The Official Phreaker's Manual
The Official Phreaker's Manual V1.1
Updated 2/14/87
Compiled, Wordprocessed, and Distributed by:
The Jammer
and
Jack the Ripper
Page 1
The Official Phreaker's Manual
Introduction
What precedes this introduction is what I have termed "The Official
Phreakers Manual", while it may not be. Many times I have been on a BBS, which
has files claiming to have summed up all the ways to phreak in the U.S. and
abroad, well those were pretty lame and a couple pages long. Now after many
relentless hours of work, I have done it. This is an informative file and the
authors of this and the authors from which I have gathered information, take
absolutely NO responsibility and are not liable for, under any circumstances
for damage, direct, indirect, incidental, or consequential.
Warning: Use of this material may shorten your life in the free world!
Ok enough of the bullshit, I readily admit that this is mainly a compilation
of available phreak material and public resources. What I have done is to
gather it all together and edit, compile, check for errors, put in a readable
form, and finally to write what I know without echoing what others have said.
I have set this up that it is good for all levels of phreaks, going from novice
to advanced, and references and tables for easy reference in the back.
This manual is constantly being updated! If you have any contributions or
corrections or comments, please leave messages to me (Jack the Ripper) on any
BBS's I am on (probably where you got it). Thanks!
Page 2
The Official Phreaker's Manual
**********************************************************************
Table of Contents
**********************************************************************
I....... 005 Chapter 1
I.1..... 006 Glossary of Phreaking terms
I.2..... 010 Glossary of Phreaking terms cont.
I.3..... 017 Boxes and Electronic Toll Fraud
I.4..... 020 How to be a Real Phreak
I.5..... 026 Basic Telecommunications I, A Phreaks guide
II...... 031 Chapter 2
II.1.... 033 Secrets of the Little Blue Box. Part 1
II.2.... 041 Secrets of the Little Blue Box. Part 2
II.3.... 050 Secrets of the Little Blue Box. Part 3
II.4.... 058 Secrets of the Little Blue Box. Part 4
II.5.... 062 The History of ESS
II.6.... 064 History of British Phreaking
II.7.... 067 Bad as Shit, an adventure story
III..... 069 Chapter 3
III.1... 070 Phreaking Cosmos
III.2... 072 Cosmos Revamped
III.3... 073 Telenet
III.4... 075 Phreaking AT&T Cards
III.5... 076 AT&T Forgery
III.6... 078 Dealing with Operators
III.7... 079 How to set up a Conference Call
III.8... 081 Fone tapping
III.9... 083 Fone tapping cont.
III.10.. 085 Tracing, how dangerous is it
III.11.. 086 How to avenge yourself
III.12.. 088 Interesting things to do on Step lines
III.13.. 089 Busted, An account of the Private Sector bust
IV...... 092 Chapter 4
IV.1.... 093 Basic Telecommunications II, Special #'s, Loops, Ani
IV.2.... 101 Basic Telecommunications III, Direct Dialing, International
IV.3.... 106 Basic Telecommunications IV, Telefone Hierarchy
IV.4.... 113 Basic Telecommunications V, Subscriber fone electronics
IV.5.... 120 Basic Telecommunications VI, Fortress fones
V....... 123 Chapter 5
V.1..... 124 Basic Telecommunications VII, Blue Boxing
V.2..... 132 Better Homes & Blue Boxing, Part 1
V.3..... 136 Better Homes & Blue Boxing, Part 2
V.4..... 141 Better Homes & Blue Boxing, Part 3
V.5..... 145 More on Blue Boxing by Fred Stienbeck
V.6..... 146 Verification, Remob, etc., Is it possible?
V.7..... 148 Equal Access and the American Dream, Another great article
V.8..... 160 Equal access and Autodialing Modems
V.9..... 161 ISDN, it will change telecommunications for ever
V.10.... 163 ISDN, an article from Proto
V.11.... 165 MCI Services what they are and how they are useful
Page 3
The Official Phreaker's Manual
**********************************************************************
Appendixes
**********************************************************************
Appendix I...... 170 Reference tables and access lists
Appendix I.1.... 171 Country Codes
Appendix I.2.... 173 Country Codes cont.
Appendix I.3.... 176 Country Codes cont.
Appendix I.4.... 181 Max Access ports (Dialups)
Appendix I.5.... 182 Metro Fone Access ports
Appendix I.6.... 183 Area Codes
Appendix I.7.... 185 Tac Dialups around the country
Appendix I.8.... 193 Test numbers around the country
Appendix I.9.... 196 What a TSPS operators console looks like
Appendix II..... 197 Box plans
Appendix II.1... 198 How to make an Infinity transmitter
Appendix II.2... 203 How to make a silver box
204 Protection Page
Page 4
The Official Phreaker's Manual
Chapter 1
Ok this chapter will cover the basic vocabulary of phreaking, it is a fairly
long list, though not totally complete. After the vocab, will be some of the
general rules for phreaking. Most of the rules are protection from the police
and AT&T, but others are grammatical rules. These are not as important to your
freedom, but many a phreak will think you are a twelve year old if you start
talking like, "Hey dudz!^$(&, just got the latest warez! trade u for some
soft/docs. Checkul8r". Well you get the point, here's your vocab list...
Page 5
The Official Phreaker's Manual
......................................................................
......................................................................
. The Bell Glossary - ..
. by ..
. /XX>ad X>arvin ..
......................................................................
......................................................................
ACD: Automatic Call Distributor - A system that automatically distributes calls
to operator pools (providing services such as intercept and directory
assistance), to airline ticket agents, etc.
Administration: The tasks of record-keeping, monitoring, rearranging,
prediction need for growth, etc.
AIS: Automatic Intercept System - A system employing an audio-response unit
under control of a processor to automatically provide pertinent info to callers
routed to intercept.
Alert: To indicate the existence of an incoming call, (ringing).
ANI: Automatic Number Identification - Often pronounced "Annie," a facility for
automatically identify the number of the calling party for charging purposes.
Appearance: A connection upon a network terminal, as in "the line has two
network appearances."
Attend: The operation of monitoring a line or an incoming trunk for off-hook or
seizure, respectively.
Audible: The subdued "image" of ringing transmitted to the calling party during
ringing; not derived from the actual ringing signal in later systems.
Backbone Route: The route made up of final-group trunks between end offices in
different regional center areas.
BHC: Busy Hour Calls - The number of calls placed in the busy hour.
Blocking: The ratio of unsuccessful to total attempts to use a facility;
expresses as a probability when computed a priority.
Blocking Network: A network that, under certain conditions, may be unable to
form a transmission path from one end of the network to the other. In general,
all networks used within the Bell Systems are of the blocking type.
Blue Box: Equipment used fraudulently to synthesize signals, gaining access to
the toll network for the placement of calls without charge.
BORSCHT Circuit: A name for the line circuit in the central office. It
functions as a mnemonic for the functions that must be performed by the
circuit: Battery, Overvoltage, Ringing, Supervision, Coding, Hybrid, and
Testing.
Busy Signal: (Called-line-busy) An audible signal which, in the Bell System,
comprises 480hz and 620hz interrupted at 60IPM.
Bylink: A special high-speed means used in crossbar equipment for routing calls
Page 6
The Official Phreaker's Manual
incoming from a step-by-step office. Trunks from such offices are often
referred to as "bylink" trunks even when incoming to noncrossbar offices; they
are more properly referred to as "dc incoming trunks." Such high-speed means
are necessary to assure that the first incoming pulse is not lost.
Cable Vault: The point which phone cable enters the Central Office building.
CAMA: Centralized Automatic Message Accounting - Pronounced like Alabama.
CCIS: Common Channel Interoffice Signaling - Signaling information for trunk
connections over a separate, nonspeech data link rather that over the trunks
themselves.
CCITT: International Telegraph and Telephone Consultative Committee- An
International committee that formulates plans and sets standards for
intercountry communication means.
CDO: Community Dial Office - A small usually rural office typically served by
step-by-step equipment.
CO: Central Office - Comprises a switching network and its control and support
equipment. Occasionally improperly used to mean "office code."
Centrex: A service comparable in features to PBX service but implemented with
some (Centrex CU) or all (Centrex CO) of the control in the central office. In
the later case, each station's loop connects to the central office.
Customer Loop: The wire pair connecting a customer's station to the central
office.
DDD: Direct Distance Dialing - Dialing without operator assistance over the
nationwide intertoll network.
Direct Trunk Group: A trunk group that is a direct connection between a given
originating and a given terminating office.
EOTT: End Office Toll Trunking - Trunking between end offices in different toll
center areas.
ESB: Emergency Service Bureau - A centralized agency to which 911 "universal"
emergency calls are routed.
ESS: Electronic Switching System - A generic term used to identify as a class,
stored-program switching systems such as the Bell System's No.1 No.2, No.3,
No.4, or No.5.
ETS: Electronic Translation Systems - An electronic replacement for the card
translator in 4A Crossbar systems. Makes use of the SPC 1A Processor.
False Start: An aborted dialing attempt.
Fast Busy: (often called reorder) - An audible busy signal interrupted at twice
the rate of the normal busy signal; sent to the originating station to indicate
that the call blocked due to busy equipment.
Final Trunk Group: The trunk group to which calls are routed when available
high-usage trunks overflow; these groups generally "home" on an office next
highest in the hierarchy.
Page 7
The Official Phreaker's Manual
Full Group: A trunk group that does not permit rerouting off-contingent foreign
traffic; there are seven such offices.
Glare: The situation that occurs when a two-way trunk is seized more or less
simultaneously at both ends.
High Usage Trunk Group: The appellation for a trunk group that has alternate
routes via other similar groups, and ultimately via a final trunk group to a
higher ranking office.
Intercept: The agency (usually an operator) to which calls are routed when made
to a line recently removed from a service, or in some other category requiring
another station, such as an Emergence Interrupt.
Junctor: A wire or circuit connection between networks in the same office. The
functional equivalent to an intraoffice trunk.
MF: Multifrequency - The method of signaling over a trunk making use of the
simultaneous application of two out of six possible frequencies.
NPA: Numbering Plan Area.
ONI: Operator Number Identification - The use of an operator in a CAMA office
to verbally obtain the calling number of a call originating in an office not
equipped with ANI.
PBX: Private Branch Exchange - (PABX: Private Automatic Branch Exchange) An
telephone office serving a private customer, Typically , access to the outside
telephone network is provided.
Permanent Signal: A sustained off-hook condition without activity (no dialing
or ringing or completed connection); such a condition tends to tie up
equipment, especially in earlier systems. Usually accidental, but sometimes
used intentionally by customers in high-crime-rate areas to thwart off
burglars.
POTS: Plain Old Telephone Service - Basic service with no extra "frills".
ROTL: Remote Office Test Line - A means for remotely testing trunks.
RTA: Remote Trunk Arrangement - An extension to the TSPS system permitting its
services to be provided up to 200 miles from the TSPS site.
SF: Single Frequency. A signaling method for trunks: 2600hz is impressed upon
idle trunks.
Supervise: To monitor the status of a call.
SxS: (Step-by-Step or Strowger switch) - An electromechanical office type
utilizing a gross-motion stepping switch as a combination network and
distributed control.
Talkoff: The phenomenon of accidental synthesis of a machine-intelligible
Page 8
The Official Phreaker's Manual
signal by human voice causing an unintended response. "whistling a tone".
Trunk: A path between central offices; in general 2-wire for interlocal, 4-wire
for intertoll.
TSPS: Traffic Service Position System - A system that provides, under stored-
program control, efficient operator assistance for toll calls. It does not
switch the customer, but provides a bridge connection to the operator.
X-bar: (Crossbar) - An electromechanical office type utilizing a "fine-motion"
coordinate switch and a multiplicity of central controls (called markers).
There are four varieties:
No.1 Crossbar: Used in large urban office application; (1938)
No 3 Crossbar: A small system started in (1974).
No.4A/4M Crossbar: A 4-wire toll machine; (1943).
No.5 Crossbar: A machine originally intended for relatively small
suburban applications; (1948)
Crossbar Tandem: A machine used for interlocal office switching.
Page 9
The Official Phreaker's Manual
============================================================
_ _ _______
| X/ | / _____/
|_||_|etal / /hop
__________/ /
/___________/
(314) 432-0756
Proudly Presents
The MCI Telecommunications Glossary
Part I Volume I (A - D)
Typed by Knight Lightning
============================================================
- A -
A & B LEADS: Designation of leads derived from the midpoints of the two 2-wire
pairs comprising a 4-wire circuit.
ABBREVIATED DIALING: The ability of a telephone user to reach frequently called
numbers by using less than seven digits. Synonym: Speed Dialing
ACCESS CHARGE: A fee paid for the use of local lines.
ACCESS CODE: A digit or number of digits required to be connected to a private
line arranged for dial access.
ACCESS LINE: A telephone circuit which connects a customer location to a
network switching center.
AIRLINE MILEAGE: Calculated point-to-point mileage between terminal
facilities.
ALL TRUNKS BUSY (ATB): A single tone interrupted at a 120 ipm (impulses per
minute) rate to indicate all lines or trunks in a routing group are busy.
ALTERNATE ROUTE: A secondary communications path used to reach a destination if
the primary path is unavailable.
ALTERNATE USE: The ability to switch communications facilities from one type of
service to another, i.e., voice to data, etc.
ALTERNATE VOICE DATA (AVD): A single transmission facility which can be used
for either voice or data.
AMERICAN STANDARD CODE
FOR INFORMATION INTERCHANGE
(ASCII): An 8 level code developed for the interchange of information between
data processing and communications systems.
ANALOG SIGNAL: A signal in the form of a continuous varying physical quantity,
e.g., voltage which reflects variations in some quantity, e.g., loudness in the
human voice.
Page 10
The Official Phreaker's Manual
ANNUNICATOR: An audible intercept device that states the condition or
restrictions associated with circuits or procedures.
ANSWER BACK: An electrical and/or visual indication to the calling or sending
end that the called or received station is on the line.
ANSWER SUPERVISION: An off-hook signal transmitted toward the calling end of a
switched connection when the called party answers.
AREA CODE: Synonym: Numbering Plan Area (NPA). A three digit number identifying
more than 150 geographic areas of the United States and Canada which permits
direct distance dialing on the telephone system. A similar global numbering
plan has been established for international subscriber dialing.
ATTENDANT POSITION: A telephone switchboard operator's position. It provides
either automatic (cordless) or manual (plug and jack) operator controls for
incoming and/or outgoing telephone calls.
ATTENUATION: A general term used to denote the decrease in power between that
transmitted and that received due to loss through equipment, lines, or other
transmission devices. It is usually expressed as a ration in db (decibel).
(B) ENTRANCE INTO THE DDD TOLL NETWORK MAY BE EFFECTED BY A PRETEXT CALL TO ANY
OTHER TOLL-FREE # SUCH AS UNIVERSAL DIRECTORY ASSISTANCE (555-1212) OR ANY # IN
THE INWATS NETWORK, EITHER INTER-STATE OR INTRA-STATE, WORKING OR NON-WORKING.
