HDLM L!D M!

^h
IBCtc8SIBg!j h8tG!O DBG, Du! hcrc'soncnFars(sdcways)
hHADt UAYh^ MlAD
AD N1AHYNA^hh
WL' U 1H!
LNUYO1HAYHONLHO1O5 1O: 200 IAYIHO^5,
OBOX,1UULL1LANU,NY1153.H1HHY!!
000 (ISSN 0749-3851) is published quarterly b 2600 Enterprises Inc., 7 Strong's
Lane, Setauket, NY 11733. Second class postage permit paid at Setauket, Am York.
Lb1%b1 Send address changes b
260, .L. Box 752, Middle Island, NY 11953-0752.
Copyright (c) 1990, 260 Enterprises, Inc.
Yearly subscription: U.S. ad Canada --$18 individua, $45 corporat (U.S. funds).
Overseas -- $30 individual, $65 corprate.
Back issues available for 1984, 1985, 1986, 1987, 1988, 1989
at $25 pr year, S30pr year overseas.
bb bbL1L LLbLL 1L'
2600 Subscription Dept., .L. Box 752, Middle Island, NY 11953-0752.
tL11b 1L b%bbL?b, Y L'
2600 Editorial Dept., .L. Box 99, Middle Island, NY 11953-099.
"11Y!Hb bb 26(well.sf.ca.us.
000 Lc 0c b0-b-0,0J0 t7 106' b10-b1-Z0
Autumn 190 260 Magazine Page J
DyJ8k0 "h0n8k0`
You've probably either heard of it, seen it in
th media, o maybe you even own one o thoe
little "buggers" . There's been a lot of talk,
fighting, and discussions in court over the
Caller*IO box. Currently existing only in New
Jersey, this device is basically a tracer. And,
yes, i is legally available to the public.
In case you aren't aware of such a hacer's
dream, let me fill you in on the details. The
devic itself is a small stand-alone unit, about
6"x4" weighing about 8-10 ounces, with a 32-
characer 5x8 pixels), ||uc display and a few
buttons on the front. In size it resembles a
simple desktop calculator from a couple of
decades ago. It can run on a 9-volt or AIC
adapter and has 2 H-11jacs on the bac, bth
identical, for atachment to wall and phon.
Caller*ID is offered along with many other
"sister" serices that I will explain later. Because
of the A T& T divestiture a few years bac, the
loal companies aren't authorized to sell the
device itself but can oly offer the serice (at a
cst o $Z1for installation and a whopping $6.50
a month) to its customers. The box can be
ordered from a few different distributors for
anywhere btween $60 and $300.
Let's say you purchased a Caller*ID (known
as "ICLlD" in the industry, which is an acronym
fo Incoming Call Line Identification Device) and
hooed it up to your phone. This is how it would
work: After your phone rings once, you'll see
some informatio flash on the litle LCD display.
Models vary, but you'll definitely see the cller's
phone number and current time and date. Most
models store the numbers in memory for recall
at any time. So, if you're no around to answer
th call, you can b sure that anywhere from 14
to 70 numbers wi l l be saved for your
convenience. (It's great to be able to come
home and see X numbr of messages on your
answering machine and see X+4 callers on your
ICLID. With a litle matching up, you can figure
out who didn't leave a message. )
Of course, there are drawbacs to our little
"mirror box". What are the limitations to its
tracing ability? Rrst of all, it won't work wihut
the local company providing the seric. Only
after the first ring does the information come
CALLER l.
storming down the line to be decoed by your
little friend. (I have two lines in my house, and
sometimes there's a bit of crosstalk between
them. When the phoe rings, if I listen crefully
enough I can actually hear the coded ICLID
information being sent.) Also, only areas that
offer this servic (and other "CLASS" Calling
Services) to their customers will be traceable
areas. Bu this area is growing.
If someone calls from out Ostate or from the
boonies a message like "Out of Area" will be
displayed instead of the numbr. That's the real
bummer. But, all of the latest model s of
Caller*IO devices are area-code compatible and
show your area code where other NPAs will be
in the near future. Many states have ben slow
to pick up the technology mainly because of
"With the publc being
ofered these services,
imagine what business
customers, or even
SprintMC/IAT& Tare
being ofered?"
political and legal reasons. Many privacy issues
have been suggested and debated over, but we
won't go into those here. As I understand it, New
Jersey Bell contends that if a person has your
number and calls you, you should have their
number as well; when a connection is made,
both ends should know who they're talking to.
So, hopfully other states will get their asses in
gear.
The option to blok paricular calls is being
juggled around, too. Telephone companies are
thinking of offering a service whereby the
customer would dial a couple o digits before the
7-digit number and the receiver would get an
"Out of Area", or similar, message on their ICLIO
display. This would definitely suck, unless you
are the caller . But, this service is already
available now thanks to a small loophole. I'll
Page 4 2600 Maazne Autmn 1990
THEFACTS
explain later.
New Jersey Bell stared CLASS Calling
Serices around Decmber o 197. They were
t est marketed in Hudson County unti l
December, 1988 and then began to spread.
Other serices include Priority'Call, Call'Bloc
(a personal favori te), Repeat'Cal l ,
Sel ect'Forward, Return'Call, Call'Trace,
Tone'Block, and others. Many of these are
based upon the instant tracing ability of CLASS.
Priority'Call will send you a distinctively
dHferent sounding ring when crain people call
you. You program a "queue" of phone numbrs
that when called from, will sound dHferent than
the standard phone ringing.
Call'Block is lots of fun. Again, you can
program a queue of people into your phone
(really, the phone company's computer). When
they cll your line, they get a recorded message
along the lines of, "I'm sorry. The pary you have
reached is not accepti ng calls from your
telephone numbr." Nice and rude.
Call'Trace is a service that is available to
everyone on a pay-per-trace basis. If you
recive a prank, etc., you hang up, pic up, and
immediately dial '57. A recording lets you know
if the trace was good or bad, and you get
charged $1.00 accordingly. Unfortunately you
have to call the phone company to get the
phone number. This service is for serious
complaining and is meant for people who get
pranked a lo and want to file charges.
All of the above features can be generally
repl aced with an ICLID. As a substitute for
Call'Bloc I can simply not answer the phone H I
don't want to speak to someone, sinc my ICLID
lets me know who it is. Of course, that pre
recorded message adds a nice touch.
Call'Trace is pretty much useless with ICLID
unless you want to bring in the gestapo. But,
then again, Call*Trace is open for anyone to use
and isnl ordered monthly like the oher serics.
A woman from New Jersey Bell told me,
though, some technical legalities regarding
Cali*Trace and Caller'ID: If someone pranks
me, and I return their call (having read their
number from my "mirro box") and prank them in
return, they can '57 me and sue me for phon
harassment. Even though I have their numbr
on my ICLlD, if I don't '57 him bfore I cll him
bac, l get myass kiced in. So, the moral o the
story is that ICLID can' be used as evidenc of
a prank.
Select'Forward is used in connecion with
Call Forarding and simply forwards only clls
coming from numbrs that you chooe.
Repeat'Call doesn't have much to do with
identifying the caller, but will simply redial a
number until you get through, and then cll you
bac when the line is free, allowing you to use
the phone for oher reasons. Sounds O, eh?
Now you can get through to any radio station
you like, right? Wrong. It really isn't as great as i
sounds. First of all, it only "redials" for 30
minutes. Also, it really doesn't d|8/the number,
bu only checs the computer to see H the line is
free (and it checs only every 45 seconds). So,
it is pssibe, and happens to me occsinally,
that you pic up the phon when the coputer
clls you bac to inform you that the line B free,
and you find that it's busy again!)
Return'Call is made for people who jusi
make it out of the shower and to the phone a
second alter the caller hung up. Boo ho. In a
few keystroes the call is returned, and the wet,
naked person still has no idea what number
(s)he returned.
And finally, Ton'BIoc turns off Call Waiing
for individual calls. Pic up the phone, dial '70
and then the number. Voila! No interruptions.
But let's say someone calls you. You cannot
turn of your Call Waiting in this cse, unless of
course you also have 3-Way Calling. If you do,
you may switch over to the other line and '70
yourseH and you'll be fine for the. cll.
With instant tracing abiliy s
o
n to sweep th
nation, what's the nightmare? Well, basically this
hacer's dream is not only for the hacer but for
anyone who's got the csh and hapens to live
in a CLASS infested area. Wih the pulic bin
offered these serics, imagine what business
customers, or even SprinVMCVAT&T are being
offered? When ICLID capabil ities spread to
more states, LCD displays wll be showing more
an more area cdes. Eventually, long distanc
companies will integrate themselves, and for
every telephone connecio made, there will b
two numbers involved and available to each
Autumn 1990 2600 Magazne PageS
HACKERS' DREAM
end.
When I first got Caller*ID (the serice was
acually enabled on my lin bfore I recived th
box) I wanted to learn as much about it as I
could. So I played around with it and took it
apar. The model that I have (which is relatively
old, but there are more ancient ones, too) has a
main board i nsi de with some chi ps and
components on . By ribon cable is hooed to
an LCD board with LSI chips. There are two
buttons (Review and Delete) up front and a
battery clip in the back. When the 30th call
comes through, it scrolls old ones off t o make
way for the newest. (This has happened only
onc to me when I was away for an extended
weekend.) What I like abou my model is that it
will store every call separately. On many models
these days, 1 a cll comes through more than
once in a row (from the same number), the
series o calls will appear under just on entry
wh a small "RPT" indicator for "repated cll".
Personally, I like to knw that a crain person
called twice a minute for five minutes to get
ahold o me, rather than just "Repeat". But that's
a personal preference. The flip side is that the
extra clls take up spac in memory.
The mai n di stri butor for ICLIDs is Bell
Atlantic Office Supplies (800-523-0552). They
sell a few dnferent moels. Sears has also been
allowed to sell ICLlD's through AT&T (who has
yet anther cmpany making thm). Any Sears
in New Jersey will sell you one for around
$89.9. Radio Shac expcs to be ofering one
soon. That's about it for being able to order
them. Bu there are of course the manuacurers
that build these things. Sometimes you can
order them direcly ....
Currently, there are only four manuacurers
around that I know of. In Irine, CA B Sanbar,
Inc. (800-373-4122 or 714-727-1911). Sanbar
works jointly with another company called
Resdel Communications, Inc. I was able to
acquire some hel pful i nformati on through
San bar and their technical suppor. Colonial
Data Technologies is located somewhere in the
depths of Connecicut and makes most of the
ICLIDs that Bell Atlantic and SearsAT&T sell.
They aren' t too hel pful when it comes to
questions about Caller*ID, but their number is
800-622-5543. RDI in New Rochel le, NY
recently created a smaller company, CIDCO, to
produce ICLlDs, as the epytomology of the
name might suggest. (I spoke with a fellow there
named Bo Diamond. I was prety embarrassed
when, after a few conversations with him, I
curiously asked what RDI stood for and found
ou it meant "Roer Diamond, Inc.") The other
manufacurer is a major telephone equipment
suplir. Norhern Telecom has a massive set of
compexes in the southern Uned States. They
make a stand-alone ICLID as well as the only
living telephone with a Caller*ID display bui in.
h's known as the Maestro and can b ordered
through Bell Atlantic. It's a simple thing with your
basic features such as one-touch dialing, redial,
hold, mute, etc.
One thing I aspired to do with my tracr was
to try and interace it with my cmputer. If I could
just get the information on the LCD to the serial
or joyst ick port, I coul d wri t e l ots of fun
prorams. You're sleeping i n bed and the phone
rings. Unfortunately you're too tired to get up,
turn on the light, and see who's calling (actually,
CIDCO makes an ICLID with a backlit LCD
display). But you left your cmputer running and
within a few milliseconds it announces the
person's name, and a Super VGA digitized
picure flashes on the screen. Now you know
who it is.
And the imagination can run wild with things
to do with the cmputer integrated ICLlD: auto
validating BBS's, database management, and
so on. So, I clled Sanbar (the manufacurer o
mine) and talked to one of the head engineers. I
asked hi m if there was any way to l eech
information from the uni. He said that piping i
off the LCD was the best bet, but it might be
easier to build a whole ICLID from scratch. After
speaking with many peole from many different
companies, I finally worked on ouputting from
an LCD. Sanbar used a Sharp LM16255. From
Sharp (who were very friendly and helpful) I
received l i terature and speci fi cati ons.
Unforunately I didn't get to far. Apparently the
information is sent in nibbles to the LCD board
in parallel format. One must know a bit about
elctronic and parallel por communications to
wire it up.
Page 6 2600 Magazne Autmn 1990
AND NIGHTMARE
But, fortunately, now there is at least one
box available that sends the information via a
serial pr. (Ah! Such ease.) CIDCO is slling a
"business model" that sends the information at
1200,N,B,1 thrugh a serial por in the bac. The
price? $30. Too much for me. Other companies
said they will have similar items, which I expec
to be much cheaper.
As far as I know, there aren' many trics or
secrets about using your ICLID at home. When
someone calls, either you get their number or
you don't; I don't think any el ectri cal
modifications will be able to trace untraceable
numbers. I hoe I am wrong. When I first read
the instructio "manual" (leaflet is more like it) I
saw that Bell Atlantic had put a piec of tape
over a par O the page. I guess they didn't have
time to edit the paragraph out. It was in the
Phof the latest models
of Caler*ID devices
are area-code
compatible and show
your area code where
other NPAs wilbe in
the near future. "
section of the text showing all the different
messages that my box could produce. (It can
either show a) a phone number; b) "Out of
Area"; or c) a junk number with d few question
marks, indicating that there was static on the
line or the phone was picked up during the
information transmission after the first ring.)
Loking at it through the light l saw that anohr
posible message could prouce (and doesn't
anymore) was "Private No.". I thought that was
great! After speaking with New Jersey 8ell, I
four
i
d out that unlisted numbers are tracd along
with everything else! Pretty awesome; New
Jersey Bell dosn' skimp.
If you have Call Waiting, you'll hear the tone,
but unfortunately the ICLID won't trace the
number. 1needs that first ring to "wake it up", so
the phone company doesn't bther to send any
info. They tell you this in their brochures, but
they don't tell you how you can still trace the
number of the person who calls you (without
going through '57, the main office, and a law
enforcment agent). Here B hw to do : Whn
you hear your Call Waiting, tell your friend that
you'll call her bac and hang up the phone. They
will be disconneced and th phone will bgin to
ring for the person who originally cliced in. Call
Waiting leaflets tell you this will hapen, but n
on tells you what hapens next, after that first
ring. Voilal Your ICLID will light up and will
translate the data that was sent after the first
ring. You've traced a call waing!
As I mentioned earlier, the idea of a pr-call
block is being thrown around in courts and
behind telephone company doors. Suppsedly,
soon you will be able to make "Private No."
show up on your adversary's LCD display when
you call. But, it's quite possille now. If you want
to call someone and not have your number
traced, all you need is a bi t of plastic. No
"boxes" or equipment. By going through your
SprintlMCVAT&T Calling Card, the reciver will
see an "Ou of Area" message. That's what the
phone company displays when the incming call
originates through a calling card. Voila! A
blocked call. The only drawbac is that small
surcharge for using the crd.
Recntly, New Jersey Bell correced a small
computer bug that a bunch of friends and I were
having a lot O fun h. When someone clled
my house collect, the numbr Otheir pay phone
would show up, so I could reject the call and
return it, paying nothing for the connection
(assuming the pay phne was a locl cll). That
didn' last fo long, and now a collec call brings
wi th it the anonymity of an "Out of Area"
message. It was fun while lasted.
Autumn 1990 2600 Magazne Page 7
2D006W0B 8aga0D6DU0S
lHaIUDg !UI bHLLPSS:
IuPLDgPgBDSl
!D^!Z^cc0UDS
yJimAdoms, Exccutivc ccFrcsidcnt
Yhave the gretest ntwork
marketing program in America! PCI
On\y are we "the talk" of te network
marketing industry. but our pogra
has won hghprais from top US Sprint
excculivc who have recently awarded
OmrcaChngte one- mil l ionth-intc
customer mark in July. We"re poud
and excited abut this OUltnding
ach ievement. NOTHING ca kcp u
fr Om bing the bi gest . t brightest
0nd the hst ... nothing. that is. exept
anoahor|:cdaccounts.
I neO your tot commitment and
help in eliminating this problem. P
profcssion31 s and protectors of te in-
tegrity of our Qmg, you ne to
make every efor Kconquer tis 0hM-
lengc NOW!
What m0krS an
UnAuthorzed Account
An account is "unauthriz when
(he cuslomer claims not to have knowl
edge of requesting US Sprnt long dis
tance service, or claims not to have ben
informed regading the detils of re
ceiving thcsrvice. A customer may b
`un0uIhOrIZCU bcaus the customer:
tlODlremembr tlking to MR
thought he or she was getting
ONU'lhe FONCARD., when
lh0IMR signe the customer for
long distance service. to
didn't know 8 fe would b
Chmctl |C s witch from anoter
C:0ttct
was Sncd up for L5 Sptint
service by a spuSe, who UI0n`I
|cl\ Uv "clIslOmcr of record"
nbllt Ihe change
tusOmcr'ssignature vv forged
misinrormed 0Dut J free mjn
uIOS QromCtiOn
Correcting Mistakes
Neless t sy, it is extremely rae
that we find a probl em wit forged
signtures. (Signing a cutomu's nam
on a bllot i, against tM law. and
grouod]o irdialt ltrmnalion.)
Most "unauthorized acount" ocur
baus the IMR wa not cler abutt
de1its of th ballot.) When a N
follows te Ron Windham Metho of
signing customers, thre are no such
misundcrstding. (has and N-
view the Wizard of Wlm vidc,
then pratice the pror. profesiona
way of getting customers fo US Sprint)
To eliminate "unauthozd a
countin your orgaizton, we N-
ommend the following:
Be cerin the nae on te ballot
is the name the phoe U cu
rently list e undO.
Be certin te prsn signing up
for th serice understnds:
v They will reCve teir
FONCARD in approxi
mately Jdays.
v Tey will ASO have tei
long distance ser vice
chnged over K US Sprint.
v They will b. charged a
nominal M by their loal
operating company to
make Ihe change. (Some
Rs app.ar to be operat
ing under the misunder
standing that ir B person
has ALWAYS used
AT &T, there Gno charge
for the customer's nrst
ch0nge lo another long
dSl.mccarrier. TIIIS IS
AIISOLlTELY FALSE.
Over the past months,
I'H' ne\er had 8 sngle
QrrSon cvrr changc lhcr
m:ud5 whrn told them
about the switch charge.)
Explain te rstve promo
tion in detil. If tey !let .D
I seice. tell tem that ma>
fre minute wiD @
cret in ti tird billing moth.
If tey slet Sprint Ylus,info
thm that tey'lI reive oe
mot's frelog ds (mi
mum $25 creto 0dJau
19 bill.
Te ballo must Dsigby1M
cutomr ialmp~aceq1M
lMK.
Give th new custom 0 of
the new nyers immeiately af
thy sign te US Spint !rice
request ballot Tis grt sles
tol reinform 8 the infona-
tion you told the customer bfore
tey signed th bllo. (i nycr
is a rinforement 0 wht yo
have sd. LNOT mt nyer
in place qtlling m cu
this infonaton.)
Networ 200ma fMls sys
tem fo disverng unautho
ized acount. A toll-fre num-
bis supplie on mback 0Ml
US Sprit bill.. Usng ms
numb,the cutoe NmmUS
Sprint that th ey dd nOaitoz
t seie. US Sprint the no
fes N2K of the sitton. And
baus we have N0m 0Ml
IMs and tir customer. we
a able kpinpinl 0N0
t prblem.
BhatHappensyYeu
Createan0nauthered
Account?
As you know, we a now tking
unauthori7ed acount. And we a
requiring % who incur t a
cont t make an explanation. When
unaut hrized acount a found Kb
th resul t of m nglect or miscon
duct. disiplinary action (whIch cold
inlude suspnsion or teninton MN
IM) is manr1tory.
Agmn, congatulate your profes
sionlism. Unauthorzed ocounlaea
threat toour program,we must al work
to guranle they do not ocur. Which
is why ga:nI ytat as prottor or
th integrty 0lour 0mprgm. u
mklmoemc!
Yc'Vc gI10lc0 Sl0I1cS10l0c gBSl BD00l clW0IX M S1g010g 0g gc0gc 0I bgI10l'S
00g 01SlB0c MIV1c W1l000l l0c 0Sl0mcI'S 00M0l. 01S gBgc I0mB cIW0IX
0cWScllcI S00WS l0Bl l0c BIc VcI BWBIc 0 l0c gI0Dcm.
Page 8 2600 Magazne Autumn 1990
NceTeIephone Company
October J, I
Dear Lng Island Customer:
LABL&WIRELE88
LOMMUNICAIION8,NC.
99msh
V|e a,V|rgaZZIdZ
1l1M0
We dee
p
ly regret any inconvenience caused when your long distance serice was
interrupted on Monday, October 2. Although we cannot re
p
lace the calling time
your business lost that day, we want to com
p
ensate you for your trouble. Therefore:
On Monday, November 5, 0,between the hours of9:0 a.m. and Z:00
noon, %oryour longdlstancecallsmll mSOLULYFKEE. Tat
includes instate, interstate, international, 80 andtravclcall8 cveQhng|
Again, we a
p
ologize for your inconvenience and a
pp
reciate your
p
atience. Thank
you for being a valued Cable & Wireless customer.
Sincerely,
.
Charles J. Gibne
y
Senior Vice PreSident
for Marketing and Sales
Almost nobody heard about this incident.
We weren't even aware of a service
disruption! I course. we didn't get this
letter until the 6th. but it's the thought that
counts. right1
_..
NaTeIephone Company
cea-
I!unk you for ao1yi:q tot lrv n11 0ni-s1 |rd.
He reqro1 1I1 W 1 urou1+ +n or1 `/1IA!` t<1 e1 tl1 t1no bcevse
0uR 6RF01T |I1S10PY IJ|I UL5 0IR0Ch11PY |AYHfh1 h131UKY
"- H:I| sa`m:ttsc+ts
I|1s 11ormaon WWW prov1rl b9l
1RN CPf0TT 0ATA
J^^5 l? hTI F0 3TF 375
fRH1u010h |T11S N1 n891
J155538440
1 you f tlc !nforn 1JfT 1(vcorecI+ \ M yov to con1a1 1ho creI1
hurenu to resoIv 1he <~ +d rr1y fr |:n 41T 0n1vetnn1 Ca::d.
0! fMMT4 11 \ MTW en b&T fn11!1q IaxI |c1Jr V^u con1ne to MW
you 181 C111np Crd- F1n:o he a<su*J lra4 ^18! vaIues your con1Iued
|1nesn.
I1 )O me M nuee1ons. (1a ca11 %M |o11: /t:- e! f0976?5l?Z
be1woen 1he hours c1 8+90 . . nd l199 T f11, Nondoy 1hrouqn
Ir1daV
3ier+IV
|1 un
Crod1 8e1e11onsh1o
In other words. we value your business.
but no way are we going to trust you.
Autumn 1990 2600 Magae Page 9
BD OItV BW WIR
byr.W|II|ams
Reently, I had te pleure of posing questions
to Dr. Dorothy Denning. Dr. Denning has been
visible lately to te haker communty.
She participated with Sheldon Zenner in the
defense of Craig Neidorf, and has written a papr,
"Concering Hackers Who Break Into Computer
Systems". Te paper was preented at a conference in
Washington D.C., where she also moderated a pael
"Hackers: Who are They?", in which Emmanuel
Goldstein, Craig Neidorf, Sheldon Zenner, Frank
Drake, Katie Hafer, ad Gordon Meyer paricipated.
Dr. Dorothy Denning is well known in the
computer security community as author of
"Cryptography and Data Security" and numerous
research papers. She is past President of the
Interational Association for Cryptologic Researh
ad works in Palo Alto.
1u interview was conducted via e-mail over a
two-month period.
Many members of the Computer Underground
communit believe there is a witch hunt afoot against
hackers. Buck BloomBecker relates in his book,
"Spectacular Comuter Crimes" how Kevin Mitnick
was harshly prosecuted by oficial out to "get the
little shit." Opertion Sun Devil utilized the efort i
over 1 50 agents, seizing equipment in 26 location.
but making only 9 arrests. 7 of those computer
relaed.
Finally, even though the prosecutor in Craig
Neidors trail is to be comended for dropping all
charges instead of handing the matter over to the
jur, the fact the tral wa started and later dropped
lead one to believe the too were caught up in the
witch hunt mentalit before seeing the light. More
examples exist. Do you think hackers are being
persecuted b law enorcement fueled on b fear and
