
                Phreaking for newbies #1 - by the mob boss

Basic Phone Security - Making and Breaking It

The other day I was sitting in class and I was bored out of my head so I
picked up a dictionary. I was curious to see how a hacker was defined,
considering that seems to be one of the most passionately fought
arguments, good against evil, hackers against crackers.

I found the definition to be "A computer enthusiast, someone who breaks
into computers". Not suprising but when I went to look for "Phreak" and
"Phone Phreak", low and behold, it was not there. This seems to be
common these days.

Everyone is shaking in their boots about big, bad, evil hackers and what
might happen to their home or business computer, but no one ever stops
to think about the phone system. This article is not geared towards
anyone specific, in fact this is just an abstract to guide all those who
are interested in general security, privacy, and h/p. Whether your a
small business owner, a homemaker, or an executive, there is something
here that you should know, if you don't already. 

Phone Phreaking can be loosely defined as the exploration and
exploitation of the phone system and everything that goes along with it.
Back in the 60's and 70's there was blue boxing, back in the eighties
and early nineties there was red boxing, but nothing compares to the
things that are here now, in the early part of the 21st century.
Seems everything is hooked up to the phone system one way or another
these days. People are sporting voicemail, pagers, cell phones, home
answering machines, fax machines, computers hooked up to the internet,
cell phones hooked up to the internet, and there are plans to have cars
on the internet pretty soon as well (i.e. 2600 issue 16:4, I OWN YOUR
CAR). 1984 is here, just a little late.

Now considering all that why would someone ignore learning about the
phone system considering the whole backbone of telecommunications is
the phone system. That's a mistake a lot of companies and individuals
make. Besides theft of phone service, as there are so many legal ways
to make a free call these days, but how about privacy. How would you
like someone monitoring your business via the voicemail system or maybe
monitoring your house by using the remote access feature on your
answering machine to actually listen in on what's going on.

How about someone tapping your analog cell phone or old cordless phone?
Now from the attackers point of view, what better way to watch a target?
You want to break into a computer network, monitor the voicemail systems
for possible technical information and logins.

You want to break into a house, listen to messages on the answering
machine to find out the patterns of those who reside there. Want to
blackmail, extort, and steal, well then there are tons of possibilities
for you.

Lets start at home. What communication devices do you own? Cordless
phone, PC, Fax machine, answering machine? I'm willing to bet you have
at least one or all of those items in your home. First I will touch on
answering machines, personally I could live without it. Most people
hate talking on answering machines, and when its not meant to be its
not meant to be.

But I still own one and the first thing I did when I learned about
breaking into answering machines was to check my manual to see if my
machine had remote access. As it turned out, it did have remote access
but lucky for me it has a strong security policy, two bad tries will
boot you off, plus the code is a good one. Now machines I have
encountered in businesses and homes were as easy as dialing 123 after
the tone. So what you say? You have nothing to hide?

Well privacy is privacy and either way I don't want some thug hearing
when I'll be at the dentist or vacation. This is twice as bad if you're
a business and you have customers leave orders on the phone after hours.

Credit card fraud has been booming since the 1980's and two decades
later its still a problem, and its a safe bet that it always will be
a problem. Here is an easy to follow system for getting into an
answering machine, out of the many techniques I have read, tried,
or heard of this one is the most rewarding... after the tone start
dialing this sequence, 9876543210000123456789 then 2000, 3000, till you
hit 9000, then 1111, 2222, and so on till you hit 9999.

That technique will break into answering machines in the homes of
government officials, mail order stores, and places that should be
more secure. Try that on your machine or a friends (with his permission
of course) and see how secure that answering machine really is. 

Another problem that has been around for many  years is that of people
tapping cordless phones with simple frequency scanners. Now this problem
has been dying out but when I flip on the Ol' Bearcat I still hear
morons yacking away on there old, ten dollar, garage sale, cordless
phones. These aren't wholesome conversations either. Drug deals, phone
sex, and fights. I guess it all depends on where you live but just the
same there are a lot of possibilities here. Like I said, this is not a
new problem, but its still wide spread even though a whole decade of
cordless terror has gone by. By programming the following frequencies
into your scanner you'll here many conversations:

           Base     Handset      

   1      43.720   48.760
   2      43.740   48.840
   3      43.820   48.860
   4      43.840   48.920
   5      43.920   49.000
   6      43.960   49.080
   7      44.120   49.100
   8      44.160   49.160
   9      44.180   49.200
  10      44.200   49.240
  11      44.320   49.280
  12      44.360   49.360
  13      44.400   49.400
  14      44.460   49.480
  15      44.480   49.500
  16      46.610   49.670
  17      46.630   49.845
  18      46.670   49.860
  19      46.710   49.770
  20      46.730   49.875
  21      46.770   49.830
  22      46.830   49.890
  23      46.870   49.930
  24      46.930   49.990
  25      46.970   49.970

Obviously you want to listen into the base frequencies so that you hear
both sides of the conversation. Now you may say well I don't have an old
phone, "I have a brand new cordless phone that runs on the 900mhz band
and scrambles the conversation". The only thing I have to say to that
is, what if your business partner, mistress, and/or accomplice are using
a old cordless phone, then your security measures mean nothing and its
out there.

That's why you have to analyze security from afar, missing the big
picture will really screw you up.