(C) ENTRANCE INTO THE DDD TOLL NETWORK MAY ALSO BE IN THE FORM OF "SHORT HAUL"
CALLING. A "SHORT HAUL" CALL IS A CALL TO ANY # WHICH WILL RESULT IN A LESSER
AMOUNT OF TOLL CHARGES THAN THE CHARGES FOR THE CALL TO BE COMPLETED BY THE
BLUE BOX. FOR EXAMPLE, A CALL TO BIRMINGHAM FROM ATLANTA MAY COST $.80 FOR THE
FIRST 3 MINUTES WHILE A CALL FROM ATLANTA TO LOS ANGELES IS $1.85 FOR 3
MINUTES. THUS, A SHORT HAUL, 3-MINUTE CALL TO BIRMINGHAM FROM ATLANTA, SWITCHED
BY USE OF A BLUE BOX TO LOS ANGELES, WOULD RESULT IN A NET FRAUD OF $2.65 FOR A
3 MINUTE CALL.
(D) A BLUE BOX MAY BE WIRED INTO THE TELEPHONE LINE OR ACOUSTICALLY CONNECTED
TO THE HANDSET. THE BLUE BOX MAY EVEN BE BUILT INSIDE A REGULAR TOUCH-TONE
PHONE, USING THE PHONE'S PUSH BUTTONS FOR THE BLUE BOX'S SIGNALLING TONES.
(E) A MAGNETIC TAPE RECORDING MAY BE USED TO RECORD THE BLUE BOX TONES
REPRESENTATIVE OF SPECIFIC PHONE #'S. SUCH A TAPE RECORDING COULD BE USED IN
LIEU OF
A BLUE BOX TO FRAUDULENTLY PLACE CALLS TO THE PHONE #'S RECORDED ON THE
MAGNETIC TAPE.
ALL BLUE BOXES, EXCEPT "DIAL PULSE" OR "ROTARY SF" BLUE BOXES, MUST HAVE
THE FOLLOWING 4 COMMON OPERATING CAPABILITIES:
(A) IT MUST HAVE SIGNALLING CAPABILITY IN THE FORM OF A 2600HZ TONE. THE TONE
IS USED BY THE TOLL NETWORK TO INDICATE, EITHER BY ITS PRESENCE OR ITS ABSENCE,
AN "ON HOOK" (IDLE) OR "OFF HOOK" (BUSY) CONDITION OF THE TRUNK.
(B) THE BLUE BOX MUST HAVE A "KP" TONES THAT UNLOCKS OR READIES THE
MULTI-FREQUENCY RECEIVER AT THE CALLED END TO RECEIVE THE TONES CORRESPONDING
TO THE CALLED PHONE #.
Page 18
The Official Phreaker's Manual
(C) THE TYPICAL BLUE BOX MUST BE ABLE TO EMIT MF TONES WHICH ARE USED TO
TRANSMIT PHONE #'S OVER THE TOLL NETWORK. EACH DIGIT OF A PHONE # IS
REPRESENTED BY A COMBINATION OF 2 TONES. FOR EXAMPLE, THE DIGIT 2 IS X-MITTED
BY A COMBINATION OF 700HZ AND 1100HZ.
(D) THE BLUE BOX MUST HAVE AN "ST" KEY WHICH CONSISTS OF A COMBINATION OF 2
TONES THAT TELL THE EQUIPMENT AT THE CALLED END THAT ALL DIGITS HAVE BEEN SENT
AND THAT THE EQUIPMENT SHOULD START SWITCHING THE CALL TO THE CALLED NUMBER.
THE "DIAL PULSER" OR "ROTARY SF" BLUE BOX REQUIRES ONLY A DIAL WITH A
SIGNALLING CAPABILITY TO PRODUCE A 2600HZ TONE.
*BLACK BOX*
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
THIS ETF DEVICE IS SO-NAMED BECAUSE OF THE COLOR OF THE FIRST ONE FOUND.
IT VARIES IN SIZE AND USUALLY HAS ONE OR TWO SWITCHES OR BUTTONS. ATTACHED TO
THE TELEPHONE LINE OF A CALLED PARTY, THE BLACK BOX PROVIDES TOLL-FREE CALLING
*TO* THAT PARTY'S LINE. A BLACK BOX USER INFORMS OTHER PERSONS BEFOREHAND THAT
THEY WILL NOT BE CHARGED FOR ANY CALL PLACED TO HIM. THE USER THEN OPERATES THE
DEVICE CAUSING A "NON-CHARGE" CONDITION ("NO ANSWER" OR "DISCONNECT") TO BE
RECORDED ON THE TELEPHONE COMPANY'S BILLING EQUIPMENT. A BLACK BOX IS
RELATIVELY SIMPLE TO CONSTRUCT AND IS MUCH LESS SOPHISTICATED THAN A BLUE BOX.
*CHEESE BOX*
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
ITS DESIGN MAY BE CRUDE OR VERY SOPHISTICATED. ITS SIZE VARIES; ONE WAS FOUND
THE SIZE OF A HALF-DOLLAR. A CHEESE BOX IS USED MOST OFTEN BY BOOKMAKERS OR
BETTERS TO PLACE WAGERS WITHOUT DETECTION FROM A REMOTE LOCATION. THE DEVICE
INTER-CONNECTS 2 PHONE LINES, EACH HAVING DIFFERENT #'S BUT EACH TERMINATING AT
THE SAME LOCATION. IN EFFECT, THERE ARE 2 PHONES AT THE SAME LOCATION WHICH ARE
LINKED TOGETHER THROUGH A CHEESE BOX. IT IS USUALLY FOUND IN AN UNOCCUPIED
APARTMENT CONNECTED TO A PHONE JACK OR CONNECTING BLOCK. THE BOOKMAKER, AT SOME
REMOTE LOCATION, DIALS ONE OF THE NUMBERS AND STAYS ON THE LINE. VARIOUS
BETTORS DIAL THE OTHER NUMBER BUT ARE AUTOMATICALLY CONNECTED WITH THE
BOOKMAKER BY MEANS OF THE CHEESE BOX INTER-CONNECTION. IF, IN ADDITION TO A
CHEESE BOX, A BLACK BOX IS INCLUDED IN THE ARRANGEMENT, THE COMBINED EQUIPMENT
WOULD PERMIT TOLL-FREE CALLING ON EITHER LINE TO THE OTHER LINE. IF A POLICE
RAID WERE CONDUCTED AT THE TERMINATING POINT OF THE CONVERSATIONS -THE LOCATION
OF THE CHEESE BOX- THERE WOULD BE NO EVIDENCE OF GAMBLING ACTIVITY. THIS DEVICE
IS SOMETIMES DIFFICULT TO IDENTIFY. LAW ENFORCEMENT OFFICIALS HAVE BEEN ADVISED
THAT WHEN UNUSUAL DEVICES ARE FOUND ASSOCIATED WITH TELEPHONE CONNECTIONS THE
PHONE COMPANY SECURITY REPRESENTATIVES SHOULD BE CONTACTED TO ASSIST IN
IDENTIFICATION. (THIS PROBABLY WOULD BE GOOD FOR A BBS , ESPECIALLY WITH THE
BLACK BOX SET UP. AND IF YOU EVER DECIDED TO TAKE THE BOARD DOWN, YOU WOULDN'T
HAVE TO CHANGE YOUR PHONE #. IT ALSO MAKES IT SO YOU YOURSELF CANNOT BE TRACED.
I AM NOT SURE ABOUT CALLING OUT FROM ONE THOUGH)
*RED BOX*
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
THIS DEVICE IT COUPLED ACOUSTICALLY TO THE HANDSET TRANSMITTER OF A
SINGLE-SLOT COIN TELEPHONE. THE DEVICE EMITS SIGNALS IDENTICAL TO THOSE TONES
EMITTED WHEN COINS ARE DEPOSITED. THUS, LOCAL OR TOLL CALLS MAY BE PLACED
WITHOUT THE ACTUAL DEPOSIT OF COINS.
Page 19
The Official Phreaker's Manual
/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/
/-/ /-/
/-/ Phreaker's /-/
/-/ PhunHouse /-/
/-/ /-/
/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/
/-/ By: /-/
/-/ The Traveler /-/
/-/ /-/
/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/
/-/ /-/
/-/ Call: /-/
/-/ Brainstorm BBS /-/
/-/ 612/345-2815 (300/1200) /-/
/-/ /-/
/-/ Little America /-/
/-/ 507/289-8211 (300) /-/
/-/ /-/
/-/ Tell 'em Traveler sent ya /-/
/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/
The long awaited prequil to Phreaker's Guide has finally arrived. Conceived
from the boredom and loneliness that could only be derived from: The Traveler!
But now, he has returned in full strength (after a small vacation) and is here
to 'World Premiere' the new files everywhere.
Stay cool. This is the prequil to the first one, so just relax. This is not
made to be an exclusive ultra elite file, so kinda calm down and watch in the
background if you are too cool for it...
/-/ Phreak Dictionary /-/
Here you will find some of the basic but necessary terms that should be known
by any phreak who wants to be respected at all...
Phreak [fr'eek]:1. The action of using mischevious and mostly illegal ways
in order to not pay for some sort of telecommunications bill, order, transfer,
or other service. It often involves usage of highly illegal boxes and machines
in order to defeat the security that is set up to avoid this sort of
happening.
[fr'eaking]. v. 2. A person who uses the above methods of destruction and
chaos in order to make a better life for all. A true phreaker will not not go
against his fellows or narc on people who have ragged on him or do anything
termed to be dishonorable to phreaks.
[fr'eek]. n. 3. A certain code or dialup useful in the action of being a
phreak. (Example: "I hacked a new metro phreak last night.")
Switching System
[Swich'ing sis'tem]: 1. There are 3 main switching systems currently employed
in the US, and a few other systems will be mentioned as background.
A) SxS: This system was invented in 1918 and was employed in over half of the
country until 1978. It is a very basic system that is a general waste of energy
and hard work on the linesman. A good way to identify this is that it requires
a coin in the phone booth before it will give you a dial tone, or that no call
waiting, call forwarding, or any other such service is available. Stands for:
Step by Step
B) XB: This switching system was first employed in 1978 in order to take care
of most of the faults of SxS switching. Not only is it more efficient, but it
Page 20
The Official Phreaker's Manual
also can support different services in various forms. XB1 is Crossbar Version
1. That is very limited and is hard to distinguish from SxS except by direct
view of the wiring involved. Next up was XB4, Crossbar Version 4. With this
system, some of the basic things like DTMF that were not available with SxS can
be accomplished. For the final stroke of XB, XB5 was created. This is a service
that can allow DTMF plus most 800 type services (which were not always
available...) Stands for: Crossbar.
C) ESS: A nightmare in telecom. In vivid color, ESS is a pretty bad thing to
have to stand up to. It is quite simple to identify. Dialing 911 for
emergencies, and ANI [see ANI below] are the most common facets of the dread
system. ESS has the capability to list in a person's caller log what number was
called, how long the call took, and even the status of the conversation (modem
or otherwise.) Since ESS has been employed, which has been very recently, it
has gone through many kinds of revisions. The latest system to date is ESS 11a,
that is employed in Washington D.C. for security reasons. ESS is truly trouble
for any phreak, because it is 'smarter' than the other systems. For instance,
if on your caller log they saw 50 calls to 1-800-421-9438, they would be able
to do a CN/A [see Loopholes below] on your number and determine whether you are
subscribed to that service or not. This makes most calls a hazard, because
although 800 numbers appear to be free, they are recorded on your caller log
and then right before you receive your bill it deletes the billings for them.
But before that they are open to inspection, which is one reason why extended
use of any code is dangerous under ESS. Some of the boxes [see Boxing below]
are unable to function in ESS. It is generally a menace to the true phreak.
Stands For: Electronic Switching System. because they could appear on a filter
somewhere or maybe it is just nice to know them any ways.
A) SSS: Strowger Switching System. First non-operator system
available.
B) WES: Western Electronics Switching. Used about 40 years ago
with some minor places out west.
Boxing [Boks'-ing]: 1) The use of personally designed boxes that emit or
cancel electronical impulses that allow simpler acting while phreaking. Through
the use of separate boxes, you can accomplish most feats possible with or
without the control of an operator.
2) Some boxes and their functions are listed below. Ones
marked with '*' indicate that they are not operatable in ESS.
*Black Box: Makes it seem to the phone company that the phone was never
picked up.
Blue Box: Emits a 2600hz tone that allows you to do such things as stack
a trunk line, kick the operator off line, and others.
Red Box: Simulates the noise of a quarter, nickel, or dime being
dropped into a payphone.
Cheese Box: Turns your home phone into a pay phone to throw off traces (a
red box is usually needed in order to call out.)
*Clear Box: Gives you a dial tone on some of the old SxS payphones without
putting in a coin.
into phone lines and extract by eavesdropping, or crossing wires, etc.
Purple Box: Makes all calls made out from your house seem to be local
calls.
ANI [ANI]: 1) Automatic Number Identification. A service available on ESS
that allows a phone service [see Dialups below] to record the number that any
certain code was dialed from along with the number that was called and print
Page 21
The Official Phreaker's Manual
both of these on the customer bill. 950 dialups [see Dialups below] are all
designed just to use ANI. Some of the services do not have the proper equipment
to read the ANI impulses yet, but it is impossible to see which is which
without being busted or not busted first.
Dialups
[dy'l'ups]: 1) Any local or 800 extended outlet that allows instant access to
any service such as MCI, Sprint, or AT&T that from there can be used by
handpicking or using a program to reveal other peoples codes which can then be
used moderately until they find out about it and you must switch to another
code (preferably before they find out about it.)
2) Dialups are extremely common on both senses. Some dialups
reveal the company that operates them as soon as you hear the tone. Others are
much harder and some you may never be able to identify. A small list of
dialups:
1-800-421-9438 (5 digit codes)
1-800-547-6754 (6 digit codes)
1-800-345-0008 (6 digit codes)
1-800-734-3478 (6 digit codes)
1-800-222-2255 (5 digit codes)
3) Codes: Codes are very easily accessed procedures when you call
a dialup. They will give you some sort of tone. If the tone does not end in 3
seconds, then punch in the code and immediately following the code, the number
you are dialing but strike the '1' in the beginning out first. If the tone does
end, then punch in the code when the tone ends. Then, it will give you another
tone. Punch in the number you are dialing, or a '9'. If you punch in a '9' and
the tone stops, then you messed up a little. If you punch in a tone and the
tone continues, then simply dial then number you are calling without the '1'.
4) All codes are not universal. The only type that I know of that
is truly universal is Metrophone. Almost every major city has a local Metro
dialup (for Philadelphia, (215)351-0100/0126) and since the codes are
universal, almost every phreak has used them once or twice. They do not employ
ANI in any outlets that I know of, so feel free to check through your books and
call 555-1212 or, as a more devious manor, subscribe yourself. Then, never use
your own code. That way, if they check up on you due to your caller log, they
can usually find out that you are subscribed. Not only that but you could set a
phreak hacker around that area and just let it hack away, since they usually
group them, and, as a bonus, you will have their local dialup.
