Slashdot Mirror

← Back to Stories (view on slashdot.org)

Phreaking Not Dead Yet

Posted by CowboyNeal on from the red-box-blue-box-beige-box-new-box dept.

santos_douglas writes "From Wired comes this article about an exploit involving weak voicemail passwords and automated voice recognition systems for accepting collect calls. The providers involved, SBC and AT&T, don't seem too concerned about their customers receiving tens of thousands in fraudulant charges from places like Saudi Arabia and the Phillipines."

10 of 193 comments (clear)

  1. Phreaking by Cyno01 · · Score: 4, Informative

    For more about Fone Phreaking, check out the grand master... Phone Losers of America

    --
    "Sic Semper Tyrannosaurus Rex."
    1. Re:Phreaking by moonbender · · Score: 2, Informative
      Short jargon file entry on it. If you're bored some day, be sure to read the report/short story on phreaking in the anarchists's cookbook, it's quite entertaining.

      phreaking

      /freek'ing/ [from `phone phreak'] n. 1. The art and science of cracking the phone network (so as, for example, to make free long-distance calls). 2. By extension, security-cracking in any other context (especially, but not exclusively, on communications networks) (see {cracking}). At one time phreaking was a semi-respectable activity among hackers; there was a gentleman's agreement that phreaking as an intellectual game and a form of exploration was OK, but serious theft of services was taboo. There was significant crossover between the hacker community and the hard-core phone phreaks who ran semi-underground networks of their own through such media as the legendary "TAP Newsletter". This ethos began to break down in the mid-1980s as wider dissemination of the techniques put them in the hands of less responsible phreaks. Around the same time, changes in the phone network made old-style technical ingenuity less effective as a way of hacking it, so phreaking came to depend more on overtly criminal acts such as stealing phone-card numbers. The crimes and punishments of gangs like the `414 group' turned that game very ugly. A few old-time hackers still phreak casually just to keep their hand in, but most these days have hardly even heard of `blue boxes' or any of the other paraphernalia of the great phreaks of yore.

      --
      Switch back to Slashdot's D1 system.
  2. Not really new ... by Anonymous Coward · · Score: 5, Informative

    The basic idea being used here is *really* old, phreaks have been changing OGM's to "- pause - yes, we accept that collect call" and suchlike for ages. The novel aspect is that it's essentially automated, no SE'ing skills required to make a convincing message, due to AT+T and SBC being retards. Still amusing though.

  3. Quick summary of the exploit by Levine · · Score: 4, Informative

    Users are given a brand new phone system, with some default password used to set voicemail messages. Users did not change that default password. Enterprising na'er-do-wells realize this is going on, use the default password to change the voicemail greetings to "yes, yes, I will accept the charges, yes, yes" and proceed to make free collect calls.

    We have a classic case of stupid users.

    It's not that I don't feel for them. And I certainly think AT&T/SBC will start provisioning these systems with pseudorandom passwords as defaults. But if you don't change your password, and someone else finds out about it... that's no one's fault but your own.

    Should the people who did this be punished? Absolutely, they clearly broke the law. But now, maybe people will begin to realize that security isn't something that they can leave up to third parties -- it's something they need to take in their own hands, lest they find themselves $12,000 up shit creek and lacking any means of locomotion.

    levine

  4. My companys voice mail server used to get hacked by eyeareque · · Score: 4, Informative

    my companys voice mail server used to get hacked all the time. we have over 20,000 mail boxes so toll fraud is something that we just had to deal with. A simple fix for our problem.. turn off the ability to dial out of the voice mail server, and viola, problem solved. :)

  5. Re:Turing test for phones.. by asr_man · · Score: 1, Informative

    It's a great idea, but changing from a "yes/no" recognition to a digit recognition will result in an order of magnitude increase in processing load. So telco can't go there without reprovisioning with upgraded hardware first. We'll be running RedHat16 by then.

  6. Watch out for fraud! by rice_burners_suck · · Score: 3, Informative
    Here's one to watch out for: Fraudulent calls to 900-like numbers in the U.S. Virgin Islands. Yup. Someone can call your house and leave a message, telling you that there is an important matter and you need to call them back. The phone number has an area code that looks NOTHING like 1-900. Kind of like those 877 and 888 numbers that are toll-free, except that these are toll-cost numbers. So you call back and hear a recording, the only purpose of which is to keep you on the line for as long as possible. Next thing you know, you get a phone bill for $1000.00 or so because this company charged you $500.00 a minute for two minutes. It's fraud but it's international, so you're screwed.

