|
"An Interesting Diversion" By Lord Phreaker From: 2600 magazine, October 1985 ------------------------------------------------------------------------------- A diverter is a form of call forwarding. The phone phreak calls the customers office phone number after hours, and the call is "diverted" to the customers home. This sort of service is set up so the phone subscriber does not miss any important calls. But why would a phreak be interested? Well, often diverters leave a few seconds of the customers own dial tone as the customer hangs up. The intrepid phreak can use this brief window to dial out on the called party's dial tone, and, unfortunately, it will appear on the diverter subscriber's bill. HOW DIVERTERS ARE USED One merely calls the customer's office number after hours and waits for him to answer. Then he either apologizes for "dialing a wrong number" or merely remains silent so as to have the customer think it's merely a crank phone call. When the customer hangs up, he just waits for the few seconds of dial tone and then dials away. This would not be used as a primary means of calling as it is illegal and multiple wrong numbers can lead to suspicion, plus this method only works at night or after office hours. Diverters are mainly used for calls that cannot be made from extenders, International calling, or the calling of Alliance Teleconferencing (see 2600, May 1985) are common possibilities. Another thing to remember is that tracing results in the customer's phone number, so one can call up TRW or that DOD NORAD computer with less concern about being traced. Some technical problems arise when using diverters, so a word of warning is in order. Many alternate long distance services hang up when the called party hangs up, leaving one without a dial tone or even back at the extender's dial tone. This really depends on how the extender interfaces with the local phone network when it comes out of the long haul lines. MCI and ITT are known to do this frequently, but not all the time. Also, hanging on the line until "dial window" occurs doesn't work every time. Now the really paranoid phreaks wonder, "How am I sure that this is ending up on someone else's bill and not mine?" Well, no method is 100% sure, but one should try to recognize how a full disconnect sounds on the long distance service of his choice. The customer's hanging up will generate only one click, because most diversions are local, or relatively local as compared with long distance. Also, the customer hanging up won't result in winks - little beeps of 2600 hertz tones heard when an in-band trunk is hung up. The 2600 hertz tone returns to indicate the line is free, and the beginning burst of it is heard as it blows you off the line. Also, if there are different types of switching involved, the dial tone will sound radically different, especially between an ESS and a crossbar or step-by-step, as well as sounding "farther away". These techniques are good for undrstanding how phone systems work and will be useful for further exploration. The really paranoid should, at first, try to dial the local ANI (automatic number ifentifier) for the called area and listen to the number it reads off. Or one merely cals the operator and says, "This is repair service. Could you tell me what pair I am coming in on?" If she reads off the phreak's own number, he must try again. HOW TO FIND DIVERTERS And now a phreak must wonder, "How are these beasties found?" The best place to start is the local yellow pages. If one looks up the office numbers for psychiatrists, doctors, real estate agents, plumbers, dentists, or any professional who generally needs to be in constant contact with his customers or would be afraid of losin gbusiness while at home. Then one merely dials up all these numbers after 6:00 or so, and listens for multiple clicks while the call goes through. Since the call is local, multiple clicks should not be the norm. Then the phreak merely follows through with the procedure above, and waits for the window of vulnerability. OTHER FORMS OF DIVERTERS There are several other forms of diverters. Phreaks have known for years of recordings that leave a dial tone after "ending." One eof the more famous was the DoD Fraud Hotline's after hours recording, which finally ended, after multiple clicks and disconnects, at an Autovon dial tone. One common practice occurs when a company finds its PBX being heavily abused after hours. It puts in a recording saying that the company cannot be reached now. However, it often happens that after multiple disconnects one ends up with a dial tone inside the PBX, thus a code is not needed. Also, when dialing a company and talking (social engineering) with employees, one merely waits for them to hang up and often a second dial tone is revealed. 976 (dial-it) numbers have been known to do this as well. Answering services also suffer from this lack of security. A good phreak should learn never to hang up on a called party. He can never be sure what he is missing. The best phreaks are always the last to hang up the phone, and they will often wait on the line a few minutes until they are sure it's all over. One item of clarification - the recordings mentioned above are not the telco standard "The number you have dialed..." or the like. However, telco newslines have been known to suffer from diverter mis-disconnect. DANGERS OF DIVERTING So, nothing comes free. What are the dangers of diverting? Well, technically, one is committing toll fraud. However, a list of diverter numbers is just that, a list of phone numbers. Tracing is a distinct possibility but the average diverter victim does not have the technical knowledge to identify the problem. There has been at least one investigation of diverter fraud involving the FBI. However there were no arrests and the case was dropped. It seems that one prospective victim in Connecticut realized that he was being defrauded after receiving multiple phone calls demanding that he put up his diverter NOW so that a conference call could be made. He then complained to the FBI. However, these aware customers are few and far between, and if a phreak does not go to such radically obnoxious extremes, it is hard to be caught. Unless the same number is used to place many expensive calls.