MARK: Mechanized Assignment and Record Keeping MMWXkoc;,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,;:lx0WMM WXx:,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,;oKW Kl,,,,,:odxxxxxxxxxxxxxxxxxxo:lxxxxxxxxxxxxxxxxxxxxxccdxxxxxxxxxxxxxxxxoc,,,,,cO o,,,,;dKWMMMMMMMMMMMMMMMMMMW0oOWMMMMMMMMMMMMMMMMMMMWxdNMMMMMMMMMMMMMMMMWXx:,,,,c :,,,,oXMMMMMMNK0000000000000xcd00000KWMMMMMMMWNK000OodNMMMMMMNK0000000000Ol,,,,; :,,,,xWMMMMMWk;,,,,,,,,,,,;;,,,,,;;;c0MMMMMMMNd;,,;;,oNMMMMMWk:,,,,,,,,,,,,,,,,; :,,,,xWMMMMMWx,,,,,,,,,,,,,,,,,,,,,,;OMMMMMMMXl,,,,,,oNMMMMMWO:;;;;;;;;;;;,,,,,; :,,,,xWMMMMMWx;oOOOOOOOOOOOOkc,,,,,,;OMMMMMMMXl,,,,,,oNMMMMMMNKKKKKKKKKKKKd;,,,, :,,,,xWMMMMMWx:kWMMMMMMMMMMMNd,,,,,,;OMMMMMMMXo,,,,,,oNMMMMMMMMMMMMMMMMMMWO;,,,, :,,,,xWMMMMMWx;cddddxKWMMMMMNd,,,,,,;OMMMMMMMXo,,,,,,oNMMMMMWKxdddddddddddl,,,,; :,,,,xWMMMMMWx,,',,,;kWMMMMMNd,,,,,,;OMMMMMMMXo,,,,,,oNMMMMMWk;',,,,,,,,,'',,,,, :,,,,dNMMMMMW0ollooodKWMMMMMNo,,,,,,;OMMMMMMMXo,,,,,,oXMMMMMMKdlloollooool:,,,,; l,,,,c0WMMMMMMWWWWWWWMMMMMMW0c,,,,,,;OMMMMMMMXl,,,,,,c0WMMMMMMWWWWWWWWWWWXd,,,,: k:,,,,cx0XNNNNNNNNNNNNNNNXKxc,,,,,,,;kNNNNNNN0l,,,,,,,cx0XNNNNNNNNNNNNNXOo;,,,;d NOc,,,,,;:ccccccccccccccc:;,,,,,,,,,,:ccccccc:;,,,,,,,,,;:cccccccccccc::,,,,,:xN MWXkl;,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,;cxKWM MMMWNOdc;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;cokXWMMM [https://en.wikipedia.org/wiki/GTE] Picking up where I last left off, which was a digression on telephone company "Central Offices" or "C.O." buildings, I will now write about the first telephone company computer system that Steve and I learned about and gained access to via our Central Office dumpster diving exploits. The first system that we learned about, and that would become an obsession of ours, was called MARK. MARK stood for Mechanized Assignment and Record Keeping and was one of GTE's most central computer systems for managing their part of the national telephone system. This is something that I have always wanted to document for the sake of not having it completely disappear from history and to hopefully get others to write in with their own experiences with MARK, whether that be as GTE employees or GTE hackers. First, let me try and break down the name of this system a bit: Mechanized: Automatic, handled by machines (computers) Assignment: The assignment (reservation) of various telephone system facilities to a particular customer. "Assignment" was a big part of what happened when a customer ordered new telephone service. Facilities which must be "assigned" for a new telephone line included the telephone number, the cable and pair physically connecting the customer's location to the telephone company Central Office switch, line equipment (which "port" in the telephone switch is to be associated with this telephone number), and more. Before the introduction of "mechanization" (computer automation), assignment was handled by humans referring to various books, filing cabinets, paper records, index cards, etc in order to find unused facilities that could be assigned for the new number. These records, files, books, index cards, etc would then have to be updated to show that these facilities were now assigned (reserved) and no longer free to be assigned to other numbers. All of this work was automated by computers with the introduction of mechanization. Of course, for example, not every Central Office cable provided a path to every location to be given telephone service. So, the situation was more difficult than simply finding the next free cable and pair. Out of the many potential tens or hundreds of thousands of pairs of copper wires, one must be assigned (reserved, set aside) for the new number. Obligatory shitty ASCII diagram of extremely over-simplified view of a particular Cable and Pair's route between the Central Office building and the customer location: ------------------------------------------------------------------------------- Central Office building ---- |CO| ------ Cable 1 ---- | ---- Cable 2 | ---- Cable 3 ------ Pairs 1-500 | --- (CP 3-712) --- ---- Pairs 501-800 ---- |X| --- Cable 3, Pair 712 --- |C| | --- --- ---- Pairs 801-2,500 Cross-connect point Customer location NNN-NNN-NNNN Where NNN-NNN-NNNN is an Area Code (NPA for telco autists) and telephone number ------------------------------------------------------------------------------- Let us just say for now that assignment is a very non-trivial problem. Now, back to breaking down the term Mechanized Assignment and Record Keeping: We've already covered Mechanized and Assignment, so here is what was meant by Record Keeping: All of the various records, databases, files, other computer systems, etc that are read from and written to in order to support the mechanized assignment process. Therefore, GTE's Mechanized Assignment and Record Keeping (MARK) system was: The automatic assignment (reservation) of various telephone system facilities to provide new customer service and all of the various record keeping needed to support this activity. Now that we have a bit of a definition of the telepone company computer system that Steve and I found our way into, let's talk about how we found that access and how that access was performed. First some history on MARK: MARK was written in FORTRAN and at least initially ran on a time-sharing system (think "Cloud" before the "Cloud") operated by General Electric (GE). Confusingly, this time-sharing system was called MARK III. Somehow, amazingly, some of The Three Bad Ass Dudes (more on them in previous and future articles) told Steve and I that they had been beyond the MARK system and had been in the underlying MARK III operating system. I was later able to verify that MARK did indeed run on MARK III. Incredible for them to have somehow known this. [Yes, General Electric was a computer and computation-as-a-utility pioneer, dating back to the 1960s. See, for example: https://en.wikipedia.org/wiki/GE-600_series -- from this Wikipedia article: "The GE Mark II operating system (later Mark III) was used by GE Information Services as the basis for its timesharing and networked computing business. Although Mark II / Mark III was originally