donn@utah-cs.UUCP (Donn Seeley) (06/06/85)
[My apologies if the subject of this note seems to be out of the range of net.dcom, but that group appears to be the closest thing to a telecommunications group on the net outside of AT&T... I'm also going to send this to the 'telecom' ARPA mailing list.] I have a friend (who shall remain nameless, for reasons that will become obvious below) who has been subjected to some very sophisticated telephone harrassment. He doesn't have net access and has asked me to try to use some of the immense combined experience of the net to help him get to the bottom of his problems. My friend has a son of high school age who likes to play with computers. The family has an Apple computer and a modem at home, and the son uses it to dial in to various bboards in the area of his suburban home in California. It seems that one day the son attempted to bluff his way onto a phone phreak bboard. This was a mistake -- the boy was in way over his head, and when the bboard operators learned this, they decided to teach him a lesson. My friend's long distance access code very rapidly propagated around the state and some ridiculous charges began appearing on his monthly bills. At the same time he began receiving harrassing phone calls -- the phone would ring during dinner or in the middle of the night, and when someone answered it, no one would be on the other end. After a couple months of this, my friend asked Pac Tel to trace the harrassing phone calls. The nature of the calls changed; perhaps the son bragged about it to classmates or acquaintances on bboards, but the bad guys heard about it and the callers began to say things. They said that they would vandalize my friend's property and that they would assault his son, and eventually they began making death threats. Pac Tel stalled on the traces; in the end they said that they couldn't release the information that they had gathered because regulations required that at least three of the calls had to originate from the same number, and somehow this was not the case. My friend was puzzled about the rule, but he was even more puzzled about the fact that the calls seemed to come from different numbers... He and his family began to get rather nervous, although the violence remained verbal. My friend decided to do some investigating of his own and called up some of the numbers that appeared on his long distance bill. Many of them turned out to be recordings of various kinds, such as 'dial-a-porn'; a few of them turned out to be homes with teenagers, and the latter readily admitted that they had been given the access code and told to 'get this guy', and to spread the number far and wide. Since it was clear that the original perpetrators could not be traced through the long distance company, my friend changed his access code and managed to convince the company to forgive the bogus charges. Following this move the problems with long distance went away. At about this time the harrassing phone calls stopped too. My friend isn't sure whether this was a result of the bad guys hearing about his investigation through the grapevine, or whether Pac Tel was getting warm, but he was grateful regardless. Unfortunately this wasn't the end of his problem. When he got his phone bill at the end of the month, he discovered that he was being charged for hundreds of dollars worth of bogus toll calls through Pac Tel, all made in his local area code. Apparently all of the many numbers called were recordings, so there was no one on the other end who could be asked about the calls. Pac Tel said that the calls originated from his residential phone, but it was quite clear that no one in the household could possibly be doing it. The family kept logs of where all its members were for periods of weeks at a time, and these showed that the calls were being made when the house was empty, or when the family was eating dinner and so on. Peculiarly, some of the numbers were called as many as 8 times in a single minute, which suggested that the caller was using an auto-dialer (my friend does not own one) and that the calls were being made to accumulate charges rather than to listen to the recordings. On the basis of this evidence Pac Tel traced the house's local loop, but could find no indication that it had been compromised in any way. Pac Tel now steadfastly maintains that there is no other way of making a call appear to originate from the residence's phone. After several months of wrangling, Pac Tel sent its own investigator to look at the case. After one phone call to my friend and three days of 'investigation', Pac Tel's man announced that my friend's son was responsible for all the calls, and that my friend was liable for the thousands of dollars worth of bogus calls that had been made over the previous eight months. My friend, at his wits' end, tried contacting the FBI. They heard him out and told him that because none of the bogus calls at any stage of the case had crossed state lines, they had no jurisdiction. (My friend's heart sank when he realized that that the bad guys must have thought of this in advance...) The FBI suggested that my friend call the PUC. This turned out to be a joke -- my friend couldn't even get past the secretary. My poor friend is now at the stage of hiring a lawyer and preparing for the inevitable... Meanwhile the bogus calls continue, taunting him. My friend and I can use any information you might have on how a stunt like this could be perpetrated -- how can you make calls appear to come from another number? We don't need or want precise details on how to beat the system; we just need enough to convince Pac Tel (or (sigh) a judge) that there is an alternative explanation for the calls... Any help you can give would be deeply appreciated, Donn Seeley University of Utah CS Dept donn@utah-cs.arpa 40 46' 6"N 111 50' 34"W (801) 581-5668 decvax!utah-cs!donn PS -- If you have something you'd prefer to communicate in person, and you'll be attending the Usenix conference, by all means contact me there.
earlw@pesnta.UUCP (Earl Wallace ) (06/07/85)
If someone is using your telephone number to make calls, sounds like you have a illegal connection on your line somewhere. With telephone poles and underground cables so easy to access, it should be fairly easy for someone to splice into your line.
