Slashdot Mirror
Las Vegas's Seedy Technical Underbelly
An unsigned submission notes: "Kevin Poulsen's new article on cybercrime in Vegas features tons of cool stuff from pimps, prostitutes, and Gambino family mob hits to an explanation of Sprint's telephone infrastructure. Check it out at SecurityFocus ..." This stuff is worthy of a book.
Just a thought to ponder on. My thoughts tread on the idea that someone has a person on the inside of Sprint or whatever telephone company. And they have access to the CCS7 linking which is the network used before having a trunk actually used up for calls, and is the network that sends busy signals and/or they have made sure any call routed to his number through the switch(from a local number) is ignored or rerouted. They wouldn't be able to touch the LD stuff, because the IXC would probably become suspicious of calls being rerouted all the time, if this said insider has access to the IXC equipement(if it's a different carrier, then there would be no way to touch it).
1.) You'll fail the first time you take it because you don't know what you're doing.
2.) You'll fail the second time you take it because you think you know what you're doing.
3.) You pass the third time you take it because you know you don't know what you're doing, but you've seen it enough times to be comfortable accepting it.
A little bit of history. The scheme in this article goes way, way back. And brought us the first automated phone switch. The guy(can't remember his name off the top of my head) who invented the switch was not an electrical engineer, he was a mortician and whenever someone called his place, the operator(who was the wife of a rival mortician) would route the calls to her husband. So the first mortician went about designing and developing the first automated phone switching system.
You know, for a place that hosts Comdex and DefCon, a lot of computer people don't seem to realize how tech-driven Las Vegas really is.
I'm not even going to go into the major stuff-- like the huge video billboards, the amazingly cool video poker games (looks like a ghost with gloves is dealing your cards, etc.), or what controls all those modern roller coasters and animatronics shows. Oh, no. I'm going into the seemingly mundane stuff that is STILL cool.
For one thing, consider the accounting methods. The State of Nevada has some *tough* requirements on pay-out, odds-tracking, etc. for slot machines and other games. Not only are we talking about ledgers, here, but also advanced statistical bookkeeping. So it isn't surprising that there's a booming mini-industry in accounting and statistical packages specifically targetting the casino business.
Not only that, but usage statistics become critical (hey, why does everybody play poker in the evening, slots in the morning?). If a game isn't playing well (nobody likes it), a casino will dump it in favor of a more popular game. So software to track usage is a big deal, too. And demographic information is used a lot, too(old people like slots, right?).
Then we can talk about the various shops and attractions. Ever visit the forum shops? Ever imagine how much goes in to making the lights all dim or brighten at the same time? How about turning the sky from day into night? And let's not forget the fountains and other novelties.
Vegas really has some cool tech under the hood. That's mainly because casino owners are smart folks-- they know how to use technology to their advantage, and don't mind paying for the privilege.
All Your Hookers Are Belong To Us
Perhaps this is their "Crisis Week," and they are running under-resourced to calibrate how fast their servers will go into "Crisis Mode" (read Alzheimer's Mode).
--
--
"Outlook not so good." That magic 8-ball knows everything! I'll ask about Exchange Server next.
Las Vegas if you want to keep the money you make.
Huh? Last time I went to Vegas, I LOST almost all the money I made. They don't call it "Lost Wages" for nothing.
--
--
"Outlook not so good." That magic 8-ball knows everything! I'll ask about Exchange Server next.
Pimps, prostitutes, mob hits, and the Sprint infrastructure...
I got woken up by a guy with a vaguely New York accent wanting for me to change long distance plans, and implying that without that level of "protection," something terrible could happen during my next telephone call. Now it all makes sense.
You cannot apply a technological solution to a sociological problem. (Edwards' Law)
I remember hearing about a similar sleazy operation against a food-delivery service in Boston. It seems that the scumbag running one delivery service re-directed his competitor's mail (US Mail, that is) to somewhere were it got lost, and it put the poor guy out of business (he never got his bills, etc.)