5) 950's. They seem like a perfectly cool phreakers dream. They
are free from your house, from payphones, from everywhere, and they host all of
the major long distance companies (950-1044 , 950-1077 , 950-1088
, 950-1033 .) Well, they aren't. They were designed for
ANI. That is the point, end of discussion.
A phreak dictionary. If you remember all of the things contained on that file
up there, you may have a better chance of doing whatever it is you do. This
next section is maybe a little more interesting...
Blue Box Plans:
---------------
These are some blue box plans, but first, be warned, there have been 2600hz
tone detectors out on operator trunk lines since XB4. The idea behind it is to
use a 2600hz tone for a few very naughty functions that can really make your
day lighten up. But first, here are the plans, or the heart of the file:
==============================================
700 : 1 : 2 : 4 : 7 : 11 :
900 : + : 3 : 5 : 8 : 12 :
Page 22
The Official Phreaker's Manual
1100 : + : + : 6 : 9 : KP :
1300 : + : + : + : 10 : KP2 :
1500 : + : + : + : + : ST :
: 700 : 900 :1100 :1300 :1500 :
==============================================
Stop! Before you diehard users start piecing those little tone tidbits
together, there is a simpler method. If you have an Apple-Cat with a program
like Cat's Meow IV, then you can generate the necessary tones, the 2600hz tone,
the KP tone, the KP2 tone, and the ST tone through the dial section. So if you
have that I will assume you can boot it up and it works, and I'll do you the
favor of telling you and the other users what to do with the blue box now that
you have somehow constructed it.
The connection to an operator is one of the most well known and used ways of
having fun with your blue box. You simply dial a TSPS (Traffic Service
Positioning Station, or the operator you get when you dial '0') and blow a
2600hz tone through the line. Watch out! Do not dial this direct! After you
have done that, it is quite simple to have fun with it. Blow a KP tone to start
a call, a ST tone to stop it, and a 2600hz tone to hang up. Once you have
connected to it, here are some fun numbers to call with it:
0-700-456-1000 Teleconference (free, because you are the operator!)
(Area code)-101 Toll Switching
(Area code)-121 Local Operator (hehe)
(Area code)-131 Information
(Area code)-141 Rate & Route
(Area code)-181 Coin Refund Operator
(Area code)-11511 Conference operator (when you dial 800-544-6363)
Well, those were the tone matrix controllers for the blue box and some other
helpful stuff to help you to start out with. But those are only the functions
with the operator. There are other k-fun things you can do with it...
More advanced Blue Box Stuff:
Oops. Small mistake up there. I forgot tone lengths. Um, you blow a tone
pair out for up to 1/10 of a second with another 1/10 second for silence
between the digits. KP tones should be sent for 2/10 of a second. One way to
confuse the 2600hz traps is to send pink noise over the channel (for all of you
that have decent BSR equalizers, there is major pink noise in there...)
Using the operator functions is the use of the 'inward' trunk line. That is
working it from the inside. From the 'outward' trunk, you can do such things as
make emergency breakthrough calls, tap into lines, busy all of the lines in any
trunk (called 'stacking'), enable or disable the TSPS's, and for some 4a
systems you can even re-route calls to anywhere.
All right. The one thing that every complete phreak guide should not be
without is blue box plans, since they were once a vital part of phreaking.
Another thing that every complete file needs is a complete listing of all of
the 800 numbers around so you can have some more fun.
/-/ 800 Dialup Listings /-/
1-800-345-0008 (6) 1-800-547-6754 (6)
1-800-245-4890 (4) 1-800-327-9136 (4)
1-800-526-5305 (8) 1-800-858-9000 (3)
1-800-437-9895 (7) 1-800-245-7508 (5)
1-800-343-1844 (4) 1-800-322-1415 (6)
1-800-437-3478 (6) 1-800-325-7222 (6)
Page 23
The Official Phreaker's Manual
All right, set Cat Hacker 1.0 on those numbers and have a fuck of a day. That
is enough with 800 codes, by the time this gets around to you I dunno what
state those codes will be in, but try them all out anyways and see what you
get. On some 800 services now, they have an operator who will answer and ask
you for your code, and then your name. Some will switch back and forth between
voice and tone verification, you can never be quite sure which you will be up
against.
Armed with this knowledge you should be having a pretty good time phreaking
now. But class isn't over yet, there are still a couple important rules that
you should know. If you hear continual clicking on the line, then you should
assume that an operator is messing with something, maybe even listening in on
you. It is a good idea to call someone back when the phone starts doing that.
If you were using a code, use a different code and/or service to call him
back.
A good way to detect if a code has gone bad or not is to listen when the
number has been dialed. If the code is bad you will probably hear the phone
ringing more clearly and more quickly than if you were using a different code.
If someone answers voice to it then you can immediately assume that it is an
operative for whatever company you are using. The famed '311311' code for Metro
is one of those. You would have to be quite stupid to actually respond, because
whoever you ask for the operator will always say 'He's not in right now, can I
have him call you back?' and then they will ask for your name and phone number.
Some of the more sophisticated companies will actually give you a carrier on a
line that is supposed to give you a carrier and then just have garbage flow
across the screen like it would with a bad connection. That is a feeble effort
to make you think that the code is still working and maybe get you to dial
someone's voice... a good test for the carrier trick is to dial a number that
will give you a carrier that you have never dialed with that code before, that
will allow you to determine whether the code is good or not.
For our next section, a lighter look at some of the things that a phreak
should not be without. A vocabulary. A few months ago, it was a quite strange
world for the modem people out there. But now, a phreaker's vocabulary is
essential if you wanna make a good impression on people when you post what you
know about certain subjects.
/-/ Vocabulary /-/
- Do not misspell except certain exceptions:
phone -> fone
freak -> phreak
- Never substitute 'z's for 's's. (i.e. codez -> codes)
- Never leave many characters after a post (i.e. Hey Dudes!#!@#@!#!@)
- NEVER use the 'k' prefix (k-kool, k-rad, k-whatever)
- Do not abbreviate. (I got lotsa wares w/ docs)
- Never substitute '0' for 'o' (r0dent, l0zer).
- Forget about ye old upper case, it looks ruggyish.
All right, that was to relieve the tension of what is being drilled into your
minds at the moment.. now, however, back to the teaching course. Here are some
things you should know about phones and billings for phones, etc.
LATA: Local Access Transference Area. Some people who live in large cities or
areas may be plagued by this problem. For instance, let's say you live in the
215 area code under the 542 prefix (Ambler, Fort Washington). If you went to
dial in a basic Metro code from that area, for instance, 351-0100, that might
not be counted under unlimited local calling because it is out of your LATA.
For some LATA's, you have to dial a '1' without the area code before you can
dial the phone number. That could prove a hassle for us all if you didn't
Page 24
The Official Phreaker's Manual
realize you would be billed for that sort of call. In that way, sometimes, it
is better to be safe than sorry and phreak.
The Caller Log: In ESS regions, for every household around, the phone company
has something on you called a Caller Log. This shows every single number that
you dialed, and things can be arranged so it showed every number that was
calling to you. That's one main disadvantage of ESS, it is mostly computerized
so a number scan could be done like that quite easily. Using a dialup is an
easy way to screw that, and is something worth remembering. Anyways, with the
caller log, they check up and see what you dialed. Hmm... you dialed 15
different 800 numbers that month. Soon they find that you are subscribed to
none of those companies. But that is not the only thing. Most people would
imagine "But wait! 800 numbers don't show up on my phone bill!". To those
people, it is a nice thought, but 800 numbers are picked up on the caller log
until right before they are sent off to you. So they can check right up on you
before they send it away and can note the fact that you fucked up slightly and
called one too many 800 lines.
Right now, after all of that, you should have a pretty good idea of how to grow
up as a good phreak. Follow these guidelines, don't show off, and don't take
unnecessary risks when phreaking or hacking.
File Level:5
/-/ Credits /-/
To The Videosmith- for setting me straight on some shit.
To The Linesman- for telling me to upload it to his AE line.
To Modern Mutant- for making me into a phreaking freak.
To Jack the Nibbler- for the basis of the blue box plans.
By using your new k-koool (hehe) phreaking knowledge, call a couple of these
BBS's around the country:
/---------------------------------X
| Bulletin Board List |
| --------------------- |
| 215/844-8836 |
| 7 Cities of Gold (3/12) 10megs |
| 307/382-4006 |
| Brainstorm BBS (3/12) |
| 612/345-2815 |
| Metal Shop (3/12) |
| 314/432-0756 |
X---------------------------------/
Stay free! And watch out soon for Deep Thought, somewhere in 215, that will be
a nice BBS that Ace of Spades and I will run. You will be the first to find out
about it, trust me...
Later,
The Traveler
Zer0-g
--
=-GRAHAM-JOHN BULLERS=-=AB756@FREENET.TORONTO.ON.CA=-=ALT.2600.MODERATED-=
Lord grant me the serenity to accept the things I cannot change.The courage
to change the things I can.And the wisdom to hide the bodies of the people
=-=-=-=-=-=-=-=-=I had to kill because they pissed me off=-=-=-=-=-=-=-=-=-=
Page 25
The Official Phreaker's Manual
************ << BIOC AGENT 003'S COURSE IN >> ************
* *
* $%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$ *
* %$ BASIC TELECOMMUNICATIONS $% *
* $%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$ *
* PART I *
* *
**********************************************************
HOW TO BE A REAL PHREAK
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
IN THE PHONE PHREAK SOCIETY THERE ARE CERTAIN VALUES THAT EXIST IN ORDER TO
BE A TRUE PHREAK, THESE ARE BEST SUMMED UP BY THE MAGICIAN:
"MANY PEOPLE THINK OF PHONE PHREAKS AS SLIME, OUT TO RIP OFF BELL FOR
ALL SHE IS WORTH. NOTHING COULD BE FURTHER FROM THE TRUTH! GRANTED, THERE ARE
SOME WHO GET THEIR KICKS BY MAKING FREE CALLS; HOWEVER, THEY ARE NOT TRUE PHONE
PHREAKS. REAL PHONE PHREAKS ARE 'TELECOMMUNICATIONS HOBBYISTS' WHO EXPERIMENT,
PLAY WITH AND LEARN FROM THE PHONE SYSTEM. OCCASIONALLY THIS EXPERIMENTING, AND
A NEED TO COMMUNICATE WITH OTHER PHREAKS ( WITH-OUT GOING BROKE), LEADS TO FREE
CALLS. THE FREE CALLS ARE BUT A SMALL SUBSET OF A TRUE PHONE PHREAKS
ACTIVITIES."
THE PHONE PHREAK'S TEN COMMANDMENTS
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
REPRINTED FROM TAP ISSUE #86. (TAP, ROOM 603, 147 W 42 STREET, NEW YORK, NY
10036) SEND A SASE FOR THEIR INFO SHEET AND TELL THEM THAT BIOC AGENT 003 TOLD
YOU ABOUT IT.)
I. BOX THOU NOT OVER THINE HOME TELEPHONE WIRES, FOR THOSE WHO DOEST MUST
SURELY BRING THE WRATH OF THE CHIEF SPECIAL AGENT DOWN UPON THY HEADS.
II. SPEAKEST THOU NOT OF IMPORTANT MATTERS OVER THINE HOME TELEPHONE WIRES,
FOR TO DO SO IS TO RISK THINE RIGHT OF FREEDOM.
III. USE NOT THINE OWN NAME WHEN SPEAKING TO OTHER PHREAKS, FOR THAT EVERY
THIRD PHREAK IS AN FBI AGENT IS WELL KNOWN.
IV. LET NOT OVERLY MANY PEOPLE KNOW THAT THY BE A PHREAK, AS TO DO SO IS TO
USE THINE OWN SELF AS A SACRIFICIAL LAMB.
V. IF THOU BE IN SCHOOL, STRIVE TO GET THIN SELF GOOD GRADES, FOR THE
AUTHORITIES WELL KNOW THAT SCHOLARS NEVER BREAK THE LAW.
VI. IF THOU WORKEST, TRY TO BE A EMPLOYEE, AND IMPRESSEST THINE BOSS WITH
THINE ENTHUSIASM, FOR IMPORTANT EMPLOYEES ARE OFTEN SAVED BY THEIR OWN BOSSES.
VII. STOREST THOU NOT THINE STOLEN GOODS IN THINE OWN HOME, FOR THOSE WHO DO
ARE SURELY NON-BELIEVERS IN THE BELL SYSTEM SECURITY FORCES, AND ARE NOT LONG
FOR THIS WORLD.
VIII. ATTRACTEST THOU NOT THE ATTENTION OF THE AUTHORITIES, AS THE LESS
NOTICEABLE THOU ART, THE BETTER.
Page 26
The Official Phreaker's Manual
IX. MAKEST SURE THINE FRIENDS ARE INSTANT AMNESIACS AND WILL NOT REMEMBER
THAT THOU HAVE CALLED ILLEGALLY, FOR THEIR COOPERATION WITH THE AUTHORITIES
WILL SURELY LESSEN THINE TIME FOR FREEDOM ON THIS EARTH.
X. SUPPORTEST THOU TAP, AS IT IS THINE NEWSLETTER, AND WITHOUT IT, THY WORK
WILL BE FAR MORE LIMITED.
CN/A NUMBERS
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
CUSTOMER NAME & ADDRESS BUREAUS EXIST SO THAT AUTHORIZED BELL EMPLOYEES MAY
OBTAIN THE NAME & ADDRESS OF ANY CUSTOMER IN THE BELL SYSTEM BY GIVING THE CN/A
OPERATOR THE CUSTOMER'S TEL-#. ALL CUSTOMERS ARE MAINTAINED ON FILE INCLUDING
UNLISTED #'S. THESE BUREAUS HAVE MANY USES FOR PHREAKS.
HERE IS HOW AN EMPLOYEE MIGHT GO ABOUT CALLING CN/A:
"HI, THIS IS JOHN DOE FROM THE MIAMI RESIDENTIAL SERVICE CENTER, CAN I HAVE THE
CUSTOMERS NAME AT (123) 555-1212."
THE EMPLOYEES USUALLY USE THESE FOR CHECKING WHO BELONGS TO A # THAT
SOMEONE CLAIMED THEY DIDN'T CALL.IF YOU SOUND CHEERY AND NATURAL THE OPERATOR
WILL NEVER ASK ANY QUESTIONS. IF YOU DON'T SOUND LIKE A MATURE ADULT, DON'T US
--
=-GRAHAM-JOHN BULLERS=-=AB756@FREENET.TORONTO.ON.CA=-=ALT.2600.MODERATED-=
Lord grant me the serenity to accept the things I cannot change.The courage
to change the things I can.And the wisdom to hide the bodies of the people
=-=-=-=-=-=-=-=-=I had to kill because they pissed me off=-=-=-=-=-=-=-=-=-=
Page 50
The Official Phreaker's Manual
we've been trying to run some tests on your loop-arounds and we find'em busied
out on both sides.... Yeah, we've been getting a 'BY' on them, what d'ya say,
can you drop cards on 'em? Do you have 08 on your number group? Oh that's
okay, we've had this trouble before, we may have to go after the circuit. Here
lemme give 'em to you: your frame is 05, vertical group 03, horizontal 5,
vertical file 3. Yeah, we'll hang on here.... Okay, found it? Good. Right,
yeah, we'd like to clear that busy out. Right. All you have to do is look for
your key on the mounting plate, it's in your miscellaneous trunk frame. Okay?
