This is a representation of someone's thought.
Thoughts cannot be owned or controlled.
You may modify this thought as you see fit.
many have attempted to censor the thoughts and ideas of this writer, none have succeeded.
...nor will they ever.
Before I get Started, I want to Thank a few people who have played key roles in the dissemination
of this information, or who have worked with me in the intelligence community, or who have kept
my secrets secret, even in the heat of disagreement.
IsmeeAllah, from Saudi Arabia. Sadena Meti. Jen (good 'ol estro-gen Jennifer), Two of Hearts,
Desperado, The Wiz, Mike Ficticious, Ma-Hadah-Raam, Mudge, Karioke, Baron Harkonnen, and
Habib the thief, without these hackers, I wouldn't be here with this information tonight.
And two IsmeeAllah and Sadena Meti, who have disappeared, I hope you guys are ok.
"In the rollover bug, we have developed a technology equivalent to natural forces. If it is anywhere,
it is everywhere, Nowhere at any time in human history has there existed such a problem."
This rollover bug has made the art of malicious hacking much easier, for two reasons.
The first reason is that script kiddies and other young hackers will be able to mask thier activities by
blaming the resulting computer malfuntions on the rollover bug. Even if it doesn't work, the simple
fact that these kids THINK they have a cover, will be enough for them to make thier attempts, and
the resulting havoc will be dispensed.
The second reason is that Governments and corporations here and abroad are allowing
unprecedented access to computers as programmers look to fix the rollover bug. There is an
anthology of security compromises, industrial espionage, and sabotage on critical systems all over
the place right now.
Outside the USA, there are programmers in India, Pakistan, Ireland and the Philippines, all doing
most of the world's Y2K upgrades. And EACH of these nations has issues with the United States
or a thriving underground of anti-American terrorist groups.
The Philippines was a base of operations for Osama bin Ladin, the guy who was the mastermind
behind the bombing of U.S. embassies in East Africa . The man is highly computer-savvy.
It's a simple matter for a programmer handling computer source code to install, undetected, a secret
entrance, or "back door," which can be used to gain access to a system to read sensitive
information, copy records, alter files, transfer money, or just bring it down.
I would like to make a quick distiction here between between script kiddies, hackers, and
computer security consultants. There are a lot of young people out there who are calling themselves
hackers. They are not hackers, they are script kiddies. A script kiddie takes a hacker's work, uses
it, then acts like he is some kind of super uberhacker. Real hackers invent a lot of thier own work.
I've done a lot of original stuff, some texts, some trojans, etc. A script kiddie is a kind of
pre-hacker. Script kiddies and hackers both can be computer security consultants, it's just that one
is likely to be a bit more saavy than the other.
Script kiddies are the type that will go in and deface a webpage, or examines the headers on an
email, or may actually forge an IP, or tear up a chat room. These are baby games. I'm going to be
talking about the plans of real hackers tonight, Hilly.
As people are aware, I was with the Central Intelligence Agency for a period of time during the
1980's. During that time I formed loose friendships with other hackers in Germany, Saudi Arabia,
and other countries. As I retired from the intelligence community, and as my associates retired from
thier respective organizations, we periodically continued our contacts, as well as we were able.
I got an email from an old contact of mine named Issmeallah.
It's a nice day here on December 9th 1999, I'm having a shot of Vodka while I'm online chatting
with friends, and I get a PGP encoded message, in Arabic, which says "Happy Ramadan", then
goes into a very detailed discription of a plan to basically destroy our civilization. It concerned
Amtrak and IMPA, which is one of Indiana's main power and gas companies, and some other
A muslim terrorist named Hafiz Mohammad Syed, head of the Lashkar-e-Tayaba group, had been
working very closely with Osama bin Ladin on a plan to use 20-30 Muslim terrorists hackers to do
damage to various infastructures within our country.
Lashkar-e-Tayaba, based in the eastern Punjab province, is fighting in Indian-held Kashmir to
make the Muslim province part of Pakistan. India is predominantly Hindu. The U.S. has already
withdrawn nearly half its diplomatic staff and all embassy families from Pakistan, and warned
American citizens against visiting the country.
You have probably encountered the term "LAN", which stands for Local Area Network. The
operative term here is LOCAL because the networking technology incorporated into Windows
called "NetBIOS" and "NetBEUI" and first designed more than fourteen years ago by IBM
This method received its first broad exposure in Microsoft's "MS-Net" product and then more
widely in "Windows for Workgroups." NetBIOS and NetBEUI were designed to run on small
LOCAL area networks. It was created way back before the Internet "happened" and it was meant
to be used within corporations, small "workgroups", and homes where everyone with access to the
computers on the LAN is playing on the same team.
As Microsoft's own Windows for Workgroups Resource Kit says, it's protocol is designed for use
on a departmental LAN of 20 to 200 workstations." (page 1-32)
Windows networking technology is based upon NetBIOS and NetBEUI, which were NEVER
designed to "go global". It wasn't ever meant to cope with foreign agents.
The Internet is incredibly powerful because it allows YOU to connect to "Internet Resources"
located anywhere in the world. When you "browse the web" your web browser is connecting to
web servers running on other people's machines and reading HTML files that have been prepared
But what you haven't been told is that this "Internet connectivity" is entirely reciprocal! As easily and
effortlessly as you're able to connect to any other server on the Internet, anyone else's computer
can connect to yours! It's true. I'm going to give you the address of a website which was put up by
a friend of mine, which will be able to demonstrate this interesting little fact.
The problem is that file and printer sharing services function by turning any PC wanting to share its
files into a file and printer server. When this trusting and sharing computer is connected to a
network, this "service" is naturally extended and made available to the all the other computers which
are also connected to the network. But when that network is THE INTERNET, suddenly your
computer is literally offering its files to every other computer in the world!
It's as if you kept making additions to your house until it covered the entire planet, then one day you
suddenly realize that your house if full of stranges going through your stuff.
Say "Thank You" to Microsoft, and thier callous attitude toward security.
The first cause: Most home computer users never bother to password protect their own computer
resources. It's a pain in the ass to have to "logon" to your own computer every time you want to use
it or to provide a password when connecting to a shared directory. So most people just leave their
passwords blank to make using their computers easier and quicker. But this means that anyone else
on the same network — and that means THE ENTIRE INTERNET if your computer is connected
to it! — can share your computer's resources by using the same BLANK password!
Windows NetBIOS networking technology does not require any sort of authorization to ask for
and receive any computer's private "networking" names, including the name of the current
logged-on user, the computer's own name and its workgroup. Such information is highly valuable to
Muslim terrorist preparing a break-in and is often used as a starting point by hackers planning an
You can get the passwords for a custom UNIX system right off the home computer of an
accountant, maintainance man, or secretary who uses the system. This is doubly true if the
employee ever used thier home computer to access the main system. The chain is only as strong as
the weakest link. A so-called "bulletproof" system can be accessed because the home computer
user would never dream that his computer would be a target of Muslim Extremists.
This is precisely how hundreds of passwords were obtained for various Amtrack systems, and for
the computer systems of other critical infrastructure in our country, including the Indiana Municipal
Power Agency. The passwords (or information leading to them) were pulled from individual
computers in the offices of Amtrak and IMPA, while the employees were web surfing.
IssmeAllah informed me that hacks are planned to attack the switching, routing, tracks, railroad
crossings and safety equipment on Amtak routes. I am no longer with the CIA. What I did was get
a hold of my contacts who were still in the Agency and tell them what was going on, in the event
that they didn't already know. I contacted Amtrak and spoke with thier security head. I also
contacted IMPA and informed them of this information that had made it's way to me.
Amtrak owns the tracks that it uses for its Northeast Corridor service, but in other parts of the
country it leases track access from freight railroads. These hacks could derail freight and passenger
trains, destroy cargo, and kill people.
Basically, as it turned out my info was useful insofar as the authorities were able to use it to fill in
certain holes that they had in thier own intelligence. The folks at Amtrak were contacted, and since
there is basically no time to go through computers looking for backdoors and other security holes,
Amtrak decided to take a somewhat drastic, but I believe wise, step.
Amtrak plans to suspend service just before midnight and keep the trains in the stations until an
all-clear shortly afterward. Since the whole idea was to use the rollover bug as cover for the
hacking activities, this action should thwart the attack, at least in Amtrak's case.
The suspension is going to affect about 50 trains. Because some of the trains must alter their
schedules significantly to be in stations at midnight, there's prolly going to be some significant delays,
but I PERSONALLY believe that a lot of lives are going to be saved. My hat is off to the good
people at Amrak, who decided to take this wise precaution..
INDIANA MUNICIPAL POWER AGENCY (IMPA) is the wholesale power provider for its
members, 32 publicly-owned utilities. These members provide electric service to approximately
150,000 households, businesses and industries across Indiana.
I tried talking to the security heads there, but so far I've gotten no response. I know that they know
about the problem, and I'm assuming that they are planning to take whatever precaustions will be
necessary to prevent blackouts or destroyed equipment.
Wrath of God Hand Delivered