hcliff@wybbs.mi.org (Cliff Helsel) (05/15/91)
This may be of interest to persons living in an apartment complex. Last month I opened my phone bill and found a new amount due of over 300 dollars. The calls that contributed to this large amount were mainly calls to 900 numbers. I believe there were eight or so calls at 35 dollars a crack. The first thing I did was to contact the apartment complex manager and find out whether I had any type of service performed on the dates (span of two days) that the calls were made. No service had been performed so that pretty much ruled out a dishonest service person. I contacted the phone companies (local, AT&T, Sprint, MCI) and had them remove the calls from my bill. They agreed to do this as long as I put 900 blocker on my phone. I guess what happened was that a person was going around to the back of the apartment buildings and tapping into the "boxes" that had all the wiring for the apartment phones and placing calls to 900 numbers. I can just picture some guy in a trench coat holding a telephone with alligator clips :-) anyway, I just thought it was interesting. Cliff Helsle hcliff@wybbs.mi.org or hcliff@wybbs.UUCP
Ed_Greenberg@3mail.3com.com (05/16/91)
Cliff Helsel <hcliff@wybbs.mi.org> writes about finding lots of 900 number calls on his bill, and speculates about a "guy in a trench coat holding a telephone with alligator clips :-) " Actually, it's easier than that, due to the pleasure of multiple wiring. If you take off the wall box in your apartment, you'll probably find a whole rats nest of wires that go through the box, and on to the next apartment. Two of those wires carry your phone line. The others carry the phone lines of other apartments in the building, probably those above and below you. It's not hard for somebody to open the box and explore the other pairs looking for dial tone. If you live in an area with an accessable ANI readback number, that person can identify the numbers and can probably discover which one belongs to which apartment. The miscreant can either choose a line at random and dial away, or take the precaution of verifying that you are not home before treating himself to phone calls at your expense. Note that your neighbor can listen to your phone calls as well. All lineman's test sets have a talk/monitor switch, and any phone can be made to do this as well, by putting a .047 mfd capacitor in series with one side of the line going to the set. The most frustrating thing is that I can't think of a single thing to do about it. Watch your phone bill carefully. edg
Bob Frankston <Bob_Frankston%Slate_Corporation@mcimail.com> (05/16/91)
If I understand your message, someone stole service by using your line. In order for you to get the charges removed, you must agree to be unable to ever use a 900 number yourself. Doesn't sound right. If telco's are to play the role of verification, authorization and billing agent for various services, they've got to take some responsibility for providing access to the service. After all, there are even some useful 900 services. Rather than blanket call blocking, some capability for password (PIN?) protection would make more sense. On the related topic of pager bombs (the problem of people leaving 540 numbers on pagers), one writer suggested that one should never dial a number without first calling the operator to ask the rate. I guess in a totally paranoid world, one should never take any action without proper precautions. Who knows which package contains a bomb, which diskette contains a virus (passively inserting it into a Mac will cause it to run so you can't even examine it with normal means) or even which car will suddenly start from a red light and run you down?. There must be a tradeoff between normal precautions and paranoia. I should be able to make the presumption of safety for normal activities. I do lock my doors as a matter of course, but having to verify the billing for each phone number on my pager seems to be going too far. Back to 900 numbers. They are very, very convenient (which is the whole point) and rely on the heuristic of using physical possession of a phone (line) to establish identify and authorization. This is a good first cut but rather crude. Some services do have 800 number counterparts which allow for credit cards as an alternative form of payment (at a surcharge and I'll pretend that credit cards over the telephone are safe). It would be nice if 900 numbers were viewed as a macro for a service selection, authorization and billing mechanism so that the components can be provided independently. For example, a dialing prefix to allow for credit card payments for 900 numbers (0-900??) and the option to increase the authorization/verification requirements. Yes, I know that trying to do this "right" would have probably resulted in the services not being offered at all, but that doesn't mean that one should omit the later design refinement cycles.
drmath@iuvax.cs.indiana.edu> (05/17/91)
hcliff@wybbs.mi.org (Cliff Helsel) writes: > This may be of interest to persons living in an apartment complex. > Last month I opened my phone bill and found a new amount due of over > 300 dollars. The calls that contributed to this large amount were > mainly calls to 900 numbers. I believe there were eight or so calls > at 35 dollars a crack. > I guess what happened was that a person was going around to the back > of the apartment buildings and tapping into the "boxes" that had all > the wiring for the apartment phones and placing calls to 900 numbers. > I can just picture some guy in a trench coat holding a telephone with > alligator clips :-) anyway, I just thought it was interesting. Depending on the wiring in your building (I've seen a few), it's also possible that your pair is accessible from the apartment next door, as well as from the apartments above/below yours and your neighbor's. In this case, no trench coat is needed. :)
jamesd@uunet.uu.net> (05/19/91)
In article <telecom11.364.8@eecs.nwu.edu> Bob_Frankston%Slate_ Corporation@mcimail.com (Bob Frankston) writes: > are even some useful 900 services. Rather than blanket call blocking, > some capability for password (PIN?) protection would make more sense. Given the "personal 800" service, where the last four digits actually signal where the call should go, this seems like something that does make sense. As you say, there are 900 numbers that are actually useful, and should the industry get the reforms it needs, there might be more useful numbers. Right now I would think that the costs of running a 900 service would be high: the phone company has to charge a high fee to cover the administration costs of handling all the chargebacks from angry consumers. Given more reasonable terms, there should be fewer chargebacks and problems, meaning that there should be lower transaction fees to the 900 vendor. Given enough time, the fundamental usefulness of the 900 (it's a lot cheaper to have the caller punch in the 10 digits plus a four-digit PIN than it is to have a person answer the call) might overcome the nasty repuation 900 numbers have gotten. I tend to regard any 900 number, and any institution associated with that number, as somewhat suspect. Voice: +1 503 646-8257 FAX: +1 503 248-6320 jamesd@pdaxcess.techbook.com Public Access UNIX site: +1 503 644-8135 1200/2400, N81