Right. Now pull your key from NOR over the LCT. Yeah. I don't know why that
happened, but we've been having trouble with that one. Okay. Thanks a lot
fella. Be seein' ya."
Randy hangs up, reports that the switchman was a little inexperienced with the
loop-around circuits on the miscellaneous trunk frame, but that the loop has
been returned to its free-call status.
Delighted, phone phreak Ed returns the pair of numbers to the active-status
column in his directory. Ed is a superb and painstaking researcher. With
almost Talmudic thoroughness he will trace tendrils of hints through soft-wired
mazes of intervening phone-company circuitry back through complex linkages of
switching relays to find the location and identity of just one toll-free loop.
He spends hours and hours, every day, doing this sort of thing. He has somehow
compiled a directory of eight hundred "Band-six in-WATS numbers" located in
over forty states. Band-six in-WATS numbers are the big 800 numbers -- the
ones that can be dialed into free from anywhere in the country.
Ed the researcher, a nineteen-year-old engineering student, is also a superb
technician. He put together his own working blue box from scratch at age
seventeen. (He is sighted.) This evening after distributing the latest issue
of his in-WATS directory (which has been typed into Braille for the blind phone
phreaks), he announces he has made a major new breakthrough:
"I finally tested it and it works, perfectly. I've got this switching matrix
which converts any touch-tone phone into an M-F-er."
The tones you hear in touch-tone phones are not the M-F tones that operate the
long-distance switching system. Phone phreaks believe A.T.&T. had deliberately
equipped touch tones with a different set of frequencies to avoid putting the
six master M-F tones in the hands of every touch-tone owner. Ed's complex
switching matrix puts the six master tones, in effect put a blue box, in the
hands of every touch-tone owner.
Ed shows me pages of schematics, specifications and parts lists. "It's not easy
to build, but everything here is in the Heathkit catalog."
Ed asks Ralph what progress he has made in his attempts to reestablish a
long-term open conference line for phone phreaks. The last big conference --
the historic "2111" conference -- had been arranged through an unused Telex
test-board trunk somewhere in the innards of a 4A switching machine in
Vancouver, Canada. For months phone phreaks could M-F their way into
Vancouver, beep out 604 (the Vancouver area code) and then beep out 2111 (the
internal phone-company code for Telex testing), and find themselves at any
time, day or night, on an open wire talking with an array of phone phreaks from
coast to coast, operators from Bermuda, Tokyo and London who are phone-phreak
sympathizers, and miscellaneous guests and technical experts. The conference
was a massive exchange of information. Phone phreaks picked each other's
brains clean, then developed new ways to pick the phone company's brains clean.
Ralph gave M F Boogies concerts with his home-entertainment-type electric
Page 51
The Official Phreaker's Manual
organ, Captain Crunch demonstrated his round-the-world prowess with his
notorious computerized unit and dropped leering hints of the "action" he was
getting with his girl friends. (The Captain lives out or pretends to live out
several kinds of fantasies to the gossipy delight of the blind phone phreaks
who urge him on to further triumphs on behalf of all of them.) The somewhat
rowdy Northwest phone-phreak crowd let their bitter internal feud spill over
into the peaceable conference line, escalating shortly into guerrilla warfare;
Carl the East Coast international tone relations expert demonstrated newly
opened direct M-F routes to central offices on the island of Bahrein in the
Persian Gulf, introduced a new phone-phreak friend of his in Pretoria, and
explained the technical operation of the new Oakland-to Vietnam linkages.
(Many phone phreaks pick up spending money by M-F-ing calls from relatives to
Vietnam G.I.'s, charging $5 for a whole hour of trans-Pacific conversation.)
Day and night the conference line was never dead. Blind phone phreaks all over
the country, lonely and isolated in homes filled with active sighted brothers
and sisters, or trapped with slow and unimaginative blind kids in straitjacket
schools for the blind, knew that no matter how late it got they could dial up
the conference and find instant electronic communion with two or three other
blind kids awake over on the other side of America. Talking together on a
phone hookup, the blind phone phreaks say, is not much different from being
there together. Physically, there was nothing more than a two-inch-square wafer
of titanium inside a vast machine on Vancouver Island. For the blind kids
>there< meant an exhilarating feeling of being in touch, through a kind of
skill and magic which was peculiarly their own.
Last April 1, however, the long Vancouver Conference was shut off. The phone
phreaks knew it was coming. Vancouver was in the process of converting from a
step-by-step system to a 4A machine and the 2111 Telex circuit was to be wiped
out in the process. The phone phreaks learned the actual day on which the
conference would be erased about a week ahead of time over the phone company's
internal-news-and-shop-talk recording.
For the next frantic seven days every phone phreak in America was on and off
the 2111 conference twenty-four hours a day. Phone phreaks who were just
learning the game or didn't have M-F capability were boosted up to the
conference by more experienced phreaks so they could get a glimpse of what it
was like before it disappeared. Top phone phreaks searched distant area codes
for new conference possibilities without success. Finally in the early morning
of April 1, the end came.
"I could feel it coming a couple hours before midnight," Ralph remembers. "You
could feel something going on in the lines. Some static began showing up, then
some whistling wheezing sound. Then there were breaks. Some people got cut
off and called right back in, but after a while some people were finding they
were cut off and couldn't get back in at all. It was terrible. I lost it
about one a.m., but managed to slip in again and stay on until the thing
died... I think it was about four in the morning. There were four of us still
hanging on when the conference disappeared into nowhere for good. We all tried
to M-F up to it again of course, but we got silent termination. There was
nothing there."
The Legendary Mark Bernay Turns Out To Be "The Midnight Skulker"
Mark Bernay. I had come across that name before. It was on Gilbertson's
select list of phone phreaks. The California phone phreaks had spoken of a
mysterious Mark Bernay as perhaps the first and oldest phone phreak on the West
Coast. And in fact almost every phone phreak in the West can trace his origins
Page 52
The Official Phreaker's Manual
either directly to Mark Bernay or to a disciple of Mark Bernay.
It seems that five years ago this Mark Bernay (a pseudonym he chose for
himself) began traveling up and down the West Coast pasting tiny stickers in
phone books all along his way. The stickers read something like "Want to hear
an interesting tape recording? Call these numbers." The numbers that followed
were toll-free loop-around pairs. When one of the curious called one of the
numbers he would hear a tape recording pre-hooked into the loop by Bernay which
explained the use of loop-around pairs, gave the numbers of several more, and
ended by telling the caller, "At six o'clock tonight this recording will stop
and you and your friends can try it out. Have fun."
"I was disappointed by the response at first," Bernay told me, when I finally
reached him at one of his many numbers and he had dispensed with the usual "I
never do anything illegal" formalities which experienced phone phreaks open
most conversations.
"I went all over the coast with these stickers not only on pay phones, but I'd
throw them in front of high schools in the middle of the night, I'd leave them
unobtrusively in candy stores, scatter them on main streets of small towns. At
first hardly anyone bothered to try it out. I would listen in for hours and
hours after six o'clock and no one came on. I couldn't figure out why people
wouldn't be interested. Finally these two girls in Oregon tried it out and
told all their friends and suddenly it began to spread."
Before his Johny Appleseed trip Bernay had already gathered a sizable group of
early pre-blue-box phone phreaks together on loop-arounds in Los Angeles.
Bernay does not claim credit for the original discovery of the loop-around
numbers. He attributes the discovery to an eighteen-year-old reform school kid
in Long Beach whose name he forgets and who, he says, "just disappeared one
day." When Bernay himself discovered loop-arounds independently, from clues in
his readings in old issues of the Automatic Electric Technical Journal, he
found dozens of the reform-school kid's friends already using them. However, it
was one of Bernay's disciples in Seattle that introduced phone phreaking to
blind kids. The Seattle kid who learned about loops through Bernay's recording
told a blind friend, the blind kid taught the secret to his friends at a winter
camp for blind kids in Los Angeles. When the camp session was over these kids
took the secret back to towns all over the West. This is how the original
blind kids became phone phreaks. For them, for most phone phreaks in general,
it was the discovery of the possibilities of loop-arounds which led them on to
far more serious and sophisticated phone-phreak methods, and which gave them a
medium for sharing their discoveries.
A year later a blind kid who moved back east brought the technique to a blind
kids' summer camp in Vermont, which spread it along the East Coast. All from a
Mark Bernay sticker.
Bernay, who is nearly thirty years old now, got his start when he was fifteen
and his family moved into an L.A. suburb serviced by General Telephone and
Electronics equipment. He became fascinated with the differences between Bell
and G.T.&E. equipment. He learned he could make interesting things happen by
carefully timed clicks with the disengage button. He learned to interpret
subtle differences in the array of clicks, whirrs and kachinks he could hear on
his lines. He learned he could shift himself around the switching relays of
the L.A. area code in a not-too-predictable fashion by interspersing his own
hook-switch clicks with the clicks within the line. (Independent phone
companies -- there are nineteen hundred of them still left, most of them tiny
island principalities in Ma Bell's vast empire -- have always been favorites
Page 53
The Official Phreaker's Manual
with phone phreaks, first as learning tools, then as Archimedes platforms from
which to manipulate the huge Bell system. A phone phreak in Bell territory
will often M-F himself into an independent's switching system, with switching
idiosyncrasies which can give him marvelous leverage over the Bell System.
"I have a real affection for Automatic Electric Equipment," Bernay told me.
"There are a lot of things you can play with. Things break down in interesting
ways."
Shortly after Bernay graduated from college (with a double major in chemistry
and philosophy), he graduated from phreaking around with G.T.&E. to the Bell
System itself, and made his legendary sticker-pasting journey north along the
coast, settling finally in Northwest Pacific Bell territory. He discovered
that if Bell does not break down as interestingly as G.T.&E., it nevertheless
offers a lot of "things to play with."
Bernay learned to play with blue boxes. He established his own personal
switchboard and phone-phreak research laboratory complex. He continued his
phone-phreak evangelism with ongoing sticker campaigns. He set up two recording
numbers, one with instructions for beginning phone phreaks, the other with
latest news and technical developments (along with some advanced instruction)
gathered from sources all over the country.
These days, Bernay told me, he had gone beyond phone-phreaking itself. "Lately
I've been enjoying playing with computers more than playing with phones. My
personal thing in computers is just like with phones, I guess -- the kick is in
finding out how to beat the system, how to get at things I'm not supposed to
know about, how to do things with the system that I'm not supposed to be able
to do."
As a matter of fact, Bernay told me, he had just been fired from his
computer-programming job for doing things he was not supposed to be able to do.
he had been working with a huge time-sharing computer owned by a large
corporation but shared by many others. Access to the computer was limited to
those programmers and corporations that had been assigned certain passwords.
And each password restricted its user to access to only the one section of the
computer cordoned off from its own information storager. The password system
prevented companies and individuals from stealing each other's information.
"I figured out how to write a program that would let me read everyone else's
password," Bernay reports. "I began playing around with passwords. I began
letting the people who used the computer know, in subtle ways, that I knew
their passwords. I began dropping notes to the computer supervisors with hints
that I knew what I know. I signed them 'The Midnight Skulker.' I kept getting
cleverer and cleverer with my messages and devising ways of showing them what I
could do. I'm sure they couldn't imagine I could do the things I was showing
them. But they never responded to me. Every once in a while they'd change the
passwords, but I found out how to discover what the new ones were, and I let
them know. But they never responded directly to the Midnight Skulker. I even
finally designed a program which they could use to prevent my program from
finding out what it did. In effect I told them how to wipe me out, The
Midnight Skulker. It was a very clever program. I started leaving clues about
myself. I wanted them to try and use it and then try to come up with something
to get around that and reappear again. But they wouldn't play. I wanted to
get caught. I mean I didn't want to get caught personally, but I wanted them
to notice me and admit that they noticed me. I wanted them to attempt to
respond, maybe in some interesting way."
Page 54
The Official Phreaker's Manual
Finally the computer managers became concerned enough about the threat of
information-stealing to respond. However, instead of using The Midnight
Skulker's own elegant self-destruct program, they called in their security
personnel, interrogated everyone, found an informer to identify Bernay as The
Midnight Skulker, and fired him.
"At first the security people advised the company to hire me full-time to
search out other flaws and discover other computer freaks. I might have liked
that. But I probably would have turned into a double double agent rather than
the double agent they wanted. I might have resurrected The Midnight Skulker
and tried to catch myself. Who knows? Anyway, the higher-ups turned the whole
idea down."
You Can Tap the F.B.I.'s Crime Control Computer in the Comfort of Your Own
Home, Perhaps
Computer freaking may be the wave of the future. It suits the phone-phreak
sensibility perfectly. Gilbertson, the blue-box inventor and a lifelong phone
phreak, has also gone on from phone-phreaking to computer-freaking. Before he
got into the blue-box business Gilbertson, who is a highly skilled programmer,
devised programs for international currency arbitrage.
But he began playing with computers in earnest when he learned he could use his
blue box in tandem with the computer terminal installed in his apartment by the
instrumentation firm he worked for. The print-out terminal and keyboard was
equipped with acoustical coupling, so that by coupling his little ivory
Princess phone to the terminal and then coupling his blue box on that, he could
M-F his way into other computers with complete anonymity, and without charge;
program and re-program them at will; feed them false or misleading information;
tap and steal from them. He explained to me that he taps computers by busying
out all the lines, then going into a verification trunk, listening into the
passwords and instructions one of the time sharers uses, and them M-F-ing in
and imitating them. He believes it would not be impossible to creep into the
F.B.I's crime control computer through a local police computer terminal and
phreak around with the F.B.I.'s memory banks. He claims he has succeeded in
re-programming a certain huge institutional computer in such a way that it has
cordoned off an entire section of its circuitry for his personal use, and at
the same time conceals that arrangement from anyone else's notice. I have been
unable to verify this claim.
Like Captain Crunch, like Alexander Graham Bell (pseudonym of a
disgruntled-looking East Coast engineer who claims to have invented the black
box and now sells black and blue boxes to gamblers and radical heavies), like
most phone phreaks, Gilbertson began his career trying to rip off pay phones as
a teenager. Figure them out, then rip them off. Getting his dime back from
the pay phone is the phone phreak's first thrilling rite of passage. After
learning the usual eighteen different ways of getting his dime back, Gilbertson
learned how to make master keys to coin-phone cash boxes, and get everyone
else's dimes back. He stole some phone-company equipment and put together his
own home switchboard with it. He learned to make a simple "bread-box" device,
of the kind used by bookies in the Thirties (bookie gives a number to his
betting clients; the phone with that number is installed in some widow lady's
apartment, but is rigged to ring in the bookie's shop across town, cops trace
big betting number and find nothing but the widow).
