Hacker 2

home *** CD-ROM | disk | FTP | other *** search

/ Hacker 2 / HACKER2.mdf / phreak / bioc.4 < prev next >

Wrap

Text File | 1995-01-03 | 18KB | 601 lines

******BIOC Agent 003's course in******* * * * ========================== * * =BASIC TELECOMMUNCIATIONS= * * ========================== * * PART IV * *************************************** Revised: 15-JUN-84 PREFACE: -------- Part IV will deal with the various types of operators, office hierarchy, & switching equipment. OPERATORS: ---------- There are many types of operators in The Network and the more common ones will be discussed. TSPS Operator: The TSPS [(Traffic Service Position System) as opposed to This Shitty Phone Service] Operator is probably the bitch (or bastard for the phemale liberation- ists) that most of us are use to having to deal with. Here are her responsibilities: 1) Obtaining billing information for Calling Card or 3rd number calls. 2) Identifying called customer on person-to-person calls. 3) Obtaining acceptance of charges on collect calls. 4) Identifying calling numbers. This only happens when the calling # is not automatically recorded by CAMA (Centralized Automatic Message Accounting) & forwarded from the local office. This could be caused by equipment failures (ANIF - Automatic Number Identification Failure) or if the office is not equipped for CAMA (ONI - Operator Number Identification). <I once had an equipment failure happen to me & the TSPS operator came on and said, "What # are you calling FROM?" Out of curiosity, I gave her the # to my CO, she thanked me & then I was connected to a conversion that appeared to be between a frameman & his wife. Then it started ringing the party I originally wanted to call & everyone phreaked out (excuse the pun). I immediately dropped this dual line conference!> You shouldn't mess with the TSPS operator since she KNOWS where you are calling from. Your number will show up on a 10-digit LED read-out (ANI board) She also knows whether or not you are at a fortress fone & she can trace calls quite readily. Out of all the operators, she is one of the MOST DANGEROUS. INWARD Operator: This operator assists your local TSPS ("O") operator in connecting calls. She will never question a call as long as the call is within HER SERVICE AREA. She can only be reached via other operators or by a Blue Box. From a BB, you would dial KP+NPA+121+ST for the INWARD operator that will help you connect any calls within that NPA only. (Blue Boxing will be discussed in a future part of BASIC TELCOM) DIRECTORY ASSISTANCE Operator: This is the operator that you are connected to when you dial: 411 or NPA-555-1212. She does not readily know where you are calling from. She does not have access to unlisted #'s, but she does know if an unlisted # exists for a certain listing. There is also a directory assistance for deaf people who use Teletypewriters If your modem can transfer BAUDOT [(45.5 baud)/ (the Apple Cat can)], then you can call him/her up and have an interesting conversation. The # is: 800-855-1155. They uses the standard Telex abbreviations such as GA for Go Ahead. They tend to be nicer & will talk longer than your regular operators. Also, they are more vulnerable into being talked out of information through the process of "social engineering" as Cheshire Catalyst would put it. <Unfortunately, they do not have access to much. I once bullshitted with one of these operators and I found out that there are 2 such DA offices that handle TTY. One is in Philadelphia and the other is in California. They have approximately 7 operators each. Most of the TTY operators think there job is boring (based on an official "BIOC poll"). They also feel they are under-paid. They actually call up a regular DA # to process your request (Sorry, no fancy computers!).> Other operators have access to their own DA by dialing KP+NPA+131+ST (MF). In the confusion due to the aftermath of the Bull System break-up, it seems that it will now cost 50 cents per DA call! Exceptions seem to be Canadian DA & the TTY DA (for the time being). Thus you might be able to avoid being charged for DA calls by using your computer [running at 45.5 baud!] and their 800 TOLL-FREE #! If they decide to charge from fortresses also, the method of making DA calls from the fortress and purposely asking for an unlisted # so you can have the operator credit you home # will no longer work! CN/A Operators: CN/A operators are operators that do exactly the opposite of what directory assistance operators are for. See part II, for more info on CN/A & #'s. In my experiences, these operators know more than the DA op's do & they are more susceptible to "social engineering." It is possible to bullshit a CN/A operator for the NON-PUB DA # (ie, you give them the name & they give you the unlisted #). This is due to the fact that they assume your are a phellow company employee. Unfortunately, the break-up has resulted in the break-up of a few NON-PUB #'s and policy changes in CN/A. INTERCEPT Operator: The intercept operator is the one that you are connected to when there are not enough recordings available to tell you that the # has been disconnected or changed. She usually says, "What # you callin'?" with a foreign accent. This is the lowest operator lifeform. Even though they don't know where you are calling from, it is a waste of your time to try to verbally abuse them since they usually understand very little English. Incidentally, a few areas do have intelligent intercept operators. OTHER Operators: And then there are the: Mobile, Ship-to-Shore, Conference, Marine Verify, "Leave Word & Call Back," Rout & Rate (KP+800+141+1212+ST - new # as result of Bell breakup), & other