Phreaking
HEYHEYHEYHEYHEYHEYHEYHEYHEYHEYHEY
HEYHEYhey, hey, hey, it's ATI!HEY
HEYHEYHEYHEYHEYHEYHEYHEYHEYHEYHEY
issue 50
A continuation of ATI49..
other publications worth of checking out----------------------->
TAP is a print newsletter dedicated to the dissemination of suppressed
info, whether it be on hacking, phreaking, the gov't, or anything. It's fun
to read, and issues cost only a 25 cent stamp! Send a stamp for the length
of subscription you want; 1 stamp = 1 issue, 10 stamps = 10 issues. They
have put out issues 92 thru 100. If you would like back issues, send $1 for
each back issue you want. Write them at:
TAP
P.O. Box 20264
Louisville, KY 40250
Also, be sure to call TAP's BBS at 502-499-8933.
The Iron Feather Journal provides info regarding hacking, phreaking,
anarchy, or Commodore pirating. IFJ is also a fun publication filled with
interesting stuff. They have put out issues 1 thru 9, and issues are $2
each. Write them at:
Iron Feather Journal
P.O. Box 1905
Boulder, CO 80306-1905
2600 magazine provides more technical, specific hack/phreak info. It
also features a large section of letters from readers, and frequently has
some thought-provoking commentary and a unique sense of humor. For
individuals, subscriptions are $18 US and $30 overseas. Call their recorded
message at 516-751-2600 for more info, or write:
2600 Subscription Dept.
P.O. Box 752
Middle Island, NY 11953-0752
Babyfish is an interesting publication that features poetry, artwork and
other items from a decidedly anarchist point of view. Issue #4 of Babyfish
is available for $3 by writing:
Babyfish
P.O. Box 11589
Detroit, MI 48211
$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
--> movie time <--
Movies are great. Not only are they entertaining, but reflect our
society in various ways. Now for a few words on some movies:
"Darkman" was one of the most interesting movies I've seen in a while.
It got generally good reviews by critics in the media, but I did see an
occasional bad review. But I submit that anyone who gave "Darkman" a bad
review missed the whole theme of the movie. "Darkman" was a lot like
"Batman" or "Dick Tracy" in that it provided a very comic-book-like design
in the film that could be seen in the set design, plot, and even the way
that actors moved, interacted, and delivered their lines. The film also had
a touch of "Phantom of the Opera" in its plot of a scientist who was severly
disfigured after being attacked in his lab by mobsters, and then moves to
the role of protector of his girlfriend. By the way, I thought "Darkman"
pulled off the "comic-book" theme very well while "Batman" and "Dick Tracy
failed miserably. Anyway, go see "Darkman".
A disappointment of this past summer was "Robocop 2", only because it
didn't do very well in the box office. I thought the new "Robocop" film was
as good as its predecessor. Both films do an excellent job of conveying 2
msgs: 1) technology is going mad, and man's advancements in technology is
unfortunately not accompanied by a necessary advancement of morality and
ethics and 2) we are heading towards a very dark future, as portrayed in
both films' "commercial" and "news clip" segments. Rebels in Mexico? South
Africa using nuclear weapons to defend apartheid? The ozone gone? Anti-theft
car devices that trap and electrocute car thives? These are just current
problems projected as worse-case scenarios in the not-so-distant future.
Also, more scrutinous viewers might find some other messages in the film
conveyed very subtly, such as the roles of corporations and criminals. In
"Robocop 2", a female dealer of the drug "nuke" hold up a vial of the drug
and says "Made in America". Cain, the leader of the nuke dealers says, "We're
going to make that mean something again". Later in the film, the head of
the mega-corporation, OCP, stated "We're going to make 'made in America'
mean something again" in reference to building copies of the Robocop 2
protoype. And, if you recall, in "Robocop", Dick Jones, then-vice-pres.
of OCP says in a conference, "Good business is where you find it". Later on
in the film, Clarence Boddicker, mobster and drug lord stated the very same
thing. Could it be that the message is that there is little difference
between mobsters and corporate leaders? That's why I liked both "Robocop"
films so much - because of their perspective. I look forward to "Robocop 3".