Not long after that afternoon in 1968 when, deep in the stacks of an
engineering library, he came across a technical journal with the phone tone
frequencies and rushed off to make his first blue box, not long after that
Page 55
The Official Phreaker's Manual
Gilbertson abandoned a very promising career in physical chemistry and began
selling blue boxes for $1,500 apiece.
"I had to leave physical chemistry. I just ran out of interesting things to
learn," he told me one evening. We had been talking in the apartment of the
man who served as the link between Gilbertson and the syndicate in arranging
the big $300,000 blue-box deal which fell through because of legal trouble.
There has been some smoking.
"No more interesting things to learn," he continues. "Physical chemistry turns
out to be a sick subject when you take it to its highest level. I don't know.
I don't think I could explain to you how it's sick. You have to be there. But
you get, I don't know, a false feeling of omnipotence. I suppose it's like
phone-phreaking that way. This huge thing is there. This whole system. And
there are holes in it and you slip into them like Alice and you're pretending
you're doing something you're actually not, or at least it's no longer you
that's doing what you thought you were doing. It's all Lewis Carroll.
Physical chemistry and phone-phreaking. That's why you have these phone-phreak
pseudonyms like The Cheshire Cat, the Red King, and The Snark. But there's
something about phone-phreaking that you don't find in physical chemistry." He
looks up at me:
"Did you ever steal anything?"
"Then you know! You know the rush you get. It's not just knowledge, like
physical chemistry. It's forbidden knowledge. You know. You can learn about
anything under the sun and be bored to death with it. But the idea that it's
illegal. Look: you can be small and mobile and smart and you're ripping off
somebody large and powerful and very dangerous."
People like Gilbertson and Alexander Graham Bell are always talking about
ripping off the phone company and screwing Ma Bell. But if they were shown a
single button and told that by pushing it they could turn the entire circuitry
of A.T.&T. into molten puddles, they probably wouldn't push it. The
disgruntled-inventor phone phreak needs the phone system the way the lapsed
Catholic needs the Church, the way Satan needs a God, the way The Midnight
Skulker needed, more than anything else, response.
Later that evening Gilbertson finished telling me how delighted he was at the
flood of blue boxes spreading throughout the country, how delighted he was to
know that "this time they're really screwed." He suddenly shifted gears.
"Of course. I do have this love/hate thing about Ma Bell. In a way I almost
like the phone company. I guess I'd be very sad if they were to disintegrate.
In a way it's just that after having been so good they turn out to have these
things wrong with them. It's those flaws that allow me to get in and mess with
them, but I don't know. There's something about it that gets to you and makes
you want to get to it, you know."
I ask him what happens when he runs out of interesting, forbidden things to
learn about the phone system.
"I don't know, maybe I'd go to work for them for a while."
"In security even?"
Page 56
The Official Phreaker's Manual
"I'd do it, sure. I just as soon play -- I'd just as soon work on either
side."
"Even figuring out how to trap phone phreaks? I said, recalling Mark Bernay's
game."
"Yes, that might be interesting. Yes, I could figure out how to outwit the
phone phreaks. Of course if I got too good at it, it might become boring
again. Then I'd have to hope the phone phreaks got much better and outsmarted
me for a while. That would move the quality of the game up one level. I might
even have to help them out, you know, 'Well, kids, I wouldn't want this to get
around but did you ever think of -- ?' I could keep it going at higher and
higher levels forever."
The dealer speaks up for the first time. He has been staring at the soft
blinking patterns of light and colors on the translucent tiled wall facing him.
(Actually there are no patterns: the color and illumination of every tile is
determined by a computerized random-number generator designed by Gilbertson
which insures that there can be no meaning to any sequence of events in the
tiles.)
"Those are nice games you're talking about," says the dealer to his friend.
"But I wouldn't mind seeing them screwed. A telephone isn't private anymore.
You can't say anything you really want to say on a telephone or you have to go
through that paranoid bullshit. 'Is it cool to talk on the phone?' I mean,
even if it is cool, if you have to ask 'Is it cool,' then it isn't cool. You
know. 'Is it cool,' then it isn't cool. You know. Like those blind kids,
people are going to start putting together their own private telephone
companies if they want to really talk. And you know what else. You don't hear
silences on the phone anymore. They've got this time-sharing thing on
long-distance lines where you make a pause and they snip out that piece of time
and use it to carry part of somebody else's conversation. Instead of a pause,
where somebody's maybe breathing or sighing, you get this blank hole and you
only start hearing again when someone says a word and even the beginning of the
word is clipped off. Silences don't count -- you're paying for them, but they
take them away from you. It's not cool to talk and you can't hear someone when
they don't talk. What the hell good is the phone? I wouldn't mind seeing them
totally screwed."
+-- End third file of four --+
Page 57
The Official Phreaker's Manual
***** The AAG Proudly Presents The AAG Proudly Presents *****
* *
* +----------------------------------------------+ *
* *
* Secrets of the Little Blue Box *
* *
* by Ron Rosenbaum *
* Typed by One Farad Cap/AAG *
* *
* -A story so incredible it may even make you *
* feel sorry for the phone company- *
* *
* (Fourth of four files) *
* *
* +----------------------------------------------+ *
* *
***** The AAG Proudly Presents The AAG Proudly Presents *****
The Big Memphis Bust
Joe Engressia never wanted to screw Ma Bell. His dream had always been to work
for her.
The day I visited Joe in his small apartment on Union Avenue in Memphis, he was
upset about another setback in his application for a telephone job.
"They're stalling on it. I got a letter today telling me they'd have to
postpone the interview I requested again. My landlord read it for me. They
gave me some runaround about wanting papers on my rehabilitation status but I
think there's something else going on."
When I switched on the 40-watt bulb in Joe's room -- he sometimes forgets when
he has guests -- it looked as if there was enough telephone hardware to start a
small phone company of his own.
There is one phone on top of his desk, one phone sitting in an open drawer
beneath the desk top. Next to the desk-top phone is a cigar-box-size M-F
device with big toggle switches, and next to that is some kind of switching and
coupling device with jacks and alligator plugs hanging loose. Next to that is
a Braille typewriter. On the floor next to the desk, lying upside down like a
dead tortoise, is the half-gutted body of an old black standard phone. Across
the room on a torn and dusty couch are two more phones, one of them a
touch-tone model; two tape recorders; a heap of phone patches and cassettes,
and a life-size toy telephone.
Our conversation is interrupted every ten minutes by phone phreaks from all
over the country ringing Joe on just about every piece of equipment but the toy
phone and the Braille typewriter. One fourteen-year-old blind kid from
Connecticut calls up and tells Joe he's got a girl friend. He wants to talk to
Joe about girl friends. Joe says they'll talk later in the evening when they
can be alone on the line. Joe draws a deep breath, whistles him off the air
with an earsplitting 2600-cycle whistle. Joe is pleased to get the calls but he
looked worried and preoccupied that evening, his brow constantly furrowed over
his dark wandering eyes. In addition to the phone-company stall, he has just
learned that his apartment house is due to be demolished in sixty days for
urban renewal. For all its shabbiness, the Union Avenue apartment house has
been Joe's first home-of-his-own and he's worried that he may not find another
before this one is demolished.
Page 58
The Official Phreaker's Manual
But what really bothers Joe is that switchmen haven't been listening to him.
"I've been doing some checking on 800 numbers lately, and I've discovered that
certain 800 numbers in New Hampshire couldn't be reached from Missouri and
Kansas. Now it may sound like a small thing, but I don't like to see sloppy
work; it makes me feel bad about the lines. So I've been calling up switching
offices and reporting it, but they haven't corrected it. I called them up for
the third time today and instead of checking they just got mad. Well, that
gets me mad. I mean, I do try to help them. There's something about them I
can't understand -- you want to help them and they just try to say you're
defrauding them."
It is Sunday evening and Joe invites me to join him for dinner at a Holiday
Inn. Frequently on Sunday evening Joe takes some of his welfare money, calls a
cab, and treats himself to a steak dinner at one of Memphis' thirteen Holiday
Inns. (Memphis is the headquarters of Holiday Inn. Holiday Inns have been a
favorite for Joe ever since he made his first solo phone trip to a Bell
switching office in Jacksonville, Florida, and stayed in the Holiday Inn there.
He likes to stay at Holiday Inns, he explains, because they represent freedom
to him and because the rooms are arranged the same all over the country so he
knows that any Holiday Inn room is familiar territory to him. Just like any
telephone.)
Over steaks in the Pinnacle Restaurant of the Holiday Inn Medical Center on
Madison Avenue in Memphis, Joe tells me the highlights of his life as a phone
phreak.
At age seven, Joe learned his first phone trick. A mean baby-sitter, tired of
listening to little Joe play with the phone as he always did, constantly, put a
lock on the phone dial. "I got so mad. When there's a phone sitting there and
I can't use it... so I started getting mad and banging the receiver up and
down. I noticed I banged it once and it dialed one. Well, then I tried
banging it twice...." In a few minutes Joe learned how to dial by pressing the
hook switch at the right time. "I was so excited I remember going 'whoo whoo'
and beat a box down on the floor."
At age eight Joe learned about whistling. "I was listening to some intercept
non working-number recording in L.A.- I was calling L.A. as far back as that,
but I'd mainly dial non working numbers because there was no charge, and I'd
listen to these recordings all day. Well, I was whistling 'cause listening to
these recordings can be boring after a while even if they are from L.A., and
all of a sudden, in the middle of whistling, the recording clicked off. I
fiddled around whistling some more, and the same thing happened. So I called
up the switch room and said, 'I'm Joe. I'm eight years old and I want to know
why when I whistle this tune the line clicks off.' He tried to explain it to
me, but it was a little too technical at the time. I went on learning. That
was a thing nobody was going to stop me from doing. The phones were my life,
and I was going to pay any price to keep on learning. I knew I could go to
jail. But I had to do what I had to do to keep on learning."
The phone is ringing when we walk back into Joe's apartment on Union Avenue.
It is Captain Crunch. The Captain has been following me around by phone,
calling up everywhere I go with additional bits of advice and explanation for
me and whatever phone phreak I happen to be visiting. This time the Captain
reports he is calling from what he describes as "my hideaway high up in the
Sierra Nevada." He pulses out lusty salvos of M-F and tells Joe he is about to
"go out and get a little action tonight. Do some phreaking of another kind, if
you know what I mean." Joe chuckles.
Page 59
The Official Phreaker's Manual
The Captain then tells me to make sure I understand that what he told me about
tying up the nation's phone lines was true, but that he and the phone phreaks
he knew never used the technique for sabotage. They only learned the technique
to help the phone company.
"We do a lot of troubleshooting for them. Like this New Hampshire/Missouri
WATS-line flaw I've been screaming about. We help them more than they know."
After we say good-bye to the Captain and Joe whistles him off the line, Joe
tells me about a disturbing dream he had the night before: "I had been caught
and they were taking me to a prison. It was a long trip. They were taking me
to a prison a long long way away. And we stopped at a Holiday Inn and it was
my last night ever using the phone and I was crying and crying, and the lady at
the Holiday Inn said, 'Gosh, honey, you should never be sad at a Holiday Inn.
You should always be happy here. Especially since it's your last night.' And
that just made it worse and I was sobbing so much I couldn't stand it."
Two weeks after I left Joe Engressia's apartment, phone-company security agents
and Memphis police broke into it. Armed with a warrant, which they left pinned
to a wall, they confiscated every piece of equipment in the room, including his
toy telephone. Joe was placed under arrest and taken to the city jail where he
was forced to spend the night since he had no money and knew no one in Memphis
to call.
It is not clear who told Joe what that night, but someone told him that the
phone company had an open-and-shut case against him because of revelations of
illegal activity he had made to a phone-company undercover agent.
By morning Joe had become convinced that the reporter from Esquire, with whom
he had spoken two weeks ago, was the undercover agent. He probably had ugly
thoughts about someone he couldn't see gaining his confidence, listening to him
talk about his personal obsessions and dreams, while planning all the while to
lock him up.
"I really thought he was a reporter," Engressia told the Memphis Press-Seminar.
"I told him everything...." Feeling betrayed, Joe proceeded to confess
everything to the press and police.
As it turns out, the phone company did use an undercover agent to trap Joe,
although it was not the Esquire reporter.
Ironically, security agents were alerted and began to compile a case against
Joe because of one of his acts of love for the system: Joe had called an
internal service department to report that he had located a group of defective
long-distance trunks, and to complain again about the New Hampshire/Missouri
WATS problem. Joe always liked Ma Bell's lines to be clean and responsive. A
suspicious switchman reported Joe to the security agents who discovered that
Joe had never had a long-distance call charged to his name.
Then the security agents learned that Joe was planning one of his phone trips
to a local switching office. The security people planted one of their agents
in the switching office. He posed as a student switchman and followed Joe
around on a tour. He was extremely friendly and helpful to Joe, leading him
around the office by the arm. When the tour was over he offered Joe a ride back
to his apartment house. On the way he asked Joe -- one tech man to another --
about "those blue boxers" he'd heard about. Joe talked about them freely,
talked about his blue box freely, and about all the other things he could do
Page 60
The Official Phreaker's Manual
with the phones.
The next day the phone-company security agents slapped a monitoring tape on
Joe's line, which eventually picked up an illegal call. Then they applied for
the search warrant and broke in.
In court Joe pleaded not guilty to possession of a blue box and theft of
service. A sympathetic judge reduced the charges to malicious mischief and
found him guilty on that count, sentenced him to two thirty-day sentences to be
served concurrently and then suspended the sentence on condition that Joe
promise never to play with phones again. Joe promised, but the phone company
refused to restore his service. For two weeks after the trial Joe could not be
reached except through the pay phone at his apartment house, and the landlord
screened all calls for him.
Phone-phreak Carl managed to get through to Joe after the trial, and reported
that Joe sounded crushed by the whole affair.
"What I'm worried about," Carl told me, "is that Joe means it this time. The
promise. That he'll never phone-phreak again. That's what he told me, that
he's given up phone-phreaking for good. I mean his entire life. He says he
knows they're going to be watching him so closely for the rest of his life
he'll never be able to make a move without going straight to jail. He sounded
very broken up by the whole experience of being in jail. It was awful to hear
him talk that way. I don't know. I hope maybe he had to sound that way. Over
the phone, you know."
He reports that the entire phone-phreak underground is up in arms over the
phone company's treatment of Joe. "All the while Joe had his hopes pinned on
his application for a phone-company job, they were stringing him along getting
ready to bust him. That gets me mad. Joe spent most of his time helping them
out. The bastards. They think they can use him as an example. All of sudden
they're harassing us on the coast. Agents are jumping up on our lines. They
just busted ------'s mute yesterday and ripped out his lines. But no matter
what Joe does, I don't think we're going to take this lying down."