This kind of thing needs to be treated as a criminal matter, not just a grounds for civil litigation.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
I think that "clueless" bit is true of almost any telco. In my experience, people don't read manuals. I know for a fact that there is significant documentation from Nortel. So much so they no longer print it (we have too few trees on this planet as it is.) And, I prefer electronic documentation -- it's hard to grep a notebook.
My former boss loved not having to teach me to do things... show me a problem and tell me where I can find the manual.
There are two ways to get a long-term, statistically valid edge over the casino, as far as I know. 1. Learn card counting and play blackjack.. www.cardcounter.com and www.bj21.com are good places to start. 2. Play video poker. Learn the correct strategy and look for games with payouts near 100% (or over) long-term. Combined with comps, you can come out ahead.
---
DO NOT DISTURB THE SE
thanks for backing me up. Also, don't forget counting cards at blackjack. Thorpe, Uston, Wong and others are/were "hackers" in the true sense of the word.
Thorpe's legnedary book "beat the dealer" was based on trials of thousands of hands on a mainframe simulator. These guys today can run simulations of billions of hands. Card counting isn't THAT hard, and it's kind of fun that the casinos will kick you out for it (but IT IS NOT ILLEGAL), giving it a real "james bond" feel.
That being said, you have to have a huge bankroll and play a LOT to make any money. I do it strictly as a hobby (and don't even count all the time while in vegas).
bj21.com is a great place to start about the world of card counting. Cardcounter.com isn't bad either.
---
DO NOT DISTURB THE SE
I can see why www.securityfocus.com has been /.ed. But why has www.vegasgirls.com been /.ed ?
Slashdot: Tabloid for the nerds. Stuff that doesn't matter.
One really wonders then what kind of other devices are so easily accessible, and what all they let you do. This case with the CALRS system really scares me. And the only level of security there is obscurity.
If programs would be read like poetry, most programmers would be Vogons.
"... and nobody but us is allowed to screw visitors to Las Vegas."
-- fencepost
fencepost
just a little off
It was close to being slashdotted. Still, I found a unique banner ad, which read:
Boy, those security focus people sure do take their security seriously!
Data mining his caller ID info should tell him where in the network his calls are being diverted. And he should probably have an autodialer dialing his own numbers every 10 minutes or so as a check.
And, no, I'm not affiliated with them, YMMV, IANAL, IIRC, etc.
--
Friends don't let friends use multiple inheritance.
The Watchman: The Twisted Life and Crimes of Serial Hacker Kevin Poulsen.
~alisdair
And you wonder why the dot.coms went down in flames??
I wish my phone calls to tech support got rerouted to a rival who wanted my business and would get their people on the job first. So, where do we sign up?
The Blaster Master Fighting for Truth, Justice, and Evil Pie since 1979
Anyone who read the article and saw this and still believes it's a conspiracy instead of just plain crappy/overloaded service has got to be a serious paranoid.
Jeebus on a pogo stick! 23/205 failed? That's a crazy nuts percentage! And it's not just Sprint either. Now they may have vulnerabilities to people like Mitnick, but that's different than simple overload.
Steven
-- I have marked myself unwilling to moderate-- I don't have other accounts to artificially inflate the karma of
or did we just DDoS a security website? You would think they'd have some process in place to stop things like this.
Steven
-- I have marked myself unwilling to moderate-- I don't have other accounts to artificially inflate the karma of
Here's a synopsis of the article.
Pimp: Some jerk is buying/threatening/hacking the telco so they'll redirect my calls to some other pimp! Wah!
Telco: We've spent time and resources on these complaints and we haven't found any foul play. Most test calls go through fine and the ones which don't look like ordinary errors.
