TUCoPS :: AOH Caller ID :: aniart.txt

ANI vs. Tracing vs. Caller ID







                          Automatic Number Identification (ANI)
                                       vs.                                
                                    Tracing  
                                       vs.
                                   Caller ID                                    
                                    

                                 4/28/00-5/3/00

 Disclaimer: Neither Janus nor The Gashous take no responsibility 
for what you do with this file. It is for informational purposes only. Use at your own risk.







                       Part I: Automatic Number Identification







                               I. ANI
  
   ANI, automatic number identification, is exactly as its name 
implies. It automatically identifies the 10-digit number of the 
phone line that is calling. Orignially, this system was originally 
used to utilize Centralized Automatic Message Accounting (CAMA) 
in systems like SxS, Panel, XBar #1, and a few minor other ones. 
ANI was utilized by sending messages through ANI circuitry that 
was placed in the control rooms of the Central Offices (CO) mentioned 
before. Before ANI came about, COs used a type of number-marking 
device to keep track of all tolls made on a local loop (subscriber 
line). This was achieved by placing the device either in a trunk 
or directly in the CO. It would be read by another device and then 
all those calls made would appear on your phone bill. This process 
was fine for the early periods of large telcos, but once every house 
started owning 2, 3, even 4 or 5 lines each, they decided they needed 
a much less time-consuming method of gathering line information 
about the loop. Thus, ANI was developed.
  

                    II. How ANI works (basically)
  
   An identifier circuit is installed to recognize each line. Every 
time a call is made, the mechanical devices go to work. It identifies 
the caller, party being called, and some other information. That 
information is then sent to another circuit in an outgoing trunk, 
and then relayed to a Tandem office.
  As soon as the call is made, a 5800hz identification tone is applied 
to the line, and the circuitry knows the numbers of the party calling, 
but not yet the party being called. The tone is transmitted at a 
2-volt level. At the same time all this is happening, an identifier 
idle is seized which sends a message to the directory network and 
over a few series of busses and the like. The identifier begins 
to scan the number and finds out the calling office number, and 
the number being called. All the information is then sent, via MF 
tones, to CAMA equipment that puts all information on tape, except 
YOUR number, under normal circumstances, because this has already 
been determined by the first set of circuitry. Occasionally, an 
Automatic Identification Number Failure (ANIF) may occur, which 
can be caused by many kinds of complications. When this happens, 
another protocol called Operator Number Identification (ONI) is 
used. All that happens is an operator comes on the line and asks 
you what number you're calling from. 
  When a company that uses ANI and CAMA equipment is called, a small 
vaccuum or LCD display screen, or sometimes directly on a computer 
monitor, the calling party's number, their address, and the name 
of the person that the telephone line account is under. Limited 
telephone information may also be accessed, but it's usually never necessary.


                    III. Why ANI is used

   ANI is used when you call 911, pizza places, 411, or sometimes 
even when you talk to an operator. It is used when you call 911, 
of course, because if it's an emergency, they automatically know 
the place being called from, just in case the person is panicing, 
doesn't know where he/she is, or accidentally gets disconnected. 
Operators always ask for verification of their information, just 
in case a call box (the things on the side of highways), cell phones, 
mobile phones, etc are being used. The same goes for pizza places. 
They always ask for your number first, and then pull up your information 
on the computer screen. This isn't really a direct form of ANI actually, 
but another form of identification that isn't discussed in this text. 


                    IV. How ANI can be useful to phreaks

   ANI can be useful to phreaks in the following ways:

          1) COCOTs. Customer owned, coin operated telephones. Why, 
you ask? Because when you call a special ANI number that is set 
up by the telco, it reads back the number being called from. Then, 
you can write the number down, and dial it from another phone. You 
might be able to get a special menu where you can do cool things 
with the phone, such as disable it, make it ring, use its 200/300 
baud modem, and other things. Plus, calling the ANI number is free. 
Payphones are, by law, obligated to be used to dial toll-free, 911, and operator lines for free.
         2) Beige boxing. When boxing, if you don't know the number 
you're calling from (for some odd reason) and want to know, just dial the ANI number.

         3) Spying. If you're over a friends house, and want to 
know the number of a cell phone, home phone, fax, or something else, 
just get them out of the room and call the toll-free ANI number. 
This can be useful in many ways, such as:
                   a. Pranking
                   b. Finding out where to fax things
                   c. Getting the parent's cell phone MIN :)
                   d. If it's an enemy instead of a friend, you 
                      could call the number to get their line, then cause 		      anarchy with it.