    I never call back numbers that I don't recognize. If it's important, they'll call me again.

  7. Re:Thats not 'Real Phreaking'! by pa-guy · · Score: 2, Informative

    LOL. I've got two of those. The outside is thick plastic, inside everything is waterproofed. These were designed to last forever.

    I've also got a really old one with the outside encased in rubber, and little prongs on the tiny rotary mech, so you could dial even with gloves on, at the top of a pole in any weather.

    Dad was a lineman for MTS (Manitoba Telephone System). When he died I got all of this stuff, and a bunch of other cool stuff like climbing spikes and safety belts.

    Note to all: don't install a resistor across the line to allow free incoming long distance calls when Dad's a lineman. Also, don't build a bluebox using parts you stole from dad's work. The phone company can get quite upset.

    Dad was even madder.

  8. Re:Even worse by kesuki · · Score: 2, Informative

    Then have the system say
    "you have a collect call from "(name spoken by collect caller)" If you would like to accept charges say (random word or number) now. (pause) To accept charges say (same random word) now. To repeat this message press the # key"
    The pause allows them to say 'umm what' and then figure it out. It's no harder than leaving a message on a voice mail system.

    I originally thought of allowing the users to press a number on the telephone pad -- however that would allow them to input a sequence of all the numbers on the keypad into the voicemail message. Using random words is better. # key resets the random word, so that if the person can't pronounce the word so the system can understand it then gives them another chance to try.
    Instead of a question, you tell them how to accept charges. you tell them how twice. Most people will be able to figure it out by the second time it's played to them. Those who can't shouldn't be accepting a collect call (or reproducing for that matter).

    --
    https://www.gnu.org/philosophy/free-sw.html
  9. 1010805 by Anonymous Coward · · Score: 1, Informative

    Back in the day, I used to pull off the following scam (DISCLAIMER: I was young and foolish then. I'm a good, law abiding citizen now):
    COCOTs (Customer Owned Coin Operated Telephones, ie. payphones not owned by the local phone company) were programmed to recognize certain long distance codes (like 1010220 and all the other ones you see dumb comercials for). This was required by law. Unfortunately (for the COCOT owner) these payphones were infrequently maintaned. It used to be that all long distance access codes were 5 digits. At the time, the FCC had just added 7 digit access codes. Many COCOTs were not programmed to understand the new 7 digit codes. So if you simply dialed 10108 (pause) 05, the payphone would interpret this as entering the 10108 LD access code, then 0 (for an operator, which is free). It would dutifully dial 1010805, which got a long distance line, thinking you were talking to an operator. You could then merrily dial any long distance number you wanted, and talk for free.

    I'm also reminded of my first Blue Box, a radio shack autodialer modified with a switch and a replacement crystal (stuck to the side with a huge wad of epoxy). Then they started selling these digital voice recorders, which could replay a tone with perfect (enough) fidelity forever.

    The thing about these illegal exploits was that I didn't *need* to steal long distance service. It was more about fun and interesting techincal exploits than stealing. This isn't an excuse, just an explanation. It wouldn't have been as much fun if this "youthful indiscression" didn't increase my knowledge of a rather amazing system. For this, I thank the telephone companies. I think I share this viewpoint with a lot of people accused of "just being thieves". True, it is stealing, but at least the motives were more interesting and noble than "just stealing".

    And it wasn't all just for personal gain...I remember working with a friend (he did most of the work) to redirect a spanish-speaking 1-800 porn chat line to a notorious spammer at the time....lets see... "Eunuchs Incorportated" IIRC. End result: The spammer's phone was inundated with hot and horny mexican men. That excercised the social engineering aspect of things. We called the 800# provider and convinced them that we were the owners of the 800#. Just had them redirect the line to a different number. Incidentally, this only works with a certain type of 800#'s (The ones that are redirected to standard phone lines).

    Anyway, I really hope that 1) the statute of limitations has run out on my crimes and 2) My posting as AC will dissuade investigation. :) It would be unfortunate if I got busted for crimes I commited a long time ago, and wouldn't consider doing now.