Phreaking

From iGeek
Phreaking.png
Phreaking is when hackers broke the phone companies security, to get access to control the phones.
Phreaking is when hackers broke the phone companies security, to get access to control the phones. Most often used to make free phone calls, or get operator powers. Because of improvements in security, consequences of getting caught and commoditization of long distance phone call costs, it largely doesn't exist any more.
ℹ️ Info          
~ Aristotle Sabouni
Created: 1998-09-17 

Are you out of your phreaking minds?

Network hacking is breaking in (often looking around without doing harm), so there were white, grey and black hat hackers (different ethics). Cracking is defeating copy protection in someone else's code, and if it's not done for commercial purproses, was largely harmless. (Though most was done to undermine software, and some was sold for profit). But there is far less moral ambiguity about phreaking -- almost all phreaks get free phone calls (steal from the company), and that is something the law (and the phone company) frowned upon -- seriously. The phone company dedicated resources to countering phreaking, and hunting down phreaks. It became the blackest of the black computer "arts", and through improvements in security, and commoditization of long distance phone call costs, the consequences of getting caught, it largely doesn't exist any more.

Oldest phones[edit | edit source]

People don't realize how primitive telephone technology was (and still is some places). The basics were that it is two wires with speaker and microphone attached. The phone company switches were "crossbars" and relays -- just ways to connect two wires together, then figure out how to bill when you "picked up" the receiver. The most basic phreak was as follows. Make a wiretap (called a beige box) -- which can be two alligator clips with the wires connected to a high efficiency speaker (an amp in between is optional, but better quality). Connect it to a phone line. Sound hard? It isn't. When you dial a friend (or have him call you) with both of you having the taps connected you can talk without being billed as long as you don't actually answer the phone. On older phones if you didn't answer the phone (pick the handset up) you didn't start paying -- but the connection is already made (it would just keep sending pulses to "ring" the phone until you picked up). So you can talk between the rings (pulses). Free phone calls. If you use it, it is probably a felony.

By the way, it is a good idea to turn the ringer off, or it will drive you nuts. The speaker will make a "pop-pop-pop-pop" sound when ringing -- quite annoying. Nothing a little filter can't fix. That pop-pop-pop-pop is something like 96 volts spiking the line (this had enough power to ring the bell on phones). It can REALLY wake you up if it "bites" you (someone calls) while you are connecting the wiretap. I danced around the room and gave my little brother vocabulary lessons when this happened while doing unauthorized phone "repairs" as a kid.

There are some more high tech solutions that will block the ringer and convince the phone system that you haven't answered yet (a Black Box) -- but this was the basics. This technique only works in rural areas anymore (on older phone switches) -- but when I was a kid it was not yet "plugged up" as an option. Of course every geeky kid that learned about this often felt a compelling urge to try it -- which annoyed the phone company. Of course wiretaps (beige or tan boxes) can be quite useful to this day (ask Linda Tripp). I bugged our phone at home as a teen (something my parent learned about years later) and it proved quite useful without phreaking the phone company.

Basically, taping your little brothers conversations can be a great way to keep them in line (Extortion and all that). Gawd, I was a brat! I still remember piping an intimate conversation between my brother and his girlfriend through my stereo system (and as loud as it could go) for the neighborhood (and all his friends) to hear. Not some of my proudest acts as a human being.

Sprint Codes[edit | edit source]

The most common phreaking (when I was around) was the ancient equivalent to "cell phone cloning" (which may be a modern form of phreaking). It was hacking sprint codes (or the passwords/numbers of any of the business truncs or long distance services). Basically you set your computer up an night to dial a sprint-code (or other phone company phone code) -- then dial through. If you got a "ring" then it was good number and you printed it out, if not you tried the next number in the sequences. If you left your computer on all night it could get a few pages of valid codes. Then you could use those codes to call long distance and stick someone else with the bill. The owners of your codes would complain when they got 4 hours to where ever you called -- and the phone company would clear the item. So many felt they weren't really hurting an individual, and since the phone lines are there, why not use them? Of course it was ILLEGAL! Not to mention immoral -- but it was still somewhat a game.

Surprisingly, me and my friends (as kids) didn't do this for very long. We weren't that highly concerned about morals at that age -- but after about a year, it was just not cool and too criminal (even for kids), so I stopped (as did most of my friends). It was just too direct of theft for me, which is ironic when you realize I was still a bit of a cracker and pirate during that time. Aren't rationalizations and subjective morals interesting?