ignorance, or are Computer Underground mmers
not looking pat their own bia to accuratel judge
the curent state ofafairs?
Lt me begi by saying that I a not speaking on
behalf of my compay.
When I frst herd the "with hunt" analogy, it
seeed to mae sene.
Most computer crme i comitted by iide,
and it seemed like law enforcement was over
reacting to te actual theat pse by haker.
But as I've dug into some of the cases furer
and talked with people in law enforcement and
industry, I've seen tat some of the reprs foatg
around in the computer underground were
exaggerated, misleadig, ad faied to tel te wole
story. Some compaie have suffee lage fial
losse beause of haker.
So, the bottom line is that I do not agree that
there is a with hunt, but I ca se how people could
see it that way. It is true there are more serious
problems in tis coutry tha that caused by haker,
but this does not mean the damages caused by
haker should be ignored.
Crai g Neidorf s trial raises a plethora of
question. At the heart of the issue is why wa the
trial ever started in the frst place.
Even to the casual obse rver familiar with
Phrack, both sets of indictments appeared to be
baed mre on inerence than fact. The proscutor's
stongest card wa showing the LODIH wa a band
ofrogue hackers and that Phrack and Craig Neidor
were associated with them, which implies weak
evidence on the prosecutor's part. One cannot help
but get the feeling Bell South and the Secret Serice
were puhing hard for this trial - one could suggest
puhing pat the point of seeking jutice. Bell South
wa embarased b the publication ofits E911 text
document in Phrack and had hidden damaging
evidence from the prosecutor. The Secret Service,
after expending the eforts of over 1 50 agents in
Operation Sun Devil and c laiming a national
crackdown on hackers, but making only nine arrest,
seemed to be graping at straws and interested in
saving a lillie face. It is no secret mny dsapproved
of Ph rack' s content: bomb recipes , password
crackers, hackng tips, lock picking suggestion, etc.
The philosophizing could go on and on as more
points are considered. Why did you think Craig
Neidor wa reall prosecuted?
I blieve that te goverent prosecuted Neidorf
beause tey tought he had broken te law. I believe
tat tey acepted, prhaps witout questionig, Bell
South's claim tat the E911 document was highly
sensitive and proprietary ad tat a hacke could use
it to dirpt 911 service.
What was your motivation to be involved in
Craig Neidrs trail?
I blieved he had not broke the law ad that I
could help with his defense. I was also concered
tat a wrongful conviction -a distint possibility in
Pae 10 2600 Magazne Autmn 1990
OOtOID OBDD H@
a highly technical trial - could have a negative
impact on freedom of the press for electronic
publications.
Many people feel the government wa looking
for the first opportunity to send a message that
Phrack was not an acceptable publication. Do you
speculate this is why the government accepted Bel
South's claim without questioning?
While it may be true that the government
disapproved of Phrack, I know of no evidence that
suggest this wa a reason for prosecuting.
I speculate that the government just never
considered the possibility that the inforation they
got fom Bell South could be wrong and not hold up
in cout. I hope that i the future tey will consult
wit disinterested expert before deciding whether to
pursue a indictment.
Many articles in CU Digest and elewhere have
been critical of current laws governing hackers,
viruses, computer usage, information concerning
hacking and computer weaknesses. and fraud
asociated with computers on several ground. Some
laws have been shaped and enacted in c,"sis more b
fear and misunderstanding than truth and good
sense. Other laws dangerously erode our civil right,
fail k asign responsibilit to computer owners to
protect data, dish out harsher penalties to computer
crimes over comparative cri mes, do not give
electronic media the same rights and privileges of
printed media, have been motivated more b politics
than protections, and in short, are jut plain stupid,
archaic, andfrightening.
What is your opinion of the general worthiness
of current laws governing hackers, viruses, computer
usage , inf ormat ion concerning hack ing and
computer weaknesses, and fraud associat ed with
computers?
I M not aware of any computer crie laws that
erode civil ngIl 0 fail to give electonic media the
same rights and privileges of printed media. Also,
there are none that I assess as stupid, archaic, or
fghtening. Wile may laws may be initiated by a
crisis, they generally undergo extensive review,
someties over a period of several year, before they
are adopted. Overall, I'd say the laws ae pretty good.
As defciencies are discovered, they get amended ad
new laws added.
Current laws may provide a means of asigning
responsibility to computer owers to protect data. I
expect that an individual or compay could sue an
owner for failing to protect iration about them,
or failing to provide a promised service because
negligent seurity pratices allowed an unautorzed
break-in. Neverteless, I believe it is wortwhile to
consider adopting a law where unauthorized entry
into a system is at most a misdemeanor if certain
standards are not followed and the damage to
inforation on the system is not high. Te difculty
is that it may be very hard to set appropriate
standards and to determine wheter a orgaization
ha adhered to them. Curently, it take several year
to evaluate a product acording to the Depament of
Defense Trusted Computer System Evaluation
Criteria.
For te most pat, the pnalties given to persons
convicted of computer crimes have seemed
reasonable. Although it can be frightening to see
someone such as Neidorf facing 5years in prison, it
is fantasy to believe that a judge would assign
aythig even close to that. Most judges are fair and
reasonable; this is why they are trusted with that
position. If they assign a penalty that is unfair, public
outage will force them to reduce it. Still, it would be
worthwhile to consider establishing a range of
offenses with diferent penalties.
Information concerning hacking and computer
fraud is sparse and often misleading. This is a
consequence of the fact that the atual evidence in a
case canot be fully disclosed util te cae comes to
tial.
m addition, cmpanies do not talk about hacker
icidents since doing so is perceived to be harful to
business.
Informat ion about computer weaknesses is
widel y disseminated through conferences,
newsletters, profssional jouals, computer security
courses, the CET, ad hua networks.
Your paper , "Concerning Hackers Who Break
into Comput er Systems, " states on e of the
motivations behind hackers is a belief in the free
fow of information. Free fow of information ha
helpe d prope l us t o our current heights of
technology. Now, hackers point out the disturbing
tend of treating inforation a propert instead of
the particular wa inforation is exressed. Hackers
feel restriction of inoration will deter learning and
hurt Ihe evolutionary process of technolog. When
inoration is kept secret behind computer door, the
Autumn 1990 2600 Magaine Page 11
OOtOIHg OBHH H@
result is bad for all of us. As the way Richard
Stallman explain the statement in your paper, "I
believe that all generally useful inoration should
be free " , do you agree with that point of view?
This is a tough issue on which I have more
questions than aswers.
On the surfae it sounds complling, at least for
cerin types of inforation, and I have always tied
to operate from that principle myself by making my
reserh result public. Stalhnan's agument against
software patents and user interface copyrights are
especially convincig. Te |cpc is defmitely worh
exploring ad disussing.
But in ay case, I believe it is wrong to use m
priniple to justify going into a computer system ad
downloading information to which you are not
authorized, or to disseminate information obtaied
thusly.
One result of secured computers is secured
information. What would be your react ion i the
results ojyour research and work were applied t o
restrict the fow of inormation in a manner you
morally disagree with? Does the effect of computer
securit on the fow of inormation ever concerned
you?
Computer security per se does not restrict the
fow of inforation. People do. If I wat to restict
the fow of some information, I always have the
option of not storing it on a computer at all or storing
it on an isolated system. Indeed, these methods of
hadling sensitive data have been a common pratice
precisely because adequate security mechanisms
were not available. Te prblem with thee practice
is that they also make it more diffcult for pople
who need to have access to the information to do
their work effectively. Computer security gives
people the capability to computerize sensitive
information ad integrate it with other iformation
more eaily. T can be a big prouctivity bost. It
makes controlled sharing and distribution of
information easier. BI'm on a network tat provides
a secure cryptographic facility, ten I ca U te net
to send you a highly confidential report without
worrying about someone else reading it. By
providing mechanisms for controlled sharing,
computer security does not restrict the flow of
inforation so much as give you asurace that the
inforation will b disseminated acording to you
wishes.
Even then, the asurances are weak unless you
use mandatory policies for inforation fow, tat is,
policies based on clasification and cleaances ad a
stct rule forbidding the tansfer of information fom
one security level to a l ower one. But most
organizations oter than the military fmd mandatory
policies too restrictive, and so adopt discretionay
ones. With a disretionary policy, it is very had to
contol what happens to information once you give
ayone access to it. You have to tt that te other
people will respect your wishes. Forunately, most
people do, so the lack of assurance may not be a
pratical proble.
Since I don't want to avoid your ethical question,
let me ty to outline a scenario that I think gets at it.
Suppose that I know of some information that in my
assessment will result in harm if it is not freely
distributed, but that the person who produced the
inforation is not letting it out. Suppose furter that I
know the inforation is stored on some system with
a security mechanism that I designed, and that
without that mechanism, someone could get acess to
the information. How would I react? I have never
been in a situation like this, so it's hard for me to say
for sure what I'd do. I expet I'd go to the person
with the information to fmd out why he or she does
not wat to give the inforation out. My own view
of the world is extremely small, so there may be
some good reasons that I have not thought of
.
If I am
not satisfied with the answer ad I know what the
inforation is ad not just what it is about, I might
consider disseminating the inforation myself
.
But, I
would have to have very strong reasons for doing
this, sice the consequences to me or to other could
be serious. Another action I might take would b to
try to exert public pressure, e.g. , by going to the
media ad reprig that so-and-so is hoarding this
inforation. I might do nothing on the grounds that if
the person who produced it had not been there, we
would bno better off
.
It's been said computer crime cost everbod.
However, this statement is often said in glib without
much underlying thought . Can you explain i and
how comuter crime effect everone in to diferent
examles?
Situation 1: Ten dif erent department stores
operate in one region. One store, Store A, is the
victim of a computer crime costing a modest amount
of its profits f or the year. How then is everbody
Page 12 2600 Magazne Autmn 1990
HIBtVBW
effected, cutomers and non-cutomers? Nothing ha
happened to the nine other stores, so lie is exactly
the same for all their cutomers. Raiing prices to
make up for the los b Store A would backlah. In a
competitive environment, cutomers ofthe victimized
store would simpl buy the same item priced less at
the nine other stores, compounding Store A's losses
further. It could be argued the lost mone could have
been ued to pay bigger dividend to stockholders, be
used for charitable contributions, increased
customer services, etc. In any scenario, counter
arguments exist. Only a limited amount of people
feel the loss, such a the stockholders, not everbod.
If the lost money were to be spread around in a
manner that trly touched everone, the amount per
person would be so minute to mke its efect wholl
ignorable. Finally, there are the doubt that i Store
A had never lost the mney, it would have been ued
in a manner that efects everone in the frst place.
Situation 2: A company earns 51 . 5 million
dollars profit one year.
At the end ofthe year, a hacker break into their
computers. The total cost to clean up his damage is
0.1 million dollars. How is everbod efected? It is
not likely the company will specifically raise its
prices next year to make up the lost 0.1 million.
Instead, it will probably settle for 51.4 million
dollars profit and a ta write of.
Again, the argument could place the lost mone
being used for employee benefits, additional R&D
efforts , et c. This moves back to the counter
arguments of the last paragraph and leaves the
question, "How is everbody effected?" Clear ly,
comuter crme i s wrong. These arguments are not
made a an attemt to juti or lessen the efect of
computer crime , but made in hopes of clarifing
hard point.
In both situations, you identified the direct
financial costs to the companies involved resulting
fom the crime itself, and then analyzed how these
cost are tansferred to individuals. In both cases, the
costs that reach most idividuals seem negligible -
unless you're the employee that lost his or her job
beause of the reduced revenue.
However, the financial costs to the companies
can beven greater dpublicity about the crime leads
to loss of credibility.
When people say that computer crime costs
everybody, they are usually referring to indirect
cost. Te indirect cost include icreaed tax dollas
for law enforcement to fight computer crime, for
research and development in computer seurity, and
for goverment funded organizations such as the
National Computer Security Center and the
Computer Emergency Response Team. Indirect costs
also include expenditures by vendors to develop
secure products and by companies for security
personnel, products, and training to protect their
asets and operations. Tese costs, which may rise in
response to inreses in criminal ativity, are pased
on to customers. In your first situation, all ten
department stores may feel compelled to beef up
their security, and then raise thei pries to absorb the
costs.
Similarly, in your second situation, many
companies operating on tighter proft margins may
respond to a concer for suffering a similar loss by
making seurity enhancement and raising prices.
I should point out that I do not view the above
costs a bad, in the same way that I do not view the
cost of airport security as bad. As a result of the
latter, I can trust that the airplane I board is highly
unlikely to be hijacked or blow up from a bomb.
Similarly, if I have a secure system, I can tt it to
preserve the secrecy and integrity of valuable
information assets, and I can be confident that its
operation will not bsabotaged.
But, some people say that security places a
burden on users. Perhaps an analogy with the Tylenol
scare is appropriate. As a result of one incident, it is
now a major project just to open a bottle of vitamins!
A consequence of computer crime may be
computer surveillance. Because of the widespread
coner about brek-ins ad other fors of computer
crime, computer security specialists are developing
itrusion detection systems that will monitor systems
for break-ins and other forms of abuse. If such
systems are not carefully thought out ad used, they
could result in loss of privacy and degradation of
tst in the workplae.
How has the proliferation of workstations
changed the need ofcomputer securit?
When workstations were frst intoduced, many
people claimed they would solve the computer
security problems of time sharing systems, because
users and data would be isolated. In practice, they
have introduced at leat as many problems a tey
have solved, because nobody wants an isolated
Autumn 1990 2600 Magazine Page 13
BH DIBtV BW W IH
workstation. One challenge is to protect a
workstation from attack by untrusted users and
sofwae rnning on other systes tat are connected
to the workstation. Sun, for example, recently
announced a path for a security hole in SunView
that allowed any reote syste to read selected fles
fom a workstation rn ing SunView. Authentication
of users, workstations, and sofware is becomig a
increasingly important issue in netwdrked
environments in order to make sure that a remote
request for service comes from the person or
workstation claimed, ad to mae sure tat progras
such as login have not been replaced by Trojan
horses or containated with vises. A problem tat
arises wit a workstation placed in a publi place is
how you prevent someone from rebooting the
workstation, gaining root privileges, ad ten causing
trouble on that workstation or other systes on the
network.
Computer security scientists have developed
good comuter securit procedures. but their record
for simpl preaching the practice ofthese developed
procedures is less impressive. Toda. many computer
managers still f ail to exercise basic computer
securit defenes. Can computer securit scientists
be faulted f or failing to impale good security
precautions into computer operators, or is that
pointing the fnger at the wrong person? Everbod
plas a part is computer securty, but who is most
responible: the uer to ue baic common sense. the
operator to ue tools alread available. the vendor to
develop secure OS's, or scientist to make computers
more sec ure ?
Everybody shares the responsibility. Individuals
and organizations should look for ways to take
greater responsibility rather than for excuses to
asign it to others.
Some people in the securit indutr and sstem
administrtors I have had the pleaure of talking to
essentiall consider hackers to be gum on the bottom
ofyour shoe: They uually get in onl when securit
is weak, are more annoying than dangerou, lack the
reaon to caue har but have the ignorance to, and
jut have the potential to caue an unpleaant mess.
While this certainly isn't a glamorou analog for
hackers, would you consider it essentiall correct?
It is a nie aalogy, but it fails to tell the whole
story. Some organizations report considerable losse
from hacking and phreaking incidents. To them,
hakers ae a serious menace.
Do you think BBS's, b their nature, should be
regulated as common carriers or as primary
publications? Some have suggested regulating BBS's
similar to Ham radios and Ham operators. Do you
think this suggestion ha merit?
Computer bulletin boards have been refered to
metaphorically as electroni meeting places where
assembly of people is not constrained by time or
distance. Public boards ae also a for of electonic
publiation. It would seem, therefore, that they ae
proteted by the Constitution in the same way that
public meeting places and non-electronic
publications such a newspapers are protected. Tis,
of course, does not necessarily mean they should be
fee of all controls, just a public meetings ae not
entirely free of contol.
In comparison to the severity of other crimes,
hacking still makes relatively big h eadlines.
Hacking's novelty has worn off, so why do you
suppose it still continues to captures the press's
fancy?
Recent articles have focused more on the
constitutional issues raised by the Neidorf ad Steve
Jakson Gaes caes.
Your latest area of research concerns hackers.
What is your personal motivation or interest to stud
hackers? Can you give us your answer to the
question of your October '90 Washington D. C.
conerence, "Hackers: Who are They?"
Curiosity and a concern about the growing
number of young people committing computer
crimes that adversely affect the companies owning
the systems they attack. I'm still learning who
hackers are. Tey're all different, of course, while
sharing a discourse that is revealed in places like
260.
Te few I have talked wit extensively have been
helpful, cadid, passionately interested in techology
and leg, and ethically conscious and concered
about unethical behavior and the free flow of
information in organizations and society. I have
enjoyed taling wit them. But I would not want to
say all hackers are like the ones I've talked with.
Many hackers may be unawae or unconcered about
te adverse consequence of teir ations on others.
Hackers can be notorious for bragging and
shooting offat the mouth, in verbal and in text. Frm
your studies, would you sa this is one of the greatest
Page 14 2600 Magazne Autumn 1990
OOfOIRg OBHH H@
reaons leading to their capture and demise? I the
characteristics of hackers are homgeneou enough
to generalize, what is the typical lie cycle of a
hacker? Discover and interest in computers at
adolescence, hacker statu b high school, in college
and in trouble b 21, retired b 22?
Hakers ae caught beause they perfor a at
that someone in the company affected by the act
asesses is serious enough to investigate, ad beause
there is enough evidence to trace the act to the
haker, Cliff Stoll's book gives a good acount of
one such case. I haven't talked to enough hacker to
know the typical life cycle.
Your husband, Pet er Denni ng, is also a
computer securit scientist. Do your shared careers
ever present interesting situations at home, i. e.
stimulating dinner topics, computer religion debates,
elabortion ofproject, etc. ?
Peter is a computer scientist, but seurity is just
one of many aea he's interested in. He is by far my
biggest supporter ad biggest criti. I mea te latter
in a positive way. He goes over all of my papers ad
ofers coment ad editorial suggetions. We have
lots of interesting discussions, which often lead to
new ides ad projects.
For example, the topic of my most recent paper
on the Data Encryption Standard came up in a
conversation. We never have computer religion
debates. I showed Peter my response to this question,
ad the following dialog tok plae:
P: Wen you've been together for !8 yea, you
don't have many disagreement. You can't even tell
where the idea originate.
D: It has nothing to do with l8 years. We've
never disagreed much on computer isues.
P: I completely disagree!
It ha been predicted that pasive eavesdropping
will become the hacking of the 90' s. This seems
credible a prices in surveillance equipment have
dropped over the years. How do you think hacking
will change durng the nex decad?
Well, I don't have any special talents with a
crystal ball, but it seems that if the motivation behind
hackig uleing about and exploring systems, then
I would not expct to see many hakers engaged i
pasing eavesdroppig. Or, is the real motivation to
have fu wit techology in an illicit way? I expect
that there will always be some hacker who ty to
break though seuity mehanisms, despite te risks
ad penalties of getting caught.
Many systems will be pratically impenetrable
becaue of improveents in security, but there will
be always be systems that ae eay to penetrate. As
computer security tightens, the attaks may get more
sophisticated.
I speculate that there will be more attacks on
computers for purposes of espionage, sabotage, or
fraud. Tese attacks will be perored by organied
crime, terrorist groups, spies, and individuals out to
make a profit illegally. I have heard that orgaized
crime is already trying to enlist hakers, and some
hackers may become criminals this way.
You stated your original intent for accepting the
Sir Francis Drake interview in W. O.R. M. wa the
hope of teaching hackers somthing. Unortunatel,
the interiew did not move into that direction. What
wa it you waTled to tell hackers?
The hope was that I might say something so
elegat ad convincig that it would have the efet
of disouraging haker from breaking into systems.
Which remind me of a wonderful story by Raymond
Smullyan in "This Book Needs No Title." Called
"Another Sad Story," he describe a man who being
overcome with mystical insight, wrote voluminouly.
When he fnished writing, he red his manuscripts
over wit gret pride and joy. Ten one day, several
years later, he reread his mauscript and could not
understand a word of it.
orothy Dcnn| ng can 0c rcachcd on t hc
lotcmctat "dcnn|ng@rc.do.com".