10880733@sdcc3.UUCP (10880733) (06/08/85)
I used to live across the street from a friend that happens to run a BBS system. I had to maintain the system for him. (He wasn't a real computer "type.") As a result of maintainance, I would come across a few of his friends. All of them at least one time or another have broken into many Pacific Bell/Tel control systems. (Cosmos rings a bell here...) His friends could be considered phone "phreaks" who, given a computer, a modem with a D/A converter and BASIC could call the Kremlin and have it billed to Sen. Joe McCarthy (yes, I know he's dead, that wouldn't stop the phone phreaks.) (I have done my best to curtail this activity in my area, but is still exists...) --- The following is a reply to something that really seems tooooo common in the "secret world" of the phone "phreaks" --- In article <3368@utah-cs.UUCP> donn@utah-cs.UUCP (Donn Seeley) writes: > My friend decided to do some investigating of his own and called up > some of the numbers that appeared on his long distance bill. Many of > them turned out to be recordings of various kinds, such as 'dial-a-porn'; Very common for phreaks. (Seriously...) > a few of them turned out to be homes with teenagers, and the latter > readily admitted that they had been given the access code and told to > 'get this guy', and to spread the number far and wide. I have seen this done. On many bulletin boards, the system operator (SYSOP) just has to say the word, and he can have an access code distributed to the ends of the earth in a day. I sometimes think the BBS "human-network" is faster than "uucp". > When he got his phone bill at the end of the > month, he discovered that he was being charged for hundreds of dollars > worth of bogus toll calls through Pac Tel, all made in his local area > code. ---------------------------/ /--------------------------------------- > Pac Tel said that the calls originated from his residential phone, but > it was quite clear that no one in the household could possibly be doing > it. The family kept logs of where all its members were for periods of > weeks at a time, and these showed that the calls were being made when > the house was empty, or when the family was eating dinner and so on. Sounds like someone is playing with the local distribution box When I was attending Jr. High, a Pacific Telephone employee was tracing a problem at our local "light green" distribution box on my corner. I (being the abnoxiously curious type) just started asking him questions. What I learned that afternoon, well, I could have terrorized the neighborhood. > Pac Tel traced the house's local loop, but could > find no indication that it had been compromised in any way. Pac Tel > now steadfastly maintains that there is no other way of making a call > appear to originate from the residence's phone. Yeah, what else would you expect them to say? :-) Sure it's possible to do the things that are happening... .... Probably about 5 or 6 different ways. 1) Patch into the local line. (Which if done correctly can't be detected.) 2) Contact the local Pac Tel computer and "fake the calls" through the billing system 3) Find an information or TSPS (dial "0" operator) operator in an area that has not switched over to the "Electronic Switching System (ESS) and send the appropriate magic tones over the line to disconnect the operator, and make any call they wish billed to any other phone they wish (as an operator would.) (The tones are simple, but for the phone companies sake, won't be listed here.) 4) Get to know a TSPS operator, a phone phone company "techie" or anybody inside the phone company. This will help to no end on information gathering. (What test numbers do what, etc...) 5) Use those "Special field service" numbers that Telco employees use in the field repairing lines. They aren't very hard to break (after all, who is doing the repairing? Einstein?) Using these methods, I have seen these 12 year-olds make 20 person conference calls through Montreal, Canada. I have heard of countless "infiltrations" of the AT&T Long Distance Net. (To the point, where they could actually re-reroute calls, break-in on lines, become INWARD, OUTWARD, TSPS, RATE AND ROUTE, or INFORMATION operators themselves.) What can be done on the AT&T net is nothing short of amazing. > After several months > of wrangling, Pac Tel sent its own investigator to look at the case. > After one phone call to my friend and three days of 'investigation', > Pac Tel's man announced that my friend's son was responsible for all > the calls, and that my friend was liable for the thousands of dollars > worth of bogus calls that had been made over the previous eight months. > FIGHT IT! Have the phone company put (probably one of their favorite pieces of equipment) a line recorder on the line. It records when the calls were made, what numbers were dialed, what special tones were sent, etc. If no calls are recorded but still appear on the bill, something is ABSOLUTELY WRONG. ----------------- Have the phone company disconnect the line in question from the house only, and give the family a new line and number. That way, the telco can't accuse the house occupants of calling. (Most houses are pre-wired and capable of three separate lines.) > The FBI suggested that my friend call > the PUC. This turned out to be a joke -- my friend couldn't even get > past the secretary. Sounds like the PUC. > Any help you can give would be deeply appreciated, > > Donn Seeley University of Utah CS Dept donn@utah-cs.arpa > 40 46' 6"N 111 50' 34"W (801) 581-5668 decvax!utah-cs!donn -------------------------------------------------------------------------- Perhaps what shocks me the most, is the fact the all the information needed to do just about anyghing you want is available within a five mile radius. Further, it is privately "published" by certain people. Even worse, programs that use modems to emulate a TSPS operator's console exist, and work well. Do you own an Apple ][ with a Novation Apple Cat? If so, you too can be come a phone company operator. (The modem has an 8-Bit D/A converter on board to tone dial and emit the special tones.) I hope this helped some. -Jim Hayes, UC San Diego.