I finally rented a copy of "Roger and Me", which is a story of how the
closing of GM plants in Flint, MI deeply affected the city. GM closed many
plants and opened new ones in Mexico just past the border to avoid paying
decent wages to US workers. Flint was devastated by the closing, and the film
documents this in a very moving way. It's shocking to know that US
corporations are given license to wreak havoc on peoples' lives. In Europe
and other places, plant closings are regulated by strict laws that demand
that the corporations take some economic responsibility for laid-off workers
for some period of time so they can get on their feet. This was not the case
in Flint. People suddenly found themselves jobless and destitute. They were
evicted from their homes, and those who could afford it moved away from
Flint. The ones who were forced to remain were subject to the highest
violent crime rate in the country and extremely bleak job prospects. Go rent
"Roger and Me" and watch a chapter in the death of the American dream.
For the story of Flint is the story of all the US. Blue collar jobs
that provided some financial security and the ability to make a good home
and living are disappearing by the day. Abandoned factories litter our
landscape, and we painfully learn that industry no longer provides the
promise it once did, while the very same blue collar jobs are being done by
workers in 3rd world countries living under a much lower standard of living.
Some say our economy has changed to a service economy. I say it's changed to
a
service/welfare economy. Those not in the service economy or the dwindling
industrial economy are given a substinence thru welfare programs, which mask
the fact that our "economy" can't support all of us. It's time to look for
other solutions, and this starts with taking a look at who runs this country,
what kind of rules are they making for their own benefit, and the fact that
the gap between rich and poor is greatly winding. And the middle class is
disappearing. Talk about bleak...
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
Now, for an interesting text-file we saw floating around a local BBS. Since
the file has no authorship and contains some valuable info, we decided to
include it in this issue of ATI. We would like to give credit to the author
of the file, but since there is no identifying info on this file, we can't.
Anyway, enjoy:
---------------------------------------
THE EQUAL ACCESS HACKER'S GUIDE
---------------------------------------
The axing of good ole Ma Bell has rendered wrong everything you now know
about phone companies. The procedure for placing a long distance call is
now above the understanding level of a good proportion of the public, and
the various companies are doing very little to educate them. Thus this
attempt to inform the reader what new evil lives at the other end of his
pair.
In areas that are now equal access, it is possible to place a long distance
call using any of the carriers who will complete it for you. You do *not*
have to have previously set up an account with the carrier, as in the past.
They will complete the call and pass the billing back to your local
operating company [LOC], which in turn bills you for the call. So to place
the call via the "alternate" carrier, you pick up and dial:
10nnn + 1 + area code + number
The nnn is magic: it allows you to select a different carrier for that
call. There are a zillion little Mom-n-Pop carriers in different areas,
but here are some of the major ones whose access codes should be fairly
consistent.
220 Western Union ;; consistently bad audio 90% of the time
222 MCI ;; duplexey lines sometimes
288 AT&T ;; you know the story
333 U.S.Telecom ;; reasonably ok
444 Allnet ;; a major reseller of others' services
488 ITT ;; *bad* audio, useless for modems
777 GTE Sprint ;; usually good quality -- rivals AT&T
When you complete a call this way, via a carrier who "doesn't know who you
are", you are referred to as a "casual caller". Most of the major carriers
will complete casual calls. The smaller ones usually want an access code
and a pre-existing account. Note that all this is perfectly legal and
nobody is going to come pound on your door and demand your firstborn for
making your calls this way. The fun part starts when one considers that
this two-stage billing process involves a lot of red tape and paper
shuffling, and the alternate [i.e. not AT&T] carriers often have poorly
designed software. This can often lead to as much as a 6-month lag time
between when you make the call and when you get the bill for it. There is
a chance that you won't get billed for some calls at all, especially real
short ones. And if you do get billed, the rates will be reasonable. Note
that if you don't have an account with a given company, you won't be able
to take advantage of any bulk rates they offer for their known customers.
It is likely that for this reason, i.e. all the mess involved in getting
the billing properly completed, that the local Bell companies are
attempting to *suppress* knowledge of this. Notice that when you get your
equal access carrier ballots, nowhere do they mention the fact that you can
"tenex" dial, i.e. 10nnn, through other carriers. They want you to pick
one and set it up as your 1+ carrier so you don't have to learn anything
new. Now, it's already highly likely that the little carriers will fold
and get sucked up by AT&T and eventually everything will work right again,
but this policy is pushing the process along. The majority of people
aren't going to want to deal with shopping around for carriers, are going
to choose AT&T because it's what they've come to trust, and their lines are
still the best quality anyway. However, the more people become casual
callers, the more snarled up the billing process is going to become, and
the resulting chaos will have many effects, one of which may be free calls
for the customers, and the carriers and LOCs being forced to either
straighten up their acts, disable casual calls and lose business, or
knuckle under completely.
So where can you get more info about equal access, if not from your local
company? You call 1 800 332 1124, which AT&T will happily complete for
you, and talk to the special consumer awareness group dedicated to helping
people out with equal access. They will send you, free of charge, a list
of all the carriers which serve your area, with their access codes,
customer service numbers, billing structure, and lots of other neat info.
The LOCs will give out this number, but only under duress. They will *not*
give out any information about other carriers, including what ones serve
your central office, so you shouldn't even bother trying. It's apparently
been made a universal company policy, which is ridiculous, but the case.
Let's get into some of the technical aspects of this. First off, you might
ask, why 10nnn? Well, it could have been 11nnn too, but it wasn't. If you
think about it, other numbers could be mis-parsed as the beginnings of area
codes. 3-digit carrier codes also leaves plenty of room for expansion
[haw!]. Some of the carriers won't complete casual calls, and may even
give recordings to the effect of "invalid access code". Basically when you
$ek this way, your central office simply passes the entire packet
containing your number and the number you want to call to the carrier and
lets the carrier deal with it. You'll notice that this process takes
longer for some of the carriers. The carriers have differing database
structures and hardware, so it takes some time to figure out if it knows
who the calling number is, if bulk rates apply, and a few other things.
While it's doing this search, you get silence. What's a lot of fun is that
in areas that have recently gone equal access, the central offices do this
exact same process for public phones. And since the carrier usually has no
idea of what a public phone is, it happily completes the call for you as
though you dialed it from home. It is unclear who gets the resulting bill
from this, but it usually doesn't take them long to fix it. It's
conceivable that the carriers can hold numbers to *not* complete calls from
in their database, as well as regular customer numbers.
Some carriers also handle 0+ calls. If you dial 10nnn 0+ instead of 1+,
the office will hand it off as usual, and you'll be connected to the
carrier's switch, which gives you a tone. You are expected to enter your
authorization code at this point, and then off the call goes. This is so
you can complete equal-access style calls from friends' phones and use your
own billing. It also requires that you have an account with the carrier
already and an authorization code to use. Some carriers, in places where
the public phone bug has been fixed, will handle 1+ calls from them this
way as well. This mechanism introduces a security hole, because it's real
easy to determine the length of a valid authorization code from this since
something happens right after the last digit is dialed. Carriers that
don't do this will sometimes tell you to dial "operator-assisted calls" by
dialing 102880+ the number you want. Already they're admitting that AT&T
is better than they are.
And as if this wasn't enough, carriers that do this will also usually
connect you straight to the switch if you dial 10nnn#. The LOCs are
finally getting around to using the # key as sort of an "end-of-dialing"
feature, so you can reach the switch directly without having to dial a
local number or 950-something. Being able to get to the carrier's switch
is useful, because they often have special sequences you can dial there to
get their customer service offices, various test tones, and other things.
If you get the switch and then dial # and the tone breaks, you may have one
of these. Another # should bring the tone back; if digits have already
been dialed then # is a regular cancel or recall. Some carriers use * for
this. Anyway, if # breaks the tone, an additional digit may start a call
to an office. You can tell if it's working if # has no further effect;
you'll eventually either hear ringing or nothing if that digit hasn't been
defined. Many of the carriers have magic digit sequences that would
otherwise look like authorization codes, but go off immediately upon being
dialed and call somewhere.
Call timing and billing is a very hazy issue with the alternates, as one
may see from the consumer group sheet. AT&T is still the only one that can
return called-end supervision, i.e. the signal that tells your local office
that the called party has picked up. The alternates, although they may be
planning to install this through agreements with the LOCs and AT&T, have
not done so yet, so they use timeouts to determine if billing should be
started yet. These are usually the time that 8 rings takes; assuming that
most people will give up after 6 or 7. So if you listen to your brother's
fone ring 20 times because he went out drinking last night and is now dead
to the world, you will get billed for the call whether he wakes up or not.
This is sort of a cheapo compromise, but since AT&T is so reluctant to hand
them supervision equipment, their hands are sort of tied. But notice that
it's likely that you won't get billed for a real short call that is
answered quickly, either. With the advent of 9600 baud voice-grade modems,
this could have some interesting applications as far as message passing is
concerned, and avoids pissing off operators by trying to yell through non-
accepted collect calls or long lists of what person-to-person name meant
what. But in general, you should keep your own records of what call and
what carrier and if it completed or not, so you won't get erroneously
billed by a silly timeout.
Carriers often use their own switching equipment; they also often lease
lines from AT&T Long Lines for their own use. Allnet, for example, leases
equipment and time from other carriers at bulk rates and resells the
service to the customer. So if you use Allnet, you can never tell whose
equipment you're really talking on, because it's sort of like roulette
between satellite, microwave, or landline and who owns it. Some of this
latter-generation switching equipment is warmed-over AT&T stuff from a few
years ago, and therefore may be employing good old single-frequency trunks,
i.e. 2600 Hz will disconnect them. In the early days of carriers before
equal access, 2600 would often reset the local switch and return its
dial tone. This is less common these days but there's a lot of equipment
still out there that responds to it.
When you select your default carrier, there is another valid option that
isn't on the ballot. It is called "no-pick", and is not exactly what it
sounds like. If you simply don't pick one or return the ballot, you get
tossed into a lottery and you will wind up with any random carrier as your
default on 1+ dialing. You still won't get bulk rates from this carrier
unless you call them up and create an account [or you may get a packet of
info from them in the mail anyway, because if they got selected for you
they will probably want you to sign up]. However, no-pick is the condition
where you *do not* have a default carrier, so if you pick up and dial 1 +
area + number the call will not complete. This is great for confusing
people who attempt to make long distance calls on your phone and don't know
about tenex dialing. Probably your best bet as far as saving money goes is
to sign up with *all* the carriers, and examine their billing structures
carefully. You can then choose the one that's cheapest for a given call at
a given time. You may need a computer to do this, however. It is
surprising that nobody has yet tried to market a program that will do this
for you.
Post-parse, or 10nnn0+ dialing, is not the only security hole that carriers
have to deal with. There are often magic sequences that, when dialed after
a trial authorization code, will inform the caller if the code was valid or
not without having to dial an entire number. These usually take the form
of invalid called area codes, like 111 or 0nn or *nn. Most of the carriers
have fixed the problem in which an invalid code plus some sequence would
return silence and allow recall, and a valid one would error out. This
allowed valid codes to be picked out very quickly. Longer authorization
codes and improvements in the software have largely eliminated this as a
major problem, but it took a few years for them to get the idea. Note that
abuse of other peoples' authorization codes *is* illegal and they will
probably come after people who do it. However, it is often interesting to
play around with a carrier you are interested in purchasing service from,
and see if you can break their security easily. If you can, then it's
clear that someone else can, and this carrier is going to have a lot of
problems with fraud. Someone may even find your code and then you'll have
to deal with bogus billing. So if you find some algorithm which allows you
to come up with a 6 to 8 digit valid code, one thing you might do is call
the carrier and tell them about it. They'll thank you in the long run and
might even offer you a job, a side benefit of which may be unlimited free
calling via their equipment.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
- - - - - - - - - - - - - - -
:ATI, changing the way people :
read for over 2 years.
:ATI, a freedom paper. :
ATI, a way of life, patriots /
:ATI, more than just a - -
newspaper, it's the rag /
:of justice!!! /
- - - - - - - - - - -
Well folks, it's that time again. Look for ATI51 VERY soon, and I really do
mean it this time (heh heh heh..). I hope you liked #49 and #50. Please do
remember that we are always looking for letters to the editor, submissions,
large or small, and other fun stuff.
Ciao! ;)
Comments
Post a Comment