'

'



'
'
Autumn 1990 2600 Magazne Page 15
N MYf1
O
NN
by bMM8d6| 0|0S6|
ZJJ has obtai ned i nternal documents
detai l i ng Bel l Sout h' s f utu re pl ans for
monitoring telepon l i ns. Thei r desire is to
develop a system mre flexible and pwerful
than that currentl y al lowed by the Di al ed
Number Recor der ( DNR) . I ts purpose,
accordi ng t o one of t he documents, i s ''to
assist our security personal [sic) in identifying
intrusions across the telephon netork. "
What BeIlSouth is developing here is truly
frightening -the ability to spy on any kind of
conversation (voice, data, b} l i teral ly at te
touch of a button. Add to this the fact that
ever yt hi ng obtai ned wi l l be stored on
computers and the ptential abuses of this
technol ogy shi ne far br i ghte r t han any
benefits.
V6|V|6W
The system is to be made up of two
separate components: a control uni t and a
remote uni t (used for the actal monitoring) .
Both of these would be capable of al lowing
multiple units.
According to BeI l South: ''he control unit
will be l ocated in a secure area, under the
supervi si on an control of BeIlSouth Securit
personne l . Thi s devi ce is to be used to
program and control the remote uni t ( s) ,
gather data, and produce stati sti cs. The
telephone netork and modem technlogy is
to be the pri mary means of communi cations
beteen the remote and control units. "
Th company is planning to purchase one
control uni t and four remote uni ts. Each
contol uni t, however, wi l l b able to handle at
least 50 remot units. Their long rane plans
are descri bd as bi ng able to cover up to six
metroplitan areas.
Among the features BellSouth describd
as mandatory was a way of i ndi cating the
presence of fax or data communi cati ens
occur r i ng on the l i ne and pr esumabl y
capturing them. for voice communicatons,
the remote uni t wi l l be able to "record al l
anal og si gnal s occurri ng on t he targeted
numbr" upn receivin a command from te
control unit.
Communication beteen the to devices
are to b encrypted. The monitoring device
(remote unit) wi l l be capable of hol di ng the
data it captures until te cntrol unit tel l s it to
transfer the i nformati on. Doi ng this wi l l not
prevent i t from capturi ng more data at the
same ti m.
Among the information to be exchanged
between the two uni ts is an i denti fi cati on
code indicating the target number. Thi s code
would be translated wi thi n the control uni t.
The compny seem especially conernd at
not havin the actual phone numbr revealed
i n any communictions. Anther piece of data
would be a "cll sequence number" designed
to keep track of t he nu mber of
communications bteen the to devices.
Other information i ncl udes stndard DNR
type data: ti me the phone was pi cked up,
what numbrs were di al ed (rotary or pulse) ,
time the phne was hung up. Each single cal l
wi l l be capabl e of hol di ng 300 di gi ts and
di al i ng W/I0/0 a cal l i s al so to be ti me
stamped.
The information on the mnitri ng device
woul d be hel d i n Random Access Memory
(RAM) . Al so in RAM wi l l be "characteri zaton
data" such as the tel ephone number of the
cont r ol uni t and the al phanumer i c uni t
i dent i f i cat i on code menti oned above .
BellSouth estimates that 64K of RAM will be
enough to store data on twenty di al i ng
sessions or 24 hours worth of cal l s.
Listening I n
Al l of these moni tori ng devi ces wi l l b
capabl e of l i steni ng to everthi ng on the
l i ne, whi ch makes them radical l y di fferent
from DNR' s. "When activated, " a Bel l South
Page 16 2600 Magane Autumn 1990
EOM MI#O1
document reads, "al l si gnal s, voi ce, data,
and fax, detected on the target numbr l i ne
are to be passed to the control unit usi ng
the communi cati ons data l i nk bteen the
remote and control loation. The mode of
transmi ssion i s to be si mpl ex, towards the
control uni t. The activati on of thi s capabi l i ty
is to be under control of the control uni t
and wi l l b downl oaded t o t he remote uni t
at ti me of activati on. " The control uni t wi l l
be able to cnnect a call from the remote
unit di rectly to a tape recorder. The control
unit wi ll al so be able to tel l the moni tori n
device to onl y l i sten when the phone i s off
hook or to l i sten at al l ti mes.
The moni tori ng devi ce i s supposed to
b abl e to cal l the control unit when certai n
condi ti ons are met, such as the memory
bei ng f ul l or at a predetermi ned ti me of
P8|VA76
D ln'ormat| on ~t a| rd !:;| .hoo z
DC O J` sc |osed 0unau| o5t t:'Q~' 3 . i J , l J
I f 9l SD 0 y O* U56 D 3t ' ' | t-U
8e' | 5cuthEmp' yz
day. I t can al so cal l whenever a cal l i s
made from or to the targeted number or
whenever a cerai n |y0 of cl l i s i nitiated,
i . e. , fax or data. Theoreti cal l y, thi s coul d
al so mean cal l s to a certai n area code or to
a spci fi c numbr woul d enabl e the remote
uni t to cal l home.
5ecur| qPea|ures
The to units wi l l b communicating over
the regul ar tel ephone netork via modem,
al t hough t her e wi l l be t he abi l i t y to
communicate i n a "private l i ne environment".
To prevent unautorized access, the uni ts will
be si lent when cal l ed. They will only bcom
activated when te right pssword i s entered
at the ri ght protocol by the cal l i ng devi ce.
Bel iSouth also suggests having "an artificial
audi bl e r i ng" emanate from both of t he
devi ces. Communi cati ons protocol s under
consi deration appear t o be X-modem and
AX. 25 wi th a preference for th latter.
Data recei ved by the control uni t wi l l
requi re a multi-tasking computer. Operating
systems such as OS-2, Unix, an Xenix are
bei n considered. In addition to storing data
on a hard disk, tape backups are also l i kel y.
Backup contol uni ts are al so bi ng planned,
i n case one fails.
As far as physical makeup, each of the
re mote uni ts , accordi ng to one of the
documents, wi l l be l ess than ei ght i nches
hi gh, tn inches l ong, and three i nches deep.
They wi l l al so be capable of runni ng on 60
hertz with i nternal batteries that wi l l last at
least two hours. Both the remote and control
units will b capable of future expansion.
MW
Evin ses Ointe tat ti ssem
is designed for stcki ng a remote monitorng
device i n a l ocati on 80yw00/0 beten the
cnt of BWtt kepo.
T0may hav arad your a v
go quesn. Why WO Bllut cme up
wt Sa sstm Wtey culd just opal
the whole thi ng out of a cntral ofie? Why
bter wt al of tis cmmunictn bte
M units, synrnizaton, p&ds, aot
p lin, et.?
Agh KW nv st, it ap s tat
thi s system wi l l be i deal for any agency
inerse O mororn crn OvO. W
sys W D8M unit hav O b lot wtn
W Pe cp at a? It DOb are.
Ti kn of monitn ssm oprte qil
wll wtout 0 pn cmpn evn gtn
irlv.
Under the gui se of protecti ng i ts system
agai nst i ntrusi on, Bel i South is creati ng a
monster. And it now appears that other
phone compani es around t he nati on are
i nvol ved i n thi s as wel l . The one th i ng
needed for such proj ects to succeed i s
conti nued consumer i gnorance.
Autumn 1990 2600 Magazne Page 17
The following techni cal synopsis was
prepared by the Fraud Division of the U. S.
Secret Service and obtained by Z0. While it is
stated that this noncopyrighted inormtion is
not intended for the news media, it should be
noted tht it has been rther widly distributed
within the indust. Wefeel our readers an the
genral public have the right to know the facts
in this case, or at least the facts according to
the Secret Serice. For those that haven' t seen
it in the papers, the phone company referred to
here is GTE.
On Febrary 4, ! 8, U. S. Secret SeIice
agents arrested four individuals in Ls Angeles
and one in Lincoln, Nebraska, for producing
counterfei ted Automated Teller Machi ne
(ATM) debit cars ad for pssessio of accss
devic-making equipment. When the defendants
in Los Angeles wer arsted tey wer in te
procss of encoding the countereit A TM cards
with stolen maccount infonation.
The group was planni ng to travel to a
number of cities trughot the United States to
make cash withdrawals from A TMs linked to a
specific nationwide A TM networ. Tey made
plans to travel in teams to difert geographic
areas of the country and to use disguises to
defeat A TM sUIeillance camers, while using
each card to its daily maximum for thre to five
days.
The countereit cards were constrcted of
posterboard cut to the appropriate s ize and
affixed with common magnetic tape. The tap
was encoded with stolen cardholder account
data on Track 2for use in A TMs.
Sei zed concurrent with the arrests were a
computer, an encoding device, and tousands of
counterfeit A TM cars.
The defendants intended to execute the
scheme over a five day perio during Febrar,
1 989. "Test" cards had been succssfully used
in at l east three ci ti es , whi ch netted the
defendants abut $,.
This case costitutes the first known attack
of thi s magnitude o a major nationwide A TM
networ.
Bm officials inteIiewed after the arrests
confined that the account numbrs used in this
case woud have given the defendats access to
Ht t/n_: g0u
the checking accounts, savings accounts, and
any lines-of-credit available to the legitimate
cardholders . An audi t of t hose accounts
revealed this scheme could have netted the
defendats as much as fve and one-half millio
dollars had m goe according to plan and had
te scheme gone undetected.
One industr exper from outside the bank
speculated that it is plausible someone could,
using this scheme or one similar to it, access
accounts and steal as much as $! million u
carried to the extrme and extended over a J
day period with careful exectio.
In the city where thi s conspiracy began,
several national and regional A TM networks
share a single telecommunications carrier which
rutes transactions between A TMs and banks.
In addi ti on, the telecommuni cat i ons
company, through a subsidi ary, maintains a
number of ATMs in a proprietary network
which they make available on a contractual
basis for other networs to use as A TM outlets
for their rspctive cards. Tus, te role of te
subsidiary company i s similar to that of any
bak on the telecomunications networ.
The mas termind of t hi s scheme was a
computer programmer employed by a well
established software company specializing in
the desi gn and i mplementati on of A TM
network software. His company was cotracted
by te telecommunicatios company to update
and expand te existing proprietar networ.
The primary defendant ' s functi on as a
prgrammer was to implement sofware which
drove A TMs and Point-of-Sale (PS) teninals
on the proprietary network in order to make
infonation compatible with, and therefore
acceptable t o, the mai n electroni c s wi tch
maintained for a of the paricipating networs
on the communications system. His position
requi red him to have access to most of the
technical data pertaining to software for both
the proprietary A TM network as well as the
main communications system on which all of
the networs were mixed.
In keepi ng wi th e stabl i shed i ndustry
standards, the telephone carrier subsidiary in
this case encrpted the Personal Identification
Numbrs (PINs) used in conjunction with AT
Page 18 2600 Magazine Autumn 1990
r:c|qs/oa|1aiyaow
cars. Ti s was doe prior to transmitting data
from the A TM across the prorietary system to
the electroni c swi tch where the trans acti on
would b roted to the approriate b.
The system targeted mthis case i s typical of
ATM networks found throughout the Uni ted
States. When a cardholder accesses hi s account
through use of a debit (or credit) card at an
A TM machine, the customer i s asked to key in
hi s or her Personal I dent i fi cati on Numbe r
(PIN). Te PIN i s encred using the uiversal
Data Encrypti on St andard ( DES) met hod,
employing an encryption key kown only t o the
owners of the proprietary system to which that
A TM belongs. The account number and other
Track Z data from the A TM card, encrypted
PI N, and i nformat i on about the reques t ed
transaction are then transmitted electronically to
a s wi tch mai nt ai ned by a des i gnat ed
communications carrier.
At the electroni c swi tch, mes sages from
several proprietary systems are received and
decrypted, using the same DES key as was used
to encrypt t he data . At that poi nt t he
inforation i s sorted by the destination bank
and encrypted wi t h the prope r DES key
provi ded by t he des t i nat i on bank. The
transaction i s then transmitted across the main
communications line to the appropriate bank.
(Theoretically, upon receipt at the bank, the
inforation is once again decrypted using the
key supplied to the communications network.
However, in practice thi s step may not actualy
take place as the recipient bank may elect to
accept the encrypted versi on of the PIN and
process i t in its encrpted for. )
Upon receipt at the bank, the account i s
queried and a deterination i s made relative to
aut hori zat i on or deni al of the reques t ed
trasaction. The fow of inforation i s reversed
upn retur of a message fro the bank to the
originating ATM.
To illustrte, if Ban "A" i ssues ATM cards
and mai nt ai ns t hei r own ATMs at vari ous
locations , they ar rnning a proprietary system.
A communications carrier must b employed to
ti e the system together but since there are no
other parti cipating banks on the system, the
sorti ng proces s at the previ ously des cri bed
electroni c swi tch need not take place - all
transactions are di rectly between the A TMs and
the bank. Even on a closed system such as thi s,
t he i ndus t ry encourage s t he use of PI N
encrption. Furherore, DES i s the preferred
standard when PIN encrption i s employed.
O the other hand, if Bank "A" elected to
enj oy reci proci ty wi th Banks "B" and L',
permi tt i ng transact i ons at all three bank s '
A TMs , then a n electroni c swi tch would be
installed to sor and route transactions between
all of the ATMs and Banks "A", "B", and L'.
Transactions destined for Banks "B" or L'
from ATMs owned and operated by Bank "A"
would still be considered to be on the Bank "A"
propri et ary s ys t em until they reached the
electronic switch, where they would be mixed
and sorted by the desti nati on bank. At that
point, the propri etary A TM networks from
Banks "A", "B", and L' combine to share a
common communi cat i ons carr i er, but the
networks remain indepndent and do not share
encryption keys. Te function of the electronic
communi cat i ons s wi t ch i s to s ort the
transactions, determine which encryption key to
use and establish how to route the information
to the destination.
The s ystem abused i n the case in whi ch
these arrests were made was s imi lar to that
previously described, with the communications
carrier subsi di ary functi oni ng in the role of
Bank "A".
Speci fi cal l y, the s ubs i di ary owned a
network of A TMs and, through a contractual
arrangement, accepted debit/credit cards i ssued
by vari ou s banks and honored by ot her
networks. When a transaction was requested,
the inforation was hadled on the proprietary
network unti l it reached a communi cati ons
switch where it was decrypted then encrypted
with the proper key for the destination bank,
and fed into the main comunications line used
by mof the proprietary systems coperating in
thi s enterpri se.
As a par of their routine business practice,
the subsi diary recorded all t.ansactions on the
proprietary network before those transactions
reached the electroni c swi tch. The intended
purpose was to create a transaction log from
Autumn 1990 2600 Magazne Page 19
whi ch all acti vi ti es could be reconstructed
should a syst em or other fai lure occur. The
PI N s remai ned encrypted i n thi s recordi ng
pross.
Either while prforing hi s job, or merely
by knowing where to lok bsed o his intimate
knowl edg e of the s ys t em, the s cheme ' s
mastermind di scovered that the key used to
encrypt PINs on the proprietar network was a
default key, as opposed to a proprietary key
selected by network officials. (A default key in
an A TM machi ne encrypti on devi ce i s
