How Blue Boxers Are Caught -------------------------- by Phantom Phreaker and Doonm Prophet / Legion of Doom! There have been many rumors and false information going around about how phone phreaks are caught for using blue boxes. The purpose of this article is to dispel the rumors and myths circulating about this topic. When a person attempts to access the telephone network with a blue box, they first must have an area that they can use to gain access to an in-band Single Frequency (SF) trunk. This is done by dialing direct or through a long distance service. At the appropriate time, the person sends a 2600 Hz tone through the telephone where it is registered by the terminating switching equipment as a ' disconnect signal. The terminating switching equipment or trunks leading to this office will be reset if they recognize the 2600 Hz tone. The effect of doing this is a wink, or an interruption in circuit. A wink is heard after the person sends 2600 Hz, and it sounds like a quiet "chirp" or sometimes a "kerchunk." From here, the person can signal to a trunk with Multi-Frequency tones in specific formats, depending upon what the user wished to accomplish. Each time the user sends 2600 Hz, the trunk will be reset and will send a wink back toward the user. AT&T calls these winks "Short Supervisory Transitions" or SST's. If a person's central office equipment is a Northern Telecom DMS switch or an AT&T ESS switch, the SST caused by the 2600 Hz will be detected at that office and an output report will be issued from that specific switching system. In No. 1 and No. 1A ESS switches, these reports are called SIG IRR reports, or "Signal Irregularity" reports. They will be output with the appropriate information relating to the subscriber who initiated the SST. A sample SIGI report from a No. 1A ESS switch is included for an example. * 32 SIG IRR 69 0 0 0 0 0 0 000 555 1111 B8**3*BBBBBBBBB We are unfamiliar with the details of these reports, but in this case, 555 1111 seems to be the Directory Number that originated the SST. Suffice it to say that these reports do exist and that they do help detect people trying to use blue boxes. SIGI is a standard feature in all 1A ESS machines. We're not sure about No. 1 ESS, but nearly all the other ESS machines most likely have SIGI or something similar to it. In the case of NTI's DMS-10O switch, the feature is called "BLUEBOX." The BLUEBOX feature in DMS-100 is not standard. It can be implemented only by telco personnel activating it via a MAP (Maintenance and Analysis Position) channel. The DMS-100 reports are more detailed than the 1A ESS reports, possibly due to the fact that the DMS-100 switch is much newer than the 1A. DMS will recognize the trunk wink and then output a report. The system further checks for the presence of MF tones. If the MF tones are present, and are followed by an ST signal, another report is then generated by the switch. The calling number and called number (in MF) can then be recorded on AMA tape for further investigation by security personnel. In areas with past instances of toll fraud (blue box usage) and in major cities, it can be assumed the BLUEBOX series of features would be implemented. In rural and small town areas, there is less of a chance of this feature being present. The plain fact that this feature exists should be enough to keep you from trying anything foolish. Since most electronic/digital switching systems have provisions in them to catch blue boxers, one may wonder how to box safely. The safest method of blue boxing would be to not let an SST show up on your line. This can be accomplished by boxing through a long distance service via dialup distance service via dialup (Feature Group A or B). The only catch is that the long distance service that you use must not send back a wink when you attempt to box over its network. If an FG-B accessible trunk running from a toll office to an alternate carrier's facilities recognizes your 2600 Hz tone and disconnects, then SIGI or BLUEBOX would indicate your existence and you could be punished for your crime. So, if you must try such things, they are best done from someone else's line or from a coinphone.