Letters: THIS MONTH'S LETTERS
Dear 2600:
The Catalog of Technical Information, available from Bell Communications Research is a free source of information re: available technical manuals. LERG Book. Good, but *!?* expensive (wouldn't want all the fone phreaks to get it...). Better to get through trashing.
Animal
Dear 2600:
Joel, A.E., A History of Engineering and Science in The Bell System: Switching Technology (1925-1975), Bell Laboratories, 1982.
Hamsher, Donald H., Communication System Engineering Handbook, McGraw-Hill Book Company, 1967.
Both were 621.3811 on the Dewey Decimal System. The Bell book mentions that there are other books in the series. The Communications Systems one says it is updated periodically, so it may have a more current edition. It also says it also has The Lineman's Handbook by Kurtz in the same series. Both are extremely good and bear looking into. Tons of technical (almost too) data. Much better than these "what's the phone company doing with my call" books littering the kiddie sections of the library. I suppose a college library would be an even better place to look, especially one for a college with a good electrical engineering program.
I also found a great nine page, small print article on Blue Boxing and phreaking history in the June 1983 Esquire on page 376. Originally published in October 1971, it provides an excellent background on the state of phreaking in the sixties, with interviews of "Al Gilbertson," Fraser Lucey, Joe Engressia, and Captain Crunch.
The Shadow
Dear 2600:
I have one question about phone companies. When using Sprint to call long-distance, how can you tell if the company traces? Does Metrophone trace? What about Allnet?
Also, I dialed a few numbers in Columbus, Ohio. When the other side answered, I received some very strange noises... really strange. Please reply.
Kazzmatic
Dear 2600:
Exactly what can the LD services do if they catch you using their systems illegally? I have heard they can take your whole system and sell it to pay them back. This sounds a little unreal to me. What if the system isn't yours?
What is the criminal term given for phreaking if you are just using the LDS to call up a BBS and not a DoD computer? Is it called theft by wire fraud? Hopefully you can answer these questions.
GR
Laws vary from state to state and also when crossing state lines. If, say, you call a long-distance service using a local access number and commit fraud, they can get you on a federal law with the logic that the computer you defrauded is in another state, even though you didn't actually call that other state directly. In most cases, wire fraud is what they hit you with. Some states, like California, are more severe. In Alaska, it is illegal to "deceive a machine." With regards to long-distance companies, we assume that they ALL trace - we suggest you assume the same. We do know when it's more likely: when using a 950 number, when making lengthy calls on the same code from the same number at the same time of day, when everyone in the world seems to know about it, etc. A good phreak can make traces completely useless by rerouting, being unpredictable, and brief when possible.
Noises are not really a clue to a trace. These companies have been around long enough to figure out how to do silent traces - noises are probably just poor connections or faulty equipment. Keep in mind that its also a lot easier (and cheaper) for the companies to simply listen in to an illegal call and wait for revealing information to be dropped. We doubt, though, that this would hold up well in court. The companies don't really care WHO you call but they are interested in linking as many people together as possible. They may intimidate the called party into revealing the name of the person who called at a certain time, even though there's not a thing they can do to them if they don't talk (that is a very important fact). If necessary, they can take equipment, if they can prove that it was used to commit fraud - it doesn't matter who it belongs to. And they can find a way to keep it if you can't pay them hack for "services rendered." When playing the long-distance game, security is a must. The consequences are just too unpleasant.
Dear 2600:
Mike Salerno's article, "Getting in the Back Door," (Vol. 2, No. 1) was well written and informative except for the part on UNIX.
It seems that the author has a basic "feel" for UNIX yet he probably only has had experience on one or two systems.
While UNIX may be "simple" compared to other operating systems such as the TOPS-20, it is far from having "some pretty good security measures." One of the original designers of UNIX, Dennis M. Ritchie, affectionately known to some as the supreme "superuser," once said, "... UNIX was not developed with security, in any realistic sense, in mind; this fact alone guarantees a vast number of holes."
Mr. Salerno refers to commands such as who, sync, help, and learn as accounts. Since UNIX is my favorite operating system, used by many of the Bell operating companies and similar to COSMOS, I have had much experience on over a dozen different systems and I have never encountered the above as accounts. Granted, though, it would not be hard to implement; my point is that it is not standard.
The privileged accounts that are on most UNIX systems are root, bin, sys, and adm. Others such as games and uucp are also on most systems. The former usually has no password or a simple one and is great for "getting your foot in the front door." The latter uses a special protocol and contains files with passwords and telephone numbers to other UNIX systems! The most powerful account is the root account which belongs to the "super user"; it can also be accessed via the su command as mentioned.
