have worked with me in the intelligence community, or who have kept my secrets secret, even in the heat of disagreement.

IsmeeAllah, from Saudi Arabia. Sadena Meti. Jen (good 'ol estro-gen Jennifer), Two of Hearts, Desperado, The Wiz, Mike Ficticious, Ma-Hadah-Raam, Mudge, Karioke, Baron Harkonnen, and Habib the thief, without these hackers, I wouldn't be here with this information tonight.

And two IsmeeAllah and Sadena Meti, who have disappeared, I hope you guys are ok.

"In the rollover bug, we have developed a technology equivalent to natural forces. If it is anywhere, it is everywhere, Nowhere at any time in human history has there existed such a problem."

This rollover bug has made the art of malicious hacking much easier, for two reasons.

The first reason is that script kiddies and other young hackers will be able to mask thier activities by blaming the resulting computer malfuntions on the rollover bug. Even if it doesn't work, the simple fact that these kids THINK they have a cover, will be enough for them to make thier attempts, and the resulting havoc will be dispensed.

The second reason is that Governments and corporations here and abroad are allowing unprecedented access to computers as programmers look to fix the rollover bug. There is an anthology of security compromises, industrial espionage, and sabotage on critical systems all over the place right now.

Outside the USA, there are programmers in India, Pakistan, Ireland and the Philippines, all doing most of the world's Y2K upgrades. And EACH of these nations has issues with the United States or a thriving underground of anti-American terrorist groups.

The Philippines was a base of operations for Osama bin Ladin, the guy who was the mastermind behind the bombing of U.S. embassies in East Africa . The man is highly computer-savvy. It's a simple matter for a programmer handling computer source code to install, undetected, a secret entrance, or "back door," which can be used to gain access to a system to read sensitive information, copy records, alter files, transfer money, or just bring it down.

I would like to make a quick distiction here between between script kiddies, hackers, and computer security consultants. There are a lot of young people out there who are calling themselves hackers. They are not hackers, they are script kiddies. A script kiddie takes a hacker's work, uses it, then acts like he is some kind of super uberhacker. Real hackers invent a lot of thier own work. I've done a lot of original stuff, some texts, some trojans, etc. A script kiddie is a kind of pre-hacker. Script kiddies and hackers both can be computer security consultants, it's just that one is likely to be a bit more saavy than the other.

Script kiddies are the type that will go in and deface a webpage, or examines the headers on an email, or may actually forge an IP, or tear up a chat room. These are baby games. I'm going to be talking about the plans of real hackers tonight, Hilly.

As people are aware, I was with the Central Intelligence Agency for a period of time during the 1980's. During that time I formed loose friendships with other hackers in Germany, Saudi Arabia, and other countries. As I retired from the intelligence community, and as my associates retired from thier respective organizations, we periodically continued our contacts, as well as we were able. I got an email from an old contact of mine named Issmeallah.

It's a nice day here on December 9th 1999, I'm having a shot of Vodka while I'm online chatting with friends, and I get a PGP encoded message, in Arabic, which says "Happy Ramadan", then goes into a very detailed discription of a plan to basically destroy our civilization. It concerned Amtrak and IMPA, which is one of Indiana's main power and gas companies, and some other critical systems.

A muslim terrorist named Hafiz Mohammad Syed, head of the Lashkar-e-Tayaba group, had been working very closely with Osama bin Ladin on a plan to use 20-30 Muslim terrorists hackers to do damage to various infastructures within our country.

Lashkar-e-Tayaba, based in the eastern Punjab province, is fighting in Indian-held Kashmir to make the Muslim province part of Pakistan. India is predominantly Hindu. The U.S. has already withdrawn nearly half its diplomatic staff and all embassy families from Pakistan, and warned American citizens against visiting the country.

You have probably encountered the term "LAN", which stands for Local Area Network. The operative term here is LOCAL because the networking technology incorporated into Windows called "NetBIOS" and "NetBEUI" and first designed more than fourteen years ago by IBM

This method received its first broad exposure in Microsoft's "MS-Net" product and then more widely in "Windows for Workgroups." NetBIOS and NetBEUI were designed to run on small LOCAL area networks. It was created way back before the Internet "happened" and it was meant to be used within corporations, small "workgroups", and homes where everyone with access to the computers on the LAN is playing on the same team.