analogous t o a common computer password
i ns tal l ed by a mai nframe computer
manufacturer. I ts intended purse i s for testing
during the installation phase and it is expcted
that the default password will b rmoved once
the s ys tem i s i nstalled and accepted by the
buyer).
Upon making thi s accidental discovery, the
programmer real i zed t he value of t hi s
information and was able to refer to various
soft ware manuals and textbook li terature to
decipher the key.
The programmer knew data was routinely
recorded to the transactio log and that he could
access the data transmissions as they were bing
posted to the transaction log, and therby "see"
all transactions on the proprietary network. It
was there, at the transaction log, that he copied
accont numbrs and the encrpted PIN ofsets
onto his personal compter.
Note: While it is blieved the inforation
was copied in "real time", that i s, concurrent
wi th i t being posted to the transaction log, it
could have j us t as easi l y been done us i ng
another method. The programmer could have
electroni cally copied data from the computer
tape cont ai ni ng the t rans act i on log and
extrcted the same inforation. Either metho
would have netted the same rsult.
At t hi s poi nt the prog rammer made a
conscious deci sion, according to his post-arst
statement, to use account numbrs from only
one major bank. He said he did so because he
bli eved that once the crime was discovered,
suspicion would cnter on an interal problem
within that bank.
Aft er s el ect i ng a generous numbe r of
aoi|ai:ac:c {or
accounts from the targeted bank, the employee
wrote a computer program to decrypt the PIN
for each of thos e account s . He was able to
accomplish this using te default DES key. It
was later leared that accounts from other banks
were also used during the "testing" phase of the
scheme and that those accounts and PINs were
obtained in the same manner.
He also realizd that the network would b
revi ewed for potential weaknes s es once the
crime was complet ed, s o he report ed the
apparent overs i ght in us i ng t he default
encrypt i on key on the system and made
recomendtios t o hi s suprors abut how to
rmedy the situation. Te remedies were put in
place, ending his access to additional account
data. He also accomplished his goa of shoring
up the network so that there would be no
apparnt weaknes s in the system from which
the inforation cold have been otained.
As an as i de , it was not ed by t he
investigating agents that t he network in t hi s
case had ben in oeration when purchased by
te communications company subsidiar. At the
time of thi s writing it has no ben established
whether the default key was in us e by the
copany from whom the subsidiary bught the
network or whether a proprietar key had been
H use.
Next, the defendants constrcted counterfeit
cards using psterboard cut to A T card si ze,
to which magnetic tape was mounted. The
programmer then wrote a program which he
used i n conjunction with a magnetic encoding
device "brrowed" from his office, to write the
account number and other data to each of the
count erfei t card s . The dat a was properl y
encoded i n the appropriate positions on Track Z
of the magnetic stripe.
Among the data elements actually copied to
the magnetic strip were the Primary Account
Numbr (PAN) and the PIN offset.
In systems where the PIN is daatyucd to a
customer, the PIN is a direct derivative of the
ac count number and t he DES encrypti on
algorithm ad is referd to as a "natural" PIN.
In systems where the custoer ac/cc/a his own
PI N, the customer s elected PI N would not
match the "natural" PIN, so an offset number i s
Page 20 2600 Magazne Autmn 1990
i/:a:ws1|c
used to resolve the diference. When the ofset
is added to the customer selected PIN, it will
equal the "natural" PIN and the verficatio i s
made. Thus, i n t hi s cas e, an offs et was
necessary as the system was one in which the
customers had selected thei r own PIN s.
At the time of thei r arrests , the defendants
were i n pssession of more than 7,40 account
nwnbers with PINs and PIN offsets, all from the
same bank. In fact, as previously mentioned,
they were in the process of actually encoding
the cards when arrest ed. Among the i t ems
sei zed during t he search and arrest were the
programmer' s personal computer, an encoding
device, and several thousand counterfeit cards
i n various stages of constructi on from uncut
posterboard stock through fini shed, encoded
cards.
Although a great deal of technology was
compromised and used in the execution of thi s
scheme, in the end thi s crime was one in which
a trsted employee exploited his knowledge and
position to manipulate and misuse the system.
The only true technical deficiency or error
uncovered was that the default key was left in
pl ace when the propri et ary net work was
absorbed. Preswnably it had been i n place since
the system was first activated, although that has
not been establi shed as fact.
At the time of this writing, it is unknown
who should have been responsible for replacing
the default key with an active, proprietar key.
Perhaps t hi s over s i ght coul d have been
prvented had a more thorough checklist been
us ed by t he communi cat i ons company
subsidiary when they absorbed the system, or
by t he previ ou s owner of t he net work .
Regardl es s , had the recogni zed protocol for
securing the respective data been followed, this
crime would not have been possible.
Human nature - greed, opprunity, and a
wi l l i ngne s s by the defendant s to commi t
larceny - combined with human error i n not
properly i ns t al l i ng and revi e wi ng s ys t em
s afeguards account for t he formi ng of t hi s
s cheme. It i s fortunate that t he i nformati on
came to light bfore the scheme was executed.
The central fi gure i n thi s case i s a hi gh
school graduate and was gainfully employed
with a substantial salary. He stated that he was
motivated, in par, by hi s desire to purchase an
expens ive home and did not want to wait as
many years as it would take to save before he
could acquire the propry he had in mind. Hi s
wi fe i s a co-defendant and she too had ben
gainfully employed with a goo salary. Another
of the defendants i s a graduate of the Air Force
Academy and has a Mast ers degree from a
proinent university.
None of the defendant s has a cr i mi nal
record. Al l have been charged with several
counts of violations of Title I 8, United States
Code, Sectio I 0Z, Access Device Fraud. As
wri t t en, t hat l aw provi des for s ubs t ant i al
penalti es . Each count of jodac|ogor as|og
counterfeit cards carri es a maximum sentence
of I years imprisoment and a fine of $0,00.
Te same penalti es apply to the jossess|oo o]
der|ce ook|og ea|joeo|. The jossess|oo of
]|]|eeo o ooe coao |e]e| | cods ca rri es a
maximum penalty of I 0years impri sonment
and a $I 0,0fine.
Ul t i mat el y , upon convi ct i on of t he
defendants , the recently implemented Federal
Sentenci ng Gui del i nes wi l l det ermi ne t he
sentences i n t hi s cas e. Those gui deli nes take
into account the actual and pot ent i al fraud
losses i n white-collar crimes such as thi s.
At the time of this writi ng, a supe rs edi ng
i ndi ct ment i s ant i c i pat ed chargi ng the
defendants with multiple counts of ! SLSCI 02.
UUi s always i n need of
writers!
If you' ve got a field of
experti se or a story to tel l ,
send i t i n to:
UU Editori al Dept.
IOBox 99
Middle I sl and, `3 ! ! S3
Questions?
Call | hI) 7S ! -oUU
UtUtl 1990 2600 0g07lh 0g 21
D LordThunder
Thi s arti cl e shoul d be of i nterest to
those of you who are accustomed to
r ecei vi n g t e l e ph on e cal l s by
i nd i vi dual s who are not necessar i l y
payi n g f or t h e cal l s t h ey make .
Oft ent i mes, t hese peopl e are cal l ed
phone phreaks, but most of us know
t hat a cal l i ng card does not a phone
phreak make. Anyway, you recei ve an
i l l egal cal l f r om someone:
I s i t your responsi bi l ity t o hel p t he
t el epho n e co mpany deal wi t h t h i s
offender?
Do you keep t rack of ever cal l you
receive, when, and f rom who?
Sh o u l d yo u h ave t o d e a l wi t h
t el eph o n e sec u r i t y p e r so n n e l
harassi ng you?
Of cou rse t he answer t o al l t hree
quest ions i s " NO" and that i s what this
ari cl e is all about .
Let me tel l you a story . . . . From t i me
t o t i me I have been known to receive
cal l s from tel ephone company security
personnel aski ng me about who may
have cal l ed me on a part i cu l ar t i me
and date. However, it seems l i ke I can
n ever r e me mb e r and f i n d mysel f
u nabl e t o answer t hose q u est i ons.
Thi s does not mean I do not have fun
antagoni zi ng those i ndi vi dual s fool i sh
enough to ask stupi d questi ons. One
i nci dent i n particul ar went somet h i ng
l i ke thi s . . . .
(The names have been changed to
protec the i nnocent . )
R- R-R-I -I -N-N-G-G!
LT. Hel l o.
TA . Th i s i s Ms . Tammy Amesy
f rom Paci fi c Northwest Bel l , and I ' m
cal l i ng t o f i nd out who cal l ed you from
the Porl and, Oregon area at 1.4 PM
DEFEATING
on June 1 1, 1 JbJ.
LT. Lady . . . I have no i dea and i f I
di d, I woul d not tel l you anyway!
TA. What ! That person made an
i l l egal cal l and i f you do not tel l me
who i t was I ' l l have t he charges bi l l ed
to your number.
LT . ( Hee Hee . . . Th i s i d i ot j u st
screwed up bad ! ) Oh, ok, who i s thi s
agai n?
TA. Ms. Tammy Amesy of Paci fic
Norhwest Bel l .
LT. Why don' t you gi ve me you r
supervi sor' s name and nu mber and I
wi l l speak wi th her.
. (Ah-Ha! | have hi m scared now
[she t hi nks] . ) Sure, Li sa Al gar at OU
AAAAAAA.
<CLI CK! >
R-R-R- I -I-N-N-G-G
LA. Hel l o.
LT. I s t hi s Li sa Al gart?
LA.Yes. Who is thi s?
LT . Ar e yo u Ms . Amesy' s
supervi sor at Paci fi c Norhwest Bel l ?
LA. Yes | am. Who am | speaki ng
wit h?
LT. H el l o . My n a me i s Lor d
Th u n der [ No I di dn ' t r eal l y use my
h an d l e ] . Di d you know t h at an
e mp l oyee of yo u r co mpany j u st
committed several federal fel oni es?
LA. Oh my god! Pl eas e t el l me
what happened.
LT. (I expl ai n t he cal l to her and
t ol d her t hat Ms. Amesy commi tted
ext ort i on an d f r aud t h r eat s on an
i nterstate commun i cat i on carri er and
al so, because she was act i ng in the
capacity as an offi ci al representat ive
of Pacif ic Northwest Bel l , she has left
her company open to ci vi l and cri mi nal
char ges f or t h reat en i n g t o reverse
Page 22 2600 Magazine Autumn 1990
!HAP !HACING
ch arg es i n o rder to i l l egal l y ext ort
i nf o r mat i o n f r om me , a n d I was
p l a n n i n g on cal l i n g t he Fed e r al
Commun i cat i ons Commi ssi on ( FCC) ,
t he Publ ic Ut i l iti es Commi ssi on ( PUC) ,
an d t h e Fed e r al B u r e a u of
I nvesti gati on ( FBI ) t o press charges. )
LA. Pl ease, I ' l l tal k to Ms. Amesy
and make sure not hi ng l i ke t hi s ever
happens agai n.
LT. OK, b ut I want somet h i ng . I
want a si g n ed l ett er of apol ogy f rom
Ms. Amesy on Pacif i c Northwest Bel l
stati onery.
Two days l ater I recei ved t he l etter
on Paci fi c Northwest Bel l stat ioner:
"In reference to our conversation
on June Zd, d regarding calls
made to your telephone number, I
apologize if you felt inconvenienced or
ofended. Please fell free to cal if you
have any questions.
Sincerely,
Ms. Tammy Amesy
Service Representative"
No tha wa jus one exampl e of an
atep b the phne cmpanies to prorm
tr trn. I think O aue Gjuvnile K
bei n wh, but I do have a few thi ngs to
pint ou on bth ens.
! . Do not cal l someon e i l l egal l y
who i s goi ng to screw up and menti on
yo u r n a me wh e n t h e t e l e p h o n e
company cal ls t o check it out.
. Th e t el eph on e company o n l y
checks i nto t he l engt hy cal l s on bi l l s
wi th excessi ve costs. Keep your cal l s
to a mi ni mum of numbers and l ength
to avoi d bei ng l ooked i nto.
O Do not cal l rel at i ves .r personal
fren that ae nt inlle wh phreaing
wth illeall obtaine O.
A f ew ot h e r t h i n g s to me n t i on .
Some of t h e comp a n i es, l i ke U. S.
Spri nt are more l i kel y t o cal l you up
j ust to verify that you do not know t he
act ual card hol der. Thi s i s t hei r way of
maki ng sur e t hat t h e cal l s t h at t h e
cardholder says are not hi s real ly are
not h i s . I h ave been cont act ed by
some of t he compan i es ( U. S. Spr i nt
among t hem) a f ul l si x mont hs aft er
the cal l s were pl aced to answer t hese
types of questi ons.
I h ad anot her i nt er est i ng i nci dent
wi t h a l ady known as J u l i e of TMC.
Some of you might remember her from
a few years back. Anyway, I had been
t al ki n g wi t h a f r i end of mi n e f or 4O
mi nutes or so on a Thursday eveni ng
and on Fri day afternoon I recei ved a
cal l f rom TMC Secu ri ty demandi ng to
know who I spoke with for 4O mi nutes
the ni ght previous. I was not abut to
tel l t hem what they wanted, but it st i l l
was a l i tt l e diff i cu lt to not remember
who I spoke wit h the ni g ht before.
I whi pped up a story about runn i ng
an an on ymou s l og i n i n AE l i n e o r
so met h i n g . I t l acked a l i t t l e
i mag i n at i on, but i t worked . Anot her
idea you mi ght want to t r i s say that
yo u h ave o n e of t h o s e l on g p l ay
answeri ng machi nes that does not t ur n
off unt i l t he cal l er stops tal ki ng. Then
me nt i o n t h at yo u h ad so m e l on g
obscene cal l on t h er e t h at f i l l ed u p
most of t h e tape and you wi shed you
coul d fi nd out who it was too.
So t hat i s al l I have to say about
trap t raci ng. I f you must use codes or
cal l i ng cards i l l eal ly to cal l peopl e, at
l east know how to prot ect you rse l f
f ro m secu r ity by l ett i ng you r f r i ends
know wh at not to say wh e n t h es e
peopl e cal l to i nqui re.
Autumn 1990 2600 Magazine Page 23
Questions
D260:
Bein a new subscrber, I was wonderg
what the 260 rprsents U the ttle of your
maane?
Snopy
2600 hert a one tie was a liberating
cry used by phone phreaks. By sending a
2600 hertz tone down the line when
connected to a long distance number, the
number would disconnect and you would
have total control over the long distance
trnk. Not only th bu balg wa bypased.
Tis was commnly known as blu bog.
Tese das th m rarely works, but of
course thr ae may other.
Dear 2600:
Wat steps do you take to presere your
maiJjng and contact list from the
authori ti es? I s the l i st encrypted?
Furthermore, how do you ensure against
iItration? Not tat I'm the paranoid tpe,
but this is realy someting you should be
consi dering, as I ' m sure the paranoid
goverent services would be dying to get
ahold of your mailing list. A a service to
your clients and contacts, please keep this
information secure.
Ter is a mail netork in the works up
here. I'm sure we can make arrangements
for access to it as soon as a few minor
security arrangements are worked out. Te
interational flavor of this network, I am
sure, as well as its constant fexibility will
make it one of the most elusive ad one of
the most difcult to pin down from a legal
perspective. I look forard to having it as
one of the ways of protecting Canadian
rights under the charter, and American
rights under the First Amendment. Like a
multinational company, this netork would
build capit in one of te most fndamental
resources: the interational protection of free
spech.
JB
Otaro
Freedom of speech is not protected by
hiing frm th auhorties. i you're trying to
prtect rht, then be O opn aout it O you
ca. i mre popl wer willing to do m, we
wouldn't huto be afraid.
Regarding our mailing list, don't worr.
We wish we could say more, but i we did
we'd be giving out the informion that you
want to remain confdential. We don' t see
WT1I0 US
infiltration as a problem. D is a two-way
stret, afer all.
Dear 2600:
I B new to phone hackng. I sent away
for plans to build a blue box (the plas the
sent me are for the l atest version
suppsedly) . Te box uses to 8038 intersil
fnction genemtors and a 741 CV OP Ap.