Are you running a dialup server at your residence or small business?
If you think its safe because no one but you had the dialup then you my
friend are dead wrong. For years people have been using programs called
war dialers (i.e. ToneLoc) to scan exchanges looking for computers
and just because times have changed and the internet seems to dominate
all doesn't mean that people have stopped looking to their local
exchanges either. In fact much can still be found by having a war dialer
go for a few hours and attackers know this. A company can have a big
fancy firewall but a dialup sticking out like a sore thumb a few numbers
up from their main switchboard number. That kind of ignorance can be
very very costly and it would be wise to see how your computers are set
up.

If a dialup server is necessary be sure to pick strong passwords and
keep up with a good policy for protecting that data, physically and
remotely.

Lets move on to your small (or large) business. Most businesses worth
anything at least have a small PBX and voicemail system, plus the kind
of stuff you may have at home, as all the same of rules of home security
apply at the office as well. Its very important that a person takes his
sweet time with setting up the phone system, baby it just as much you
would the computer network because leaving the phone system open will
lead the path to your precious network. If someone gets into your phone
system what do you have to lose? Privacy, valuable information about
customers (credit card information), use of your lines to call Europe
and what not.

I must say that PBXs are more challenging now then they were ten years
ago but considering most voicemail systems run hand in hand with the
PBX, having weak passcodes on your voicemail system can lead to
exploitation of your PBX services. Meridian Mail, which is put out by
Nortel (www.nortel.com), for instance has a nice little feature where
you can set the operator assistance number, which in what I have seen is
local numbers, just the same it can be useful for bouncing through to
avoid tracing. I don't think anyone wants their phone system used as
a jumping off point for attack against something big.

The same rules of breaking into answering machines applies to voicemail,
but one can get more creative here. There is usually multiple accounts
on a system so if you can't get into one, more onto another. 999 or 9999
is usually an administrators box and 100 or 1000 is usually a general
delivery box.

Its been my experience that the general delivery box can be the most
influential as that's where your general information can be obtained and
that's also a very easy box to get into, a lot of the time the passcode
is just 1000. In general though some passcodes to try are the number of
the box as the passcode, 1234, 1111 to 9999, 1000 to 9000, the name of
the person or company in DTMF, and the last four digits of the phone
number. Knowing that, its possible to use these private phone networks
for a lot of different things and I think its very clear why someone
should take this into consideration.

Ok now that its clear that your everyday conversations are at risk lets
talk about some of the ways we can insure that our distant party is the
only other person to hear the conversation. Remember the only secure
conversation is one in person, free of any monitoring. Getting back to
the point, one must consider what level of security is needed for a
conversation before they begin to put security measures in place.

For instance I doubt you need to encrypt a voice conversation with your
grandmother (unless she works for a three letter agency) nor do I think
you want to be on that old cordless phone while buying arms from third
world terrorists (not that I'm advocating that). Lets say you are
interested in securing voice communication, here are some ideas on what
you can do to protect your privacy.

The first method is accomplished through PGPphone, a nice little program
from the makers of PGP (Pretty Good Privacy). This program allows for
secure modem to modem or tcp/ip based voice communication. Using PGP
keys at the strength preselected the conversation can be encrypted and
secured from prying ears. Only drawback is that there is a little bit of
lag and the stronger the key, the more static and breakup you will get.

Another idea for shaking any taps on your phone line or your
counterparts phone line is through the use of a number of payphone.
If you keep a good list of payphone numbers in your area that allow for
incoming calls you can be at a certain payphone at a preselected time to
receive that call. If its busy you can always have a backup payphone not
too far away or your contact will simply try back every two minutes.

In my area at least there are still some neighborhood COCOTs (customer
owned coin operated telephone) that still take in calls. Your best bet
is to call a voicemail number that has ANI every time your at a
payphone.

When you get home call all the payphone numbers you accumulated and see
which ones take in calls. Some owned by the Telco will not allow the
call to go through, some COCOTs will have a modem pick up.

As another approach you could always invest in one of those expensive
communication devices that hook up to the telephone and allow you to
call another telephone with the device. The price is definitely a
drawback ($500 area) so using one of the less expensive methods is most
likely the best way to go). Be creative and use your common sense,
doing that you'll come up with many creative ideas. 

This was meant simply as a primer to phone security. Yes these are old
problems but they needed to retouched on because it seems many people
are still mystified by simple phone phreaking techniques.

There are other phone risks, such as beige boxing and social
engineering, but those topics have been covered already in some very
well detailed articles that are available on sites all over the internet
and fine BBSs like Ripco. I hope this has opened your eyes to the
dangers out there or at least refreshed your memory. And to cut off all
those flames that I ripped this information off and what not, I have
spent many hours on the phone testing and perfecting these techniques,
there is nothing here that I don't have first hand knowledge of.

I'd like to leave off with these words that good friend recently told
me, "When you take from one its plagiarism, but when you take from many
its research.".

Appendix

PGPphone                        http://web.mit.edu/network/pgpfone/
Phreaking Info                  http://come.to/mobdomain
                                http://www.phonelosers.org
                                http://www.hackersclub.com/km


-The Mob Boss; http://come.to/mobdomain
Voicemail and fax: 1-877-203-3043

Special Thanks To...

Deo
Ryan 
Websulker (http://www.websulker.com)

and anyone else I left out... 

-The Mob Boss

