Chapter 2-2
Hacker Crackdown

Go to Table of Contents

Ever since telephones began to make money, there have been
people willing to rob and defraud phone companies.
The legions of petty phone thieves vastly outnumber those
"phone phreaks" who  "explore the system" for the sake
of the intellectual challenge.  The New York metropolitan area
(long in the vanguard of American crime) claims over 150,000
physical attacks on pay telephones every year!  Studied carefully,
a modern payphone reveals itself as a little fortress, carefully
designed and redesigned over generations, to resist coin-slugs,
zaps of electricity, chunks of coin-shaped ice, prybars, magnets,
lockpicks, blasting caps.  Public pay- phones must survive in a world
of unfriendly, greedy people, and a modern payphone is as exquisitely
evolved as a cactus.
Because the phone network pre-dates the computer network,
the scofflaws known as "phone phreaks" pre-date the scofflaws
known as "computer hackers."  In practice, today, the line
between "phreaking" and "hacking" is very blurred,
just as the distinction between telephones and computers
has blurred.  The phone system has been digitized,
and computers have learned to "talk" over phone-lines.
What's worse--and this was the point of the Mr. Jenkins
of the Secret Service--some hackers have learned to steal,
and some thieves have learned to hack.

Despite the blurring, one can still draw a few useful
behavioral distinctions between "phreaks" and "hackers."
Hackers are intensely interested in the "system" per se,
and enjoy relating to machines.  "Phreaks" are more
social, manipulating the system in a rough-and-ready
fashion in order to get through to other human beings,
fast, cheap and under the table.

Phone phreaks love nothing so much as "bridges,"
illegal conference calls of ten or twelve chatting
conspirators, seaboard to seaboard, lasting for many hours
--and running, of course, on somebody else's tab,
preferably a large corporation's.

As phone-phreak conferences wear on, people drop out
(or simply leave the phone off the hook, while they
sashay off to work or school or babysitting),
and new people are phoned up and invited to join in,
from some other continent, if possible.  Technical trivia,
boasts, brags, lies, head-trip deceptions, weird rumors,
and cruel gossip are all freely exchanged.

The lowest rung of phone-phreaking is the theft of telephone access codes.
Charging a phone call to somebody else's stolen number is, of course,
a pig-easy way of stealing phone service, requiring practically no
technical expertise.  This practice has been very widespread,
especially among lonely people without much money who are far from home.
Code theft has flourished especially in college dorms, military bases,
and, notoriously, among roadies for rock bands.  Of late, code theft
has spread very rapidly among Third Worlders in the US, who pile up
enormous unpaid long-distance bills to the Caribbean, South America,
and Pakistan. 

The simplest way to steal phone-codes is simply to look over
a victim's shoulder as he punches-in his own code-number
on a public payphone.  This technique is known as "shoulder-surfing,"
and is especially common in airports, bus terminals, and train stations.
The code is then sold by the thief for a few dollars.  The buyer abusing
the code has no computer expertise, but calls his Mom in New York,
Kingston or Caracas and runs up a huge bill with impunity.  The losses
from this primitive phreaking activity are far, far greater than the
monetary losses caused by computer-intruding hackers.

In the mid-to-late 1980s, until the introduction of sterner telco
security measures, COMPUTERIZED code theft worked like a charm,
and was virtually omnipresent throughout the digital underground,
among phreaks and hackers alike.  This was accomplished through
programming one's computer to try random code numbers over the telephone
until one of them worked.  Simple programs to do this were widely available
in the underground; a computer running all night was likely to come up with
a dozen or so useful hits.  This could be repeated week after week until
one had a large library of stolen codes.

Nowadays, the computerized dialling of hundreds of numbers
can be detected within hours and swiftly traced.
If a stolen code is repeatedly abused, this too can
be detected within a few hours.  But for years in the 1980s,
the publication of stolen codes was a kind of elementary etiquette
for fledgling hackers.  The simplest way to establish your bona-fides
as a raider was to steal a code through repeated random dialling
and offer it to the "community" for use.  Codes could be both stolen,
and used, simply and easily from the safety of one's own bedroom,
with very little fear of detection or punishment.

Before computers and their phone-line modems entered American homes
in gigantic numbers, phone phreaks had their own special telecommunications
hardware gadget, the famous "blue box."  This fraud device (now rendered
increasingly useless by the digital evolution of the phone system) could
trick switching systems into granting free access to long-distance lines.
It did this by mimicking the system's own signal, a tone of 2600 hertz.

Steven Jobs and Steve Wozniak, the founders of Apple Computer, Inc.,
once dabbled in selling blue-boxes in college dorms in California.
For many, in the early days of phreaking, blue-boxing was scarcely
perceived as "theft," but rather as a fun (if sneaky) way to use
excess phone capacity harmlessly.  After all, the long-distance
lines were JUST SITTING THERE. . . .  Whom did it hurt, really?
If you're not DAMAGING the system, and  you're not USING UP ANY
TANGIBLE RESOURCE, and if nobody FINDS OUT what you did,
then what real harm have you done? What exactly HAVE you "stolen,"
anyway?  If a tree falls in the forest and nobody hears it,
how much is the noise worth?  Even now this remains a rather
dicey question.

Blue-boxing was no joke to the phone companies, however.
Indeed, when Ramparts magazine, a radical publication in California,
printed the wiring schematics necessary to create a mute box in June 1972,
the magazine was seized by police and Pacific Bell phone-company officials.
The mute box, a blue-box variant, allowed its user to receive long-distance
calls free of charge to the caller.  This device was closely described in a
Ramparts article wryly titled "Regulating the Phone Company In Your Home."
Publication of this article was held to be in violation of Californian
State Penal Code section 502.7, which outlaws ownership of wire-fraud
devices and the selling of "plans or instructions for any instrument,
apparatus, or device intended to avoid telephone toll charges."

Issues of Ramparts were recalled or seized on the newsstands,
and the resultant loss of income helped put the magazine out of business.
This was an ominous precedent for free-expression issues, but the telco's
crushing of a radical-fringe magazine passed without serious challenge
at the time.  Even in the freewheeling California 1970s, it was widely felt
that there was something sacrosanct about what the phone company knew;
that the telco had a legal and moral right to protect itself by shutting
off the flow of such illicit information.  Most telco information was so
"specialized" that it would scarcely be understood by any honest member
of the public.  If not published, it would not be missed.  To print such
material did not seem part of the legitimate role of a free press.

In 1990 there would be a similar telco-inspired attack
on the electronic phreak/hacking "magazine" Phrack.
The Phrack legal case became a central issue in the
Hacker Crackdown, and gave rise to great controversy.
Phrack would also be shut down, for a  time, at least,
but this time both the telcos and their law-enforcement
allies would pay a much larger price for their actions.
The Phrack case will be examined in detail, later.

Phone-phreaking as a social practice is still very
much alive at this moment.  Today, phone-phreaking
is thriving much more vigorously than the better-known
and worse-feared practice of "computer hacking."
New forms of phreaking are spreading rapidly, following
new vulnerabilities in sophisticated phone services.

Cellular phones are especially vulnerable; their chips
can be re-programmed to present a false caller ID
and avoid billing.  Doing so also avoids police tapping,
making cellular-phone abuse a favorite among drug-dealers.
"Call-sell operations" using pirate cellular phones can,
and have, been run right out of the backs of cars, which move
from "cell" to "cell" in the local phone system, retailing
stolen long-distance service, like some kind of demented
electronic version of the neighborhood ice-cream truck.

Private branch-exchange phone systems in large corporations
can be penetrated; phreaks dial-up a local company, enter its
internal phone-system, hack it, then use the company's own
PBX system to dial back out over the public network,
causing the company to be stuck with the resulting
long-distance bill.  This technique is known as "diverting."
"Diverting" can be very costly, especially because phreaks
tend to travel in packs and never stop talking.
Perhaps the worst by-product of this "PBX fraud"
is that victim companies and telcos have sued one another
over the financial responsibility for the stolen calls,
thus enriching not only shabby phreaks but well-paid lawyers.

"Voice-mail systems" can also be abused; phreaks
can seize their own sections of these sophisticated
electronic answering machines, and use them for trading
codes or knowledge of illegal techniques.  Voice-mail
abuse does not hurt the company directly, but finding
supposedly empty slots in your company's answering
machine all crammed with phreaks eagerly chattering
and hey-duding one another in impenetrable jargon can
cause sensations of almost mystical repulsion and dread.

Worse yet, phreaks have sometimes been known to react
truculently to attempts to "clean up" the voice-mail system.
Rather than humbly acquiescing to being thrown out of their playground,
they may very well call up the company officials at work (or at home)
and loudly demand free voice-mail addresses of their very own.
Such bullying is taken very seriously by spooked victims.

Acts of phreak revenge against straight people are rare,
but voice-mail systems are especially tempting and vulnerable,
and an infestation of angry phreaks in one's voice-mail system is no joke.
They can erase legitimate messages; or spy on private messages;
or harass users with recorded taunts and  obscenities.
They've even been known to seize control of voice-mail security,
and lock out legitimate users, or even shut down the system entirely.

Cellular phone-calls, cordless phones, and ship-to-shore
telephony can all be monitored by various forms of radio;
this kind of "passive monitoring" is spreading explosively today.
Technically eavesdropping on other people's cordless and cellular
phone-calls is the fastest-growing area in phreaking today.
This practice strongly appeals to the lust for power and conveys
gratifying sensations of technical superiority over the eavesdropping
victim.  Monitoring is rife with all manner of tempting evil mischief.
Simple prurient snooping is by far the most common activity.
But credit-card numbers unwarily spoken over the phone can be recorded,
stolen and used.  And tapping people's phone-calls (whether through
active telephone taps or passive radio monitors) does lend itself
conveniently to activities like blackmail, industrial espionage,
and political dirty tricks.

It should be repeated that telecommunications fraud,
the theft of phone service, causes vastly greater monetary
losses than the practice of entering into computers by stealth.
Hackers are mostly young suburban American white males,
and exist in their hundreds--but "phreaks" come from both sexes
and from many nationalities, ages and ethnic backgrounds,
and are flourishing in the thousands.