                         



                                     Part II: Tracing







                              I. Steps Involved in Tracing
      
      Step One: making of a police report. There must be some reason 
                WHY the line is being traced, such as obscene 
                phone calls, computer hacking, phreaking, etc.
      Step Two: make a request from phone company, with police report in 	        hand, that they trap the line. Phone companies and government 
                agencies are about the only people that posess trace 	        equipment.
      Step Three: installation of the tracer. The line is traced. Kaboom. :)

The calling party's ANI information will be recorder the next time 
he calls and immediately sent to the telco and/or proper government 
agencies and police forces. The only problem with installing the 
tracer is the time it takes for the phone company to come and put 
it in. It could take up to a week. Unless, of course, the NSA/FBI/CIA 
are involved. Then, it can be installed in... probably in as little 
time as 3 minutes. (No exaggeration in previous sentence. :) )

A large quantity of hackers and phreaks are apprehended via MCI's 
new port-monitoring soft/hardware. All it does is look for a certain 
string in the recorded calls. Woohoo. MCI recently claimed that 
they caught almost 50 phreaks in a 7-month period. We all highly 
doubt that. MCI does NOT have direct access to ESS. All they probably 
did was look at the Dialed Number Records and the such. I hate those 2-bit telcos....

                           II. Time Synchronization Tracing
  
   Time Synchronization Tracing is a very simple method in which 
a device is implemented to monitor exactly the times in which the 
calls were made, and the number of the called party. When the called 
party's number is detected, it automatically stops the clock at 
the time that the phone of one of the calling parties goes on hook. 
Then, the records are compared with that of the phone companies, 
and the caller is questioned, and, usually, caught. There is usually 
no possibly way I know of around this, unless you make calls on 
a Friday night or something at 7 or 8 o'clock when millions of calls 
all over the world are being made.

                         III. Manual Tracing
     Manual Tracing, as it's name suggests, is just tracing by following a call back to its source via the use of hundreds of circuits. It usually takes about 5-20 minutes, and is not used anymore that much. There are 3 kinds:
        a) Retrieves city/general area only
        b) Retrieves phone number general area
        c) Retrieves phone number and exact location

                         IV. FBI Lock-In Trace
     The lock-in trace is used to "lock-in" to a number and not let the other
 party's line completely hang up. Mostly used only by the FBI, because it is
 so expensive, it is usually referred to as the FBI Lock-In Trace. They can 
sort of tap into a conversation, almost like a 3-way caller, and then use a
 manual trace while always being connected, even if the parties hang up. How,
 you ask? Well, if you think about your basic knowledge of phones, you should
 already know that the only thing keeping a line connected is VOLTAGE. Once 
the party hangs up, the voltage is cut, and the connection no longer exists.
 The pigs, being sort of like the third caller, keep the voltage up on the 
line after both parties hang up. You know the lock-in trace is in use when 
you hang up, and the phone keeps ringing immediately after you place it 
on-hook. So, the only way to beat this type of trace is to lower the voltage 
on the line. Every time another person connects to a line that's already in 
use, the voltage decreases a little. That's why, on 3-way conversations, you
 experience more static and line noise than you do on a normal connection. 
Sure, you could pick up 10,000 phones at the same time... but that's almost
 impossible. That's why the aqua box was invented. Aqua box plans are 
included at the end of this document.








                                Part III: Caller ID







                                I. What is Caller ID?

  Caller ID is a relatively new technology that allows a called party to receive either:
          a) The calling party's number, date/time, and subscriber's name
          b) The calling party's number, date/time, subscriber name, 
	     and additional information, such as address or telephone 	     information.
  
  **Note that in both instances, I say "subscriber name," not just 
"name." This is because the Caller ID box can only view the information 
of the calling party's line, not the EXACT person who is calling. 
For example: A telephone line is issued under Joe Schmoe's name. 
The number is (666)555-4242. His daughter, Jane Schmoe, makes a 
call to one of her teenage girlfriends. Tammy Smith, the friend, 
has a caller ID box in her room. The box displays:
                          [      Schmoe, Joe F.   ]
                          [      666-555-4242     ]
                          [        1.16.99        ]
                          [        4:54 PM        ]

                                 or possibly
                          
                          [     Schmoe, Joe F.    ]
                          [     666-555-4242      ]
                          [        1.16.99        ]
                          [        4:54 PM        ]
                          [   Anytown, USA 99642  ]
                          [Bell Atlantic Telephone]


The second instance is usually very uncommon... it's only availible 
in certain areas, and most likely costs more. 