The best part about UNIX is that it is set up so that anyone can view anyone else's files. For example, the lowest user in the UNIX hierarchy can usually type cat /etc/passwd and the contents of password file is dumped with the passwords encrypted. As mentioned, this is good for looking for accounts without passwords and finding out usernames. Also, the passwords are encrypted using a modified version of the DES encryption algorithm. It is possible, if you know the key (yes, there is a rather simple default [use your imagination] and we all know about defaults...), to use the crypt command to decrypt the passwords. Also, there is massive documentation online along with the source code for all the commands! Also, UNIX is programmed in C, which is an awesome programming language; knowing C is a prerequisite for any serious UNIX hacker. If you know C and have the right accounts, you can easily modify the system to your liking. Another plus for hackers is that all I/O is treated as files which opens up a Pandora's box of fun for hackers.
There are literally hundreds of holes in UNIX for the hacker. I cannot possibly discuss them all here but I am planning on writing an article, "UNIX for Hackers," in the near (?) future.
Granted, though, UNIX can be semi-secure but most UNIX administrators lack the intelligence to realize this.
BIOC Agent 003
Dear 2600:
What is the telephone number for the NSA?
Mikhail Gorbachev
The National Security Agency, which nobody is supposed to know about, is one of the most secretive organizations in existence. Their main phone number is 301-688-6311 but we've heard that they lurk about in 301-677 as well. When calling this number, you can ask for their public relations department or any other for that matter. By the way, for some reason which is completely beyond us, this number resides in an XY step office - one of the most primitive switching centers in existence (see page 1-25). Is this any way for an intelligence agency to operate?
Dear 2600:
MCI, Sprint, etc. must be controlled by MF tones. Any idea how they work? Phreaking opportunities?
HK
In actuality, the majority of alternate carriers aren't controlled by MF tones at all. Many utilize standard Touch-Tones. What they do is store all of the digits until the last one is entered by the subscriber. Then, the computer finds a line in the city (or area) the subscriber is calling to, gets a dial tone, and sends out the 7-digit LOCAL number. This is how they manage to have lower rates - they get to the city by microwave or satellite, etc., in other words, they avoid AT&T. On occasion, though, the alternate companies' lines in other cities get tied up. When this happens, they use leased lines from AT&T as a backup, which costs them extra and probably accounts for the occasional good connect ion you may get.
Naturally, if these companies are dialing out on local numbers, it must occasionally be possible for someone to dial INTO those same numbers. What happens then? Sometimes nothing at all. Other times you may actually hear conversations. Anything's possible. One way to find out what a company's local number in a particular city is to dial the ANAC number for that city after the local area code. New York City's ANAC is 958. (Dial 958 in New York and your phone number is read to you.) On a long-distance carrier, you may be able to dial 212-958-XXXX and have a number read.
Most systems are trained to hang up at the sound of 2600 Hz. Sometimes, though, it will drop to a dial tone in whatever city you called. Touch-Tones can be used on the distant dial tone, but most phreaks only make "local" 7-digit calls, since they'll never show up on a bill.
Only one long-distance service we know of responds to MF tones and that's ITT. They use a special sequence of these tones in a way that's different from AT&T. We haven't figured it out yet.
Dear 2600:
Re: October 1984 article in 2600 on switching centers: AT&T has changed the way it routes calls.
Without telling anyone, AT&T shifted from hierarchical routing to non-hierarchical routing. See paragraph 19, page 8 of a Federal Communications Commission document dated January 25. The FCC document is not specific, but apparently AT&T changed the software that controls switching.
(Note to all hackers: Have you noticed anything different about the switching of AT&T calls? Let us know.)
Apparently the FCC approves of the new AT&T routing scheme although Albert Halprin, chief, FCC Common Carrier Bureau, is miffed that he was not told of the plans to change ahead of time. If AT&T had told Helprin, a lawyer, he might have filed a 100 page order to AT&T that was impossible to understand let alone comply with. AT&T executives apparently decided that discretion was the better part of valor. That the system was unlikely to crash if the change was made. That the less Halprin knows about the network the better off everyone will be.
Hunter Alexander
P.S. Implications of non-hierarchical switching: Does it reflect the new power of the microcomputer and the competitors of AT&T? Does it show a new egalitarianism has come to what used to be called the telephone company?
If you want to read up on the old way of switching with five levels of hierarchy, get Notes on the Network, AT&T, Network Planning Division, Fundamental Planning Section, 1980.
We're happy you found out about this. We'll see if we can figure out what the ramifications will he.