How to have free access to the net by fake-accounts
(a tutorial by LordCaligo)


by LordCaligo
(21 November 1997, with a small addition by fravia+: "throw away trials")


noanon
Fravia's Anonymity Academy
Courtesy of fravia's page of reverse engineering

Well, here we go with another nice essay by LordCaligo. I hope that this will represent only the FIRST of a series of essays on this subject (by LordCaligo and others) since there are MANY other tricks that can be applied to this field. LordCaligo speaks here about the 'fake' account techniques... yet this technique, very useful for powerusers, may be superfluous for small user. For little quiet anonymity lovers I would just like to remember a 'legal' simple technique that I have used (and I still use) a lot: "handkerchief-providers" (or "throw away trials")
The idea is NEVER to pay for your access to the net. You get a 'one month trial free' account from AOL, nice, use it: do everything you want, download heavily, play on line, whatever, for a whole month... and then... bye bye AOL. For the 'second' month you'll get -perfectly legally- a one month trial account from, say, MSN. Nice! Do everything you want, download heavily, play on line, whatever... when even the second month ends, you'll get a one month free trial account from Compuserve, or whatever, do everything you want, download heavily, play on line, and so on... you dig it? There are many 'minor' providers too, and the concurrence is fierce! Some of them offer now (in Europe) THREE months free trials. Wow!
And then, after, say, one year, YOU begin everything anew, legally, with your own name! If you read the instructions you'll see that you are not supposed to ask for a new trial offer for the next 10 months. Therefore you may perfectly legally ask for a new trial offer after 11 months! (And, of course, you could come to the idea of asking for another trial with your girlfriend's name, your baker's name, your oncle's, whatever... well, the point is... every time you enjoy for free such a trial provider, just use the many free pages and free intrnet addresses providers that exist on the deep deep Web!
In a short time you'll have collected 20 or more 'sleeping' internet addresses and pages. After three or four months you'll be able to use the surviving ones without much worries!

A last consideration if you follow LordCaligo's techniques below... when you fake an address and that address (and the telephone number you have given) are going to be checked, use some name (and people) like 'Wong' or 'Kiczielsky', or 'M'bungo' and give address (and corresponding telephone) in a huge house full of people that barely speak English (or German, or Italian, or whatever you and your provider speak with each other). You'll find a lot of these 'anonymity baits' with a little social engineering. Such 'refugees' decoys are the best thing you can use when you are covering your tracks and/or faking addresses: confronted with a family of 25 immigrants that do not speak the country language nor understand what the cuckoo is going on, the providers' agents themselves won't be able to understand if there was -or not- any malicious intent :-) Enjoy!

                    _   _   ___   _ _ _  _____   ___
                   | |_| | / _ \ | | | ||_   _| / _ \
                   |  _  || (_) || | | |  | |  | (_) |
                   |_| |_| \___/ \_____/  |_|   \___/

              have free access to the net by fake-accounts
                      a 'tutorial' by lord caligo
                          11/09/97 (mm/dd/yy)


OVERVIEW:  I.    INTRODUCTION
           II.   BASICS
           III.  HOW TO FAKE A SIGNUP
           IV.   CREDIT CARD ALGORYTHM
           V.    DISADVANTAGES

 --------------------------------------------------------------------------

I. INTRODUCTION

I'm writing this essay because fravia+ (http://207.30.50.126/fravia/fravia.htm)
asked for it. He saw my first one (HOWTO create secure webpages) and 
encouraged me to write a new tutorial - this time I'll try to show you 
how easy it is to get free access to the Net with all its advantages 
AND disadvantages. It's not the first and it won't be the last tutorial
about this topic, but that does not matter =;-]

 -------------------------------------------------------------------------

II. BASICS

Creating fake accounts is as easy as reading this text - after you
understood it for the first time, you'll never have problems any more.

The idea is very old, "hackers" used it as soon as the Internet got
popular and providers growed up all around the world. It's not my
private scheme, everybody with a BIT of knowledge "discovered" it
some time ago.

At first, what do we need to sign up for an legal account?
We need (of course) a name with address, telephone number (not always)
and ... how to pay normally?

The easiest way is to use one of the little fancy plastic cards every-
body has, we just need to use our personal, private number for it
(more in chapter III.) . Many providers give you the possibility to
sign up directly when online (Compuserve, AOL, UUNET). I don't know
how it works in your country, I can only speak for Germany.

A second way would be a signup with account- and bank code number.

 -------------------------------------------------------------------------

III. HOW TO FAKE A SIGNUP

Okay, just remember what we need:

1. A name, address & telephone number

 Easy to "fake", just imagine some. NEVER use names or telephone numbers
 of known people or friends, just really IMAGINE one.
 If you don't have any imagination, take a look to a local telephone
 book.

2. Credit Card- or account number

 There are many tools generating VISA- or Discovery-Numbers, see Chapter
 VI. Just go fetch some of them or make it on your own...
 
 Account numbers... erhm, I don't know any algorythm for it, just read
 some announces or similar. You'll find numbers of different persons soon.
 
3. Sign Up

 No go sign up ! You have all you need.