Kevin Mitnick: The Telcos are so freaking stupid it's not funny. I blackmailed some poor schmoe into giving me some info that should have been protected, then called some other fool and pretended I was an employee to get more "secret" data. I cracked the system and used it to steal services from other people or to hide my real location.
The Mob: Yea, we tried to set up a phone-redirect-to-our-pimps scam. Our guys got busted and spent years in jail. The enforcer we sent to horn in on some local pimp's business got busted and died in jail.
My analysis? Pure sensationalism in it's style, but has some valid points.
Any large company is going to be vulnerable to these kinds of exploits. It's just impossible for the right hand to always know what the left hand is doing. What Mitnick says may well be true.
I have no doubt that prostitution is big business in Vegas, but just because one or two pimps aren't getting the kind of business they used to doesn't imply a conspiracy. Maybe jons got smarter and started using the net to look up hoes?
As far as the conspiracy? I would be very suprised if they privy enough to Sprint's info to avoid detection. Not doing something illegal when the boss is looking is a lot harder if you don't know when the boss is looking. As we've already established, the right hand doesn't know what the left hand is doing, how is a third party supposed to be on top of test schedules and investigations?
Steven
-- I have marked myself unwilling to moderate-- I don't have other accounts to artificially inflate the karma of
Funny, last time I called a vegas hooker I had no problems at all getting through..
I thought someone said there was going to be free beer!
I'm surprised no one has mentioned this yet, but Poulsen himself (that article's author) was involved in almost an identical scheme to the one he's writing about. At least according to the book "The Watchman" by Jonathan Littman. In the book Littman describes an operation in which Kevin Poulsen rerouted the phone numbers of escort services which had been advertised in the yellow pages in California but had since been shut down by police to the offices of a pimp/escort agency that he was partnered with. I respect Mr. Poulsen for his current work (and his younger exploits if true are pretty damn cool), but what he's writing about here is so similar to something he used to be involved in may warrant some disclosure on his part, or just passing the article to someone else to write. By the way, one notable difference between the article and his own actions is that he was only supposed to have rerouted abandoned phone lines, not currently active ones.
Speaking as someone who used to work for a (yes, totally legit) dot-com startup in Las Vegas that went public successfully, I think I can say that there's more to IT in Las Vegas than just people trying to cover up shady businesses. Admittedly, it's difficult to get decent pay there, but the cost of living is probably about half that of Silicon Valley (and electricity costs US$0.07/kwh!). For comparison, 50k/yr in Las Vegas is probably comparable to 85k/yr in Silicon Valley. As one IT manager in Las Vegas told me, though, you go to Silicon Valley for personal/career development, but Las Vegas if you want to keep the money you make. :-)
...when you're writing a game...tweak the difficulty of "Easy" to something [your mother] can cope with. -- onion2k
Why is everyone concentrating on Sprint? All these hotels have monster PBXs - heck a few probably have DMS-100 class systems given the # of lines they require - a bit much for all but the beefiest PBXs.
It would be trivial for them to redirect the calls - either manually or even automagically with routing tables. Since they own it - they can easily do it and I honestly can't imagine it would fall under the jurisdiction of the PUC since it ain't a public utility! THey own the PBX, you use their phones, and as long as they meet various requirements (you can reach 911, etc) no problem. I honestly wonder if doing in on a PBX would be illegal! And eve nif it was - and they did - Sprint would still be out of the picture.
--
Top Most Bizarre/Disturbing Error Messages
For the HREF paranoid:
http://www.theregister.co.uk/content/6/18950.html
Second, should we expect anything less than a seedy underbelly to all in the 'City of Sin'?
The population doubles on the weekends, so of course the phones start going intermittent every Friday evening. People who live there oughta know that.
Now imagine you're a poorly paid hotel PBX operator. "Knuckles" approaches you after work one night and offers you a few hundred bucks if you inform him of calls to escort services...
And if you don't? He'll find somebody else...or worse. Is it that hard to imagine now?
CTP
"War makes me sad." - Me