Two weeks later my phone rings and about eight phone phreaks in succession say
hello from about eight different places in the country, among them Carl, Ed,
and Captain Crunch. A nationwide phone-phreak conference line has been
reestablished through a switching machine in --------, with the cooperation of
a disgruntled switchman.
"We have a special guest with us today," Carl tells me.
The next voice I hear is Joe's. He reports happily that he has just moved to a
place called Millington, Tennessee, fifteen miles outside of Memphis, where he
has been hired as a telephone-set repairman by a small independent phone
company. Someday he hopes to be an equipment troubleshooter.
"It's the kind of job I dreamed about. They found out about me from the
publicity surrounding the trial. Maybe Ma Bell did me a favor busting me.
I'll have telephones in my hands all day long."
"You know the expression, 'Don't get mad, get even'?" phone-phreak Carl asked
me. "Well, I think they're going to be very sorry about what they did to Joe
and what they're trying to do to us."
+-- End fourth file of four --+
Page 61
The Official Phreaker's Manual
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$ $
$ THE HISTORY OF ESS $
$ --- ------- -- --- $
$ $
$ $
$ Another original phile by: $
$ $
$ $
$$$$$$$$$$$$-=>Lex Luthor<=-$$$$$$$$$$$
$ $
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
Of all the new 1960s wonders of telephone technology - satellites, ultra
modern Traffic Service Positions (TSPS) for operators, the picturephone, and so
on - the one that gave Bell Labs the most trouble, and unexpectedly became the
greatest development effort in Bell System's history, was the perfection of an
electronic switching system, or ESS.
It may be recalled that such a system was the specific end in view when the
project that had culminated in the invention of the transistor had been
launched back in the 1930s. After successful accomplishment of that planned
miracle in 1947-48, further delays were brought about by financial stringency
and the need for further development of the transistor itself. In the early
1950s, a Labs team began serious work on electronic switching. As early as
1955, Western Electric became involved when five engineers from the Hawthorne
works were assigned to collaborate with the Labs on the project. The president
of AT&T in 1956, wrote confidently, "At Bell Labs, development of the new
electronic switching system is going full speed ahead. We are sure this will
lead to many improvements in service and also to greater efficiency. The first
service trial will start in Morris, Ill., in 1959." Shortly thereafter, Kappel
said that the cost of the whole project would probably be $45 million.
But it gradually became apparent that the development of a commercially
usable electronic switching system -in effect, a computerized telephone
exchange - presented vastly greater technical problems than had been
anticipated, and that, accordingly, Bell Labs had vastly underestimated both
the time and the investment needed to do the job. The year 1959 passed without
the promised first trial at Morris, Illinois; it was finally made in November
1960, and quickly showed how much more work remained to be done. As time
dragged on and costs mounted, there was a concern at AT&T and some-thing
approaching panic at Bell Labs. But the project had to go forward; by this
time the investment was too great to be sacrificed, and in any case, forward
projections of increased demand for telephone service indicated that within a
phew years a time would come when, without the quantum leap in speed and
flexibility that electronic switching would provide, the national network would
be unable to meet the demand. In November 1963, an all-electronic switching
system went into use at the Brown Engineering Company at Cocoa Beach, Florida.
But this was a small installation, essentially another test installation,
serving only a single company. Kappel's tone on the subject in the 1964 annual
report was, for him, an almost apologetic: "Electronic switching equipment must
be manufactured in volume to unprecedented standards of reliability.... To turn
out the equipment economically and with good speed, mass production methods
must be developed; but, at the same time, there can be no loss of precision..."
Another year and millions of dollars later, on May 30, 1965, the first
commercial electric central office was put into service at Succasunna, New
Jersey.
Page 62
The Official Phreaker's Manual
Even at Succasunna, only 200 of the town's 4,300 subscribers initially had
the benefit of electronic switching's added speed and additional services, such
as provision for three party conversations and automatic transfer of incoming
calls. But after that, ESS was on its way. In January 1966, the second
commercial installation, this one serving 2,900 telephones, went into service
in Chase, Maryland. By the end of 1967 there were additional ESS offices in
California, Connecticut, Minnesota, Georgia, New York, Florida, and
Pennsylvania; by the end of 1970 there were 120 offices serving 1.8 million
customers; and by 1974 there were 475 offices serving 5.6 million customers.
The difference between conventional switching and electronic switching is
the difference between "hardware" and "software"; in the former case,
maintenance is done on the spot, with screwdriver and pliers, while in the case
of electronic switching, it can be done remotely, by computer, from a central
point, making it possible to have only one or two technicians on duty at a time
at each switching center.
The development program, when the final figures were added up, was found to
have required a staggering four thousand man-years of work at Bell Labs and to
have cost not $45 million but $500 million!
Page 63
The Official Phreaker's Manual
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$ $
$ THE HISTORY OF BRITISH PHREAKING $
$ -=- -=-=-=- -- -=-=-=- -=-=-=-=- $
$ $
$ THE SECOND IN A SERIES OF $
$ THE HISTORY OF.....PHILES $
$ $
$ WRITTEN AND UPLOADED BY: $
$ $
$$$$$$$$$$$$-=>LEX LUTHOR<=-$$$$$$$$$$$
$ AND $
$ THE LEGION OF DOOM! $
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
NOTE: THE BRITISH POST OFFICE, IS THE U.S. EQUIVALENT OF MA BELL.
IN BRITAIN, PHREAKING GOES BACK TO THE EARLY FIFTIES, WHEN THE TECHNIQUE OF
'TOLL A DROP BACK' WAS DISCOVERED. TOLL A WAS AN EXCHANGE NEAR ST. PAULS
WHICH ROUTED CALLS BETWEEN LONDON AND NEARBY NON-LONDON EXCHANGES. THE TRICK
WAS TO DIAL AN UNALLOCATED NUMBER, AND THEN DEPRESS THE RECEIVER-REST FOR 1/2
SECOND. THIS FLASHING INITIATED THE 'CLEAR FORWARD' SIGNAL, LEAVING THE CALLER
WITH AN OPEN LINE INTO THE TOLL A EXCHANGE.THE COULD THEN DIAL 018, WHICH
FORWARDED HIM TO THE TRUNK EXCHANGE AT THAT TIME, THE FIRST LONG DISTANCE
EXCHANGE IN BRITAIN AND FOLLOW IT WITH THE CODE FOR THE DISTANT EXCHANGE TO
WHICH HE WOULD BE CONNECTED AT NO EXTRA CHARGE.
THE SIGNALS NEEDED TO CONTROL THE UK NETWORK TODAY WERE PUBLISHED IN THE
"INSTITUTION OF POST OFFICE ENGINEERS JOURNAL" AND REPRINTED IN THE SUNDAY
TIMES (15 OCT. 1972).
THE SIGNALLING SYSTEM THEY USE: SIGNALLING SYSTEM NO. 3 USES PAIRS OF
FREQUENCIES SELECTED FROM 6 TONES SEPARATED BY 120HZ. WITH THAT INFO, THE
PHREAKS MADE "BLEEPERS" OR AS THEY ARE CALLED HERE IN THE U.S. "BLUE BOX", BUT
THEY DO UTILIZE DIFFERENT MF TONES THEN THE U.S., THUS, YOUR U.S. BLUE BOX
THAT YOU SMUGGLED INTO THE UK WILL NOT WORK, UNLESS YOU CHANGE THE
FREQUENCIES.
IN THE EARLY SEVENTIES, A SIMPLER SYSTEM BASED ON DIFFERENT NUMBERS OF PULSES
WITH THE SAME FREQUENCY (2280HZ) WAS USED. FOR MORE INFO ON THAT, TRY TO GET A
HOLD OF: ATKINSON'S "TELEPHONY AND SYSTEMS TECHNOLOGY".
IN THE EARLY DAYS OF BRITISH PHREAKING, THE CAMBRIDGE UNIVERSITY TITAN
COMPUTER WAS USED TO RECORD AND CIRCULATE NUMBERS FOUND BY THE EXHAUSTIVE
DIALING OF LOCAL NETWORKS. THESE NUMBERS WERE USED TO CREATE A CHAIN OF LINKS
FROM LOCAL EXCHANGE TO LOCAL EXCHANGE ACROSS THE COUNTRY, BYPASSING THE TRUNK
CIRCUITS. BECAUSE THE INTERNAL ROUTING CODES IN THE UK NETWORK ARE NOT THE
SAME AS THOSE DIALED BY THE CALLER, THE PHREAKS HAD TO DISCOVER THEM BY 'PROBE
AND LISTEN' TECHNIQUES OR MORE COMMONLY KNOWN IN THE U.S.-- SCANNING. WHAT
THEY DID WAS PUT IN LIKELY SIGNALS AND LISTENED TO FIND OUT IF THEY SUCCEEDED.
THE RESULTS OF SCANNING WERE CIRCULATED TO OTHER PHREAKS. DISCOVERING EACH
OTHER TOOK TIME AT FIRST, BUT EVENTUALLY THE PHREAKS BECAME ORGANIZED. THE
"TAP" OF BRITAIN WAS CALLED "UNDERCURRENTS" WHICH ENABLED BRITISH PHREAKS TO
SHARE THE INFO ON NEW NUMBERS, EQUIPMENT ETC.
TO UNDERSTAND WHAT THE BRITISH BRITISH PHREAKS DID, THINK OF THE PHONE
NETWORK IN THREE LAYERS OF LINES: LOCAL, TRUNK, AND INTERNATIONAL.#IN THE UK,
SUBSCRIBER TRUNK DIALING (STD), IS THE MECHANISM WHICH TAKES A CALL FROM THE
Page 64
The Official Phreaker's Manual
LOCAL LINES AND (LEGITIMATELY) ELEVATES IT TO A TRUNK OR INTERNATIONAL
LEVEL.#THE UK PHREAKS FIGURED THAT A CALL AT TRUNK LEVEL CAN BE ROUTED THROUGH
ANY NUMBER OF EXCHANGES, PROVIDED THAT THE RIGHT ROUTING CODES WERE FOUND AND
USED CORRECTLY. THEY ALSO HAD TO DISCOVER HOW TO GET FROM LOCAL TO TRUNK LEVEL
EITHER WITHOUT BEING CHARGED (WHICH THEY DID WITH A BLEEPER BOX) OR WITHOUT
USING (STD). CHAINING HAS ALREADY BEEN MENTIONED BUT IT REQUIRES LONG STRINGS
OF DIGITS AND SPEECH GETS MORE AND MORE FAINT AS THE CHAIN GROWS, JUST LIKE IT
DOES WHEN YOU STACK TRUNKS BACK AND FORTH ACROSS THE U.S.#THE WAY THE SECURITY
REPS SNAGGED THE PHREAKS WAS TO PUT A SIMPLE 'PRINTERMETER' OR AS WE CALL IT:
A PEN REGISTER ON THE SUSPECTS LINE, WHICH SHOWS EVERY DIGIT DIALED FROM THE
SUBSCRIBERS LINE.
THE BRITISH PREFER TO GET ONTO THE TRUNKS RATHER THAN CHAINING. ONE WAY WAS
TO DISCOVER WHERE LOCAL CALLS USE THE TRUNKS BETWEEN NEIGHBORING EXCHANGES,
START A CALL AND STAY ON THE TRUNK INSTEAD OF RETURNING TO THE LOCAL LEVEL ON
REACHING THE DISTANT SWITCH. THIS AGAIN REQUIRED EXHAUSTIVE DIALING AND MADE
MORE WORK FOR TITAN; IT ALSO REVEALED 'FIDDLES', WHICH WERE INSERTED BY POST
OFFICE ENGINEERS.
WHAT FIDDLING MEANS IS THAT THE ENGINEERS REWIRED THE EXCHANGES FOR THEIR OWN
BENEFIT. THE EQUIPMENT IS MODIFIED TO GIVE ACCESS TO A TRUNK WITH OUT BEING
CHARGED, AN OPERATION WHICH IS PRETTY EASY IN STEP BY STEP (SXS)
ELECTROMECHANICAL EXCHANGES, WHICH WERE INSTALLED IN BRITAIN EVEN IN THE 1970S
(NOTE: I KNOW OF A BACK DOOR INTO THE CANADIAN SYSTEM ON A 4A CO., SO IF YOU
ARE ON SXS OR A 4A, TRY SCANNING 3 DIGIT EXCHANGES, IE: DIAL 999,998,997
ETC.#AND LISTEN FOR THE BEEP-KERCHINK, IF THERE ARE NO 3 DIGIT CODES WHICH
ALLOW DIRECT ACCESS TO A TANDEM IN YOUR LOCAL EXCHANGE AND BYPASSES THE AMA SO
YOU WON'T BE BILLED, NOT HAVE TO BLAST 2600 EVERY TIME YOU WISH TO BOX A CALL.
A FAMOUS BRITISH 'FIDDLER' REVEALED IN THE EARLY 1970S WORKED BY DIALING 173.
THE CALLER THEN ADDED THE TRUNK CODE OF 1 AND THE SUBSCRIBERS LOCAL NUMBER. AT
THAT TIME, MOST ENGINEERING TEST SERVICES BEGAN WITH 17X, SO THE ENGINEERS
COULD HIDE THEIR FIDDLES IN THE NEST OF SERVICE WIRES. WHEN SECURITY REPS
STARTED SEARCHING, THE FIDDLES WERE CONCEALED BY TONES SIGNALLING: 'NUMBER
UNOBTAINALBE' OR 'EQUIPMENT ENGAGED' WHICH SWITCHED OFF AFTER A DELAY. THE
NECESSARY RELAYS ARE SMALL AND EASILY HIDDEN.
THERE WAS ANOTHER SIDE TO PHREAKING IN THE UK IN THE SIXTIES. BEFORE STD WAS
WIDESPREAD, MANY 'ORDINARY' PEOPLE WERE DRIVEN TO.
OCCASIONAL PHREAKING FROM SHEER FRUSTRATION AT THE INEFFICIENT OPERATOR
CONTROLLED TRUNK SYSTEM. THIS CAME TO A HEAD DURING A STRIKE ABOUT 1961 WHEN
OPERATORS COULD NOT BE REACHED. NOTHING COMPLICATED WAS NEEDED. MANY
OPERATORS HAD BEEN IN THE HABIT OF REPEATING THE CODES AS THEY DIALLED THE
REQUESTED NUMBERS SO PEOPLE SOON LEARNT THE NUMBERS THEY CALLED FREQUENTLY.
