Wilfried Hafner of Securstar former hacker ?
hli...@dds.nl
Onderwerp:P3
Nieuwsgroepen:alt.2600.moderated
View: Complete Thread (2 articles) | Original Format
Datum:1997/05/12
.oO Phrack 50 Oo.
Volume Seven, Issue Fifty
3 of 16
// // /\ // ====
// // //\\ // ====
==== // // \\/ ====
/\ // // \\ // /=== ====
//\\ // // // // \=\ ====
// \\/ \\ // // ===/ ====
------------------------------------------------------------------------------
German Hacker "Luzifer" convicted by SevenUp / s...@sec.de
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
SYNOPSIS
========
On February 5th, 1997, Wilfried Hafner aka "Luzifer" was sentenced to
three years incarceration - no parole, no probation. I've got the
story
for you right from the courtroom in Munich, Germany. This is one of
the
first ever cases in which a hacker in Germany actually gets convicted,
so
it's particularly interesting. (Although the court and I use the term
"hacking", this is actually a case of unethical electronic fraud.)
LUZIFER
=======
Wilfried Hafner (Luzifer) was born on April 6, 1972, in Breschau
Italy.
According to his own circulum vitae, which he quoted in court himself,
he's been a pretty smart guy: He started programming at 8 years,and
cracked
about 600 Commodore programs, at 14, got a modem and then started a
BBS.
In 1990 he was blueboxing to some overseas partylines to communicate
with
others. But he didn't seem to use any other "elite" chat systems like
x.25
or IRC, so most people (including myself) didn't know him that well.
In
1992 he moved to South Germany to goto school.
WHAT HE DID
===========
Luzifer set up some overseas partylines in the Dominican Republic,
Indonesia, The Philippines, and Israel. Some lines included live
chat,
but most were just sex recordings. Then he used a local company PBX
(a
Siemens Hicom 200 model), from his homeline, which was only
"protected"
by a one digit code, to dialout to his partylines and his girlfriend
in
Chile. He also was blueboxing (which the prosecution calls
"C5-hacking")
from five lines simultaneously, mostly via China. To trick the
partyline
provider and overseas telcos (who are aware of computer-generated
calls)
he wrote a little program that would randomize aspects of the calls
(different calling intervals and different durations for the calls).
He got arrested the first time on 03/29/95, but was released again
after
13 days. Unfortunately he restarted the phreaking right away. If
he'd
had stopped then, he would just have gotten 1 year probation.
However, he
was arrested again in January 1996, and has been in prison since.
Here are some numbers (shouts to Harper(tm)'s Index):
- Number of logged single phone connections: 18393
- Profit he makes for 1 min. partyline calls: US$ 0.35 - 0.50
- Total Damage (= lost profit of telco): US$ 1.15 Million
- Money that Luzifer got from the partylines: US$ 254,000
- Paragraph in German Law that covers this fraud: 263a StG
- Duration of all calls, if made sequentially: 140 days
THE TRIAL
=========
This trial was far less spectacular than OJ's. While 7 days had been
scheduled, the trial was over after the second day. The first day
went
quite quick: The court didn't have enough judges available (two were
present,
but three required), so it had to be postponed after some minutes.
At the second day, both, the prosecution and Luzifers two lawyers,
made
a deal and plead guilty for three years prison (but no financial
punitive).
In Germany, all sentences over two years cannot be carried out on
probation.
But he has been allowed the use of a notebook computer. Rumor has it
that
he might be get an "open" execution, meaning that he has to sleep in
the
prison at night, but can work or study during the day.
The deal looked like the prosecution dropped all counts (including
the one abusing the PBX in the first place) but two: one for the
blueboxing
before getting arrested, and one count for blueboxing afterwards.
They don't
treat all 18393 connections as a separate count, but just each start
of the
"auto-call-program".
QUOTES
======
Here are some interesting and funny quotes from the trial:
"Just for fun and technical curiosity" - Defendant
"Wouldn't one line be enough for technical experience"? - Judge
"I ordered 21 lines, but just got 5" - Defendant
"Lots of criminal energy" - Prosecutor
"He's obsessed and primarily competing with other hackers" - Lawyer
"A generation of run down computer kids" - Prosecutor
"He may keep the touchtone dialer, but we cannot return his laser fax,
because the company's PBX number is stored in its speedial" -
Prosecutor
"Myself and the Telekom have learned a lot" - Prosecutor
"New cables must be installed, new satelites have to be shot into the
air"
- Prosecutor about the consequences of used up trunks and intl.
lines
"The German Telekom is distributing pornography with big profits" -
Lawyer
Shaun Hollingworth
>WHAT HE DID
>===========
>Luzifer set up some overseas partylines in the Dominican Republic,
>Indonesia, The Philippines, and Israel. Some lines included live
>chat,
Aren't there just some people who want to do nothing but dig up the
dirt on folk....
Given that Mr. Hafner enjoys a fine reputation both as a former
hacker, and now widely respected secuirty consultant, isn't he going
to be a good influence on the design of DriveCrypt ?
I certainly think so,and the product wouldn't have advanced anywhere
near as much as it has recently, without his input, for which I am
very grateful.
Regards,
Shaun.