 Some providers like AOL (in Germany?) do not only check if the algorythm
 is VALID, they compare the Credit Card Number while you're online with
 a local VISA-computer. Just try out... if it does not work, try another
 provider or use account numbers (they DO exist, no comparison would
 be useful :-).

 ------------------------------------------------------------------------

VI. CREDIT CARD ALGORYTHM

The most popular card to fake is VISA, many many many generators are
out for all OS. 
If you want to create numbers on your own for some reason, here is the 
algorythm:

VISA numbers have six digits. You take all odd numbers (the 1., 3. ...15),
double them and divide by nine (9). Add the remainder up and now add all 
even numbers (the 2., 4... 16).
If you can divide the resulting sum by ten, it's a valid code. There is
no connection between the VISA number and its user.

I hope you could understand me. 
Here is a PASCAL-program for checking valid numbers (VISA, MasterCard, 
American Express & Discovery):
= = = = = = = = = program checkccard; {$N+} {turn coprocessor on } FUNCTION NUMBERS(C:STRING):STRING; VAR A:STRING; X:INTEGER; BEGIN {strips out all non-numeric digits from a string} A:=''; IF LENGTH(C)>0 THEN FOR X:=1 TO LENGTH(C) DO IF C[X] IN ['0'..'9'] THEN A:=A+C[X]; NUMBERS:=A; END; FUNCTION VALOF(CONST A:STRING):LONGINT; VAR I:INTEGER; L:COMP; BEGIN {guarantee no crash VAL function} VAL(A,L,I); IF I<>0 THEN L:=0; IF L>HIGH(LONGINT) THEN L:=HIGH(LONGINT); IF L<LOW(LONGINT) THEN L:=LOW(LONGINT); VALOF:=TRUNC(L); END; FUNCTION VALIDCCARD(A:STRING):BOOLEAN; VAR C:CHAR; T:WORD; X,M,N:BYTE; BEGIN VALIDCCARD:=FALSE; A:=NUMBERS(A); IF A[0]<#4 THEN EXIT; C:=A[LENGTH(A)]; DEC(A[0]); M:=2; T:=0; FOR X:=LENGTH(A) DOWNTO 1 DO BEGIN N:=(BYTE(A[X])-48); N:=N*M; IF N>9 THEN BEGIN N:=N-10; INC(T); END; T:=T+N; M:=3-M; END; T:=(TRUNC((T+9)/10)*10)-T; IF T=(BYTE(C)-48) THEN VALIDCCARD:=TRUE; END; FUNCTION CCARDTYPE(A:STRING):BYTE; {returns 0:invalid credit card type 1:VISA 2:MC 3:American Express 4:Discovery 5:Unknown type} VAR W:LONGINT; BEGIN A:=NUMBERS(A); IF VALIDCCARD(A) THEN BEGIN W:=VALOF(COPY(A,1,6)); IF (W>=510000) AND (W<=559999) AND (BYTE(A[0])=16) THEN CCARDTYPE:=2 {Mastercard} ELSE IF (W>=400000) AND (W<=499999) AND (BYTE(A[0])=13) THEN CCARDTYPE:=1 {VISA} ELSE IF (W>=400000) AND (W<=499999) AND (BYTE(A[0])=16) THEN CCARDTYPE:=1 {VISA} ELSE IF (W>=340000) AND (W<=349999) AND (BYTE(A[0])=15) THEN CCARDTYPE:=3 {American Express} ELSE IF (W>=370000) AND (W<=379999) AND (BYTE(A[0])=15) THEN CCARDTYPE:=3 {American Express} ELSE IF (W>=601100) AND (W<=601199) AND (BYTE(A[0])=16) THEN CCARDTYPE:=4 {Discover} ELSE CCARDTYPE:=5;{Unknown type} END ELSE CCARDTYPE:=0; END; BEGIN { mainroutine } END. = = = = = = = = =
Have fun with it!

 ------------------------------------------------------------------------

V. DISADVANTAGES

Hey, there's always the possibility that they go fetching your caller
ID or trace your line back ! Just FAKE ON YOUR OWN RISK! ;]

But there are more disadvantages:

 - you'll have to re-signup after a short period (depends on the provider)

 - you don't have a permanent email-address (!!): get one at an 
   independent free service provider like hotmail, rocketmail or 
   take a look at http://payfree.home.ml.org/freemail.htm

 - your provider cannot provide webspace because your name
   changes every new signup: get space somewhere else

 - and more ...

 ------------------------------------------------------------------------

VI. LAST WORDS

Okay, this is a short essay, it was written in about an hour. But I
don't think there is much to say about fake-accounts - everybody can
create and use them ...
To get my newer tutorials, visit my page or email me (caligo@lords.com).

Do not forget to take a look at my cracking site:
      
            -==  http://cracking.home.ml.org/  ==-
 
(c) LordCaligo. All rights reversed
You are deep inside fravia's page of reverse engineering, choose your way out:

noanon
Fravia's Anonymity Academy
redhomepage redlinks redanonymity +ORC redstudents' essays redacademy database
redtools redcocktails redantismut CGI-scripts redsearch_forms redmail_fravia+
redIs reverse engineering legal?