Of course the phone companies got smarter. They tried to block these techniques. They would put in dummy numbers -- numbers that were valid but "flagged". They couldn't trace the source of the call(back then), but they could log who you called. So they would call that person as soon as you hung up, and ask, "who just called". If they got the number of the source (you), they'd call you up and threaten to stick you with the bill and so on. That turned out to be an effective way to scare many straight. They actually did this to a friend and scared him straight (which wasn't a bad thing). But that technique only worked if you were calling people. Most calls were being done to cross country BBS's (Bulletin Board Systems) -- and it is hard to ask a modem who just called. Plus if the recipient of the Phreaked call knew what was going on, they could just say that there was a party going on, and they had no idea who had just called -- or impolitely tell the phone company what they could do to themselves. The phone companies also tried to use other techniques too. They would look for patterns of numbers (in hacking) to try to detect if someone was walking through a sequence (phreaking). Phreaks figured that one out, and just used large tables of hundreds of numbers in a scrambled order so the phone companies couldn't see a pattern (in stepping through that sequence) -- yet all valid numbers would still get checked. There was the "move" and "counter-move" aspects of the game. There were many other hardware and software "get arounds" to mess with the phones. It was another "wits" game -- with the phreaks having fun and exploring, and the phone company being deadly serious (and VERY pissed off). Eventually the Phone Companies (TelCo's) changed the whole telephone switching systems in cities (and how they worked) to a system call ESS, which made most hardware phreaking a lot harder. The long distance companies increased the password lengths on sprint codes to many more digits, and more sophisticate ways of back-tracing the callers. They both had people arrested for crimes -- and many others took the hint. I imagine the phone companies have most of the holes pretty plugged by now.

One of the things that probably slowed much of the "sprint hacking" variety of phreaking was that BBS's got better. First they figured out how to pass information around in BBS-Net's (FidoNet and others) -- so that your local BBS's were kept in sync with many others. Then users didn't have to call across the nation, their local one would get the information they wanted in a day on its own. Then the system changed again -- evolving into Internet sites or custom sites accessible through the Internet (which is always a local call). So the need for free long distance calls diminished for most hackers and crackers.

Boxes[edit | edit source]

BlueBox.jpg

Now the most common kind of phone phreaking was messing with phone company hardware (or knowing what the phone company did). Each technique or piece of hardware was given a color/name. Here are the basics of the different phreaks.

  • Blue Box - the first and most famous of the "boxes". A phreak names Captain Crunch, found that the tone created by a whistle found in a box of cereal generated a 2600 Hz tone -- which just happened to be the same tone that operators used to control the phone switches. By making this tones (and others) people were given operator privileges and could connect multiple lines together, call anywhere for free, interrupt other peoples calls, and do lots of other "fun" things that the phone company didn't approve of. Later little electronic "boxes" to make these tones were developed -- and the first one was, guess what color? (most electronic experiment boxes were blue).
  • Red Box - pay phones use little tones (chirps and beeps) to signal the operator what coins you've dropped in. The initial technique was when the operator asked you to "please deposit $.25", you would hold the headset of the pay phone next to you (ear-peace to mouth piece, or speaker to mic.) and deposit the coins in that phone. The operator would hear the expected tones, and let your call go through -- and you then pressed the coin return on the phone next to you (and got your money back. The phone company shortened the headset cords in response. So little hardware gizmos (boxes) were created to make these tones on command (just press a button) -- and to differentiate them from the other (blue) box, a different color was used (red).
  • Green Box - actually sort of an anti-Red Box (with the same result). It would create the tones to make pay phones give you your money back (coin dump) even after a call is connected. The results are still a free call, but you had to pay for the call in the first place.
  • Black Box - this was a device that fooled the phone company into thinking that you had never answered the phone so that people who called in would not get billed. Basically, there is one voltage on the phones when you call, and it changes when you answer. By keeping the voltage on the line high (36v instead of dropping to 10v) the phone company computers think the phone is still ringing (not answered) -- so no bill to whoever calls you.
  • Rainbow Box - a multipurpose box -- like a red, blue and black box all in one. Many different combinations were made.

Beyond here are the more exotic boxes, or just naming any unauthorized phone modification with this color code.

