TUCoPS :: Phrack Inc. Issue #17 :: p17-12.txt

PWN17.3 Cracker are Cheating Bell


                      #### PHRACK PRESENTS ISSUE 17 ####

                  ^*^*^*^ Phrack World News, Part 3 ^*^*^*^

                           **** File 12 of 12 ****


  +-------------------------------------------------------------------------+
  -[ PHRACK XVII ]-----------------------------------------------------------

                   "The Code Crackers are Cheating Ma Bell"
           Typed by the Sorceress from the San Francisco Chronicle
                            Edited by the $muggler

             The Far Side..........................(415)471-1138
             Underground Communications, Inc.......(415)770-0140

  +-------------------------------------------------------------------------+
In California prisons, inmates use "the code" to make free telephone calls
lining up everything from gun running jobs to visits from grandma.

In a college dormitory in Tennessee, students use the code to open up a
long-distance line on a pay phone for 12 straight hours of free calls.

In a phone booth somewhere in the Midwest, a mobster uses the code to make
untraceable calls that bring a shipment of narcotics from South America to the
United States.

The code is actually millions of different personal identification numbers
assigned by the nation's telephone companies.  Fraudulent use of those codes
is now a nationwide epidemic that is costing America's phone companies more
than $500 million each year.

In the end, most of that cost is passed on to consumers, in the form of higher
phone rates, analysts say.

The security codes range form multidigit access codes used by customers of the
many alternative long-distance companies to the "calling card" numbers
assigned by America Telephone & Telegraph and the 22 local phone companies,
such as Pacific Bell.

Most of the loss comes form the activities of computer hackers, said Rene
Dunn, speaking for U.S. Sprint, the third-largest long-distance company.

These technical experts - frequently bright, if socially reclusive, teenagers
- set up their computers to dial the local access telephone number of one of
the alternative long-distance firms, such as MCI and U.S. Sprint.  When the
phone answers, a legitimate customer would normally punch in a secret personal
code, usually five digits, that allows him to make his call.

Hackers, however, have devised computer programs that will keep firing
combinations of numbers until it hits the right combination, much like a
safecracker waiting for the telltale sound of pins and tumblers meshing.

Then the hacker- known in the industry as a "cracker" because he has cracked
the code- has full access to that customer's phone line.

The customer does not realize what has happened until a huge phone bill
arrives at the end of the month. By that time, his access number and personal
code have been tacked up on thousands of electronic bulletin boards throughout
the country, accessible to anyone with a computer, a telephone and a modem,
the device that allows the computer to communicate over telephone lines.

"This is definitely a major problem," said one telephone security expert, who
declined to be identified.  "I've seen one account with a $98,000 monthly
bill."

One Berkeley man has battled the telephone cheats since last fall, when his
MCI bill showed about $100 in long-distance calls he had not made.

Although MCI assured him that the problem would be taken care of, the man's
latest bill was 11 pages long and has $563.40 worth of long-distance calls.
Those calls include:

[]  A two-hour call to Hyattsville, Maryland, on January 22.  A woman who
    answered the Hyattsville phone said she had no idea who called her house.

[]  Repeated calls to a dormitory telephone at UCLA.  The student who answered
    the phone there said she did not know who spent 39 minutes talking to her,
    or her roommate, shortly after midnight on January 23.

[]  Calls to dormitory rooms at Washington State University in Pullman and to
    the University of Colorado in Boulder.  Men who answered the phones there
    professed ignorance of who had called them or of any stolen long-distance
    codes.

The Berkeley customer, who asked not to be identified, said he reached his
frustration limit and canceled his MCI account.

The phone companies are pursing the hackers and other thieves with methods
that try to keep up with a technological monster that is linked by trillions
of miles of telephone lines.

The companies sometimes monitor customers' phone bills.  If a bill that
averages about $40 or $50 a month suddenly soars to several hundred dollars
with calls apparently placed from all over the country on the same day, the
phone company flags the bill and tries to track the source of the calls.

The FBI makes its own surveillance sweeps of electronic bulletin boards,
looking for stolen code numbers.  The phone companies occasionally call up
these boards and post messages, warning that arrest warrants will be coming
soon if the fraudulent practice does not stop.  Reputable bulletin boards post
their own warnings to telephone hackers, telling them to stay out.

Several criminal prosecutions are already in the works, said Jocelyne Calia,
the manager of toll fraud for U.S. Sprint.

If the detectives do not want to talk about their methods, the underground is
equally circumspect.  "If they (the companies) have effective (prevention)
methods, how come all this is still going on?" asked one computer expert, a
veteran hacker who says he went legitimate about 10 years ago.

The computer expert, who identified himself only as Dr. Strange, said he was
part of the original group of electronic wizards of the early 1970s who
devised the "blue boxes" complex instruments that emulate the tones of a
telephone and allowed these early hackers to break into the toll-free 800
system and call all over the world free of charge.

The new hacker bedeviling the phone companies are simply the result of the
"technology changing to one of computers, instead of blue boxes" Dr. Strange
said.  As the "phone company elevates the odds... the bigger a challenge it
becomes," he said.

A feeling of ambivalence toward the huge and largely anonymous phone companies
makes it easier for many people to rationalize their cheating.  A woman in a
Southwestern state who obtained an authorization code from her boyfriend said,
through an intermediary, that she never really thought of telephone fraud as a
"moral issue."  "I don't abuse it," the woman said of her newfound telephone
privilege.  "I don't use it for long periods of time - I never talk for more
than an hour at a time - and I don't give it out to friends."  Besides, she
said, the bills for calls she has been making all over the United States for
the past six weeks go to a "large corporation that I was dissatisfied with.
It's not as if an individual is getting the bills."

There is one place, however, where the phone companies maybe have the upper
hand in their constant war with the hackers and cheats.

In some prisons, said an MCI spokesman, "we've found we can use peer pressure.
Let's say we restrict access to the phones, or even take them out, and there
were a lot of prisoners who weren't abusing the phone system.  So the word
gets spread to those guys about which prisoner it was that caused the
telephones to get taken out.  Once you get the identification (of the
phone-abusing prisoner) out there, I don't think you have to worry much" the
spokesman said.  "There's a justice system in the prisons, too."


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH