|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| || || || The Telecommunications Collage Vol. I || || || |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| *Miscellaneous Techniques for the Telecommunications Hobbyist* Written exclusively for __ ____ _______ __ _______ __ __ __ _____ _____ ____ /__\ \ __\\__ __\ /__\\__ __\\ \ \ \ /__\\ __ \\ __ \\ __\ // \\ \\ \ \ // \\ \ \ \ \_\ \ // \\\ __>\ _/ \\__ \\___\\ \\___ \ \ \\___\\ \ \ \ __ \\\___\\\ \ \\ \ \\___ \_____\ \___\ \_\ \_____\ \_\ \_\ \_\\_____\\_\\_\\_\ \___\ P R O D U C T I O N S By: The Cruiser _______________________________________________________________________________ The purpose of this text-file is to explain the ethics and purpose of phone phreaking and hacking to the ones that don't know or that think they do but really don't. Also I will report on a few odd developments in the hack and phreak worlds, so this file is by no means just reserved to the newcomers. But most of it, however, is on the basic level. In later volumes I will get into more in-depth subjects. For the beginner, I will not get into basic telephony, switching systems and explaining basics such as loops, divertors, etc., but for those that need that information I highly recommend reading BIOC Agent's gem of a series, "The Basics of Communications". Though the earliest ones date back to 1983, they are very informative and well written. At the end of this file I'll put a little bibliography with a list of text-files and books that are recommended reading. Now on to the rest of the file, which will be roughly divided into sections. I. Elitism. (This is the only section devoted entirely to newcomers. Others can go ahead to section II). It's funny listening to some of the new "phreaks" nowadays. ALL NEW HACKERS/PHREAKS. . .LISTEN! What hackers/phreaks do is illegal! Sort of like the mafia - if you turn someone in you can expect to get hurt! So, for all you people out there who cannot handle it, I suggest that you had better stop right away before you get yourself in trouble. There's too many kids out there today who think that they're big shit because they can make long distance calls for free... WHOOPIE! A phreak is not a person that makes long distance calls for nothing. Get that through your heads! A phreak is a person that experiments with the phone company, and tries to manipulate it and see what it can do! It only curtails 20% of long distance calls. That 20% is the final chapter of the phreak, once they crack the Bell system they can make calls for nothing. HOW CAN ANYONE READ THE LAST CHAPTER AND KNOW WHAT THE BOOK CONTAINS? Phreaking is illegal and you can get busted for it. No, the FBI won't bust you for sending someone a $2,000.00 phone bill, the FBI has nothing to do with that at all! And enough about MCI and tracing... 800 numbers always ANI! 950's are routed in a different way, otherwise they're the SAME as other prefixes! ANY number can trace, so there isn't one safe method or long distance company to make free calls. So if you are scared of getting caught, SIMPLY DO NOT DO IT! People who break into computer systems to crash and destroy them or use long distance codes for the mere sake of running up someone's bill should be caught. It's vandalism. Also, a note about boxing. The blue box is the first and one of the few "boxes" [which is contradictory to the pirates and others that have a rainbow assortment of them], although I would also classify the black box as a "box". Others are just tools of the phone phreak. A beige box is nothing more than a lineman's handset, and a clear box is just a tone dialer. Also, boxing is not completely extinct, like some say. And YES, there ARE ways around ESS! One just has to look for them. Not everything one learns can be attained from a text-file. Phreaking is not a passive activity, one must go places, do things, and experiment. Although I am not saying that boxing is in it's prime, either. [I wasn't a phreak when boxing was in its prime, which was way back in the early 70's]. Phreaks still have blue boxes, some for sentimental reasons, and others still use them. A lot of the "boxes", such as the yellow, urine, lunch, super, cereal, plaid, brown, et. al., don't exist. They were "invented" by intelligent people for the plain idiots and "new breed" of what I call "c0mpyooter kidz" to toy with (and try to build and use!) Oh, and then there's boxes like the red box. The red box exists, but it's just a few of the tones in a blue box. So if you have a blue box, you also have a red box. What else... Oh, yeah, something about codes. For your own saftey, never use codes posted on a BBS. Who knows how many people are using it. And, contradictory to the pirate's favorite little saying, "There's safety in numbers," it's actually more dangerous to use a code posted around the nation. All you have to do it put your code hacker on one night, and if you get about 4 codes, that should last you two months if you use one code every two weeks, and don't give any to anyone. II. Trashing Trashing, if done correctly, can be a very profitable and enjoyable part of a phreak's activities. After trashing local Bell and AT&T sites for over two years, I've gained a bit of experience on the subject, and have a few fairly good guidelines for trashing: 1)First of all, you need a place to trash. The best places are your local central office, business office, AT&T service branch, or communications center. To find out where these are located, just open up the good ol' white pages to "American Telephone and Telegraph" or "Bell Systems" and you will find several local addresses. When you pick one out that you think will be profitable, jot down the address and take a few drives out there;one during a weekday business hour, one on a Sunday, and another at night. This will give you an idea of how heavily populated it is at certain times. Don't get out of the car during these surveillance trips, but just make a note of security, etc. Some telco installations keep their trash locked up, others have it guarded, but most of them just have a plain old dumpster. During these trips you also have to watch when the trash is collected, so that you can arrange a day when the trash will be at its peak. 2)Once you have a site picked out, and a good time and date to go, drive out with a friend or two. Sometimes it's better to park your car and walk when it is guarded, so you will have a smaller chance of being detected, but most of the time you can just drive right up. Always do it at night, Fridays, Saturdays and Sundays being the best. Once you are at the dumpster, grab all the bags and put them in the trunk. If you walked, then take them out and leave as soon as possible. Not only is this safer (no worry about getting caught by the cops) than going in the dumpster and sorting the trash there, but it assures you that you don't miss anything. And what's nice about telco trash is that the worst it gets is coffee grounds or an apple core, so you won't have to worry about smelly garbage. 3)Drive off to your house and sort it in your garage, backyard, or whatever. Have some trash bags nearby to put the real trash in. The good trash you can then keep, and dispose of the rest. There are many good things you can find in telco trash. There are always abundances of printouts, from loop tests to miscellaneous reports. Depending on exactly what kind of building you trashed, you could find broken phones (the parts are very useful) to blank letterheads. I have never found a pad of unused Bell letterheads, but if you find one that is in good condition but written on, take it to your local printer and have them print you out two dozen copies in the same color, but to omit the part that was written on. If the printer questions you, just leave and go somewhere else. At my local printer, this cost me $2.60. Letterheads and envelopes are very useful for scaring enemies (on occasion, friends too!), or for impressing phellow phreaks when writing to them. In Bell trash you can also find notebooks and binders with the Bell logo. Once I trashed a computer store and found a binder with the Intel logo on it. It now sits next to my PC and I use it to keep my technical information. III. Your Phriends at Bell! There's a lot of phree presents AT&T has for you that's just as easy as a phone call away: Ever want more than one phone book? Is yours old and tattered? You can get a White Pages, Yellow Pages, Business-to-Business Yellow Pages, or whatever suburb yellow/white pages you want just by asking! It's very simple, and perfectly legal - just open the cover of your current White Pages and get the number to your local Administrative Office. Give 'em a call and ask for whatever phone book you want, and they'll send it free of charge. Don't order more than 3 at a time, however. A way to get Bell stationary without going trashing is to call Bell and ask for information on, for instance, WATS lines. You'll get a little pamphlet in the mail about WATS lines, plus a Bell memorandum slip saying something like, "George --- here's the information you requested on WATS lines". As before, take it to your printers', and have it copied without the writing. Those manhole covers that you see on your street with the words "Bell System" on it have more in there than you think. If you can lift one up using a crowbar, go inside. Sometimes you might find a telephone handset, and if you're lucky, a Bell manual or two describing the wires lining the inside. But most of the time, that's just a phreak phairy tale. It's not that easy, but I worked out an easy method to get various manuals that WORKS: Ever see those little black lids on the corner of the block that says "Telephone" on it, and you open it up and there's a long wire in it? It's called a bridging head. Well go to one close to you, either if you have one or try one a few houses away. Take the lid off, and pitch it. Then call up repair service and say, "Hello, this is [insert the name of someone that lives near it, or bullshit a name], and I have a box at the corner of my house that contains phone wires. Well, I just looked outside and the lid is missing. I have a 6 year old daughter, and she plays outside a lot. I don't want her to get electrocuted or hurt, so could you please send someone out to replace the lid? My address is [fill in address here]." And in a while (they'll tell you the time), a bell lineman will drive up, open his truck and get out a replacement lid. When he's doing that, just reach in the truck and swipe something. But you have to be quick and accurate, and you can't be too choosy. While you're at it, you might as well get into a conversation with the guy. BSing with these people can sometimes yield good results. Many of the Directory Assistance ops can easily be talked to. Although they get a lot of calls (1000-1300 a day), they still will talk for a few minutes. The problem is that they don't have access to much. They can tell you if a number is unlisted or not, and that's about it. The CN/A operator can give you the name and address of a number. And, if done correctly, you can get some information from her. I hear that most CN/As are going to become a regular customer pay service in the near future, due to all the teens already abusing them. My CN/A (614) doesn't even give you the full address or name on most of the numbers, they just tell you the major city it's in (like for a 614 number they'll say "that's in Columbus", and for a 216 number they'll say "that's in Cleveland"), which doesn't help at all. For unlisted numbers they'll tell you that they have no record. Some CN/As are on Microfische(like mine), and that's what happens when you call them. The others are computerized but they ask for a pass code (two letters and two numerals). It won't be long before this once-valuable operator becomes useless. IV. Exchange Scanning The best way to find pbxes, loops, and other goodies is to manually scan for them. In the NPA-NXX-99XX numbers, there's a lot of Bell goodies, just waiting for you to explore them. Get a notebook for phreaking and make a chart for each prefix like this (thanks to BIOC Agent 003 for this method): NPA-NXX-99XX Scan ___________________________________________________________________________ |99x x>| 0 |1 |2 |3 |4 |5 |6 |7 |8 |9 | |---------+------+------+------+------+------+------+-----+-----+-----+-----| |990 | | | | | | | | | | | |---------+------+------+------+------+------+------+-----+-----+-----+-----| |991 | | | | | | | | | | | |---------+------+------+------+------+------+------+-----+-----+-----+-----| |992 | | | | | | | | | | | |---------+------+------+------+------+------+------+-----+-----+-----+-----| |993 | | | | | | | | | | | |---------+------+------+------+------+------+------+-----+-----+-----+-----| |994 | | | | | | | | | | | |---------+------+------+------+------+------+------+-----+-----+-----+-----| |995 | | | | | | | | | | | |---------+------+------+------+------+------+------+-----+-----+-----+-----| |996 | | | | | | | | | | | |---------+------+------+------+------+------+------+-----+-----+-----+-----| |997 | | | | | | | | | | | |---------+------+------+------+------+------+------+-----+-----+-----+-----| |998 | | | | | | | | | | | |---------+------+------+------+------+------+------+-----+-----+-----+-----| |999 | | | | | | | | | | | |_________|______|______|______|______|______|______|_____|_____|_____|_____| Then make a key something like: R = ring [try again later] B = busy [ " " " ] R1= recording 1 [make a list of all that you come across, R1, R2, R3, etc.] D = dial tone O = intercept operator S = sweep tone T = tone [tone at lower number + ignore it's a loop] I = ignore [dead silence. at higher number, it's a loop] V = voice number to telco C = carrier [modem] Q = strange tone/clicks/buzzing M = voice mail system N = SCC / Network port (MCI, Sprint, etc) Dial all the numbers on your sheet, and record your findings on the chart in your notebook. Another area that has a lot of things are the <800>/9XX-9999 series of numbers. At the time of this writing, most are disconnected, but a few useful numbers are still there. Also, <800>/NXX-10XX tend to yield with a lot of good findings. Try to do your scanning late at night, when most businesses are closed. Put all your scans in one big notebook, and attempt to scan as much of the Network [the whole phone system if you were wondering] as you can. Another good prefix to scan are the pay <900>/200-XXXX numbers. These generally cost more than most of the normal 900 numbers, and some of them are private AT&T numbers. You can also try NPA-NXX-00XX, and NPA-NXX-01XX. But you don't have to be limited to these. Different numbers can be found in different areas. Explore into deep depths of the Networks' insides, and the deeper you go the better things you will find. Currently in my area, the 98xx numbers have a lot of loops in them, such as <216>/661-9898/9. Here's a listing of prefixes for the <800> exchange and the states that the number resides in (a lot of companies set up numbers that can only be reached in the same state, and others have ones that can only be called outside their state). An asterisk to the right indicates that a toll switching office that accepts MF tones has been found in the area code served by that prefix. An asterisk to the left indicates that numbers have been found in that prefix that can be whistled off using 2600. The numbers that should be hacked for blowable numbers have asterisks before and after them like this: *XXX*. State 800 Prefix NPA served ----- ---------- ---------- Alabama 633 <205> Alaska 544 <907> Arizona 528 <602> Arkansas 643 <501> California 227 <415> 421 <213> 423 <213> 854 <714> 824 <916> 538 <408> 235 <805> 344 <209> 358 <707> Colorado 525 <303> 255 <303> Connecticut 243 <203> Delaware 441 <302> District of Columbia 424 <202> 368 <202> For high volume traffic Florida 327 <305> 237 <813> *874* <904> Georgia 841 <912> *241 <404> 554 <404> Hawaii 367 <808> Idaho *635 <208> Illinois 621 <312> 323 <312> 637 <217> 435 <815> 447 <309> 851 <618> Indiana 428 <317> 457 <812> 348 <219> Iowa 553 <319> *247 <515> 831 <712> Kansas 835 <316> 255 <913> Kentucky 626 <502> 354 <606> Louisiana 535 <504> 551 <318> Maine 341 <207> Maryland 368 <301> Massachusetts 343 <617> 225 <617> 628 <413> Michigan 253 <616> 521 <313> 338 <906> 517 <248> Minnesota 328 <612> 533 <507> *346 <218> Mississippi 647 <601> Missouri 821 <816> 325 <314> 641 <417> Montana *548* <406> Nebraska 228 <402> 445 <308> Nevada *634 <702> Las Vegas 648 <702> Reno New Hampshire 258 <603> New Jersey 257 <609> New Mexico 545 <505> New York 223 <212> 847 <607> 221 <212> 431 <914> 828 <716> 645 <516> 448 <315> 833 <518> North Carolina 334 <919> 438 <704> North Dakota *437 <701> Ohio 321 <216> 543 <513> 537 <419> 848 <614> Oklahoma 654 <405> 331 <918> Oregon *547* <503> Pennsylvania 523 <215> 345 <215> *458* <814> 245 <412> 233 <717> Puerto Rico 468 <809> Rhode Island 556 <401> South Carolina *845* <803> South Dakota *843* <605> Tennessee 251 <615> 238 <901> Texas 527 <214> 433 <817> 531 <512> 231 <713> 351 <915> *858* <806> Utah 453 <801> Vermont *451 <802> Virginia 446 <804> 368 Arlington - (for D.C.) 336 <703> Virgin Islands 524 <809> Washington 426 <206> 541 <509> West Virginia 624 <304> Wisconsin *356 <608> 558 <414> Wyoming 443 <307> Another area to scan are the <NPA>/NXX-4499 numbers. These will connect you to a loud annoying busy signal. But the neat part about it is that if anyone else calls it while you're on, you can talk. Many people (I've seen it where they've gotten 20) can be on it at the same time. And the more people on the line, the quieter the busy signal gets. Although the busy signal is annoying, it's good because you don't get charged for busy signals so you can call it direct. Two working numbers are <603>/353-4499 and <205>/356-4499. There are a lot of these, at least one in every area code. V. Closing Notes This ends the first in a series, "The Telecommunications Collage". This one was aimed more at the newer phreaks, but more information will be in issue number two, including Bell computers, answering machine/VRS hacking, radio hacking, and other topics. This file was written on various dates between March 17th, 1987 to April 26th, 1987 [as if you really cared, huh?]. Here I'm listing some suggested reading like I promised you at the beginning of the publication. Use this material well, and remember,knowledge is power! [as I quote Scan Man] ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| || Suggested Reading || ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| BIOC Agent 003's Basics of Communications Series (old, somewhat outdated, but still good for beginners.) Illustrated Encyclopedic Dictionary of Electronics, by John Douglas-Young Phrack Publications The Legion of Doom/Hackers Technical Journal The Shockwave Rider, by John Brunner Understanding Telephone Electronics, Radio Shack Manual 62-1388 _______________________________________________________________________________