Reign of Terror [ R o T ] presents... ============================= the art of TRASHING -------------- a how to guide for one of the most useful tools in hacking today ================================================ Written by: Deicide /\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\ THEORY BEHIND TRASHING: The whole theory behind trashing is that us H/P/C guys need information. And a lot of VERY useful information is thrown out daily. It is not thrown out because it is no longer valid, it is thrown out because the owner of the material no longer needs it or has use for it. The key here is that while the OWNER no longer has use for this information, you just might. In fact, you might have a lot of use for it. The key is to get this information, in the form of trash. WHAT TRASHING IS USEFUL FOR(INTRO): I said earlier that trashing is one of the most useful tools in hacking today. I also based this statement on looking through other peoples trash. If you have been hacking/phreaking/carding for a long time then you know what i'm talking about. If not, you are probably a bit confused. If you don't already know what i mean by valuable items being thrown out then you are most likely scratching your head(ass?) right now. People don't throw out Dual Standards or sacks of cash, right? Well, not usually, but they do throw out something even more valuable to us. Information. The currency of the underworld. Daily, workers and administrators alike unwittingly throw out material which is potentially harmful and/or deadly to their business and its customers. This is because they a: don't realize the potential harmfulness of the information thrown out b: don't think a hacker would ever search through THEIR garbage Very few companies ever paper-shred sensitive information, a flaw which they might never discover and which you can exploit continually, for those two reasons mentioned above. Examples of places to trash & info you can find there is the subject of the next section. WHAT IS TRASHING USEFUL FOR(REGULAR BUSINESS): This section is based on businesses where you can apply trashing and what you might expect to find there. Deparment Stores: The main objective of trashing at departments stores is to obtain as many Credit Card carbon copy slips as possible. You will find huge amount of them, as 50-75% of the purchases made at the large department stores(such as Sears, JC Penney, etc..) are made with credit cards. A number of copies of each purchase made with a CC are kept on carbons, to my knowledge one is always thrown out. The carbons contain such useful info as - Credit Card Numbers - Expiration Date - Customers Signature. Credit card #'s are needed to card items(duh..) and are good for trading for AT&T's, system acct's, etc for people who are too lazy to go trashing themselves. Gas Stations : The same type of thing can be found at gas stations, but unfortunely quite a few stations accept only store specific cards, which aren't nearly as useful. But a lot less excess trash gets thrown out at gas stations, which makes the searching easier. Credit Bureau's : Famous for TRW printouts. If you hack at all you know about it. Not good for too much else, card numbers are display but the extra code which is standard on most credit bureau's is shadowed over. Other companies : You will be able to pick up CC carbons at many other stores as well, the possibilities are endless, but the main focus of this section is for the hacking aspect of trashing. A large number of small to major businesses run on computers. A large percentage of these computers have dialin data numbers. These numbers are frequently contained in printouts of the company's computers, look for them. Also, if you want to go farther as far as hacking, or you already have the modem number, you will often find workers & administrator names + home and office phone numbers. These are very useful for social engineering. Sometimes you will find entire username & pword lists written down, or even just one id + password thrown out by a careless employee, these will cut hacking time severly. WHAT IS TRASHING GOOD FOR(TELCO.): And now we come to one of my favorite subjects ever: trashing at the Telephone company. So many people/groups have gained fame from information gained by trashing at the local telco. you think they would have caught on by now and raised security measures. But no, it is a still applicable trade world wide. To name a few of the more famous trashers: LOD & Kevin Mitnick. Both gained information not accessible to the most accomplished social engineerer. You can expect to find many invaluable pieces of information, some examples are: - Calling Card Numbers : Usually written on memo's, phone #'s + 4 digit number - Misc. system dialins & PBXes, etc. : Written on memos - Telco. Dialins : Obviously very useful, usually the system/OS name accompanied by a phone # - Tech info : Miscallaneous technical info printed in manuals, user help sheets, admin help sheets, etc. Can be extremely useful to find system flaws, etc. - Telco system printout: These common finds can help you determine any number of things, including user names system types, etc. - Worker/Administrator names, phone numbers : Essential for social engineering. - Access codes/pwords : Occasionally a not-too-bright Telco. employee will write down his name and password on a sheet of paper. A very valuable find. - Security memos : Telco. security will often write each other and their superviors notes on what they are working on, what they have found, pending bust dates, etc. Or the other way round, with managers assigning cases. Although frequently boring/pointless memos will be found, this might just save your ass one day, if you see you or your friend's name/number with "being traced/tracked" or "bust/raid date" beside it then you can bury your notes/disks and run for your life knowing you did the right thing. WHERE TO(FINDING THE SITE): Now, while finding a department store/computer store to trash at may be pretty easy, finding a telco. installation can sometimes be more difficult. First of all, you normally want to hit the Telco. offices, as while the switching stations might have cool tech manuals they won't have much else. And i've found as a rule that for some reason switching stations are better secured. Sometimes the offices are clearly marked(a big AT&T sign is usual a signal that you found it), but occasionally your Telco. office will only be marked by a small sign, or none at all. If this is the case, you can either: a) Request a tour(they do give em) b) Request the land/building permit or whatever works in your town for your telco. offices from a local govt. building(they'll usually tell you where and what to ask for if you ask politely). Don't be all nervous and shit about this, it is completely legal and within your rights, so don't get worried. Just don't act suspicious and it'll go fine. The