                               
                            II. How does Caller ID work?
  
    The calling party's information is sent as a data stream containing 
7 data bits and 1 stop bit. The stop bit just indicates that the 
information is done sending, and the box at the other end can start 
displaying the message. The signal is usually transferred at 1200 
baud, but may be different in other countries/regions. The caller 
ID box then interprets the message with it's circuitry. It determines 
the date and time (which is in 24 hour format, not 12), number, 
and subscriber's name. An example of a data stream would look like:
                          0412303232383134333434303735353537373737xx
                                or 02281334407555777(checksum)

The box intreprets this message as:
    Date: February 28
    Time: 1:34 PM
    Number: (407)555-7777


                          III. What is Caller ID blocking?
   
   Since people want their privacy, the FCC and all those other 
3-letter government-associated agencies have required the telco 
to install a way to block Caller ID. Bell Atlantic uses *67, but 
different countries/regions may have different digits. 2 forms exist:
          a) By-Call: The preferred method, caller purposely presses 
               *67 before EACH call, and blocking the following call. 
          b) By-Line: Has a few disadvantages, the major one being 
	     that the caller must go through a lengthy process before he/she 	     can toggle the ID blocking on or off. Usually accomplished by 	     calling the telco and telling them you want all calls blocked.

               
                            IV. Caller ID errors

 Many different kinds of errors can occur.. these are the more common ones:

         a) Buffer Full: The box has filled up its memory because 
            the person has not bothered to delete old calls, and 
            the box must begin to delete old numbers for you.
         b) No Data Sent: The box cannot decide the proper information 
            because the data stream is full of null  characters, but 
            still has a proper checksum.
         c) Out of Area: The tleco of the caller is using a different 
            type of switching system and the data is different, 
            or, it's just because the caller is out of Caller ID range.
         d) Blocked/Private/Unknown: The caller has blocked Caller ID.
         e) Data Error: Proper checksum was not received.. can occur 
            during an improper data transmission.










                                  Aqua Box Plans
                      (As taken from The Traveler's version)







Materials needed- a BEOC (Basic Elictrical Output Socket), like a small lamp
                   type connection, where you just have a simple plug and wire
                   that would plug into a light bulb.
                 - One of cords mentioned above, if you can't find one then
                   construct your own... same voltage connection, but the
                   restrainor must be built in (i.e. the central box)
                 - TWO phone jacks (one for the modem, one for if you are
                   being traced to plug the aqua box into)
                 - Some creativity and easy work.
 
 NOTICE: No phones have to be destroyed/modified to make this box, so don't go
         out and buy a new phone for it!
 
 All right, this is a very simple procedure. If you have the BEOC, it could
drain into anything, a radio, or whatever. The purpose of having that is
you are going to suck the voltage out from the phone line into the electrical
applicence so there would be no voltage left to lock you in with.

 1)Take the connection cord. Examine the plug at the end. It should have only
two prongs, if it has three, still, do not fear. MAKE SURE THE ELECTRICAL
APPLIENCE IS TURNED OFF unless you wanna become a crispy critter while making
this thing. Most plug will have a hard plastic design on the top of them to
prevent you from getting in at the electrical wires inside. Well, get a knife
and remove it. If you want to keep the plug (I don't see why...) then just cut
the top off.  When you look inside, low and behold, you will see that at the 
base of the prongs there are a few wires connecting in. Those wires conduct 
the power into the appliance. So, you carefully unwrap those from the sides 
and pull them out until they are about and inch ahead of the prongs. If you 
don't wanna keep the jack, then just rip the prongs out. If you are, cover the
prongs with insultation tape so they will not connect with the wires when the 
power is being drained from the line.

2)Do the same thing with the prongs on the other plug, so you have the wires
evenly connected. Now, wrap the end of the wires around each other. If you
happen to have the other end of the voltage cord hooked into the phone, stop
reading now, your too fucking stupid to continue.
After you've wrapped the wires around each other, then cover the whole thing
with the plugs with insulating tape. Then, if you built your own control box
or if you bought one, then cram all the wires into the and reclose it. That
box is your ticket out of this.

3)Re-check everything to make sure it's all in place. This is a pretty flimsy
connection, but on later models when you get more experienced at it then you
can solder away at it and form the whole device into one big box, with some
kind of cheap Mattel hand-held game inside to be the power connector. 
In order to use it, just keep this box handy. Plug it into the jack if you
want, but it will slightly lower the voltage so it isn't connected. When you
plug it in, if you see sparks, unplug it and restart the WHOLE thing. But if
it just seems fine then leave it.

Now, so you have the whole thing plugged in and all... DO NOT USE THIS UNLESS
THE SITUATION IS DESPERATE! When the trace has gone on, don't panic, unplug
your phone, and turn on the appliance that it was hooked to. It will need
energy to turn itself on, and here's a great source... the voltage to keep
a phone line open is pretty small and a simple light bulb should drain it all
in and probably short the F.B.I. computer at the same time.




-Janus
http://www.warpedreality.com/gashous
hijanus@tupac.com

    *This file may be copied and placed anywhere, as long as author's name and Gashous URL appear at end of document*



TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH