
Whatever Happened to the Phone Phreaks? - JumpCrisscross
http://www.theatlantic.com/technology/archive/2013/02/whatever-happened-to-the-phone-phreaks/273332/
======
cynwoody
Back in the seventies, the simplest phone hack was probably what we called the
"click-it", but is more formally known as the Black Box.

Some curious person had connected a lineman's set to a ringing phone line and
noticed that, between the extremely loud ring signals, he could hear the
calling party talking to himself. Also, that if he briefly shorted the ringing
line, the ringing would stop but the call would stay connected. And he could
now clearly hear the distant party! Moreover, if the calling party was using a
pay phone, he could hang up and get his dime back, even if he had read the
Declaration of Independence into the phone in the meantime. IOW, there was a
functioning talk path but no billing!

So, the only problem to be solved was to get audio into the formerly ringing
line without drawing enough DC from the line to look like a real phone call
was in progress (and thereby trigger billing). This was easily solved by
placing a capacitor in the line to keep the phone from drawing DC and placing
a six-volt battery across the line, in series with an audio frequency choke.
The final piece was a momentary contact switch (the clicker) placed across the
line ahead of the capacitor. If you got a long distance call, you clicked the
switch to stop the ringing, then picked up the phone, and talked for hours.
And the calling party never saw the call on their bill.

If you wanted to initiate a call, you could "code ring" the party, signaling
them to call you by prearrangement.

If memory serves, the Black Box stopped working when they rolled out ESS in
the late seventies.

~~~
mindcrime
That was a good one, but arguably the simplest "hack" was the Beige Box.

For the uninitiated, a "beige box" was just a piece of phone wire with a RJ11
jack on one end (the kind that plugs into the base of a phone) and alligator
clips on the red and green wires at the other end. You used it by opening up
the "demarc box" on the side of a building and clipping onto the corresponding
terminals in the box, and using the line like normal.

What made this moderately useful was the emergence of COCOT (Customer Owned
Coin Operated Telephones) phones. With a phone company payphone, the "magic"
that made it a payphone was stored in the switch at the exchange, and so beige
boxing one of those didn't do you any good. But the "magic" that made a COCOT
a payphone was in the phone itself, so the line it was hanging off of was
usually a plain jane phone line with full long-distance and everything
available. So you'd find a COCOT at a strip mall or something, then drive
around back to where the demarc boxes were, find the one for the payphone
(usually by trial and error) and take it over. Now you could do all the war
dialing or calling long distance you wanted. And hiding out behind a strip
mall late at night, hidden behind a dumpster or whatever, you were fairly safe
from being found by cops. In fact, of all the times we did this stuff back in
the day, we never got caught by a cop in the act of using this setup.

Even better, some of the demarc boxes were rigged up internally to use an RJ11
connector, so you didn't even need the alligator clips. You could just open up
the box, unplug the wire inside, and plug a regular phone in and have your way
with it. :-)

~~~
eric970
I'd like to disagree that biege boxing COCOTs wasn't useful.

First off COCOTs were owned by customers, so the magic did not happen at the
telephone switch. Quite the opposite.

When VoIP started emerging, a handful of COCOT companies and their operators
figured out how to place long distance calls for a fraction of the usual
price. Instead of placing LD calls over the telephone network, any LD call
would be intercepted by the COCOT firmware. Instead, a local number would be
called and rerouted over the Internet. This was a type of extender, and one
could beige box these pay phones to pick up DTMF tones and figure out the
number of the extender and its access codes. Sometimes an access code was even
optional for a call to go through the extender. Like many extenders, these
became abused like hell.

~~~
mindcrime
_I'd like to disagree that biege boxing COCOTs wasn't useful._

Umm, nobody said that.

 _First off COCOTs were owned by customers, so the magic did not happen at the
telephone switch. Quite the opposite._

That's exactly what I said above.

~~~
eric970
Sorry, I had misread your comment.

~~~
mindcrime
Heh, no worries. Looking back at it, I realize I could have written that more
clearly anyway. :-)

------
mindcrime
Up to somewhere in the mid 90's, you could play around with phreaking, fairly
confident in the knowledge that even if you got caught, you would get a "slap
on the wrist" at most. But somewhere around the time of the Steve Jackson
Games raid, the Mitnick bust, and a few other notable news events, the mood
shifted, and a lot of people started thinking "shit, this is for real and I
could (go to jail | lose my job | get kicked out of college | etc) for this".
By 1998 or so, I'd pretty much given up on phreaking (and any element of
"black hat" hacking) for (mostly) those reasons. I got the impression it was
the same for a lot of people.

Also, phreaking per-se became a lot more difficult as telcos replaced the
older switches with 5ESS and other digital switches. At some point, a switch
just became a specialized computer and "phreaking" and "hacking" started to
collapse into one activity. And as the Internet became ubiquitous and the WWW
spread, a lot of people probably drifted into exploring websites and shit,
instead of messing around with the phone network.

------
lowglow
My obsession with phone phreaking in the 90s was because it was the medium by
which we accessed the world. There was a wire that ran into my house whereby I
could speak to anyone or dial into anywhere. It was attached to a phone that
itself could be taken apart and investigated.

Couple these facts with what was then the only resource for people wanting to
know more for free: text files. The community surrounding 2600, Phrack, and
countless other zines lost to the ages. It created a sense of ability to
access all points along this route of communication.

I was young and stupid, and I wanted to know more about the technology behind
what I was using. The presentation of text files help me consume that
information easily, because they were in essence written by people like me for
me.

When dial up faded out, and I grew older, technology was just a utility to
make a paycheck. I shifted more focus on development, because
phreaking/hacking didn't pay my bills. I think that generation just grew up
and got cellphones. Then there was a cellphone phreaking period. It's still
there but I feel the scene has gone far more underground, or concentrated its
efforts on jail breaking.

I think we'll see a resurgence of hacking/phreaking soon, since devices are
becoming cheaper and more accessible to children.

~~~
eksith

      because phreaking/hacking didn't pay my bills.
    

This is what kills most adventures in hacking. And I think you're right, we're
already seeing a resurgence in that burner cellphones are already becoming
commonplace, although a lot of that is in the blackmarket and sadly being used
for criminal activity than just to satiate curiosity.

An old friend of mine got a visit by AT&T technicians when they detected funny
activity on his dad's line and I think he had to pay a $100 fine or something.
Today, if he was doing the same things, he likely would be in jail. The legal
atmosphere has turned toward disproportionate punishment so much so that the
only people exploring the wireless field, by and large, are those who are
dodging jail time to begin with.

I think the Raspberry Pi and Arduino field may be more enticing for young
people due to their hacker-friendly nature and I feel wireless mesh technology
may be where the future of communications hacking will be.

~~~
Stratoscope
> An old friend of mine got a visit by AT&T technicians when they detected
> funny activity on his dad's line and I think he had to pay a $100 fine or
> something.

Sounds familiar.

I got busted for phreaking in 1972. Pled no contest, paid a $450 lawyer's fee,
$150 fine, and $25 restitution to AT&T.

Afterward, the AT&T investigators took me out to lunch at my favorite Chinese
restaurant. No, they didn't try to get me to name other notorious phreaks so
they could go after them. They seemed to have genuinely felt bad that the
whole legal apparatus had to get involved.

Yes, perhaps a little different from today.

~~~
eksith
They sound like a bunch of stand up guys. My, how times have changed.

In a sad way, all the TOS/EULA/Contracts and other legal mumbo jumbo we sign
away our rights with are just more nails in the coffin of free expression and
exploration. Now, I can understand companies get upset if you take more than a
fair share of services without paying for it, but we don't really get a fair
share in the first place. And if you break the TOS (provided it hasn't changed
since you signed up), it's fair to lose the service, but not your freedom.

~~~
lowglow
This is a big concern for me. I think we're really hitting kids/teens too hard
for hacking. I'll be chatting a bit about this on Techendo this week. I'm not
sure I know what's best, or how to deal with malicious vs. non-malicious
hacking. B&E is B&E no matter if they broke in and left, or just broke in and
stole things, right?

~~~
eksith
Define "breaking". That's the key here, how does copying something without
doing damage to the system (I.E. deleting files, leaving backdoors etc...) be
treated the same as, let's say you walk into an unlocked office, stick an open
folder's worth of files into a copy machine (also located in the office, I.E.
cp, mv) and leave without taking the original folder's contents.

At worse, it could be trespass since entering is not disputed, but then the
website/portal/office or what have you, should clearly mark which areas are
verboten to unauthorized personnel and what exactly "unauthorized" means.

Does "unauthorized" mean you don't have any permission to view or copy at all?
Does it mean, you have permission to view, but not copy? Does it mean you have
permission to copy, but not a whole lot at the same time? Does it mean you can
copy to your heart's desire, but not redistribute? Does it mean you can
redistribute, but not edit?

Breaking and entering isn't applicable as-is to the virtual world. Law makers
need a completely different mindset to approach information security.

------
clamprecht
Most of us are still around. Agent Steal died. Minor Threat here, author of
ToneLoc - <http://en.wikipedia.org/wiki/ToneLoc>

~~~
mindcrime
Wait, seriously!?!! You're Minor Threat!!?? Holy crap, if you had any idea how
many hours I spent war-dialing with ToneLoc back in the day... oh, wait, you
probably _do_ have a pretty good idea. LOL.

Me and a few buddies got pretty deep into this stuff for a while in the mid to
late 90's. So much that we would load my old 486 laptop in the car, take a 50'
long phone extension cable and drive out to a COCOT in a rural area in the wee
hours of the morning, and "beige box" off of the COCOT, sitting in the car 50'
or so away. Our thinking was that a passing (police) car wouldn't notice the
wire laying on the ground and that we'd be just a random car parked in the
parking lot... probably kids making out, or somebody reading a map or
something. Anyway, we'd sit there half the night scanning for dialups, then
drive to a nearby telco exchange with a dumpster conveniently located outside
and trash for passwords / modem numbers, etc.

For a while we had full control of a DMS-100 switch owned by the local telco.
Unfortunately we made the mistake of calling it from my home one day, and as
soon as we hung up the phone rang, and it was somebody from the phone company!
That was the beginning of the end of my phreaking "career".

However, if you were to go to my parent's place and root around enough in the
old storage shed, I would not be surprised if you found a box or two of old
telco printouts and manuals, and maybe an old grey plastic Craftsman toolbox
full of phone handsets, stolen telco tools, a 7/16" nutdriver (it opened a lot
of the equipment cans our local telco used, as well as the demarc boxes on the
sides of buildings and houses), and a bunch of RJ11 and RJ14 extension cables,
RJ11 splitters, wire cutters, alligator clips, etc. Come to think of it, I
should probably get rid of that shit in case the statute of limitations hasn't
expired. :-)

------
josh2600
They're in San Francisco building a phone company.

Seriously, we at 2600hz continue to be heavily influenced by the
counterculture; the ever-inquisitive minds attracted to the largest network
the world had ever seen.

To think that the first transatlantic cable was laid in 1957. We've come even
further from "what hath god wrought", but it's only getting crazier each day.

The phone phreaks didn't go away, they're all over the world tinkering away.

~~~
Stratoscope
> To think that the first transatlantic cable was laid in 1957.

1858, my friend, 1858.

<https://www.google.com/search?q=first+transatlantic+cable>

Additional reading...

Mother Earth Mother Board:

<http://www.wired.com/wired/archive/4.12/ffglass_pr.html>

The Victorian Internet (one of my favorite books ever, highly recommended):

<https://www.google.com/search?q=the+victorian+internet>

~~~
Samuel_Michon
You're both correct, but Josh2600 was obviously referring to phone cables, not
telegraph cables.

 _"TAT-1 (Transatlantic No. 1) was the first submarine transatlantic telephone
cable system. It was laid between Gallanach Bay, near Oban, Scotland and
Clarenville, Newfoundland between 1955 and 1956."_

 _"The first transatlantic telegraph cable had been laid in 1858. It only
operated for a month, but was replaced with a successful connection in 1866. A
radio-based transatlantic telephone service was started in 1927. Although a
telephone cable was discussed at that time, it was not practical until a
number of technological advances arrived in the 1940s."_

<http://en.wikipedia.org/wiki/TAT-1>

~~~
Stratoscope
Ah! Thank you for the correction.

~~~
josh2600
I'm actually just finishing "How the world was One" by Arthur C. Clarke. It's
an absolutely fascinating look at undersea cabling.

So in 1858, the wire that was laid across the Atlantic by Cyrus W. Field was
essentially just that, not a cable at all. It was a few strands of copper
coated in gutta-percha, and it was destroyed by an overzealous engineer
jamming WAY too much voltage into the wire (he would later lose his job to
Lord Kelvin of Degrees Kelvin fame).

In 1865 they attempted to lay the cable again, but the cable snapped during
the trip. It would snap 3 more times before they would finally connect Europe
to North America. The Times of London had an amazing quote from the 1858
endeavor:

"The Atlantic is dried up, and we become in reality as well as in wish one
country.... The Atlantic Telegraph has half undone the Declaration of 1776,
and has gone far to make us once again, in spite of ourselves, one people...."

On another really interesting point: there were no telephone cables crossing
the atlantic until 1957. So how did folks make calls to Europe? The answer was
the Heaviside layer of the atmosphere and radio transmissions. Yes up until
1957, all calls to Europe were made by bouncing waves off of the ionosphere.

I <3 Telecom.

------
S_A_P
I remember in the 80's the only "phreaking" that I knew how to do with our
local bell system was to go to a pay phone and dial 258 and the last 4 digits
of the pay phones phone number, and hanging up 3 times would make the switch
call you back. I remember being fascinated by this and wanting to learn more.
The trick stopped working shortly after and I never did learn anything else.

~~~
cynwoody
The way pay phones used to work (and probably still work, when you can find
one) was you dropped the coins in the slot, and they landed in what is known
as the escrow hopper. Once you paid for the first three minutes, the call
would go through. If the distant party answered, a pulse would be sent down
the line emptying the escrow hopper into the lock box at the base of the
phone. If not, you could hang up, and a pulse would come down the line dumping
the escrow hopper into the coin return. It was a matter of the pulse's
polarity.

If you could gain access to a pay phone's phone connection, you could splice
in a simple circuit that would allow coin return signals to go through
unmodified but would invert coin collect signals, thereby always returning
your coins.

Of course, if you could tap into a pay phone line, you might notice that
grounding one side of the line produced a dial tone, enabling you to make free
local calls. Long distance was a less trivial problem, since the operator
would come on and ask for more money, verified by listening to gong sounds
(later beeps) that the phone would send when coins were inserted. An obvious
solution was to play a tape loop of a quarter being inserted enough times to
represent the required payment. Later, this came to be known as Red Boxing,
the Red Box being an electronic circuit that replaced the tape loop, emitting
the desired number of beeps to represent whatever sum was due.

~~~
yuhong
I think it was called Automated Coin Toll System (ACTS). I don't think it is
used very often anymore, if at all.

~~~
eric970
ACTS came way later. There's a great article on the history and eventual
(mostly) discontinuation of it here:

<http://www.phworld.org/payphone/acts.htm>

------
robterrell
I have a stack of "Tap" newsletters from the 80's. Tap was the forerunner of
2600... A combination of tidbits of information on blue boxing, bbses,
DARPANET hacking, unix privilege escalation vulnerabilities... Along with
information about recreational drugs, guns, surviving the upcoming nuclear war
that was prophesied by Nostradamus, avoiding paying taxes... A crazy mix of
topics. I loved reading them. They were transmissions of secret knowledge.

------
cactus441
Surely the Phone Losers of America should be mentioned. The guy behind that,
RBCP, maintained a series of electronic 'zines in the '90s, that talked about
red boxing, beige boxing, and all sorts of phone phreaking topics. The PLA is
still around to some extent nowadays with an online radio station where
episodes of their various shows are played (and they sometimes do live shows),
although a lot of their material is them prank calling people and businesses.

~~~
eric970
I was a PLA'er for a few years. Great community, abit more of a pranking
community than a heavily technical one.

------
jberryman
I guess it's been about a decade (crazy!) but there were quite a few legit and
really knowledgeable phreaks doing interesting things on the binary revolution
forums (looks like binrev.com's still around!). Back when I would lurk, there
were a lot of novel things going on, e.g. with VOIP. spoofing caller ID and
calling yourself to extract the telco's caller ID data was one I remember.
War-dialing and collecting interesting numbers was also big.

Obviously there is a nostalgia for the blue-boxing days, which most of us have
only ever read about. And of course that was never really about free calls
(you can place a free call with a $2 headset and pair of bed-of-nails clips on
any block in america), and I think the classic esquire piece communicates that
pretty well.

~~~
eric970
Just wanted to say, yeah BinRev was awesome. I was there, and (without
dropping handles/names/etc.) I'm pretty sure we used to talk quite often ;)

~~~
jberryman
hey, cool :)

------
ccantrell
The days of knowing the telephone company as intimately as we knew them are
gone. So much has changed since our time. Although we never called ourselves
phone masters. Thats the nickname the FBI felt they had to give us. I used to
be Zibby. One of my coolest moments was getting to bluebox in the mid
nineties. It was using the 1800 direct greece line. Ah those were the days.

------
NamTaf
On a complete side-note, wow that's a racist cartoon. It helps you appreciate
how times have changed, yet still how far we have yet to go.

~~~
D9u
Yes, very racist. Implying that Caucasians are of inferior intellect.

------
Zarathust
So the phone lines became extremely hard to hack from an electrical
perspective and everything merged with computer security as a whole as most of
the calls became voip.

We could run articles with headlines such as "what happened to the BBSes?".
They became obsolete and merged with other similar tech cultures.

------
ChrisArchitect
flashbacks to textfiles and issues of Phrack.

Seeing a full phonebooth (with a phone in it) makes me stop in my tracks these
days.

------
pan69
They are still around, except that nowadays they fiddle with browser security
hacks instead of phones..

~~~
eric970
Or the ones who were genuinely interested in the inner workings of networking
pursued careers in that area.

------
sl0ppy
I was t00ph / sl0ppy on #phreak if anyone from those days is browsing :)

~~~
eric970
I was briefly on #phreak. Your handle sounds kind of familiar. Sad to say, I
thought most of the regulars were elitest as hell and I never once saw an
intelligent conversation go down on there.

------
CleanedStar
In the early 1980s I used to call a BBS with a private section that had "950
codes". I didn't really associate with people doing this sort of thing until
the late 1980s though...

I have to laugh at the article. The people I knew were not blowing 2600 tones
into multi-frequency trunks, they were not even logging into their local TIRKS
or SARTS or COSMOS or 5ESS/DMS-100 switch. They had the whole system "owned".
The x.25 networks to - Tymnet, Telenet etc. As well as all the key Internet
machines and networks. We're going back over 20 years though...Not that I
think things are more secure, the opposite actually.

One of the guys I knew later went to work for the tiger team of one of the big
four accounting firms. Their success rate? 100%. He complained it was not a
real test though, as he could not hack into Verizon or AT&T and get in via
those back channels...

As to what happened? Others I know set 1995 as the year it ended, and I agree.
Between 1994 and 1996, everyone I know started working at ISPs, security
companies, dot coms and so forth. Including myself. Some of the people who
hung out on the IRC channels became CEO/CTO/CIO/CSO executives in companies
which got millions in VC (back then and recently), or were bought out for
millions, or their companies IPO'd. I would say how well some of the people
who used to hang out on IRC and go to cons have done, but I don't think people
would believe me. I'm not even counting stuff like the founding of Apple,
which I think Jobs said would not have happened if him and Woz didn't build
blue boxes. The way things really happen are covered up, or not brought up any
how. "Every fortune of unknown origin began with a crime" - Balzac

~~~
CleanedStar
One theory I forgot to mention...of why phreaking and hacking died out as it
was in the mid-1990s...

From the late 1970s until the mid-1990s, communication via a computer and
modem was done for a great deal of people via BBSs. Someone, often a young
man, would set their phone line and computer to act as a BBS when they weren't
using the line themselves. So you had a network of independent, autonomous
bulletin boards, run by young men mostly, called by young men mostly. They
created their own culture.

It is not the Verizon/AT&T high speed connection, with Usenet servers being
pulled, torrents being throttled with MPAA/RIAA letter being passed back and
forth system we have now. I mean we're talking here on a board owned by
venture capitalists. Or Slashdot, owned by a public company. Or chatting on
Facebook. All of this was not so corporatized then. I mean, things like
Usenet, P2P, anything autonomous and independent and similar to how things
were done back then are beset upon by the powers that be. There was freedom
back then, now things are back to typical USA - corporate-run, unfree,
policed, boring etc.

~~~
cynwoody
I remember when I discovered BBSes. Must have been sometime in the mid-
eighties. I found a number in magazine, probably _Byte_.

And I called it, using a TI Silent 700 terminal, which was an acoustic coupler
300-baud modem married to a thermal printer. It was called _Silent_ to
differentiate it from noisier (and slower) impact-printer based competitors,
such as the IBM 2741, which used the Selectric typewriter bouncing type ball.
The 700 could print out text at 30 characters per second on a roll of thermal
paper.

When it answered, I was presented by a set of menus leading to all sorts of
interesting hacking-related text files. But the most interesting text file
wasn't a hacking screed. Rather, it was a directory of other BBSes, their
areas of interest, and their phone numbers. Think the internet over PSTN.
Touring the BBS network of the time, I went thru quite a few rolls of paper
and made a significant contribution to the company's phone bill!