document will tell you the exact location of the building site. HOWTO(TRASHING!): - Plan it! : The most essential part to any plan is the planning stage. Without proper planning you are just asking for disaster, especially where crime is concerned. Plan it carefully! Scout the site first so you know what you need to carry out the operation. The first time is always the hardest, after that you know how it goes. Equipment you might need: Gloves, flashlight wire/bolt cutters, hammer, garbage bags. Have an escape plan set up if something goes wrong. Even the best plan can be fucked up by bad luck. The best vehicle to use would be a pickup truck, just throw the bags in the back and drive away. Other vehicles work as well, van's work equally as well. - Timing : Also essential for a smooth job, timing involves foresight,planning and luck. The luck part you can't help, but the foresight and planning you can. Go very late at night, you can't risk being spotted by a Telco. employee, or for that matter anyone else while trashing. (it IS a B&E which IS a crime). Don't go on bingo night or whatever when there are tons of people about. Plan it out before hand, so that it only takes you a minute to get what you want and get out. - People : Keep the number of people involved to a minimum, 3 involved is usually the best rule. One to jump the fence & grab the bags, one to receive the relays of the bags from the person behind the gate, and one to stay in the vehicle. This works out especially good as the person in the vehicle can signal to the others if someone is coming. The guy behind the gate can hide (easy at night if done quickly enough) and the relay man can pretend to be fixing the vehicle. If the person raises suspicions about your actions just tell them that you are fixing the vehicle. If he stills seems suspicious and wanders off to tell a cop (you can usually tell) then just get the fence-jumper to come back over, then just drive out normally, no tire squealing etc. - Fenced? : Although some installations have no fence at all, Barbwire?? many do, and it can be an unpleasant experience for the uninitiated during their first barbed-wire fence climbing. First of all, don't cut the fucking wire. I have seen so many people brag "we cut the bitchin wire right off" or "we made the hugest hole in da fence". Right on d00d! Now the security people think there has been a break in and they call the police. At the very least they usually install better security. Instead of wasting your time, just jump the fence. Take the most agile member of the group and either: a) back vehicle up against the fence so he can hurdle it. (be careful. barb wire + limb=pain) b) have him simply climb it. If the fence has the slanted barb wire then you might have a problem. The hurdling would be the best procedure then, but if climbing is a must, look for the corner of the installation. Frequently the barbedwire will go back straight right at the point of entry into the wall. Sometimes a post will be right there as well, aiding you in the climb. Straight barbed wire is much easier to climb. When you climb over, make sure the relay man is underneath you in case you fall/slip. - Locked? : If the dumpster's locked, it makes the job a whole lot less pleasant. If you or a friend can pick locks than your problem is solved, if not, there are tons of G-Philes out on lockpicking, although it takes a long time to learn the skill. If you want to do the job though, you are going to have to do it a lot less frequently. A sharp hammerblow to the top of the lock or a pair of boltcutters should do the job. When you are done take the broken lock with you. This will fool them once or twice(some joe blow employee lost the lock or something) but will eventually make even Telco. employees suspicious. - What to : There are two places to initially start your search, Look for the hardware bin and the dumpster. The hardware bin contains such things as wire's, broken hardware parts busted RS-232's etc. Kinda interesting for hardware buffs. The main score is in the dumpster. Pop it open and grab the bags. Throw em to the relay man. Leave. - Extra : Occasionally the installations will have extra Security security measures such as motion-detectors or cameras. To my knowledge if the video images are not valid as evidence in a court of law if a sign stating the presence of such cameras on the premise does not exist, as this violates the thief's rights. So you should know if they have a camera. If they don't have a sign, don't worry about it, they can't use it as evidence. A BAD EXAMPLE OF A TRASHING RUN(FROM RoT EXPERIENCE) 11:30 Scouted premises. Sign stating cameras + electronic sensors on premises noted. Good security. High fences with good quality barbed wire. Deicided to go through with it, just do it fast with masks. 11:45 Vehicles placed in position. Security forced an entry through multiple backyards to get to a fence which allowed us to avoid the security camera. 11:47 2 members made a run through the yards, made it to the fence. Ready. 11:50 Lord IBM jumped the fence, and was now waiting for Deicide to do the same. Deicide was half-way over when a figure stepped out from behind the furnace where he was doing maintenance(at 11:50????) and yelled "What the hell are you doing!". Luckily, Lord IBM is a top Canadian martial artist and responded with a sharp blow to temple. We proceeded to get the fuck outta there. Our not-so-bright rides took off with squealing tires(bad idea), but we made the escape. A GOOD EXAMPLE OF TRASHING RUN(FROM RoT EXPERIENCE) 11:30 Scouted premises. No signs noted. Fence with slanted barbed wire noted. Looked in corner of installation:Straight barbed wire. Garbage bin right near fence. Hardware bins right near fence. Jumping spot hidden by tree cover. Garbage bin unlocked. 11:50 Car + truck put in position. 11:54 Deicide jumps the fence. 11:54 Deicide looks in hardware bins, grabs wire and relays it to Lord IBM, who relays it to truck. 11:54 Car drives through lot, signal given, Deicide hides & Lord IBM pretends to work on truck. 11:55 All Clear signal given. 11:55 Deicide jumps in bin, throws 3 bags to Lord IBM who relays it to truck. 11:55 Deicide jumps out and climbs fence. The four participants leave site in the two vehicles. No problems. Time elapsed : 2 minutes Items recovered: Various maintenance phone #'s Technical sheets 1 system manual(small) 1 complete employee payroll list(w/phone #'s, addresses, SIN(SSN in the U.S.) and job function) Various administrator/manager names/phone numbers 1 Access Code Various system info 1 Telco. dialin CONCLUSION I hope you find this useful, give it a try, you won't regret it. For any questions or comments you can find me at the RoT HQ's. Call them for the latest in H/P/A/C/V + the [RoT] G-Philes and programs as they come out. --= RoT WHQ =-- --= RoT USHQ =-- 6 ŸîîT š¤DäR the Cellar [604] 824-0317 [401] PRI-VATE