  • Aqua Box - in the old systems the FBI (or others) could lock into a conversation, and hold the line open (as a way to trace the call). This box would force a drop (and they'd lose the trace). Of course now days they can trace instantly.
  • Beige Box - a wiretap or a lineman's phone. Basically the way to connect in to someone else's phone line from anywhere that you can get to the wires. People used these to eavesdrop, or to run up other peoples bills. Other nasties were done like calling and harassing operators (from other peoples phones) to get their phones shut off, and so on.
  • Tan Box - a fancy beige box (wiretap) that will only record when the receiver is up.
  • Brown Box - just a simple way to make a 3-way call (by connecting two phone lines) in a house. A dirty way of doing it (just cross wiring) -- but they grew more sophisticated (and clearer). Of course now days you can get this as a feature of your phone service -- but some had the feature before it was authorized. Some would set up "networks" or relays of brown boxes so they could call through middlemen and cut down on a phone bill. Everything was a local call, if you had enough relays set up across a county (Johns local to me and Fred, but Fred is long distance to me. So I call John and have him call Fred and connect us -- no bill). Later these became computer controlled, and used call forwarding -- some friends could basically call all across Orange County and parts of L.A. for free. Of course some ham-radio setups did some similar things as well (allowed you to drop out on regular phone lines, or allowed you to talk to other hams for free -- cheap cellphones before they became popular).
  • Gold Box - another type of relay. A way to wire two phones together so you could call one (and get the dial tone of the other), to then call out, and "relay" phone calls. This was done often with two pay-phones (or a couple lines at a phone box somewhere), and was usually used to cover ones tracks and make untraceable calls. (They could trace the first phone line, but not jump the bridge and follow it back to where you called from).
  • Pink Box / Rock Box - a hold button that can actually pass music through the phone line. With "hold" it is the pink box -- meant to impugn the masculinity of such wimpy phreaks. Without the "hold" function it was called a rock box.
  • Switch Box - allowing one phone access to either of two phone lines. Of course they make phones for this now.
  • Clear Box - some old pay phones just would let you connect without paying but the other person couldn't hear you until you put coins in. This was basically an amplifier to get around that.
  • White/Silver Box - just a little box that can create all the touch tone codes (DTMF) in a portable manner. A keypad really has 1,2,3,4,5,6,7,8,9,* and # -- people know this, but there is also A, B, C and D (Autovon tones). The lesser known tones can do some interesting things on some phone switches. They were called Flash Override, Flash, Interrupt and Priority (respectively). So many made these and had fun.

There were a few malicious techniques, meant to do nothing other than harm other people (or their phones). The dirty tricks of the phreak world.

  • Scarlet Box - a way to sabotage someone's phone to create static and give them bad connections and dropouts (with modems).
  • Busy Box - just crossing the lines on a phone so the recipient of your "improvement" can't use their phone. The phone line just won't pick up, and no one can call in or out.
  • Blast Box - a way to put an amplifier (and tone generator) on the old crossbar phone systems. This would basically allow you to blow out ear drums of people you didn't like.
  • Snow Box - just a TV scrambler (RF noise generator) -- an interesting way to destroy neighbors reception.

Conclusion[edit | edit source]

Phreaks took pride in being the worst spellers on the planet, and intentionally changed all 'f' to 'ph's and vise versa. It was part of the counterculture to spell everything phonetically, because on phones it really didn't matter. I think this was the start of the hacker spelling games where they play with caps and symols in thier handles, "hAcKer$", they borrowed it from the phreaks.

Isn't it ironic that phonetically isn't spelled how it sounds?

So now you have the basics of what was being done in the Phreaking world. Phreaking your own phones wasn't really the criminal stuff -- it was phreaking to get free calls (called phone-fraud) that would get you in serious trouble (if caught). But it was very very hard to get caught -- and people knew it. There was about .0001% that were actually prosecuted, so it was hard to convince them that it was dangerous or wrong. They thought that not getting caught, and just borrowing the phone companies phones was not that big a deal -- like pirates think borrowing other peoples software doesn't hurt anyone. I have no idea how many active phreaks are left. I know it got more popular in other countries (and rural areas) where the telephone systems are older (and more susceptible) -- but I think it has died down a lot in the U.S.

Phreaking evolved more into hacking into telephone company computers, cellular's (and radio) and less of the hardware hacking that was most phreaking during the 70's and 80's. The Internet did a double-whammy, and eliminated much of the hackers/crackers need for phreaking (since people didn't need long distance to access BBS's), and it also eliminated the need for long distance to talk to their friends since they could use point-to-point voice chats across the Internet as well. So I think phreaking is definitely a dying (criminal) art -- and may even be a dead art. The phone companies got much wiser because phreaks helped teach them the flaws, and they improved their phone systems and added many more services as well -- but wouldn't you know it, the phone company has no appreciation of all that help.

GeekPirate.small.png


🔗 More

Tech
Technology: Organizations, Reviews, People

Security
Articles about Security (usually cyber-security, but also physical).



Tags: Tech  Security



Cookies help us deliver our services. By using our services, you agree to our use of cookies.