THE ONLY 'TRICK' WAS TO KNOW WHICH EXCHANGES COULD BE DIALLED THROUGH TO PASS
ON THE TRUNK NUMBER.CALLERS ALSO NEEDED A PRETTY QUIET PLACE TO DO IT, SINCE
TIMING RELATIVE TO CLICKS WAS IMPORTANT THE MOST FAMOUS TRIAL OF BRITISH
PHREAKS WAS CALLED THE OLD BAILY TRIAL.#WHICH STARTED ON 3 OCT. 1973.#WHAT
THEY PHREAKS DID WAS TO DIAL A SPARE NUMBER AT A LOCAL CALL RATE BUT INVOLVING
A TRUNK TO ANOTHER EXCHANGE THEN THEY SEND A 'CLEAR FORWARD' TO THEIR LOCAL
EXCHANGE, INDICATING TO IT THAT THE CALL IS FINISHED;BUT THE DISTANT EXCHANGE
DOESN'T REALIZE BECAUSE THE CALLER'S PHONE IS STILL OFF THE HOOK. THEY NOW
HAVE AN OPEN LINE INTO THE DISTANT TRUNK EXCHANGE AND SENDS TO IT A 'SEIZE'
SIGNAL: '1' WHICH PUTS HIM ONTO ITS OUTGOING LINES NOW, IF THEY KNOW THE
CODES, THE WORLD IS OPEN TO THEM. ALL OTHER EXCHANGES TRUST HIS LOCAL EXCHANGE
TO HANDLE THE BILLING; THEY JUST INTERPRET THE TONES THEY HEAR. MEAN WHILE,
THE LOCAL EXCHANGE COLLECTS ONLY FOR A LOCAL CALL. THE INVESTIGATORS
Page 65
The Official Phreaker's Manual
DISCOVERED THE PHREAKS HOLDING A CONFERENCE SOMEWHERE IN ENGLAND SURROUNDED BY
VARIOUS PHONE EQUIPMENT AND BLEEPER BOXES, ALSO PRINTOUTS LISTING 'SECRET' POST
OFFICE CODES. (THEY PROBABLY GOT THEM FROM TRASHING?) THE JUDGE SAID: "SOME
TAKE TO HEROIN, SOME TAKE TO TELEPHONES" FOR THEM PHONE PHREAKING WAS NOT A
CRIME BUT A HOBBY TO BE SHARED WITH PHELLOW ENTHUSIASTS AND DISCUSSED WITH THE
POST OFFICE OPENLY OVER DINNER AND BY MAIL. THEIR APPROACH AND ATTITUDE TO THE
WORLDS LARGEST COMPUTER, THE GLOBAL TELEPHONE SYSTEM, WAS THAT OF SCIENTISTS
CONDUCTING EXPERIMENTS OR PROGRAMMERS AND ENGINEERS TESTING PROGRAMS AND
SYSTEMS. THE JUDGE APPEARED TO AGREE, AND EVEN ASKED THEM FOR PHREAKING CODES
TO USE FROM HIS LOCAL EXCHANGE!!!
# $-THE END-$
Page 66
The Official Phreaker's Manual
Bad as Shit
Recently, a telephone fanatic in the northwest made an interesting
discovery. He was exploring the 804 area code (Virginia) and found out that
the 840 exchange did something strange.
In the vast majority of cases, in fact in all of the cases except one, he
would get a recording as if the exchange didn't exist. However, if he dialed
804-840 and four rather predictable numbers, he got a ring!
After one or two rings, somebody picked up. Being experienced at this kind
of thing, he could tell that the call didn't "supe", that is, no charges were
being incurred for calling this number.
(Calls that get you to an error message, or a special operator, generally
don't supervise.) A female voice, with a hint of a Southern accent said,
"Operator, can I help you?"
"Yes," he said, "What number have I reached?"
"What number did you dial, sir?"
He made up a number that was similar.
"I'm sorry that is not the number you reached." Click.
He was fascinated. What in the world was this? He knew he was going to
call back, but before he did, he tried some more experiments. He tried the 840
exchange in several other area codes. In some, it came up as a valid exchange.
In others, exactly the same thing happened -- the same last four digits, the
same Southern belle. Oddly enough, he later noticed, the areas worked in
seemed to travel in a beeline from Washington DC to Pittsburgh, PA.
He called back from a payphone. "Operator, can I help you?"
"Yes, this is the phone company. I'm testing this line and we don't seem to
have an identification on your circuit. What office is this, please?"
"What number are you trying to reach?"
"I'm not trying to reach any number. I'm trying to identify this circuit."
"I'm sorry, I can't help you."
"Ma'am, if I don't get an ID on this line, I'll have to disconnect it. We
show no record of it here."
"Hold on a moment, sir."
After about a minute, she came back. "Sir, I can have someone speak to you.
Would you give me your number, please?"
He had anticipated this and he had the payphone number ready. After he gave
it, she said, "Mr. XXX will get right back to you."
"Thanks." He hung up the phone. It rang. INSTANTLY! "Oh my God," he
thought, "They weren't asking for my number -- they were confirming it!"
"Hello," he said, trying to sound authoritative.
Page 67
The Official Phreaker's Manual
"This is Mr. XXX. Did you just make an inquiry to my office concerning a
phone number?"
"Yes. I need an identi--"
"What you need is advice. Don't ever call that number again. Forget you
ever knew it."
At this point our friend got so nervous he just hung up. He expected to
hear the phone ring again but it didn't.
Over the next few days he racked his brains trying to figure out what the
number was. He knew it was something big -- that was pretty certain at this
point. It was so big that the number was programmed into every central office
in the country. He knew this because if he tried to dial any other number in
that exchange, he'd get a local error message from his CO, as if the exchange
didn't exist.
It finally came to him. He had an uncle who worked in a federal agency. He
had a feeling that this was government related and if it was, his uncle could
probably find out what it was. He asked the next day and his uncle promised to
look into the matter.
The next time he saw his uncle, he noticed a big change in his manner. He
was trembling. "Where did you get that number?!" he shouted. "Do you know I
almost got fired for asking about it?!? They kept wanting to know where I got
it."
Our friend couldn't contain his excitement. "What is it?" he pleaded.
"What's the number?!"
"IT'S THE PRESIDENT'S BOMB SHELTER!"
He never called the number after that. He knew that he could probably cause
quite a bit of excitement by calling the number and saying something like, "The
weather's not good in Washington. We're coming over for a visit." But our
friend was smart. he knew that there were some things that were better off
unsaid and undone. <>
From @UICVM.uic.edu:TK0JUT2@NIU Tue Jun 12 06:40:26 1990
Page 68
The Official Phreaker's Manual
Chapter 3
This chapter is really just a bunch of FACS (pun intended). Here is where
random facts that really have something to do with everything else but nothing
to do with anything else, are presented. They cover various topics such as:
Conferencing, Tracing, Pen registers, Calling cards, and some basic FMF (Fool
the Mother Fuckers). The aspects covered here are very brief and could easily
be covered much more thoroughly, but it is no problem since they are not very
important topics. Something that would make a very nice gift is covered in the
article AT&T forgery. Just make up stationary with AT&T letter head and give
it as a present to your phriends who would appreciate it.
Page 69
The Official Phreaker's Manual
Phreaking COSMOS
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
COSMOS is Bell's computer for handling information on customer lines,
special services on lines, and orders to change line equipment, disconnect
lines, etc. COSMOS stands for Computerized System for Mainframe Operations. It
is based on the UNIX operating system and, depending upon the COSMOS and upon
your access, has some, many, or no UNIX standard commands. COSMOS is powerful,
but there is no reason to be afraid of it. This article will give some of the
basic, pertinent info on how users get in, account format, and a few other
goodies.
Password Identification
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
To get onto COSMOS you need a dialup, account, password, and wire center
(WC). Wire centers are two letter codes that tell what section of the COSMOS
you are in. There are different WC's f or different areas and groups of
exchanges. Examples are PB, SR, LK, et c. Sometimes there are accounts that
have no password; obviously such accounts are the easiest to hack.
Checking It Out
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Let's suppose you have a COSMOS number which you obtained one way or
another. The first thing to do would be to make sure it is really a COSMOS
system, not some other Bell or AT&T computer. To do this, you would call it
and connect your modem,, then hit some returns until you got a response. It
should say:
';LOGIN:' or 'NAME:'.
If you enter some garbage it should say:
'PASSWORD:'.
If you hit a return and it says 'WC?', it is a COSMOS system. If it says
something like 'TA%' then you're in business. If it doesn't do any of the
above, then it is either some other kind of system, or, if you're not getting
anything at all, the dialup has probably gone bad.
Getting In
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
COSMOS has certain accounts that are usually on the system, one of which
might not have a password. They consist of ROOT (most powerful and almost
always on the system), SYS (second most powerful, still many privileges), BIN
(a little less power), PREOP (a little less), and COSMOS (hardly any
privileges, like a normal user). The way to tell if they have passwords is by
entering accounts at the ';LOGIN:' or ' NAME:' prompt, and if it jumps straight
to 'WC?', all you need is a WC to get in. But suppose all of the accounts have
passwords? You have two choices. You can try to hack the password and WC to
one of the above accounts. I won't deal with this method, as is
self-explanatory. Or you can do something I find much easier...call the
COSMOS during business hours and hope that someone forgot to log off. Keep
calling until when you connect and hit return until you get a 'WC%' prompt.
'WC' is the WC that the account you found is currently in. You are now in!
What to Do while on-line
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Page 70
The Official Phreaker's Manual
The first thing you want to do is write down the WC you are in. Only on our
first login it is a good idea to print everything or dump everything to a
buffer.
Commands
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
'WCFLDS'(!) : Should list all WC's.
'WHO' : Should print everyone currently logged on the system, giving
some accounts.
'TTY' : Tells what terminal port you are on.
'WHERE' : Should tell the location of the COSMOS installation.
'WHAT' : Tells what version of COSNIX, COSMOS's operating system, it
is.
'LS *' : Prints all the files you have access to.
'CD /dir' : Connects you to the directory '/dir'.
'CAT filename ' : Prints the file 'filename'.
'Q' : Quits the editor.
CTRL- Y. : Logs off
'TAT' : Sometimes prints a little help file.
'ISH' : Check someone's telefone #, type 'ISH' at the COSMOS 'WC%'
prompt. Then type.
'HTN XXX-XXXX' : (Hunt Telephone Number) to tell you about the local number
you are interested in.
'CAT /ETC/PASSWD': Prints out the password file, if you have access. The
passwords are almost always encrypted, but you get a list of all the accounts.
If you are lucky, one of the lines will have two colons after the account name.
This means there is no prompt from the ';LOGIN:' or 'NAME:' prompts when you
enter that account.
To run a file just type the name followed by a return.
When the system gives you a '-', you type a '.', and it will type all kinds
of info on the phone number you entered (in Bell abbreviations, of course). If
it is not a good exchange, it will say something to that effect. You type a
period to end the ISH.
If you wish to learn more information about COSMOS, find yourself a COSMOS
manual or look at future issues of 2600. A UNIX manual would also be helpful
for standard UNIX commands.
Page 71
The Official Phreaker's Manual
FACS FACTS
A LOOK AT THE NEW FACS SYSTEMS
BY SHARP RAZOR
BELL ATLANTIC (AND PROBABLY THE REST OF THE U.S. SOON ENOUGH) IS REVAMPING
COSMOS. THE PROJECT IS CALLED FACS (FACILITATED ASSIGNMENT AND CONTROL
SYSTEM).FACS IS COMPOSED OF 5 MODULES WHICH ARE DESIGNED TO FUNCTION AS A
UNIFIED SYSTEM. THE PREMIS AND THE COSMOS SYSTEMS CAN FUNCTION AS ST AND-ALONE
SYSTEMS.THE FIVE PARTS OF FACS ARE PREMIS,SOAC, LFACS,COSMOS,AND THE WM.
THE PREMIS (PREMISES INFORMATION SYSTEM) SUPPORTS BOTH RESIDENCE AND
BUSINESS ACCOUNTS. PREMIS IS USED FOR VARIOUS INQUIRIES FOR THE STREET ADDRESS
GUIDE(SAG),IE::PHONE NUMBERS,BILLING CHARGES,CREDIT,ETC.
THE SECOND PART OF FACS IS THE SOAC(SERVICE ORDER ANALYSIS AND CONTROL).
THIS IS PRIMARILY USED TO INPUT SERVICE ORDER DATA INTO FACS, AND TO GET THE
APPROPRIATE OUTPUT. SOAC INTERPRETS, VALIDATES,AND DECOMPOSES ALL INPUTED DATA
AND SENDS THE INFO TO THE COSMOS AND THE LFACS SYSTEMS.
THE THIRD PART OF THE SYSTEM IS LFACS(LOOP FACILITIES AND CONTROL SYSTEM).
THIS IS THE COMPONENT OF FACS THAT IS RESPONSIBLE FOR MAINTAINING THE
INVENTORY,DOING THE ASSIGNMENTS, ADMINISTRATING INQUIRIES AND REPORTS, AND IS
THE INVENTORY TRANSFORMATION CENTER. THIS PART OF FACS WILL BE MOSTLY USED FOR
AIDING THE AT&T LINEMEN.
THE COSMOS SYSTEM(COMPUTER SYSTEM FOR MAINFRAME OPERATIONS) COMPRISES THE
FOURTH PART OF THE FACS SYSTEM. COSMOS IS THE COMPONENT OF FACS THAT IS
RESPONSIBLE FOR MAINTAINING THE MECHANIZED INVENTORY OF MDF FACILITIES,STORING
CUSTOM CALL FEATURES(IE:SPEED DIALING NUMBERS),AND OTHER MISC. INFO.
THE FIFTH AND LAST PIECE OF THE FACS SYSTEM IS THE WORK MANAGER (WM). HIS
COMPONENT SERVES AS THE FRONT-END PROCESSOR FOR COSMOS. IT ENABLES A NUMBER OF
COSMOS COMPUTERS TO RELIABLY COMMUNICATE WITH THE OTHER FACS COMPONENTS. WM
SERVES AS THE MESSAGES SWITCHING SYSTEM FOR THE FACS PIECES, AND GENERALLY IS
THE "MESSENGER AND STABILIZER" OF THE SYSTEM.
THE HARDWARE THAT WILL RUN THIS FACS SYSTEM IS:
COSMOS: 22-WECO. 3B-20S MINI COMPS.
WM: 6-WECO. 3B-20S MINI COMPS.
SOAC-LFACS-PREMIS: TWO SPERRY UNIVAC 1100/92 MAINFRAMES.
BANCS 2 THP CYBER 1000 PROCESSORS.
THE FACS SYSTEM IS STARTING UP AT THIS VERY MOMENT. THIS IS BASICALLY A
BROAD VIEW OF THE FACS SYSTEM. AT&T SEEMS TO THINK THAT FACS WILL BE MORE
EFFICIENT,SAVE THEM MONEY IN THE LONG RUN, AND SAVE THEM WORKERS(HERE COME SOME
MASSIVE LAYOFFS!) WHAT THIS MEANS TO PHREAKERS AND HACKERS IS THAT YOU WILL NOW
HAVE AT LEAST FIVE DIAL-UPS IN AN AREA CODE WITH WHICH YOU CAN PHUCK WITH
AT&T!
..LATER..
..SHARP RAZOR>>
THE LEGION OF DOOM!