It has 10 25K trm pots used to tune te pole
switches for te keys 1 -9, K, S, and 2600.
(The pl ans came from Al ternative
I nphormation, PO Box 4, Carthage, TX,
75633. )
Well, now that I have the thing nealy
completed, one of my frends tels me that
te blue box is not safe to use. He says he
has heard that the phone company has
equipment tat can Instantly pick up on the
blue box ad that they can get someone out
to your house in minutes. Tis sounds like
total bull to me. I was wonderng if you gys
knew wheter or not te phone compay ca
pick up these tings that fast or not.
Confed mKentuck
i they really wanted to, they could. But
we doubt in this day and age they would
really care. Unless you're frm one of thse
rare places where blue boxing is still a
prblem for te phone comay. Ofcourse, i
you're doing anything controvrsial on te
phone, using your own line is not a good
m.
Dear 2600:
A few weeks back I came across a
number for a system in the U. S. but I ca't
work out how to use it.
Afer calling the number ( 1 200 baud) .
you get nothing on your screen until you
press the retur key, then you are given a
line saying "YALE ASCI I TERMI NAL
COMMUNI CATIONS SYSTEM v2. 1 " and a
menu with which you select your terminal
te. After tis you get nothing except one
line of text giving you a number to dia in the
U. S. for help.
I f you or any 2600 readers know
anything about this system, can you please
tr to help with commands, etc. ?
Ahley
U.X.
We suggest calling the number for help.
Wy not?
Inontion
Dear 2600:
Regarding the schematic for a device tat
Page 24 2600 Magazine Autumn 1990
0 00T
would display a digtal readout of a string of
touch t ones appl i ed t o i ts i nput : PI
COMMunications at 8455 Commerce Ave. ,
Sn Diego, CA 921 21 sells a DT decoer
with a LED readout. It will decode al 1 6
touch tones. I t i s made t o plug into the
speaer output of a ham transceiver ad a
remote speaker ca be plugd into It so the
user does not lose the audio. It ca be used
on the telephone by modi fying an ol d
acoustical modem coupler t o do what the
wrter wated. Te company is also working
on a similar device that will have a ten digt
readout with to memores, but I don't know
if that is available yet. I think the sell the
above device for $1 30 but you will have to
contact them to fmd out.
Roy
Dear 2600:
I"ve ra some articles about scaning for
calls and want to add some information
about doing so in Germany. We actually
have three diferent ca phone systems and a
corless phone system.
Carphone system B 1 is frequency
modulated and uses channels 1 -37. Car
frequenci es: 1 48. 4 1 0- 1 49 . 1 30 Mhz.
Exchange: 1 53.01 0- 1 53. 730 Mhz. Chanels
are in steps of 20 Khz.
Carphone system B2 is frequency
modulated and uses channels 50-86. Car
frequenci es: 1 57 . 6 1 0- 1 58 . 330 Mhz.
Exchange: 1 62. 2 1 0- 1 62. 930 Mhz. Channels
are in steps of 20 Kz.
Carphone system C is cellular and has
222 channel s. Car frequencie s : 45 1 . 3-
455. 74 Mhz. Exchage: 461 .3-465. 74 Mhz.
Chanels are in steps of 20 Khz.
Carphone system D is planned for the
fture. It'll be i the 900 Mhz range.
Cordless phones use chanels 1 -40 wm
base frequencies of 91 4. 01 3-91 4. 988 Mhz
and hadset fequencies of 959. 01 3-959.988
Mhz. Chan els in steps of 25 Khz. Tis
system is known as SiTS.
Ter is aso a serce called TeleKarte, a
German eqUivaent of the phone card. On
the card is a microprocessor, which has
stored your credi t card number and a
personal ID number that can be changed by
the owner whenever he wats. If the owner is
on a trip in the USA, he can take pat in a
servi ce call ed "Deutschl and Di rect"
(Gerany Direct) . He can call te German
operator at Frankfurt toll-free under the
number 800-292- 0049. Te operator will
then ask his cad number, name, credit card
number, ad the number to call in Geray.
Al costs of the call wll then be charged to
his crdit card.
S.D.
Der 2600:
A ofen overlooked place for telephone
experimenters to poke around is the 81 1
prefx (in California) . Tis pref, which is
used by the BOC's, holds much more tan
the local billing offce number. From my
Pacifc Bell location in Califoria I have
found telco ofce numbers, test numbers,
computers, and other things that ( haven't
fgured out yet. Here's a sampling: 8 1 1 -
031 7: "Testing 1 234 recording; 8 1 1 -0428:
Pac Bell retiree servi ces; 8 1 1 - 0460:
computer tone; 81 1 - 1 000: computer tone;
8 1 1 - 1 2 1 2 : voice computer, answers wi th
"hello", requires numbers ad access code
enterd by DTF; 81 1 -2060: computer tone;
81 1 -298x: dead line for 10 minutes; x is 0-9;
81 1 -3091 : Pac Bell securt; 81 1 -4444: Pa
Bell employee newline recording; 81 1 - 707x:
sae B 298x. ( f you have the patience, sca
all numbers in the prefx. You may wat to
scan during non-business hours because
lots of the numbers use answering
machines. Tese machines often identit
what the number is used for. Al calls to te
81 1 prefix fee, ad many numbers ar
dialable from througout the state. Happy
hunting.
M. Ugsottor
Just aot evr phone comy outsie
California seems to block calls to those
numbers. We do know |Tallows calls to
tse numrs in te 2I 3 area coe, wng
others. The other comanies probaly don't
allow it because the 8I I exchage dosn' t
look right. You can reach the numbers by
uing the l car er acess coe (I 0488Iplus
the nwer or using the l cal g cad (950
0488I. But exect to p for a long distace
call to that region. By the way, l i t only
company we know of that provides
natonwide 950 access without a surhage.
We highly recommnd it ad hope the other
comanies wae g to this oul servce.
Dear 2600:
A interesting serce ( just heard about:
1 -900-SPPER. $2 per minute loal, $5 per
minute long distance. You cal it, ten touch
tone in the number you raly wat to call.
Voilal You can't be caller-ID'ed, as the call
now originates from 1 - 900- STOPPER.
Autumn 1990 2600 Magazne Page 25
UTOQ OUT 00Y
Fascinatng t o see how this caller I D war is
shaping up.
BH
It's aoth r-of m prs on pople's
fears. But it won' t allow you to call 800
nwnrs, mny ofwhich h bypased ths
entire caller ID debate by just doing it
ayway. It's go a diferent nae, butfor m
intent ad pwses, nationwide caller U
beng ue by a selectfewl
Dear 2600:
I found an interestng phone number at
2 1 2- 57 1 - 3675. It seems to be a private
company phone line verifcation and feature
access point. It uses a synthesized voice to
repeat back the phone number you touch
tone into it.
D
T comuter wa fting around a a
New York Teleph test nwr a coule of
years back. Apparently the testing U over
ad m senice U being ued. We're sure 0
dos DD ta reea bck m nwber yu
gu0. Tqestn U wht?
Inoration Needed
Dear 2600:
I am writing a book about hackers and
teir histor. Apari of my rsearch, I would
like to hea fom these people or people who
can put me in touch with them if they B
interested: Al Bell , Jim Phelps, and Tom
Edison (forer TAP editors) , Fred Steinbeck,
Bill Lndreth, Joe Engessia, Kevin Mitnick,
John Drake, F Dre, CastaaIia, Aiken
Drum, Midnight Owl , John Steen,
Spatacus, Nick Sde, Crmson Death, Doc
Telecom, Shadowhawk, Lser, Te Prophet,
Tom Anderson (friend of Bill Landreth) ,
Herbert D. Zinn Jr. , Lex Luthor, Knight
Litning, Erk Bloodae, Te Mentor, Tme
Lrd, Blade Runner, Te Leftist, Adelaide,
Phiber Optik, King Blotto, Phrozen Ghost,
Lone Wolf. Little Silence, Captain QUieg,
Unknown Waror, Le Felsenstein, Richard
Greenblatt, Bill Gosper, Stew Nelson, Jack
Kranyak, Jack Cole (the last two former
editors of lL) , and any other hig caliber
hackers ad phreaks, especialy those who
were actve in the 70's ad 80s. Tey know
who they are l I am al so i nterested i n
obtaning literture fom these orgaiztions
and hearing from people associated with
them: Chaos Computer Club. Phrack. Lgon
of Doom. and any other semi-organized
group of hackers. Lastly, I would like to
obtain any issues of these short- l ived
hacking magazines: Real i ty Hackers .
W. O. R. M. . Computel , PCC ( Peopl e' s
Computer Compay) . Technolog Illustrated.
Joural of Community Communication.
At User's Newsletter. Micro-8 Newsletter.
Silicon Gulch Gaette, Bell Sstem Technical
Journal (years 1 956. 57. 60. and 6 1 ) ,
Syndi cate Reports . and Carolina Plain
Dealer. Any other information or literature
which could be usefl would be appreciated.
I am willing to trade or purchase useful
literature. Write to: Dr. Williams. PO Box
5314. Everett. WA 98206.
Comlaint/ Respone
Dear 2600:
I am wri ting this letter to inform the
other readers of 2600 to beware of an ad
that has been running i n the 2 600
Marketplace for several years now. Te ad I
am referring to is the one that advertises
TAP back issues for $1 0. Te ad has used
sever names over the years such as "P. E. I. "
ad curentl is usig "Pete G. " Te addrss
is P Box 463. Mt. Laurl. NJ 08054. P.E. I .
or Pete G. states that "he is the original"
when it comes to TAP back issues. complete
with "schematics and special reports" . I
ordered the complete set from him awhile
back for $1 00 and I feel I was ripped om
What Mr. Pete G. does NOT tell you is that
he reduces the two inside pages of most of
the issues down on the photocopier so they
will ft on ON 8 1 /2 x 1 1 sheet of paperl I
feel that I am justifed in saying that abut
60- 75 percent of the material is NOT
READABLE | I t would take someone with
20/20 vision and an electron microscope to
even attempt to read some of the pagesl
Issue #50 of TAP was a spcial double issue
and he reduced it down on the copier ad
the print not legible on about 5 percent
of that issuel Te so-called "special reports"
he refer to In his a are nothing mor tha
a couple of reprints that appeared in the
previ ous i ssues . I feel that anyone can
charge what the wat for what they have to
sell, but I sure think one should be informed
as to what he is actualy buying also.
RbwWarior
Pete G. replies: After extensive
investigati on. we cannot i denti fy the
Rnbow War or nor loate any record of a
sal e to hi m wtthin the past two years .
Terefore we will address his complaints
Page 26 2600 Magazne Autumn 1990
1D tD0 Du1
individually.
First of all . Pete G. is and always has
been me. We began advertising in the ver
frst 2600 issue that took advertising and
have been in ever issue since. Purchasers
were instrcted to make checks and money
order payable to PEl onl as a convenience
so tey would not have to send cah. PEl is a
corporate enti ty which can process their
checks.
Since the balance of hi s compl ai nts
address the quait of the copies. l et me state
that I have a orignal set which I received
as a subscri ber. The fi rst i ssue was
mimeographed i 1 971 ad the qualit of the
issues did not improve for may yeas. Our
copies are professi onally prepared. Each
page is indiVidually set for tone. size. and
l ayout from an ORI GI NAL. We cannot
i mprove upon t he exi sti ng copy. onl y
reproduce it as faithfll a poSSible.
Many persons purchased copies of my
TA sets and in the following months ran
ads in 2600 oferig copies of my copies for
other amounts of money. NONE are still
advertising. It is a ver time consuming and
labor intensive business to prepare these
copies. We are still going strong.
In closing I might add that Mr. Waror
received as the first page of his order a
notice explaining our satisfaction policy and
o ffering to repl ace any pages he was
dissatisfed wi th. He NEVER advised us of
any dissatisfaction wit the prduct.
If anyone has a probl em wi th an
avertiser. please try to resolv the problem
frst. i yo reeive no satisfaton. then com
to U. We will contnue to O Pete G. s ads O
we see no eIcence ofwrngdoing.
1/C COCOTO!C|C
Dear 2600:
I just received my first issue of 2600
MagaZi ne and l oved every page of i t . Of
parti cul ar i nt erest was t he arti cl e on
COCOTs by Te Plague. Te article was ver
informative and ver timely. as those vile
COCOTs have started to pop up in this area
in unbel i evabl e numbers . I have a few
addi tional ideas to add . First. instead of
using the call forarding to forard all calls
to your number. why not make te COCOT
forward al l cal l s to a l ong di stance
computer? Te COCOT is local to you ad i t
gets nailed for the calls.
Another idea is to confuse the average
owner of a COCOT that allows remote mode.
Forard the calls from one unit to anoter
COCOT. When the owner calls the frst unit.
he gets the second uni t . and if done to
enoug of his COCOTs. it is bound to drive
him nuts . My fnal suggesti on regarding
COCOTs should only be inficted on those
COCOTs t hat are real l y vi ci ous about
ripping people of. I t requires the help of a
friend in another part of the country who
also has been the victim of a vicious COCOT.
Forward all calls from local COCOT A to
distant COCOT A. Then have your fri end
forward di stant COCOT A to local RBOC
phone A. Now. get an unrestricted dial tone
on loal COCOT B and call local COCOT A.
Te call will forard to te distat number.
which will forard to the RBOC phone local
to you. Leave COCOT B of the hook and go
and answer local RBOC A. Now leave that
one off the hook also. Both the l ocal and
distant ofending COCOTs are racking up a
large bi ll. and will continue to do so until
some moron comes by and hangs one up. If
you wanted. you could get the unrestrcted
dialtone on local COCOT ad place the call
to the distant COCOT from there. but then
you haven't screwed up as many phones as
poSSible.
I guess if you were paricularly nasty and
have a lot of fends who can get their local
COCOTs to get call forwarding. you could
run up bi l l s on a bunch of phones by
making them all cal each other. Neat. huh?
I' d like to reply to a letter wri tten to 2600
in t he same i ssue from Jeff. The re are
several ways t o l i st en i n on cel l ul ar
telephone conversati ons. Te easiest would
be to buy a scanner and modif it to pick up
the eel frequencies. However. i f you don' t
want to invest in a scanner, or don' t know
how to make the necessar modi fcations .
here is a neat li ttle trck for listening in on
local eel calls.
I t requires two televisions wi t h separate
antennas hoked up to each terinal .
Pt one l on top or next to te other (on top
seems to work be t t e r . but i s n' t al ways
practical) and tune them both in t he chan nel
range of !DOO. I oil' the sound on one.
Tr different channel combinutions unt il you
fi nd a combi nat i on whi ch pr oduces a
di fferent st at i c pat t e rn t h an t h e o t he r
combinations. You' ll know when you see i t .
Now use the fne tuning on the one wi th t he
sound olT unt il you hear a buk i n t he st at i c
0l0mh 1990 2600 0g07lh 0g 27
on the other t. You are now in the correct
area for picking up cel calls. Te fe tuning
will let you switch between the varous cel
fequencies. In my area I tune te t with the
sound of to 75 ad te one with te sound
on to 83. You will have to fol around with it
for a while to get it to work, but once you
fnd the proper setup, you are set forever.
Tis little trick is why the FCC is rquir
all new tv's to only go up to 74.
Ho Jonel
D2S00:
I am wri ting to thank you for your
excellent article on COCOTs. I B glad that
someone fally told how it really is.
Recently I was a victim of a collect call
placed fom a COCOT. I was chargd close to
thirty dollars for a 1 0 minute call . The
ofending company wa "Operator Asistace
Network" . I qUickly called my local phone
company and had the charges deleted. But
I ' m sure many o ther peopl e who get
victimized by such rip-ofs don't do aing
about it.
Taking the sugestion from the article's
author (Te Plague) , a grup of frends ad
myself have formed a neighborhood patrol
called C. O. P. (COCOT Obliteration Patrol) .
By the name, I' m sure you can fgure out
what we do. To date we have eliminated
about O COCOTs, and only three of those
have been repaired. We prefer to "behead"
the COCOTs by removing the handset, thus
i nnocent peopl e are NOT ri pped off by
dropping money into an otherise dead
phone. Our neigbrhood is now almost fee
of these evil phones ad C. O.P. wll not rest
until all COCOTs ar out of commission.