As Microsoft's own Windows for Workgroups Resource Kit says, it's protocol is designed for use on a departmental LAN of 20 to 200 workstations." (page 1-32)

Windows networking technology is based upon NetBIOS and NetBEUI, which were NEVER designed to "go global". It wasn't ever meant to cope with foreign agents.

The Internet is incredibly powerful because it allows YOU to connect to "Internet Resources" located anywhere in the world. When you "browse the web" your web browser is connecting to web servers running on other people's machines and reading HTML files that have been prepared for you.

But what you haven't been told is that this "Internet connectivity" is entirely reciprocal! As easily and effortlessly as you're able to connect to any other server on the Internet, anyone else's computer can connect to yours! It's true. I'm going to give you the address of a website which was put up by a friend of mine, which will be able to demonstrate this interesting little fact.

The problem is that file and printer sharing services function by turning any PC wanting to share its files into a file and printer server. When this trusting and sharing computer is connected to a network, this "service" is naturally extended and made available to the all the other computers which are also connected to the network. But when that network is THE INTERNET, suddenly your computer is literally offering its files to every other computer in the world!

It's as if you kept making additions to your house until it covered the entire planet, then one day you suddenly realize that your house if full of stranges going through your stuff.

Say "Thank You" to Microsoft, and thier callous attitude toward security. The first cause: Most home computer users never bother to password protect their own computer resources. It's a pain in the ass to have to "logon" to your own computer every time you want to use it or to provide a password when connecting to a shared directory. So most people just leave their passwords blank to make using their computers easier and quicker. But this means that anyone else on the same network and that means THE ENTIRE INTERNET if your computer is connected to it! can share your computer's resources by using the same BLANK password!

Windows NetBIOS networking technology does not require any sort of authorization to ask for and receive any computer's private "networking" names, including the name of the current logged-on user, the computer's own name and its workgroup. Such information is highly valuable to Muslim terrorist preparing a break-in and is often used as a starting point by hackers planning an attack!

You can get the passwords for a custom UNIX system right off the home computer of an accountant, maintainance man, or secretary who uses the system. This is doubly true if the employee ever used thier home computer to access the main system. The chain is only as strong as the weakest link. A so-called "bulletproof" system can be accessed because the home computer user would never dream that his computer would be a target of Muslim Extremists.

This is precisely how hundreds of passwords were obtained for various Amtrack systems, and for the computer systems of other critical infrastructure in our country, including the Indiana Municipal Power Agency. The passwords (or information leading to them) were pulled from individual computers in the offices of Amtrak and IMPA, while the employees were web surfing.

IssmeAllah informed me that hacks are planned to attack the switching, routing, tracks, railroad crossings and safety equipment on Amtak routes. I am no longer with the CIA. What I did was get a hold of my contacts who were still in the Agency and tell them what was going on, in the event that they didn't already know. I contacted Amtrak and spoke with thier security head. I also contacted IMPA and informed them of this information that had made it's way to me.

Amtrak owns the tracks that it uses for its Northeast Corridor service, but in other parts of the country it leases track access from freight railroads. These hacks could derail freight and passenger trains, destroy cargo, and kill people.

Basically, as it turned out my info was useful insofar as the authorities were able to use it to fill in certain holes that they had in thier own intelligence. The folks at Amtrak were contacted, and since there is basically no time to go through computers looking for backdoors and other security holes, Amtrak decided to take a somewhat drastic, but I believe wise, step.

Amtrak plans to suspend service just before midnight and keep the trains in the stations until an all-clear shortly afterward. Since the whole idea was to use the rollover bug as cover for the hacking activities, this action should thwart the attack, at least in Amtrak's case.

The suspension is going to affect about 50 trains. Because some of the trains must alter their schedules significantly to be in stations at midnight, there's prolly going to be some significant delays, but I PERSONALLY believe that a lot of lives are going to be saved. My hat is off to the good people at Amrak, who decided to take this wise precaution..

INDIANA MUNICIPAL POWER AGENCY (IMPA) is the wholesale power provider for its members, 32 publicly-owned utilities. These members provide electric service to approximately 150,000 households, businesses and industries across Indiana.

I tried talking to the security heads there, but so far I've gotten no response. I know that they know about the problem, and I'm assuming that they are planning to take whatever precaustions will be necessary to prevent blackouts or destroyed equipment.

Archangel
Wrath of God Hand Delivered