(NOTE: THE FACS SYSTEM HAS RECENTLY BEEN PUT INTO OPERATION(SUMMER 84) IN
ST.LOUIS MISSOURI)
Page 72
The Official Phreaker's Manual
Telenet
It seems that not many of you know that Telenet is connected to about 80
computer-networks in the world. No, I don't mean 80 nodes, but 80 networks with
thousands of unprotected computers. When you call your local Telenet- gateway,
you can only call those computers which accept reverse-charging- calls.
If you want to call computers in foreign countries or computers in USA which
do not accept R-calls, you need a Telenet-ID. Did you ever notice that you can
type ID XXXX when being connected to Telenet? You are then asked for the
password. If you have such a NUI (Network-User-ID) you can call nearly every
host connected to any computer-network in the world. Here are some examples:
026245400090184 :Is a VAX in Germany (Username: DATEXP and leave mail for
CHRIS !!!)
0311050500061 :Is the Los Alamos Integrated computing network (One of the
hosts connected to it is the DNA (Defense Nuclear Agency)!!!)
0530197000016 :Is a BBS in New Zealand
024050256 :Is the S-E-Bank in Stockholm, Sweden (Login as GAMES !!!)
02284681140541 :CERN in Geneva in Switzerland (one of the biggest nuclear
research centers in the world) Login as GUEST
0234212301161 :A Videotex-standard system. Type OPTEL to get in and use the
ID 999_ with the password 9_
0242211000001 :University of Oslo in Norway (Type LOGIN 17,17 to play the
Multi-User-Dungeon !)
0425130000215 :Something like ITT Dialcom, but this one is in Israel ! ID
HELP with password HELP works fine with security level 3
0310600584401 :Is the Washington Post News Service via Tymnet (Yes, Tymnet is
connected to Telenet, too !) ID and Password is: PETER You can read the news
of the next day !
The prefixes are as follows:
02624 is Datex-P in Germany
02342 is PSS in England
03110 is Telenet in USA
03106 is Tymnet in USA
02405 is Telepak in Sweden
04251 is Isranet in Israel
02080 is Transpac in France
02284 is Telepac in Switzerland
02724 is Eirpac in Ireland
02704 is Luxpac in Luxembourg
05252 is Telepac in Singapore
04408 is Venus-P in Japan
...and so on... Some of the countries have more than one
packet-switching-network (USA has 11, Canada has 3, etc).
OK. That should be enough for the moment. As you see most of the passwords are
very simple. This is because they must not have any fear of hackers. Only a few
German hackers use these networks. Most of the computers are absolutely easy to
hack !!! So, try to find out some Telenet-ID's and leave them here. If you need
more numbers, leave e-mail.
I'm calling from Germany via the German Datex-P network, which is similar to
Telenet. We have a lot of those NUI's for the German network, but none for a
special Tymnet-outdial-computer in USA, which connects me to any phone #.
CUL8R, Mad Max
PS: Call 026245621040000 and type ID INF300 with password DATACOM to get more
Page 73
The Official Phreaker's Manual
Informations on packet-switching-networks !
PS2: The new password for the Washington Post is KING !!!!
Page 74
The Official Phreaker's Manual
Phreaking AT&T Cards
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
My topic will deal with using an AT&T calling card for automated calls. Ok
to place a call with an AT&T card, lift the handset (PAY PHONE) hit (0) and the
desired area code and the number to call. Also when calling the same number
that the card is being billed to you enter the phone number and at the tone
only enter the last four digits on the card. But we don't want to do that now,
do we. If additional calls are wanted all you do is hit the (#) and you will
get a new dial tone! After you hit (#) you do not have to re-enter the calling
card number simply enter your desired number and it will connect you.
If the number you called is busy just keep hitting (#) and the number to be
called until you connect! Ok to calL the U.S. of a from another country, you
use the exact same format as described above!
Ok now I will describe the procedure for placing calls to a foreign
country, such as CANADA,RUSSIA,SOUTH AMERICA, etc.. Ok first lift the handset
then enter (01) + the country code + the city code + the local telephone
number. Ok after you get the tone enter the AT&T calling card number. Ok if you
can not dial operator assisted calls from your area don't worry just jingle the
operator and she will handle your call, don't worry she can't see you!
The international number on the AT&T calling card is used for calling the
US of A from places like RUSSIA, CHINA you never know when you might get stuck
in a country like those and you have no money to make a call! The international
operator will be able to tell you if they honor the AT&T calling card.
Well I hope that this has straightened out some of your problems on the use
of an AT&T calling card! All you have to remember is that weather you are
placing the call or the operator, be careful and never use the calling card
from your home phone!! That is a BIG NO NO..
Also AT&T has came out with a new thing called (NEW CARD CALLER SERVICE)
they say that it was designed to meet the public's needs! These phones will be
popping up in many place such as airport terminals, hotels, etc... What the new
card caller service is, is a new type of phone that has a (CRT) screen that
will talk to you in a language of your choice. The service works something
like this, when you find a (NEW CARD CALLER PHONE), all you do is follow the
instructions on the (CRT) screen, then you insert the (NEW CARD CALLER CARD)
and there is a strip of magnetic tape on the card which reads the number, thus
no one can hear you saying your number or if there were a bug in the phone,no
touch tones will be heard!! You can also bill the call to a third party. that
is one that I am not totally clear on yet! The phone is supposed to tell you
how it can be done. That is after you have inserted your card and lifted the
receiver!
Page 75
--
=-GRAHAM-JOHN BULLERS=-=AB756@FREENET.TORONTO.ON.CA=-=ALT.2600.MODERATED-=
Lord grant me the serenity to accept the things I cannot change.The courage
to change the things I can.And the wisdom to hide the bodies of the people
=-=-=-=-=-=-=-=-=I had to kill because they pissed me off=-=-=-=-=-=-=-=-=-=
The Official Phreaker's Manual
:%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%:
:% %:
:% AT&T FORGERY %:
:% Written by The Blue Buccaneer %:
:% %:
:% CALL THE EVERLASTING SPEED DEMON BBS AT (415) 522-3074 %:
:% Uploaded by Elric of Imrryr of Lunatic Labs UnLtd %:
:%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%:
Here is a very simple way to either:
[1] Play an incredibly cruel and realistic joke on a phreaking friend.
-OR-
[2] Provide yourself with everything you ever wanted to be an AT&T person.
All you need to do is get your hands on some AT&T paper and/or business
cards. To do this you can either go down to your local business office and
swipe a few or call up somewhere like WATTS INFORMATION and ask them to send
you their information package. They will send you:
1. A nice letter (with the AT&T logo letterhead) saying "Here is the info."
2. A business card (again with AT&T) saying who the sales representative is.
3. A very nice color booklet telling you all about WATTS lines.
4. Various billing information. (Discard as it is very worthless)
Now take the piece of AT&T paper and the AT&T business card down to your
local print/copy shop. Tell them to run you off several copies of each, but to
leave out whatever else is printed on the business card/letter. If they refuse
or ask why, take your precious business elsewhere.
(This should only cost you around $2.00 total)
Now take the copies home and either with your typewriter, MAC, or Fontrix,
add whatever name, address, telephone number, etc. you like. (I would recommend
just changing the name on the card and using whatever information was on there
earlier)
And there you have official AT&T letters and business cards. As mentioned
earlier, you can use them in several ways. Mail a nice letter to someone you
hate (on AT&T paper..hehehe) saying that AT&T is onto them or something like
that. (Be sure to use correct English and spelling) (Also do not hand write
the letter! Use a typewriter! - Not Fontrix as AT&T doesn't use OLD ENGLISH or
ASCII BOLD when they type letters. Any IBM typewriter will do perfectly)
Another possible use (of many, I guess) is (if you are old enough to look
the part) to use the business card as some sort of fake id.
The last example of uses for the fake AT&T letters & b.cards is mentioned in
my textfile, BASIC RADIO CALLING. Briefly, send the station a letter that
reads:
WCAT - FM202: (Like my examples? Haha!)
(As you probably know, radio stations give away things by accepting the 'x'
call. (ie: The tenth caller through wins a pair of Van Halen tickets) Sometimes
they may ask a trivia question, but that's your problem. Anyway, the letter
continues:)
(You basically say that they have become so popular that they are getting too
many calls at once from listeners trying to win tickets. By asking them to
call all at the same time is overloading our systems. We do, of course, have
means of handling these sort of matters, but it would require you sending us a
Page 76
The Official Phreaker's Manual
schedule of when you will be asking your listeners to call in. That way we
would be able to set our systems to handle the amount of callers you get at
peak times..(etc..etc..more BS..But you get the idea, right?)
Joseph Hakimout
AT&T Telecommunications
East Bumblefuck, Nowheresville 55555
Ok, so it probably won't work (DJs just aren't that dumb, unless you really
do live in Nowheresville), but using AT&T paper and a business card might up
your chances some.
:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-
Page 77
The Official Phreaker's Manual
=><---------------------------------><=
=> A little something about <=
=> Your phone company <=
=><---------------------------------><=
=> By Col. Hogan <=
========================================
Ever get an operator who gave you a hard time, and you didn't know
what to do? Well if the operator hears you use a little Bell jargon, she might
wise up. Here is a little diagram (excuse the artwork) of the structure of
operators
/--------X /------X /-----X
!Operator!-- > ! S.A. ! --->! BOS !
X--------/ X------/ X-----/
!
!
V
/-------------X
! Group Chief !
X-------------/
Now most of the operators are not bugged, so they can curse at you, if they
do ask INSTANTLY for the "S.A." or the Service Assistant. The operator does not
report to her (95% of them are hers) but they will solve most of your problems.
She MUST give you her name as she connects & all of these calls are bugged. If
the SA gives you a rough time get her BOS (Business Office Supervisor) on the
line. S/He will almost always back her girls up, but sometimes the SA will get
tarred and feathered. The operator reports to the Group Chief, and S/He will
solve 100% of your problems, but the chances of getting S/He on the line are
nill.
If a lineman (the guy who works out on the poles) or an installation man
gives you the works ask to speak to the Installation Foreman, that works
wonders.
Here is some other bell jargon, that might come in handy if you are having
trouble with the line. Or they can be used to lie your way out of
situations....
An Erling is a line busy for 1 hour, used mostly in traffic studies A
Permanent Signal is that terrible howling you get if you disconnect, but don't
hang up.
Everyone knows what a busy signal is, but some idiots think that is the
*Actual* ringing of the phone, when it just is a tone "beeps" when the phone is
ringing, wouldn't bet on this though, it can (and does) get out of sync.
When you get a busy signal that is 2 times as fast as the normal one, the
person you are trying to reach isn't really on the phone, (he might be), it is
actually the signal that a trunk line somewhere is busy and they haven't or
can't reroute your call. Sometimes you will get a Recording, or if you get
nothing at all (Left High & Dry in fone terms) all the recordings are being
used and the system is really overused, will probably go down in a little
while. This happened when Kennedy was shot, the system just couldn't handle the
calls. By the way this is called the "reorder signal" and the trunk line is
"blocked".
One more thing, if an overseas call isn't completed and doesn't generate
any money for AT&T, is is called an "Air & Water Call".
Page 78
The Official Phreaker's Manual
[ESSENCE OF TELEPHONE CONFERENCING]
[WRITTEN BY:]
[FOREST RANGER]
TELEPHONE CONFERENCING IS AN EASY WAY OF GETTING MANY FRIENDS TOGETHER AT
ONCE. THIS CAN BE ACCOMPLISHED EASILY WITH LITTLE OR NO TROUBLE WHAT SO EVER.
THE TECHNIQUES THAT I WILL TEACH YOU DO NOT REQUIRE A BLUE BOX OR A TOUCH TONE
PHONE LINE. THE ONLY PREREQUISITE IS THAT YOU HAVE A PHONE THAT HAS A TONE
SWITCH ON IT OR HAVE A HOOKABLE TOUCH TONE KEYPAD. NOW, IF YOU ARE THE PARANOID
TYPE OF PERSON AND REFUSE TO USE YOUR OWN PHONE OUT OF YOUR HOUSE THEN HERE ARE
SOME SIMPLE WAYS OF GETTING CONFERENCES STARTED FROM ANOTHER PHONE. GO TO A
MALL OR A PLACE WHERE YOU KNOW THE PHONE IS BEING PAYED FOR BY THE BUSINESS IT
IS IN.
NOW THERE ARE TWO TO CALL THE CONFERENCE OPERATOR; DIAL "0" TO GET YOUR
LOCAL OPERATOR SO SHE CAN PUT YOU THROUGH TO THE CONFERENCE OPERATOR OR DIAL
THE CONFERENCE OPERATOR DIRECTLY IF YOU HAVE THE NUMBER HANDY. THE SYSTEM YOU
WILL BE LINKED UP TO IS CALLED THE "ALLIANCE" SYSTEM. THERE ARE THREE BRANCHES;
1000,2000,3000.
NOW ONCE YOU HAVE GOTTEN THE CONFERENCE OPERATOR YOU TELL HER YOU WOULD
LIKE TO START A CONFERENCE AND YOU WOULD LIKE TO MAINTAIN CONTROL OF IT. SHE
WILL THEN PROCEED TO ASK YOU FOR YOUR NAME AND NUMBER. YOU WILL THEN GIVE HER A
FAKE NAME AND THE NUMBER OF THE PAY PHONE. SHE WILL HANG UP AND CALL YOU BACK
ONCE SHE HAS CHECKED THE NUMBER. THEY USUALLY DON'T REALIZE IT IS A PAYPHONE SO
DON'T THINK IT WON'T WORK! NOW ONCE THE OPERATOR HAS GIVEN YOU CONTROL YOU WILL
THEN PROCEED TO HACK MY VOICE PHONE AND PUT ME ON THE CONFERENCE.
NOW, THE OTHER WAY OF STARTING A CONFERENCE IN WHICH YOU DON'T GET A LIVE
OPERATOR IS A "PBX". WITH THIS YOU WILL CALL A PBX NUMBER AND YOU WILL THEN
RECEIVE A RECORDING OF A BUSINESS OR OFFICE CO. THEN WHEN THE RECORDING IS OVER
YOU WILL HERE A BEEP...THEN AFTER ABOUT 10-30 SECONDS AFTER THE BEEP YOU WILL
GET A DIAL TONE ON THE ON THE END OF THE PBX. YOU WILL THEN TYPE THE PBX CODE
WHICH WILL THEN RESPOND WITH A RECORDING WELCOMING YOU TO THE CONFERENCING
NETWORK (WHICH WILL IN MOST IF NOT ALL BE THE "ALLIANCE" SYSTEM).
IT WILL BE SELF EXPLANATORY FROM THERE. NOW IF YOU DON'T WISH TO CALL THE
CONFERENCE OPERATOR EITHER WAY ALREADY EXPLAINED THEN THERE IS A WAS OF GETTING
YOUR FRIENDS IN CONFERENCE. THIS IS DONE OVER A LOOP EXTENSION. NO ONE WILL
HAVE CONTROL, BUT YOU WILL STILL BE ON CONFERENCE. THIS IS CALLED THE SEVEN
LINE LOOP EXTENSION. THIS MEANS YOU CAN