Denver, CO
T isn't quite m wa D go mm i. All
COCGs ar not neessarly b To assw
they are U D wrte ofa entire brnch of
technoly because ofafew b eernces.
Ripofs should be eliminated. But COCOTs
can actually do some god if they imrove
QO t serice ay mUk. It's Q to
us to see dmdo.
Dear 2S00:
You've been duped! Your article in your
Summer 1 990 issue entitled Introduction
to COCOT' s was either (a) wri tten by a
representative of one of te loal exchange
carrers or Q) your witer (Te Plague) has
been receivi ng some awfully poor
information regarding t he pay telephone
Zb 0tt0F5
industr.
Te real pay telephone rip-ols are not
the independent pay telephone companies,
most of whi ch are smal l , i ndependent
businesspeople such as ourselves. Te rea
rip-ofs are the major local echag carriers
who subsidize their pay telephone operations
with regular telephone revenues. Ever one
of us pays extra in the form of higher local
telephone bi l l s to support t he L. E. C. ' s
Inefficient , unresponsive pay telephone
bureaucracy. Why should your home and
business telephone charges support your
L.E. C:s opertions?
Tis is not to say that ther haen't been
abuses in our i ndustry. But t he vast
majority of us desere better than you've
shown us. Your article plays rgt into the
monopolistic L.E.C:s hands, who would like
nothing better than to el i mi nate all
competition ad retur to the days of total
uncontrolled monopoly.
R.S. Grcz
Eecutive Vice Prelident
Aercan PubHc
Telephone Corortion
It only takes afew riof COCGs to give
th entir industr a b na. We think it's
important to clearly label those comanies
dare engage in rping ofthe publi. IO
should do the sa ad disavw yourself of
those companies. There need to be some
basic standards introuced (equal access,
950 access, clear rate structure, etc. ). We
hop to h mre fom your perspectiv ad
we encoure our readers to tell us if they've
hd any positive eeriences with COCGs
mAOS comnies.
D2S00:
I have been a subscriber for the past
several years ad would like to congratulate
you on a fne publication. Although I do not
agree with your position on severl subjects,
I B glad that there is a responsible form
for these i deas to be expressed. l also
applaud the fact that you print dissenting
views. Your summer issue which has a large
section on " Negative Feedback" illustrates
what l m talking about.
l B as against the abuse of power by
some government agenci es and the
predator, if not illegal, acts by some public
companies as you are. However, I believe
that these acts do not justif illegal acts by
Individual s. Your publi shing accounts of
these abuses is the best way to better the
Page 28 2600 Magazine Autumn 1990
UuQuFtDuDt
situation. Te malicious and illegal acts of
some individuals only helps the goverment
justit their auses and makes things worse.
Te article. J Introduction to COCOTs.
descri bes and endorses actions which I
deplor. but as I stated above I am gad that
there is a place where such articles can be
published. One comment that I would like to
make is that the justifcation which the
author claims for his thesis is greatly erded
by his hiding behind a fctitious name. If he
thinks that his position is morally corrct. he
should follow the path of other contrarians
by using his own name.
lH5Onl/OnC5
Der 2S00:
Guyler Maruder
Siapor
If you want a caller ID ANI system. Nuts
& Bolts. Box 1 1 1 1 . Placentis. CA 92670.
for arund $69. 95 has one but it only works
in areas with Caller I D. Anyone wanting a
hig speed D'F monitor ca buy one fom
Contact East at (508) 682-2000 for around
$280 along with neat toys like lineman test
sets. tone test sets. line aid inductive amps
for tracing. and a lot more. Granted. this
stuf is not cheap but remember this is the
thing.
A far as phreaking frm inside prison. it
can be done but only on non-AT&T phones.
We have collect-only here. but I got around
them as follows. Ours has a recording that
asks you your name. Wen the part you are
calling answers. it plays the recording and
tells you to press thre to accept the call. To
start with. I dialed a number to a recorded
message like the one at our helpful AT&T
ofce (ha) . Te recording trigers the phone
to accept the call . You don't state your name
when asked . but bypass it by pressing a
number on the keypad unti l the call i s
placed. A the call is accepted. you'll hear
the recording say "Thank you for using
X. " As soon as you hear the click that
kicks in the recording. you press the receiver
level down for about 30 to 50 milliseconds to
hang up the switching network. You'll hear
the unrestrcted dial tone under the fnish of
the thank you message. You qUickly hit the
once for local and tice for long distance.
Wen talking to either operator. you simply
ask to be connected to a particula number
because your call is not going through. Keep
it simple to avoid suspicion.
C, Rebl
We left out your location because we
asswn you wat to continue using tis.
luOCq IC5CO/!On
Der 2S00.
Readi ng about the Secret Servi ce' s
witchhunt gives urency to the need to deal
with the icreasing goverment rage for total
maipulation of people's lives, and the need
for people involved in aything controversial
to try to pro tect t hei r privacy. The
govenment' s passion for pring into one' s
privacy has reached the point where one
getting "controversial" mail should consider
getting a mail drop. One's mail is sent to the
mail drop' s address and is mai led to the
cust omer' s address by the mai l drop
operator. Finding a mai l drop that i s well
rn, and reasonahly priced can take time.
but they are out there. Many of them seem
to feel they ar entitled to lare amounts of
money for crddy serice. judging fom the
nearly illegbly scrawled rplies I've received
fom a number of them.
One of te best sources for mail drops is
Lompanics' Director of U. S. Mail Drops for
$ 1 2 . 95. whi ch is well worth the pri c e .
Loompanics' address i s Box 1 1 97. Port
Townsend. WA 98368. Tey send books va
UPS.
Te goverment has adopted the stance.
and the publ i c seems to have come to
believe. that the govenment has an inhernt
right to keep track of one from birth to
death. and that if someone is able to " fall
trough the cracks". that is itself a wrong to
"society" , and that if only the goverment
can keep better track of people. it can make
things "te way they are supposed to be".
The ability for people to change their
name existed long befor the social securit
number came to be used as a de facto name
to track people through their lives. and the
right to change one's name was expressly
meat to enale one to make a break wit a
past phase of life. or infonational detritus
stord on one by various entities.
Here in Califoria, the courts have rled
that one has a right to change one's name
wi t hout court proces s . and that court
process is entirely parallel , simply t o make
the change a matter of ofcial record. One
can go down to any state motor vehicles
department and have one' s name changed
simply by filling out a small piece of paper
Autumn 1990 2600 Magazine Page 29
for a name chane of one's state L card or
driver's license, However, I've found out that
one' s ol d name is stored on the state
computer for retrieval whenever one i s
stoppd by fzz, Te DM als takes one's
thumb prnt for a license or state I D cad,
Reverend Doktor
Noran Apleton
W!tC/Q C|oqconon
D2S0:
Reference is made to Hunti ng for
Wiretaps, a letter to the editor which appears
on page 24 of the Summer 1 990 issue of
260,
Although I have no quarrel wi t h hi s
obseration that te phone compay i s the
wrong place to shop for a serice that can
l ocate wiretaps , a number of other
comments made b the author of that letter
out to b corected:
1 . He assers tat seres taps B the onl
kind of tap used b the phone compay. Te
most common t of transitor tap there is
takes place when a telephone lineman hoks
onto your line usi his hadset. Wen he
does that he has two choices: TALK and
MONITR. In te TA moe the handset is
connected in parallel across the line and
works pretty much like ay other extension.
You can talk and l i sten and you draw
current. I n the MONITOR mode you are
using a capaci tive tap wired In parallel
across the line. You can hear because the
voices of those speaing act as AC ad B
passed by the capacitor. No current is
drawn. We are dealing with a high
impedance parallel tap, not a seres tap as
the wrter sugests. Tere B severa other
ways that brdged (parallel) taps are used.
Sme are hostile and others B the result of
the phone company building mirror image
MULTIPLES Into the system ostensibly to
allow for ftur expasion 1O one or aother
direction. What this means is that if you
listen to the corct pair on the fame In your
building, you can hear your neighbor' s
conversations and in a like manner one of
your neigbor may well have a tap of your
phone mounted on the fame D his building.
Tese parallel taps were built in by the telco
to give them more fexibility in assigning
lines. Tis sort of cration isn't alays
ther, but it is fairly common.
2. Te author talks about 2 volts on the
phone lines. He should know that te voltage
Q.O. OOX ,
found o n the phone lines, unless an o f hook
phone or tap draws it down, is between 48
and 52 volts througout the countt.
3. Te autor advises the reader to "put
your had on te cable and follow it out. "
Tis "procedure" sugests that the author
either lives out i a tent in te middle of a
deser, miles fom ayone else getti phone
serce, or that he has never perfored the
servi ce he describes . If he has a normal
house or offi ce, not too far from hi s
telephone is a wall through which phone
wires run. How, short of demolishing the
premises, does he propose to put his had
on the cable ad follow it out? And how does
he expect to use this procedure at the
interediate distributon fame where ma
wires cannot be seen or grabbed without
disconnecting hundreds of phones belonging
to other subscrber? How does he follow his
cable throug a gas pressurzd splice In a
mahole? Asuming he had the expertise to
opn such a splice without demolishing it,
how does he even know that he Is in the
rgt mahole, or which of the several huge
black cabl es enteri ng this vault through
underground conduits, contains the cable
pair that g to his phone?
Te business of climbing the poles is also
unworkable. Many of the splices B fed b
two or three cables containing hundreds of
pairs of phone lines each. How does he plan
to fgur out which cable to hold onto? Most
splices are sealed and weatherprofed. How,
without demolishing the splices does he plan
to get in and inspect them and follow his
ow phone line out? May of the splices B
located may feet from the telephone pole.
Does he pla on ging hand over had along
the huge black cable and dismantling the
sealed splice with one hand as he holds on
with the other? And what happens when he
comes to a block box mounted on the gund
or on a pole? Asuming he has the special
key ad a can wrench to open these, which
of the hundreds of hi dden prewired
terinations go to his phone B it enters this
pael and which of the hundreds of identica
orang ad white jumpers go to his serce
as it leaves the panel?
Te author says that "the best solution is
to have te phone disconnected ad not use
it at all." Mter going troug all that work to
see if his line was clea, who could blame
him for switching to siga mirrors and tom
toms?
Page 30 2600 Magazine Autumn 1990
DUU0 S0DU, D..
Certainly i t i s possible to conduct a
competent sweep of the phone lines for taps,
but not by using the procedures outined by
the author. I n fact , the procedures he
outlines vi rtually assure the would-be
wirtapper that he will neer gt caugt.
A M.Kapln
Attoreys' Investigative Consultants
LVegas
Modem Poposal
Dear 2600:
Having received your Sprng 1 990 issue, I
immediately persed it. Te aticles on the
harassment , arrests, etc. of hackers and
phreaks disturbed me,
Because of this, I would like to put forth
a proposa for debate within this maaine.
In Irn Strauss's book "How To Start Your
Own Countr" , a smal countr known as
Saad is cited. Salad is loated near the
mouth of the river Orell in the English
Channel . Pirate broadcaster Paddy Roy
Bates lad clam to some W2 vintae g
towers, which ae ver simila to ofshor oil
platfors. I beliee it would be possible, wth
backin, to purchase eiter a bat, idealy a
decommissioned oil tanker, or an older
offshore oil rig, anchor it In a relatively
protected aea in interatona waters, say,
in a unclaimed atoll or some such. It could
then be used as a hacker/data haven, or a
hacker feeport.
If ther is enoug interst, I may attempt
this i the fture.
Dr. Devant
We h som pirate raio people tr 0
near us a few years ago. They were in
i nternational waters, but they sti l l got
nobbed. The sodfact is that the U. S.
govermnt ca ad will go aywher to stop
you i they feel they have to. But there's
nothing wrng utring it anyway.
Neidor Defense Fnd
Dear 2600:
I enj oyed reading your interiew with
Crag Neidorf i the summer edition of 260.
I was also dismayed when I read that te
EFF was not pl anning on funding hi s
defense. For some raon, I had thougt tat
defending peopl e agai nst governmental
abuse was what the EFF wa all about.
I wa also disappoited tat 260 did not
publish the address of the Craig Neidorf
Defense Fund. I , for one, would like to send
the guy a check to help hi m with hi s
attorey fees. Ter B a fe others U the
BBS communit out here on the West Coast
who would like to help.
Jef Hunter and
The Temple of the
Sraming Electrn
We hae to disare w ou rears but
we dprint t address 01 pe 4. Here 0
is again: Neidor Defense Fnd, Katten,
Muchin, and Zvis, 525 West Monroe St . ,
# 1 600, Chicago, 1 L 60606-3693, Attn:
Sheldon Znner. So far, contributions from
our reaers hv ben pret disml i you
made a contribution and you dtdn't get a
prsonal tk youfrm Cri, lt U kow.
lyo'd ratr m t donan th U,
we' ll be happy to forward it to him. But
plee do wh you ca O 0 btl is bg
fouhtfo mofU.
Wich Decoer Chip?
Dear 2600:
I enj oyed the Spring 1 990 I ssue
Immensely. Te Dl decoder project wa
just what the doctor ordered. Would a more
commonly available CD22204E tone decoder
chip be a good substitute for the SS1202?
Te physical pinout Is diferent but it seems
to be electrically equivalent. For another
excellent source of electronic parts, get a
catalog from Circuit SpeCialists , PO Box
3047, Sottsdale, A 85271 -3041 .
Fnally, here's a COCOT numbr to .
2 1 6-928- 6 790. After two or three rngs it
aswers with a femae computer voice saying
"thank yu" followed by four touch tones.
An. Ohio
We're told the SS1202 is available at
Radio Shk. You can't get mre commnl
availble than that. Tr these COCOTs at
21 2-268-7538 ad 21 2-268-61 29. Hit ing a 0
uJ| m on a microphne ad allow you to
hsteet noise in New Yok Ciy. Or mab
O ddeoIO mneihog phone.
General Observations
Der 2600:
For my fellow readers' info it migt be
imporat to know that beige boxes are still
very available at airports . The courtesy
phones tat summon loal motels, rental car
compaes, etc. ae more courteous tan one
would imagine. The best protection I 've
foud so far is a smal speed dia bx uder
the set connected with a simple modular
(ccr|iracJcrpugc1J)
Autumn 1990 2600 Magaine Page 31
LONVERTING A JONE LIALER
by Noah Clayton
A very s i mpl e mod i fi cat i on t o
Radi o Shack pocket tone di al er par
#43- 1 4 1 ($24. 95) can make it i nto a
red box. The modi fi cati on consi sts
of changi ng t he cryst al frequency
us ed t o g e n e rat e t h e
mi croprocessor's ti mi ng. To make
t hi s modi fi cat i on you wi l l need a
Phi l l i ps screwdri ver, a fl at bl aded
screwdriver, a sol deri ng i ron, a pai r
of l ong nose pl i ers, a pai r of wi re
cut t e rs a n d a 6. 5536 MHz
( megaherz) crstal .
Ori ent t he di al er wi th the keypad
down and the speaker at the top.
Remove t he battery compartment
cover ( and any batteri es) to expose
two scr ews . Re move t h ese t wo
screws and t he t wo on t he top of
the di al er near t he speaker. There
a re four pl asti c cl i ps that are now
hol di ng the two halves of the di al er
together. Push on the two bottom
cl i ps near the bater comparment
and pul l up to separate the botom
part . Now sl i de a fl at screwdri ver
i nto t he sea m on t he l eft sta rti ng
fro m t h e bot t om a nd movi n g
towards the top. (You may have to
do thi s on the ri ght si de as wel l . )
When t he two hal ves separate,
sl i de the speaker hal f underneath
t he ot her hal f whi l e bei ng careful
not to brea k t he wi res connect i ng
t he t wo. Locat e t he cyl i n d r i ca l
metal l i c can (i t's about hal f an i nch
l ong a nd an ei ght h of an i nch i n
di ameter) and pul l it away from the
ci rcui t board to break the gl ue that
hol ds it i n pl ace. Unsol der thi s can,
whi ch i s a 3. 579545 MHz crysta l ,
from the ci rcui t board.
The hard par of thi s modi fi cati on
i s g ett i n g t h e new cryst a l to f i t
pr oper l y. Be n d t he t h ree d i s k
capaci tors over, a s i ndi cated on the
di agram, so that there wi l l be room
for the new crystal . Al so remove the
i ndi cated screw. Si nce the 6. 5536
MHz cryst al you have i s probabl y
much bi gger than t he cryst al you
are repl aci ng, you wi l l need to bend
the l eads on the new crystal so that
they wi l l match up wi th the pads on
t he ci rcui t boa rd . Pl ace the n ew
cryst al on t he ci rcui t board usi ng
t he di agram as a gui de. Sol der the
new crystal i n pl ace. As an added
touch you mi ght peel the QC sti cker
off of the PC board and pl ace it on
top of the cryst a l . Now ca refu l l y
snap the two hal ves back together
whi l e checki n g t o make sure that
n on e of t h e wi r es a r e g ett i n g
pi nched or a re i n t h e way o f t he
screw hol es. Put t he case screws
ba ck i n a n d i ns e rt t h r ee AAA
batte r i es i nt o t h e bat t ery
comparment.
Your di al er i s now ready to test.
Switch the unit on. The LED on the
di al pad si de shoul d be l i t. Set the
l ower sl i de switch to STORE mode.
Press the MEMORY button on t he
di al pad. Press t he key five ti mes.
Press the MEMORY key agai n and
t hen press the P1 key. A beep tone
shoul d be hea rd when a ny key i s
pressed a n d a l ong beep s houl d
s ound aft er t he P 1 key ha s been
p r essed t o i n d i cat e t ha t t h e
p r ogr a mmi n g s e qu e nce was
performed correcl y.
Switch the uni t i nto DI AL mode.
Pr ess t h e P1 key, a n d fi ve t on e
Page 32 2600 Magazne Autumn 1990
NTO A HED UOX
pul ses that sound remarkabl y l i ke
coi n tones shoul d come out of the
speaker. I usual l y program P1 to be
fou r q u a rt er s ( i nsert on e or two
PAUSE's between each set of fi ve
tones) , P2 to be two quarers, and
P3 as one quarter.
Of course, you can no l onger use
the unit to generate touch tones.
Histor and Theor
A f r i e n d of mi n e a n d I wer e
si tt i ng a round hi s house one day
t ryi ng t o come u p wi t h a way t o
bui l d a reasonabl e r ed box. I had
b u i l t one wi t h a n a l og si ne wave
generators i n t he past, but i t was
di ffi cul t to adj ust t he frequency of
the outputs and keep them accurate
over t i me a n d wi t h cha n ge s i n
temperature. The el ectroni c proj ect
box I had assembl ed it in was bul ky,
h a rd to conce a l , a n d d ef i n i t el y
suspi ci ous- I ooki ng.
My fri end was pl ayi ng wi t h hi s
cal cul ator whi l e I was wi shi ng t hat
we h a d t h e mon ey a n d t i me t o
desi gn a mi croprocessor-control l ed
d evi ce wi t h i t s own cust om L
board. Afer a whi l e, he announced
t hat he had an i dea. He had been
l ooki ng at a data sheet for a DTMF
( Du a l Tone Mu l t i F r e q u e ncy a ka
t ouch t on e ) g e n e r at or c h i p . He
cal cul ated the rati o of the coi n tone
frequenci es of 1 700 Hz and 2200 Hz
to be 0. 7727. He then went through
al l of t he tone pai rs used for DTMF,
cal cul ati ng each of thei r rati os. He
di scovered that the rati o of the tone
pai r used for was very cl ose to the
rati o for the coi n tone frequenci es.
Thi s rati o, 941 /1 209=0. 7783, di ffered
from the coi n tone rati o by l ess than
one percent.
What t hi s meant was that si nce
the tones generated by such a chi p
are d i g i t a l l y synt hesi z ed from a
d i vi de r c ha i n off of a r ef e r ence
crystal , i f one changed the reference
crystal to the U ri ght" frequency, the
coi n t o n es wou l d be g e n e rat ed
i nstead of t he DTMF . Most DTMF
chi ps use a 1V col or- burst cryst al
wi th a frequency of 3. 579545 MHz.
To determi ne the crystal frequency
that woul d generate the coi n tones,
one woul d compute 3,579,545 / 941
1 700 = 6,466,766; 3,579,545 / 1 209
2200 = 6, 5 1 3, 647; ( 6, 466, 766
6,51 3,647) / 2 = 6,490, 206 MHz.
Unf ort u n at e l y, t h i s i s n ot a
standard cryst al val ue and gett i ng
custom crstal s made i s a real pai n
fo r t he h o b byi st . Th e c l osest
standard frequency I coul d fi nd was
6. 5536 MHz. I tded a crystal of thi s
val ue and i t worked.
(The actual frequenci es produced
by a DTMF generator chi p depend
on t he pa rt i cul a r ma n ufact u r er ' s
desi g n . The col or - b u rst cryst a l ' s
frequency i s di vi ded down to t he
DTMF t ones by an i nteger di vi der
c h a i n . Beca us e t he c ol or - b u rst
crstal 's frequency i s not an i nteger
mul t i pl e of the DTMF t ones t here
wi l l be a s ma l l d i ffe r ence i n t he
fr eq u e n c i e s p rod uced f r o m t he
standard. )
When we fi rst tri ed thi s, we were
usi ng one of Radi o Shack's earl i est
tone di al ers. It consi sted of a DTMF
generator c h i p onl y, and as s uch
coul d not produce a sequence of
t ones a ut omat i ca l l y. Tones were
generated as l ong a nd as fast as
Autumn 1990 2600 Magaine Page 33
KED UOX LONVERSION
one cou l d press t he butt ons. We
were abl e to si mul ate ni ckel s usi ng
thi s devi ce but doi ng so was fa i rl y
s l ow a n d t ed i ou s . Beca u s e o u r
manual t i mi ng was s o far off of the
ma r k, ou r att empts at pr od uci ng
d i me or q u a rt e r s i g n a l s wer e a
mi sera bl e fa i l u re. P l i ve operat or
woul d be i nstantl y conneced to t he
l i ne whenever we tri ed i t.
The Shack' s next model had a
mi c r op r ocess o r a n d a t on e
generator i n i t, each wi th separate
cryst al s control l i ng thei r respective
t i mi n g . It was j u st a ma tt er of
changi ng t h e mi cro's crystal to get
t h e r i g ht on - off t i mi n g f or a
quarer's t i mi ng for a quarter's tone
s eq u e nc e as we l l as t h e t on e
generator's crystal t o get the proper
coi n frequenci es.
Later Radi o Shack came out wi th
t he model used i n t h i s proj ect. I
pr ompt l y bou g ht one beca use i t
was l ower cost a nd more compact
than t hei r ol der model . I put some
batt er i es i n i t a n d t r i ed i t out . I t
generat ed DTMF seque nces wi t h
ve ry l o n g on a n d off t i mes, but
other t han that, seemed l i ke a ni ce
uni t. Upon di sassembl i ng i t though,
I became unhappy. There was onl y
one crystal . It control l ed the t i mi ng
for a mi c r opr ocess o r t h a t was
speci fi ca l l y desi gned to synthesi ze
DTMF . Th e r e wa s no way t o
i nde pe n de nt l y adj ust t h e out put
frequency of t he t ones from t hei r
on- off t i mi ng. I was j ust a bout t o
say, " Oh we l l , yet a n ot h e r t one
di al er for my col l ect i on" when i t hit
me . Why n ot t ry t h e h i g h e r
frequency crystal ? The t i mi ng mi ght
come out cl ose enough to si mul ate
ei t her a qua rer or a di me. I made
the mod and tested i t out. I t worked !
Th a n k you R a d i o Sh ack, fo r
givi ng us a conveni ent to use, easi ly
concea l a bl e a n d non-suspi ci ous
l ooki ng red box.
Reference
The crystal i s avai l abl e from Fry's
E l ect r on i cs i n Fr ee mont , LP for
$0.89 pl us the charge for UPS Red
or Bl ue. Thei r number i s 4 1 5- 770-
3763. I woul d suggest buyi ng fi ve,
some for future use and some j ust
i n case you cut the l eads too shor
when tryi ng thi s proj ec.
Coi n frequencies: 1 700 Hz and
2200 Hz * 1 . 5%.
Timing: 5 cents, one tone burst
for 66 ms ( mi l l i seconds) " 6 ms; 1 0
cents, two tone bursts each 66 ms,
wi th a 66 ms si l ent peri od between
t on es; 25 cent s, fi ve t one bu rsts
each 33 ms " 3 ms wi th a 33 ms
si l ent peri od between tones.

