#### PHRACK PRESENTS ISSUE 17 #### ^*^*^*^ Phrack World News, Part 3 ^*^*^*^ **** File 12 of 12 **** +-------------------------------------------------------------------------+ -[ PHRACK XVII ]----------------------------------------------------------- "The Code Crackers are Cheating Ma Bell" Typed by the Sorceress from the San Francisco Chronicle Edited by the $muggler The Far Side..........................(415)471-1138 Underground Communications, Inc.......(415)770-0140 +-------------------------------------------------------------------------+ In California prisons, inmates use "the code" to make free telephone calls lining up everything from gun running jobs to visits from grandma. In a college dormitory in Tennessee, students use the code to open up a long-distance line on a pay phone for 12 straight hours of free calls. In a phone booth somewhere in the Midwest, a mobster uses the code to make untraceable calls that bring a shipment of narcotics from South America to the United States. The code is actually millions of different personal identification numbers assigned by the nation's telephone companies. Fraudulent use of those codes is now a nationwide epidemic that is costing America's phone companies more than $500 million each year. In the end, most of that cost is passed on to consumers, in the form of higher phone rates, analysts say. The security codes range form multidigit access codes used by customers of the many alternative long-distance companies to the "calling card" numbers assigned by America Telephone & Telegraph and the 22 local phone companies, such as Pacific Bell. Most of the loss comes form the activities of computer hackers, said Rene Dunn, speaking for U.S. Sprint, the third-largest long-distance company. These technical experts - frequently bright, if socially reclusive, teenagers - set up their computers to dial the local access telephone number of one of the alternative long-distance firms, such as MCI and U.S. Sprint. When the phone answers, a legitimate customer would normally punch in a secret personal code, usually five digits, that allows him to make his call. Hackers, however, have devised computer programs that will keep firing combinations of numbers until it hits the right combination, much like a safecracker waiting for the telltale sound of pins and tumblers meshing. Then the hacker- known in the industry as a "cracker" because he has cracked the code- has full access to that customer's phone line. The customer does not realize what has happened until a huge phone bill arrives at the end of the month. By that time, his access number and personal code have been tacked up on thousands of electronic bulletin boards throughout the country, accessible to anyone with a computer, a telephone and a modem, the device that allows the computer to communicate over telephone lines. "This is definitely a major problem," said one telephone security expert, who declined to be identified. "I've seen one account with a $98,000 monthly bill." One Berkeley man has battled the telephone cheats since last fall, when his MCI bill showed about $100 in long-distance calls he had not made. Although MCI assured him that the problem would be taken care of, the man's latest bill was 11 pages long and has $563.40 worth of long-distance calls. Those calls include: [] A two-hour call to Hyattsville, Maryland, on January 22. A woman who answered the Hyattsville phone said she had no idea who called her house. [] Repeated calls to a dormitory telephone at UCLA. The student who answered the phone there said she did not know who spent 39 minutes talking to her, or her roommate, shortly after midnight on January 23. [] Calls to dormitory rooms at Washington State University in Pullman and to the University of Colorado in Boulder. Men who answered the phones there professed ignorance of who had called them or of any stolen long-distance codes. The Berkeley customer, who asked not to be identified, said he reached his frustration limit and canceled his MCI account. The phone companies are pursing the hackers and other thieves with methods that try to keep up with a technological monster that is linked by trillions of miles of telephone lines. The companies sometimes monitor customers' phone bills. If a bill that averages about $40 or $50 a month suddenly soars to several hundred dollars with calls apparently placed from all over the country on the same day, the phone company flags the bill and tries to track the source of the calls. The FBI makes its own surveillance sweeps of electronic bulletin boards, looking for stolen code numbers. The phone companies occasionally call up these boards and post messages, warning that arrest warrants will be coming soon if the fraudulent practice does not stop. Reputable bulletin boards post their own warnings to telephone hackers, telling them to stay out. Several criminal prosecutions are already in the works, said Jocelyne Calia, the manager of toll fraud for U.S. Sprint. If the detectives do not want to talk about their methods, the underground is equally circumspect. "If they (the companies) have effective (prevention) methods, how come all this is still going on?" asked one computer expert, a veteran hacker who says he went legitimate about 10 years ago. The computer expert, who identified himself only as Dr. Strange, said he was part of the original group of electronic wizards of the early 1970s who devised the "blue boxes" complex instruments that emulate the tones of a telephone and allowed these early hackers to break into the toll-free 800 system and call all over the world free of charge. The new hacker bedeviling the phone companies are simply the result of the "technology changing to one of computers, instead of blue boxes" Dr. Strange said. As the "phone company elevates the odds... the bigger a challenge it becomes," he said. A feeling of ambivalence toward the huge and largely anonymous phone companies makes it easier for many people to rationalize their cheating. A woman in a Southwestern state who obtained an authorization code from her boyfriend said, through an intermediary, that she never really thought of telephone fraud as a "moral issue." "I don't abuse it," the woman said of her newfound telephone privilege. "I don't use it for long periods of time - I never talk for more than an hour at a time - and I don't give it out to friends." Besides, she said, the bills for calls she has been making all over the United States for the past six weeks go to a "large corporation that I was dissatisfied with. It's not as if an individual is getting the bills." There is one place, however, where the phone companies maybe have the upper hand in their constant war with the hackers and cheats. In some prisons, said an MCI spokesman, "we've found we can use peer pressure. Let's say we restrict access to the phones, or even take them out, and there were a lot of prisoners who weren't abusing the phone system. So the word gets spread to those guys about which prisoner it was that caused the telephones to get taken out. Once you get the identification (of the phone-abusing prisoner) out there, I don't think you have to worry much" the spokesman said. "There's a justice system in the prisons, too."