Listening In (Spring, 1990) --------------------------- By Mr. Upsetter Every now and then, those of us who take the time to be observant stumble across something remarkable. Let me relate to you one of those experiences. It was an all too lazy sunny afternoon in Southern California. I was bored, and I decided to listen to my Realistic PRO-2004 scanner. I flipped it on and scanned through the usual federal government, military aviation, and cordless phone frequencies, but there was no good action to be found. I happened across some scrambled DEA transmissions and a droning cordless phone conversation by some neighbors I could not identify. So for a change I scanned through the marine radio channels. The scanner stopped on marine radio channel 26, which is used for ship-to-shore telephone calls. A man was reading off his calling card number to the operator, who gladly accepted and connected his call. Calling card numbers over the airwaves! I was shocked - astonished that such a lack of security could not only exist, but be accepted practice. I began monitoring marine telephone to find out more, and it turns out that using a calling card for billing is commonplace on VHF marine radiotelephone. People use calling cards for billing all the time. That's what they are for. But is it that big of a deal? You bet it is. Marine telephone uses two frequencies, one for the ship and one for the shore station. The shore station transmits both sides of the conversation at considerable power, enough to offer reliable communications up to 50 miles offshore. Anyone with a standard police type scanner, costing as little as $100, can listen in. People using marine radiotelephone can be broadcasting their calling card number to a potential audience of thousands. And that just shouldn't be happening. But it is. And there is no doubt that calling card fraud is occurring because of this lack of security. From the phone company's (many Bell and non-Bell companies provide marine telephone service) point of view it must be a tradeoff for customer convenience. You see, there just aren't that many ways to bill a ship-to-shore call. Most calls are collect, a few are billed to the ship if they have an account, and a few go to third-party numbers or other special accounts. Sometimes the operators have trouble verifying billing information. I monitored one man who, after racking up $40 worth of AT&T charges, was informed that they couldn't accept his international account number. The operator finally coaxed him into giving an address for billing. Calls are often billed to third-party numbers without verification. But calling cards make billing easy for both the customer and the phone company involved. It would also be tricky for a company to not allow calling card use. Doing so would be an inconvenience to customers and would force them to admit a lack of communications security. Of course, people using marine radio should already realize that their conversations aren't private, but announcing the fact i wouldn't help the phone company at all. In fact, people may place fewer calls. The convenience offered by calling cards makes them an easy target for fraud. They can be used by anyone from any phone and with a variety of different long-distance carriers via 10XXX numbers. No red or blue box hardware necessary here, just 14 digits. But of course, the number won't be valid for long after all those strange charges start showing up on someone's bill. It should be noted that when a calling card is used, the number called, time and date of call, and location (and often, the number) from which the call was placed are printed on the bill. A fraudulent user could be caught via that information if they were careless. Also, some long-distance companies may contact the owner of the card if they notice an unusually high number of charges on the card. Long-distance companies bear the brunt of the bills caused by calling card fraud. However, if you read the fine print, the cards offered by many companies have a certain minimum amount that the customer must pay, say $25 or $50. (Editor s note: We have yet to hear of a case where a phone company got away with charging a customer when the only thing stolen was a number and not the card itself.) So what s the moral of the story? Simple. Be damn careful what you say over any radio, and that includes cordless and cellular telephones. If you are using a calling card, enter it with touch tones. If you happen to make VHF marine radiotelephone calls, bill collect or charge to your phone number as you would to a third-party number, without the last four calling card digits. For the most part, radio communications are easy to intercept, and keeping them secure is up to you. For those of you with scanners who would like to check out marine telephone, here are the frequencies allocated by the FCC. Monitoring marine telephone is a good way to get an inside look at telephone company operations. If you live near the east or west coast, the Mississippi River, or the Great Lakes, there will be marine radio activity. During daylight hours you may hear transmissions from hundreds of miles away due to tropospheric ducting propagation. VHF Marine Radiotelephone Frequencies ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Channel Ship (MHz) Shore (MHz) ------- ---------- ----------- 24 157.200 161.800 84 157.225 161.825 25 157.250 161.850 85* 157.275 161.875 26 157.300 161.900 86 157.325 161.925 27 157.350 161.950 87 157.375 161.975 28 157.400 162.000 88* 157.425 162.025 * These frequencies are allocated for uses other than marine radiotelephone in certain areas.