::!t
I

l OI -
>
Page 34 2600 Magazine Autumn 1990
H0W0|0 Hugh09
44W09l gD 0||000
|0Dl00! l 0, LA V4V4O
Jwe I5~V
V ..
Pey =W
0W 0

===
11 /
ID 0UW 0UII0ID W I
L L L A K 5
B of Moac
P. D. bC
mCG0O, LP VV0
mc% >\ \ 0CUDI
) : Z4000Z8 ) : 4++Z9889
We want to thank everyone who took advantage of our Spri ng
T Bel iSouth T T document ofer. Now we real l y need you to
hel p by contributing to the Neidor Defense Fund. Detai l s are on
page T .

P

P

P P P P P
Here we see what many customers are now abl e to see: YOUR
telephone number. There are sti l l pars of the country that don' t
pass al ong ANI; they are shown as area codes only.
Autumn 1990
2600 Magazine
Page 3S
bJ/|d/ng |a|ap|Ona
by T Spi derebs of M| ght
Th i s mU l t i pu rpose i nduct i on coi l
sl i ps over the handset recei ver of any
payphone or standard desk phone and
can be used i n conj u nct i on wi t h a
Wal k man -t ype cassett e u n i t f o r a
var i et y of r eco r d and pl ayback
f uncti ons wi th excel l ent f i del ity - at
l east to the extent that the tel ephone
l i nes can carry f requency response
wi se. You ' l l need a pi ece of brown
corrugated cardboard f rom the si de of
a di scarded box, some thi n cardboard
( l i ke f rom a cereal box) , a sharp hobby
knife, el ecri ci an' s tape, white gl ue or a
hot gl ue gun ( it' l l speed constructi on a
great deal ) and 50feet of PZO wi re.
Begi n by tapi ng a si ngl e l ayer of
cereal box type cardboard (about T /Z
wi de) around the recei ver si de of the
handset and secur e i t wi th a si ng l e
wrap of tape. Thi s i s a spacer l ayer
and i s even t u a l l y d i scar ded bu t
i n s u r es t he f i n i s hed i nd uct i on coi l
sl i des easi l y ove r t h e h an dset ' s
recei ver. Now wrap a si ngl e l ayer of
T /Z wi de co r r u gat ed cardboard
around t hi s spacer l ayer and secure
wi t h a wr ap of t ape . Cor r u gat ed
cardboard makes t he best coi l f or m
bcause of its strengt h and ri gi dness.
Pul l the corrugated cardboard ri ng
off and di scard the i nner spacer ri ng
(or save i t i f you are construci ng more
t han one coi l ) . Gl ue t he cor r ugated
cardboard ri ng to a 4" square pi ece of
cor r u gat ed . Aft e r t h e g l u e set s,
caref ul ly cut out t he i nside of t he ri ng
wi th a sharp hobby kni fe to make a
nice round hol e t hat easi l y sl i des over
t h e h andset ' s r ecei ver . Now g l u e
anot her 4" square pi ece to t he other
si de of t he coi l form and agai n cut out
the i nsi de of the ri ng.
Measure out about 50 feet of PZO
wi re and wind it around the compl eted
corrugated coi l core. Secure t he two
wire ends of the coi l by twi sti ng t hem
together a few t i mes. At thi s poi nt you
can ei t h er sol der S short pi ece of
shi el ded cabl e attached to an i nl i ne
RCA phono j ack or a l onger cabl e
t er mi n at ed wi t h a mi n i at ur e st ereo
pl ug of the ki nd used i n Wal kman-type
headphones. Conn ect t h e l eft and
r i ght c h a n n e l i n n e r co n d u ct or s
together for one connect ion t o t he ci l
and use t h e s h i el ded brai d for t he
other cnneci on. I f possi bl e use a ci l
cord. They don't tangl e as easi ly pl us
coi l cords al ways have a cool hi -tech
look to them.
Now caref ul ly tri m down the outsi de
cardboard si des of the coi l and wrap a
l ong cont i n u ou s over l appi ng spi r al
l ayer of el ectri ci an' s tape around t he
remai ni ng "doughnut" coi l . Make sure
the f i ni shed coi l easi ly sl i des over the
handset ' s recei ver wi thout bei ng too
l oose or wobbl y. Add anot her parti al
l ayer of tape i f necessary to snug up
the f it. For the ulti mate fi ni shi ng touch
the compl eted i nducti on coi l coul d be
di pped i n " Plasti Di p" i nstead of usi ng
the i nsulated tape. I t dri es to a smooth
u n i for m r ubber i zed coat i ng . " Pl ast i
Di p" i s usual l y used t o di p screwdriver,
wrench, or other tool handl es i n order
to pr event cor rosi on and provi de a
better gri p.
Make a Red Box Tape
The easi est way to make one by
yourseH i s to fi nd two payphones si de
by si de ( l i ke at a shop p i n g ma l l ,
ai rport, or hotel l obby). Pl ug i n you r
i nduct i on coi l t o t h e tape recorder ' s
Page 36 2600 Magazine Autumn 1990
/ndJc|/On cO/|
external mi c i nput maki ng sure you' ve
i nstal l ed f resh batteri es. Pick up phone
PT , sl i de on the i nducti on ci l ( it' s best
to cover the mout hpi ece with a t hi ck
cl oth to block any extraneous sounds) ,
start t he recordi ng mode and i niti ate a
cal l to n e i g h bor i n g payph o n e PZ .
Answe r i t , p r ess t h e mout h p i ece
agai nst you r chest to bl ock out any
noi se and slowly deposit about $5 or
$6worh of quarters i nto payphone PZ.
Hang up phone PZ after the l ast coi n
and al l your change wi l l cme back vi a
the coi n ret ur n aft er a few seconds
del ay. Now you have a red box t ape of
quarer tones ready to go.
Pl u g t h e i nd uct i on coi l i nt o t h e
ear phone out put j ack of you r t ape
recorder . Pl ay back t he seri es of tones
-you' l l hear t hem cl early reproduced
t h ro u g h t h e ear pi ece. Adj u st t h e
vol u me cont rol f or a ni ce and cl ear
reproduct i on . Usual l y t he control wi l l
be a notch or two shor of f ul l vol ume.
Now make a test l ong di stance cal l to
check out your new tape. Just don't l et
you r batteri es ru n down too l ow and
you ' l l al ways get consi stent l y good
results. The tape can even be cpi ed
over t o an ot h e r Wal k man - typ e
recorder usi ng an appropri ate patch
cord. I t' s best to recrd and pl ay back
the copi ed tape on the same cassette
recorder because exact tape speed is
i mport ant l0 keep t he pi tch of beep
tones i dent i cal . I f you want t o pl ay
m us i c o r a p r e r ecor d ed spoke n
message over the phone t he i nducti on
co i l wi l l p rodu ce s u per i or f i d e l i ty
compared to t he carbon mi c el ement
i n t he h andset. Whi l e musi c f i del i ty
i s n ' t g r eat ove r t h e r at h e r l i mi t ed
f requency range of phone l i nes i t' s sti l l
OK much better t han you' re used to
heari ng and at ti mes it's f un to be abl e
to do i t co n ve n i e nt l y. S i nce t h e
i nducti on coi l cupl es al l si gnal s to the
phone l i n e vi a a magn et i c f i el d t he
fi del ity i s as good as possi bl e and is
onl y l i mi ted by t he characteri st i cs of
the parti cul ar phone ci rcuits.
(urnpageforp|ctures. )
1P
bd| lo|-| D-Uh|8f
Lmma0u| O| O8I| 0
A|lwo|k
HO| | y KauIma0 Sp|uOM
Wf0lS Eri c Corl ey, John Drake,
Paul Estev, Mr. French, The
Gl i tch, The I nfi del , Log Lady,
Crai g Nei dor, The Pl ague, The Q,
Davi d Ruderman , Berni e S. , Lou
Scannon, Si l ent Swi tchman , Mr .
Upsetter, Vi ol ence, Dr. Wi l l i ams,
and the u nusual anonymous bunch.
O0LS Geo. C. lilyou
SO:Steve for geting us
thruh 9lat yea, Frkl i n fr te
Mure, the elric undrroun for
rfing to di e, aM. O. D. fr
cnti nui n to alow u at their meeing.
Autumn 1990 2600 Magazine Pae 37
||a |a|ap|Ona/ndJc|/On cO/|
Page 38 2600 Magazne Autmn 1990
1Hb b M1Mb M U b
This i s a numerical l i st of AWAC numbers for the Unite Sttes. Dialing this number gives you your
tel ephone number. I f you don't see your area ce here, try searching for your AWAC number and l et us
know when you f|nd it. ' fyou're having troubl e using an AWAClisted below, try puting a 1 i n front of it. If
that doesn't work, the number may have changed or may not apply K your area.
205: : : 908-222-2222
21 2: : : 958
21 3: : : 1 1 4
21 3: : : 1 223
21 3: : : 61 056
21 4: : : 970-xxxx
21 5: : : 41 0-xxxx
21 7: : : 200-xxx-xxxx
21 7: : : 290
305: : : 200-222-2222
309: : :200-xxx-xxxx
309: : : 290
31 2: : : 1 -200-5863
31 2: : : 200-xxx-xxxx
31 2: : : 290
31 3: : : 200-222-2222
31 7: : : 31 0-222-2222
31 7: : : 743- 1 21 8
401 : : :222-2222
403: : : 908-222-2222
404: : : 940-xxx-xxxx
407: : : 200-222-2222
408: : :300-xxx -xxxx
408: : : 760
409: : : 970-xxxx
41 4: : :330-2234
41 5: : : 200-555- 1 21 2
41 5: : : 21 1 -21 1 1
41 5: : : 2222
41 5: : : 640
41 5: : : 760
41 5: : : 760-2878
41 5: : : 7600
41 5: : : 7600-2222
502: : : 997-555- 1 21 2
509: : : 560
51 2: : : 200-222-2222
51 2: : : 970-xxxx
51 6: : : 958
51 7: : : 200-222-2222
51 8: : : 997
51 8: : : 998
602: : : 593-0809
602: : :593-601 7
602: : : 593-7451
604: : : 1 1 1 6
604: : : 1 1 6
604: : : 1 21 1
604: : : 21 1
61 2: : : 51 1
61 5: : : 830
61 6: : :200-222-2222
61 7: : : 200-xxx-xxxx
61 7: : :220-2622
61 8: : : 200-xxx-xxxx
61 8: : :290
71 3: : : 970-xxxx
71 4: : : 21 1 -21 21
71 6: : : 51 1
71 8: : : 958
806: : : 970-xxxx
81 2: : : 41 0-555- 1 21 2
81 5: : : 200-xxx-xxxx
81 5: : :290
81 7: : : 21 1
81 7: : : 970-xxxx
906: : : 200-222-2222
91 4: : : 1 -990- 1 1 1 1
91 4: : : 99
91 4: : : 990
91 4: : : 990-1 1 1 1
91 5: : : 970-xxxx
91 9: : : 71 1
Autumn I0 Z000Magaze Page J
I I-
(continued fom page 31)
jack (DF. Others seem t o be wide open
ad unres tricted to te world if you hae a
stadar tone generator or can sing perfect
pitch.
I have a P with a moem but the onl
system I 've been abl e to expl ore is the
random Interaction of a Wlcom cordless
telephone activated while I' m on line. Te
fequenc sends gabae all over my scren
and then the tel co gys are under the stret
for weeks messing about with the l ocal
switches. I "m not sure if they B loking for
a problem or adding new monitors to my
line. All ver scar stuf.
A considertion for serous hackers may
be an associ ati on si mi l ar to A. C. E.
( Associ ati on of Cl andestine Radio
Enthusiasts) . Tey had some sort of pool of
fnds to pay the FCC fnes ad legal fees for
pai d members who got caught . As t he
clampdown gets tighter we shall have t o get
more creative in our defenses.
Pi rate cel l ul ar is growing fas t . The
programmig sequence seems to be the key.
I "m sure I"ll have it soon. A dealers become
busier. they are talking the owners trough
the setup procedure on the phone! Norall
they are supposed to do it D the shop. I"ll
keep you posted.
First Phone. Integretel . and Midatlatic
seem to all b using the same long distace
l i nes these days . So when you get
Interrpted by B operator. they seem t o
have no I dea whose customer you are .
Access 950- 1 042 or 80 0-950- 1 042. Have a
good go at them. Tey charge me 80 cents a
minute to cal my own call waitingl
Some other simple fn that I have had
the pl easure of exploring is answering
machines. A article on this subject would
be eas to compose. All of the remote access
codes ae printed Inside the cover or on a
sticker on the bottom of the machine at your
loca department store. aswering machine
section. Playback and room monitor seem
ver harless. while rset. OGM record. ad
on/of could cause you some trouble. Most
of these can be hit wit a genera scan of the
tones. A innovatie application was played
by teenagers calling on my business 800
l i nes over t he weekend from di fferent
payphones and leaVing messages for their
fends to retreve frm ay other payphone
in the countr. The cheapest way to stop
them was to put in a very old machine
without tone rmote.
NB
Rode Islnd
Z WW
Woata g|eatg| ft| deafo|theho| | days ' | 8eatstoe@out ofbpOtlSm uSltal0d
200 has covered a l ot of ground si nce . If you haven't been
with us for the entire journey, we thi nk you' l l fi nd this bit of hi story
enl i ghteni ng, educational , and enterai ni ng (the Je' s) . Our back
issues are sol d by the year ($2b/$J0overseas, US funds onl y) . Use
the order form on Page 4 and mai l it to:
2600 Back Issues
H Box 752
Mi ddl e I sl and, MY T T bd
Al l ow R- weeks for del i very.
Page 40 2600 Magane Autumn 1990
2 at
000 1?lb. Firs t Friday of the Little Blue Box" $5 large SASE w/45
month at the CiticO Center--from 5 to 8 pm cents of stamps. Pete G. , Box 463, Mt.
in the lobby near the payphones, 1 53 E 53rd Laurel, NJ 08054. We are the Original !
St. , NY, between Lx & 3rd. Come by, drp ?Y tL LL?b1LPLb
off articles, ask questions . Call 5 1 6-75 1 - "Voce VHkg" ($29), "Crt Ca Sca
2600 for more info. Payphone numbers at II" ($29), Credit Card Number Generation
Citicorp: 21 2-223-901 1 ,21 2-223-8927, 21 2- Sofa nqu).Mo! Many of ou favortes
308- 8044, 2 1 2- 308- 8 1 62, 2 1 2- 308- 8 1 84. updated. New Technology Catalog $2 ( 1 00
c6lBgS BlS0 lBKc glBc B bBB tt8BS0 puct). Ne infon cntbutions on
Bl + mDBtB0ct0 lBZB (inside) stating at fors of techologica hacking: 201 1 Crescent,
5 pm Pacifc Time on the frst Friday of the Ao,N88310. 5)4334.
mont h. Payphone number s : 4 1 5- 3 98 - k1ALDb1. (ke TAP but
9803,4,5,6. stcty tlephons.) Coet 7 issue 1 14 pge st
YA? Red and blue box plans/its and $15 y.TA bak isue set-320 pes-fl sie
assembled kits. Also, expansion cards for a coies NOT phoreduced Sy.Pet H,
256K Compaq. Pl ease cont act Charl es P.O. Box 70, Kent, Ohio 4Z.
Silliman, 1 1 8 1 9 Fawnview, Houston, TX Ybb, L}A?b, LlL Lb,
77070
' i t i . .
.
.. .

.
.