based on the Dartmouth system, the systems quickly diverged. Mark II/III incorporated many features normally associated with on-line transaction-processing systems, such as journalization and granular file locking. In the early-to-mid-1970s, Mark III adopted a high-reliability cluster technology, in which up to eight processing systems (each with its own copy of the operating system) had access to multiple file systems." See also, for example, the following two text files made available in the same Gopher directory as this article: mark-web-result-1.txt and mark-web-result-2.txt.] [It is also worth noting that General Electric played an important role leading up to the creation of AT&T's UNIX operating system. You can read more about "MULTICS" if this is of interest to you, "UNIX" being an obvious play on "MULTICS."] With the roots of GTE's MARK system going back to the 1960s-era computation-as-a-utility, naturally it was accessed by dial-up modem. In fact, later, when I was working for GTE / Verizon and talked my supervisor into getting us a tour of the inside of a Central Office building, I saw a genuine Teletype machine which was still being used to dial into MARK. Because the Central Office employees were using a Teletype machine to dial into MARK, every MARK session they performed naturally left behind a literal paper trail, as Teletypes do not produce their output on computer monitors but instead on paper. Luckily for us, no Central Office employee ever seemed to shred anything, meaning that we started finding MARK dial-up telephone numbers, usernames, and passwords on our very first dumpster diving expedition, including detailed session "logs" that provided us with hints on how to use the system. The dial-up phone numbers we found operated at 1,200 baud, if I remember correctly, and were painfully slow compared to the modems we were using in the mid-to-late-1990s (14,400 baud, 28,800 baud, etc -- faster by an order of magnitude). Much later, we would find a way to access MARK via Tymnet (X.25) which provided us with much faster 9,600 baud access. However, almost all of our adventures in MARK were performed at 1,200 baud (roughly 150 bytes per second, or about 10 seconds to receive one full 80 column by 25 row of output). We never, ever dialed into MARK from our homes. We dialed-in from motels, payphones using laptops and acoustic couplers, telephone company terminal boxes using "beige boxes" in out-of-sight locations, friend's houses, etc. (Pretty nice of us to dial into MARK from a "friend's" house, huh?) What did one first see when dialing into MARK? Well, when you dialed into GTE's MARK system, you were really dialing into GE's MARK III timesharing service. So, you were first presented with the standard GE MARK III login prompt, which can be found in "mark-web-result-2.txt" mentioned above: U#= This prompt is asking for the first of three pieces of login information, the username. Luckily for us, however, the GTE Central Office employees had figured out a shortcut where they could provide the user ID, password, and accounting code all in one line, which would cause this output to be produced "in the clear" on the resulting print-out. It's worth mentioning that GE masked the password input if the user simply provided their username at the "U#=" prompt and hit enter, advancing to the password prompt. From the above mentioned text file -- by the way, this is not from a "hacker text file" but rather is from a PDF scan of an official company manual of a GE MARK III customer which can still be found on the Web today -- I have simply provided a transcription of a portion of that PDF below: [Excerpt from: https://amigan.yatho.com/SP54.pdf -- also available in the same Gopher directory as this article] ------------------------------------------------------------------------------- U#= At this point enter your user ID (3 alphabetic characters and 5 numeric characters) and press the carriage return: U#= AAANNNNN The system responds PASSWORD SSSSSSS providing a blocked-out area in which you may enter your password. Type the password on top of the blocked-out area and press the carriage return. ... ID: This is a request for accounting information. If you do not wish to enter any accounting information, simply press the carriage return: ------------------------------------------------------------------------------- So instead of first entering the user ID followed by a carriage return, then your password followed by a carriage return (obscuring the password input), and finally the optional accounting code, one could simply provide all of this information on one line, with each piece of information separated by commas. This "shortcut" meant that the user ID, password, and accounting code were captured "in the clear" on the print-out that would then inevitably work its way into the dumpster at the Central Office building for Steve and I to later retrieve. Here is an actual user ID, password, and accounting code that we found and used to login to MARK: U#= GHK77617,BAYW,JUMP User ID: GHK77617 Passcode: BAYW Accounting code: JUMP As you can see, the format of the "GHK77617" username directly matches the format specified in the excerpt above. [TODO: Upload photo from inside of MARK manual we found while dumpster diving. Yes, I still have this manual on my bookshelf to this day. The inside cover of the MARK manual listed a valid dial-up number, username, password, and accounting code.] We even later found an internal memo (from GTE Telemail) which implored the Central Office users to stop using this shortcut because hackers were likely gaining access to MARK by finding this information in the trash. Ironically, we found this memo as a print-out in a Central Office dumpster. This is absolutely a true story, as incredible as it may seem. I still kick myself for not keeping that memo and some other key "trophies." After the "U#=" prompt (GE MARK III), you would be dropped into GTE's MARK system and see its "ACTION?" prompt. So, what could some teenage hackers do with GTE's MARK system in the mid-to-late-1990s? That will be the topic of my next 1990s-era phone company hacking article. CREATED 2023-06-10