YL,may

SASE for
Q; Q
.
B
.

and
/
or the source
i ndex, i nfo on .

| |bo|
a. If l have t,
other holdings. .( | wm pay for them.
Robert H. , 1 209
)
Please post to: P.
N 70t h, ) Griffith, 25
Wauwatosa, WI 5321 3. P0CTot, ONM6A 2Pl, L
YA? Atari ST hacking/telecom YA?Audi rdings oftlephone r1
progams to tade. I have Mickey Diaer and Lrge rgs of mpst ad
2 tone generation programs. Nil, PO Box psent t fnny phone ct phe pg.
751 6, Berkeley, CA 94707. Inqui at Z, Box 99, Middle Island,
Y? Hacking and phreaking sofwae 1 1953. (516 751-20 .
for IBM and Hayes compatible modems. Y MALb For se: a cmlete st of
Wardialers, extender scanners, and hacking DEC VAX/VMS manuals in goo condition.
programs. Advise cost. R. T. , PO Box 332, Most xfor VMS revision 4. 2; some for 4. 4.
Winfeld, IL 60190. Excellent for "exploring" ; includes System
L& bbb, complete set Vol 1- Manager's Reference, Guide To VAXNMS
9 1 of QUALITY copies from original s . Systm Seut, m. Vruest t Roe
Incl udes schematics and i ndexe s . $ 1 00 Walingtn, P.O. Box 4, Lonia, NJ 0765-
pstpaid. Via UPS or First Class Mai. Copy U .
of 1 97 1 Esquie article "The Secrets of the 0lBc0t YBlct 8lKclg8c 1/11.
Autumn 1990 2600 Magaine Page 41
PN PL Nm L
0 |8Z00 Lu00| l0 Mu|00|| 0g10ug
| l8| | | 8000|
As some of you know, the credi t card
compani es ( Vi sa, MC, and Ame r i can
Express) i ssue crd numbrs which conform
to a tp of checksum algorithm. Every card
number will conform to this checksum, but
this is nt to say that every card numbr that
passes this checksum i s val i d and can be
used, i t onl y means that such a card number
can b issud by the credit card company.
Often t hi s checksum test i s used by
compani es which take credi t cards for bl l i ng.
I t i s often the fi rst step i n checki ng card
val i di ty before attempti ng to bi l l the card,
however some companies stop here. Some
companies only check th first digit and the
card number l engt h, others use thi s very
convenient al gori thm, whi l e oters conti nue
on to check the bank I D prti on of the card
number with a database to see if i t is a valid
bank. These tests are designed to weed out
customers who si mpl y conj ur e up a card
number. I f one were to try an guess at an
Amex number by usi ng the r i ght format
(starts with J and ! 5di gi ts long) , onl y about !
in ! 00 guesses woul d pass the checksum
algorithm.
Why do cmpni es use the algori tm for
verification i nstead of doi ng an actual credi t
check? First, i t' s much qui cker (when done by
computer) . Second, i t doesn't cost anythi ng.
Some cr edi t card compani es and banks
charge merchants each time thy wish to bill
or verify a card numbr, an i f a mrchant is
i n a businss where a lot of phony numbers
are gi ven for veri fication, this can become
rather costl y. I t is a known fact that most, i f
not al l , onl i ne servi ces ( i . e. Compuserve,
Geni e , et c . ) u se th i s met hod when
processing new si gn-ups. Enough said about
this, you take i t from there.
The maj or i ty of transacti ons between
credi t card compani es and merchants take
pl ace on a monthl y, weekl y, or bi -weekl y
basis. Such bul k transactons are much less
expe nsi ve to t he mer chant s. Often a
company wi l l take the card number from a
customer , run it through the al gori thm for
verificati on, and bl l th card at the end of te
month. This can be used to your advantag,
dependi ng on th situation.
I f yo u trade card numbers wi t h your
fri ends, t hi s i s a qui ck way to ver i fy the
numbers wi thut having to call up the credit
card company and thus leave a trai l . Also, a
few ! -800 party l i ne type servi ces use thi s
al gori thm excl usi vel y because they don' t
have a di rect l i nk t o cr edi t car d company
computers and need to verify numbers real
fast. Si nce they al ready have the number
you' re cal l i ng from through ANI , they don' t
feel i t necessary to do a compl ete credi t
check. I wonder i f they ever heard of pay
phones.
Here' s how te algrithm works. After the
format is checked ( correct f i rst di gi t and
correct number of di gi ts) , a 2 I 2 ! 2 ! 2 ! . . .
wei ghi ng scheme i s used to check the whole
card numbr. Here's the english pseudocode:
check equals .
go f rom first di git t o last digtt
product equals value of curent di gi t.
if di git posi ti on from end sodd
thn multiply prduct by 2.
if product s 1 or greater
then subtrct 9from product.
ad product to check.
end l oop.
i f check i s di vi si bl e by 1 , t hen card passed
checksum test .
Here is a program writen in C to perform
the checksum on a Visa, AMEX or MC card.
Thi s program can be easi l y i mplemented i n
any l ang uage , i ncl udi ng ACPL , BASI C,
COBOL, FORTRAN, PASCAL o r PUI . Thi s
program may be modifi ed, wit the addition of
a si mpl e l oop, to gene r ate cr edi t card
numbe rs t hat pass the al gor i t hm wi thi n
certai n bank prefixes ( L e. Ci ti bank) . I f you
know the ri ght prefi xes, you can actual l y
generate val i d card numbers [ 90percent of
the time) .
Page 42 2600 Magazne Autmn 1990
LL LP
, CC Checksum Veriication Proram
by Crazed Luddite and Murdering Thg
of the KOOllaD Alliancel (New Yor, Londo, Paris, Praue.)
Permission Is granted for free distribtin.
"Chose the lesser of two evils. Voe fo Satan In '92"
"
linclude cstdio.h>
mainO
(
char cc(20];
I n check, len, pro, j,
pri ntf("InAmexisa Checksum Verifiation Program");
pri ntf("lnby Crazed Luddite & Murdering Thugln");
for ( ; ; )
(
printf("lnEnter Card Numbr [wfo spces or dashes.] (Q to qui)In: ");
scanf("%" ,cc);
((cc[O]=='Q' ) I I (cc[O]=='q' brea; , exi t i nfi nie loo, i ' Q' *f
, Veriy Card Ty *f
i ((cc[O] I ='3' )&&(cc[O] ! ='4' )&&(cc[O] I =' S'
(

printf("lnCard number must begin wilh a 3, 4, or 5. );

conti nue;
else i ((cc[O]==' S' )&&(slrlen(cc) !=1 6
(
printf("lnMaslerard must b 16 digils. ");
conti nua;

else i ((cc[O]==' 4' )&&(slrlen(cc)! =1 3)&&(slrlen(cc) I =16

( prlntf("lnVlsa numbers must be 13 or 16 di gis. ");
continue;

else i ((cc[O]=='3' )&&(slrlen(cc)! =1 S

( printf("lnAmerican Express numbers must be 1 5 digiIS. ");
conti nue;

, Perform Checksum - Weighing lisl 21 21 21 21 21 21 21 21 . . . . *f

check = 0; , res81 check 10 0 *f
len = slrlen( cc) ;
for (j=1 ;I<=len;j++)
, go Ihrough enllre cc num sIring *f

prod = cc(-1 ]-' O' ; , conver char 10 inl *f

if ((
I
en.j)
%2) pro=
pro*2;
, od dlgil from end, prod=prod*2 *f
, olherwise prod = prod*1 *f
if (prod>=1 0) pro=pro-9; , sublract 9 i pro is >=1 0 *f
check=check+prod; , add 10 check *f

i ((check%1 0)==0) , card goo if check divisible by 10 *f

print("InCard passed checksum lest. ");
else
pri ntf("InCard did no pass checksum lesl. ");

Autumn 1990 2600 Magazine Page 43

Over the past year there has ba great deal
of publicity concering the action of computer
hackers. Since we bega publishing in 1984 we've
pointed out cses of hackers bing unfairly
prosecuted ad victimized. We wish we could say
tings were getting beter but we CO. Events of
recent months have made it painflly clear that the
autorities, above all else, want to "send a
message". That message of course being tat
hacking is not god. And there seems to be no
limit as to how far they will go to send that
message.
And so we come to the latest chapter in this
saga: the sentencing of three hackers in Atlata,
Georgia on November 16. Te three, Robert Riggs
(Te Prophet), Frank Darden, Jr. (Te Leftist), and
Adam Grant (Te Urille) were members of th
Legion of Doom, one of te country' s leading
hacker "groups". Members of LOD were spread
all over the world but tere was no real
organization, just a desire to le and share
information. Hardly a gag of terorists, as the
authorities set out to prove.
The three Atlanta hackers had pleaded guilty
to various charges of hacking, particularly
concerng SBDN (the Souther Bell Data
Network, oprated by BellSouth). Suposedly
Riggs had accessed SBDN and sent the now
famous 9 1 1 document to Craig Neidor for
publication in PHRACK. Earlier this year,
BellSouth valued te document at nearly $80,00.
However, during Neidorf' s trial, it was revealed
that te document was really wort $13. Tat was
enough to convince the goverent to dro the
case.
But Riggs, Darden, Gran had already
pleaded guilty to accessig BellSouth' s computr.
Even though the facts in te Neidorf case showed
the world how absurd BellSoth' s accusatios
were, the "Atlanta Three" were sentnced as if
every word had been tue. Which explais why
each of them received substantial prison time, 21
months for Riggs, 1 4 months for the others. We' re
told they could have gotten even more.
This kind of a sentence sends a message all
right. Te message is tat the legal system has no
idea how to handle computer hacking. Here we
have a case where some curious people logged
into a phone copay' s computer system. No
FACTS AND
cases of damage to the system were ever attributed
to tem. Tey shared informtion which we nw
know was practically worthless. And they never
profited in any way, except to gain knowledge.
Yet tey ae bing teated as if they were guilty of
rap or mnslaughter. Why is tis?
In addition to going to prison, the three mst
pay $233, 00 in restitution. Again, it's a coplet
mystery as to how this staggering fgure was
arrived at. BellSouth claimed that approximat
figure in "stolen logins/password" which we have
a great dof trouble understanding. Noody C
tell us exactly what that means. And tere's more.
BellSouth claims to have spnt $1 .5 million
tracking down these individuals. That' s right, on
and a half million dollars for the phone compay
to tace three people! And then they had to go and
spend $3 million in additional security. Perhaps if
they had sprung fo security in te first place, tis
would never have happned. But, of course, ten
they would have never gotten to send the message
to alI the hackers ad potential hackers out there.
We thnk it' s time concered people sent a
message of their own. 1young people are
going to prison bcause a large compay lef its
doors wide opn and dosn't want to take any
responsibilit. That in itself is a criminal act.
We've always believed that dpeople cause
damage or create a nuisance, tey should pay the
price. In fact, the LOD believed this too. So do
most hackers. And so does the legal system. By
blowing things way out of proportion because
computers were involved, the goverent is
telling us they really don't know what' s going o
or how to handle it. And that is a scary sitatiolL
If the media had been on top of this stor and
had ben able to grasp its meaning, tings might
have ben very diferent indeed. And if
BellSouth' s gross exaggerations had been taken
into account at the sentencing, this injustice
couldn' t have occured. Consider this: if Riggs'
sentence were as much of a exaggeration as
BellSouth' s stated value of thei $1 3 document, he
would be able to serve it in fll in just over two
hours. And the $233,000 in restitution would b
under $40. So how much damage are we really
talking about? Don't lok to BellSouth fo
answers.
In early I 99I te three ae to begin teir
Page 44 2600 Magazine Autumn 1990
RUMORS
sentences. Before that happens, we need to reach
as many peole as possible wit this message. We
don' t know if it will make a difference in this
particular case if the general public, goverent
offcials, ad the media he tis side of the story.
But we dknow it would b criminal not to .
===
When we needed to get the word out on te
Neidorf story, we leed something about the
power of electronic communications. By making
use of the Interet, the story spread troughout te
glob rapidly and respnses pured back. One
computer system in paricular, Te Well, located
in the Bay Area of Califora and afiliated with
Th Whole EReview was an instumental tol
in opning tose communications. We hope to see
many other affordable multi-user systems that
ofer lively discussions and useful serices in the
futre. We encourage our readers to get involved
in this technology before participation in it
becomes regulated restricted by those who
don' t appreciate it You Cregister onIincat Te
Well by calling 415- 332-6106.
===
In another tale of noboy really knowing
what' s going on, two teenage brothers were
arrested in November and charged wit causing
$2.4 million worth of damage to a voice mail
system. It seems that the kids were promised a
poster with their subscription to Gas Pro
Magazine. When they didn't get it after repeated
complaints, they figured out how to get into th
company' s voic mail system. They were able to
get into 200 diferent mailboxes, including that of
the company president. Te company accuses the
brothers of wiping out messages, changing
passwords, ad changing user names. A copany
ofcial expressed surprise that tey were able to
chage naes, claiming that it was not an easy
thing to do.
If, as has been reprted, the voice mail system
was Rolm' s Phonemail, te company is almost
totally responsible fo what happened to them.
Phoemail allows passwords to be up to 24 digits
in length. Tese clowns apparently left their
passwods as the default, which is usually a mere
three digits. Hence the ease of entry. And th fact
that the system administrator lef his,er password
as the default explains how tey were able to
change user names so easily. A child could do it.
. Not many pole will claim that wht these
kids dd was acceptable. But the way the
authrities handled tis was absurd, at best. Kids
have always done mischievous things ad they
always will. And no mater how hard the
autrities , tey're not going to fnd ay
conspiracy here. These were kids being naughty
and taking advantage of incometence. A stem
waming would undoubtedly have put a end to t
Instead, they're being charged with all kinds of
fedral crimes and told tht they caused $2.4
million in damage. And te U. S. Secret Service
and te New York State Police seem real proud of
this.
4==
Spaking of the New York State Police,
according to a rept fom the news seric
Newsbytes, Doald Delaney, New Yok State
Police Spcial Investigator, admits to spying on
260meetings at the Citicorp Center in New York
City. Spies working for him took pictures of
people as tey attended the monthly gatherings. It
seems prety absurd that tey would waste teir
tim sneaking aound when we're having a public
meeting right smack in th middle of midtown
Manhattan. Add to this the fact tat we di scovered
them doing this back in the spring (see Spring
1990 issue) and one gets the distinct impression
that these folks haven' t yet found their niche in
society.
44
In a typical case of juming on the
bandwagon, a New York therapist is attemping to
get som new clients out of a recent hacker story.
"According to Jonathan Berent," his pess release
reads, "director of Berent Associates Social
Terapy Center in Great Neck, NY, [the story of
ZOO, a recently raided hacker j illustrates classic
symptoms of soial phobia -defned as th
extreme fear and avoidance of people outside of
one' s immdiate family. Mr. Berent explains tat
social phobics ofen tm to computers in a
attemt to create a substitte fo th social
interaction with friends that tey find lackig in
their daily lives. Additioally, tey freuently
exhibit denial -tey deny that any social
problem exists. Thy claim that they have plenty
of friends -bt just chose to spend their fee
Autumn 1990 2600 Magazne Pae 45
FACTS AND UmL
time wi th the computer instad of peers. Other
characteri stics of social phobia include fear of
people, anxiety attacks in social situations,
overdependence upn parents, difficulty wit
social skills, and fami ly chaos. Anoter key
characteri stic of social phobia is anger coupled
with destuctive behavior. This may explain the
$250,000 worth of [completely unsubstantiated as
usual] computer system damages tat ZOO has
ben accused of. '
"According to M. Berent, social phobia ofen
leads to addictive bhaviors -including
addictions to compulers, telephone party l ines,
television -even addiction to avoidance itelf.
Far from a mere passing phase, Jonatan Berent
explains, ' Soial phobia has a tendency to get
worse and worse if lef alone. Fortunately,
however, it has ben proven that social phobia is a
controllable and curable problem. In our pogram
of individual and social group therapy, we have
seen countless recoveries from social phobia
though clients' learing first to control teir
anxiety. and then leng th specific soial skills
that underly social success. Tough goal-oientd
therapy and pograms that ofer a oporunity for
social practice. we have been able to help facilitate
social phobics in breaing through their self
impsed limitations to for quality relationships
-ofen for the first tim in thir lives -ad live
much happier lives as a result'
"M. Berent has ben woking with soial
phobics for over 10 years. "
Imagine that. A cure for hacking. Will
wonders never cease?
===
Last issue we pinted a number tht read back
whatever phone numbr you were calling fom
nationwide. Omreaders found ts usefl for
payphones. tie-lines. airplane phons. o any
situation where kowing the tlephone numbr
they were using was import o just iteresting.
Unfortunately that number hs stoppd working.
But a new number has surfacd 800-933-
3258 . . e . Wisconsin Bell is the latest of te pone
companies to dop te chge for touch toe
serice. We won' t rest until ty've al be n
eliminated. Spking of rate chages. New York
Telephone asked te stte Public Seric
Commssio for an $83 1 .7 mllio ( 1 3 prcnt)
rate increase earlier tis year. Many people were
outaged by this request. So. apparenty. were te
PSC administative law jUdges. who
recomendd a rate increase of only $23.6 mllion
(0.37 percent). In fact. aer report suracd of
wild NYNE sex parties as well as oter unethcal
business practices. the PSC decided to exploe the
possibility of forcing New York Telephone to
divest itself fom NYNE. Not all public servants
keep teir hd in the sand. something these
companies ought to keep in mid . . . . Wit regards
to rip-offs: did you know it costs less to call an
international sex line than it does to call a local
one? That' s right. we saw advertisements for sex
lines in the Netherlands Antilles (01 1 -599-2424.
2626. and 6262) right next to all of those other
ads. The ironic ting is that most people se the
01 1 and figure the cll will cost mre. Guess
again . . . . Both Sprint and AT&T are ofering fre
fax serices related to the Gulf Crisis. By calling
Spint at 800-676-2255 you C direct a fax upate
to any fax machine mthe country. And AT&T is
offering Desert Fax. By going to an AT&T Phone
Center and fll ing out an official fax form you C
have that fax sent to anyoe in active duty in the
Gulf. They won' t tell us how exactly tey do it.
Sorry . . . . AT&T is accusing Mel of steling 90.00
customers over the last six months. Nothing new
there. but accoding to Reuters. tere' s now a
name for this practice. Changing a customr' s
long distance service to anoter comay without
perission is clled "slaming". Would we
lie? ... Finally. a light-hearted stoy: in ely
November. polic in Montgoery County.
Alaba were testing the new E91 1 system. The
dispatcher received ten consecutive calls fom te
home of Linda and Danny Hurst. When t polic
arrved at the Hurst house. the culprit was son
fond: an overripe toato. The tomato was
hangig over the telephone i a wire basket.
dripping juice into mcouple' s answering
machine. Apparently the juice got into te
mache' s dialing system and cused it to dial t
polic. "We' re not sure how. " Chief Deputy
Milto Grah said. "Mayb tey had spe d
dialing ad it shored out" Linda Hurst also was
baffled. "I did' t know th aswering machin
could even dial out. It' s just supposed to tke
messages."
Page 46 2600 Magazne Autumn 1990
DON`IMAKE IHAIMl5IAkE
Many people do . They intend to renew, but the
drudgeries of dai ly l i fe get in the way . And
then, one day, they real i z e that there ' s some
thing mi s s ing . You see , we don ' t pester you
repeatedly l ike most other magazines when your
subscript ion runs out . You won ' t get phone
cal l s , postcards , telegrams , faxes , or knocks
on your door . We accept rej ect ion graceful ly .
The tragedy occurs when subscribers LOzgeL to
renew. Go look at your addres s label now. I f
you ' ve only got cI i s sue or two left , renewing
today makes a whole lot of sense . And by
renewing for mul tiple years , you ' l l have one
less thing to worry about in a decade that
promi ses to have plenty of worries .
l Nl Vl OPLOLMl |l LN
. 1 year/$1 8 . 2 years/$33 . 3 years/$48
LLM|LMPL OLMl |l LN
. 1 year/$45 . 2 years/$85 . 3 years/$1 25
LVCMLP OLMl |l LN
. 1 year, i ndi vi dual/$30 . 1 year, corporate/$65
Ll |Ll MLOLml |l LN
. $260 (you' l l never have to deal wi th thi s agai n)
PLh l Oc ( never out of date)
. 1 984/$25 . 1 985/$25 . 1 986/$25 . 1 987/$25
. 1 988/$25 . 1 989/$25
[OVER5EA5. ADD$ PERYEAR OF BACK 55E5
cd v. dua' oac- | ssuoslo|19oo, 19o9, 1990a|o$6. 25 oachj

LPL PNLON cNLLLc.

wUn. . .
@

cal l er i . d. 4
network Z sa
g
a ( cont. )
dorot hy denni n
g
i ntervi ew 1
th i n
g
s you shou l dn' t know 1 O
defeat i ng trap traci ng ZZ
l etters
Z4
tone di a l er conversi on Z
bui l d a tel ephone i nducti on coi l o
t he defi n i ti ve anac
g
u i de
l
l
l
l
l
ZO mar ketpl ace 41
[ credi t card al
g
ori thm 4Z
l
L
facts and rumors 44

3OO Magazine
YOWX 2
Middle Island, MY 11$ U.S.A.
Forwarding and Addess Corection Requested
meu
I m
L\LN LLP LPLc
|0fmtl |PIB!
c8Sl 6l8U86l, N. 1.
1 1
N 74-b 1