special operators who have one purpose or another in the Network. Problems with an Operator? Ask to speak to their supervisor...or better yet, the Group Chief (who is the highest ranking official in any office) who is the equivalent of the Madame in a whorehouse (if you will excuse the analogy). By the way, some CO's that will allow you to dial a 1 or 0 as the 4th digit, will also allow you to call special operators & other phun Telco #'s without a blue box. This is very rare though! For example, 212-121-1111 will get you a NY Inward Operator. ================== =OFFICE HIERARCHY= ================== Every switching office in North America (the NPA system), is assigned an office name & class. There are five classes of offices numbered 1 through 5. Your CO is most likely a class 5 or end office. All Long-Distance (Toll) calls are switched by a toll office which can be a class 4, 3, 2, or 1 office. There is also a 4X office called an intermediate point. The 4X office is a digital one that can have an unattended exchange attached to it (known as a Remote Switching Unit-RSU). The following chart will list the Office #, name, & how many of those offices existed in North America in 1981. Class Name Abb # Existing ----- ---------------- --- ------------ 1 Regional Center RC 12 2 Sectional Center SC 67 3 Primary Center PC 230 4 Toll Center TC 1,300 4P Toll Point TP 4X Intermediate Pt IP 5 End Office EO 19,000 R RSU RSU When connecting a call from one party to another, the switching equipment usually tries to find the shortest route between the Class 5 end office of the caller & the Class 5 end office of the called party. If no inter-office trunks exist between the 2 parties, it will then move upto the next highest office for servicing (Class 4). If the Class 4 office cannot handle the call by sending it to another Class 4 or 5 office, it will be sent to the next office in the hierarchy (3). The switching equipment first uses the high-usage interoffice trunk groups, if they are busy it then goes to the final trunk groups on the next highest level. If the call cannot be connected then, you will probably get a re-order [120 IPM (Interruptions Per Minute) busy signal] signal. At this time, the guys at Network Operations are probably shitting in their pants and trying to avoid the dreaded Network Dreadlock (as seen on TV!). It is also interesting to note that 9 connections in tandem is called ring-around-the rosy and it has never occurred in telephone history. This would cause an endless loop connection. [a neat way to really screw-up the Network] The 10 regional centers in the US & the 2 in Canada are all interconnected. They form the foundation of the entire telephone network. Since there are only 12 of them, they are listed below: Class 1 Regional Office Location NPA ---------------------------------- --- Dallas 4 ESS 214 Wayne, PA 215 Denver 4T 303 Regina No.2 SP1-4W [Canada] 306 St. Louis 4T 314 Rockdale, GA 404 Pittsburgh 4E 412 Montreal No.1 4AETS [Canada] 504 Norwich, NY 607 San Bernardino, CA 714 Norway, IL 815 White Plains 4T, NY 914 The following diagram demonstrates how the various offices may be connected: ^----------^----------^ Regional !1! <----> !1! <----> !1! --- --- --- ! Others\/ -^-------^-------^------^---------^ !2! !3! !4! !4P! !5! --- --- --- -^^- --- ! ! ! ! ^----^ ! ^----^ ! !3! !4! ! !4X! !5! ^-----^ --- -^- ! ---- --- ^ ! !4X! !5! !5R! !-------------^ -^^- /--------!---------\ !R! !4P! !4! !5! --- ---- --- --- ===================== =SWITCHING EQUIPMENT= ===================== In the Network, there are 3 major types of switching equipment. They are known as: Step, Crossbar, & ESS. STEP-BY-STEP (SxS) The Step-By-Step, a/k/a the Strowger switch or two-motion switch, was invented in 1889 by an undertaker named Almon Strowger. He invented this mechanical switching equipment because he felt that the biased operator was routing all requests for an 'undertaker' to her husband's business. Bell started using this system in 1918 & as of 1978, over 53% of the Bell exchanges used this method of switching. This figure is probably substantially less now. Step-by-Step switching is controlled directly by the dial pulses which move a series of switches (called the switch train) in order. When you first pick up the fone under SxS, a linefinder acknowledges the request (sooner or later) by sending a dial tone. If you then dialed 1234, the equipment would first find an idle selector switch. It would then move vertically 1 pulse, it would then move horizontally to find a free second selector, it would then move 2 vertical pulses, step horizontally to find the next selector, etc. Thus the first switch in the train takes no digits, the second switch takes 1 digit, the third switch takes 1 digit, & the last switch in the train (called the connector) takes the last 2 digits & connects your calls. A normal (10,000 line) exchange requires 4 digits (0000-9999) to connect a local call & thus it takes 4 switches to connect every call (linefinder, 1st & 2nd selectors, & the connector) . While it was the first, SxS sucks for the following reasons: [1] The switches often become jammed thus the calls often become blocked. [2] You can't use DTMF (Dual-Tone Multi-Frequency a/k/a Touch-Tone) directly. It is possible that the Telco may have installed a conversion kit but then the calls will go through just as slow as pulse, anyway! [3] They use a lot of electricity & mechanical maintenance. (bad from Telco point of view) [4] Everything is hardwired. They can still hook up pen registers & other shit on the line so it is not exactly a phreak haven. You can identify SxS offices by: (1) Lack of DTMF or pulsing digits after dialing DTMF. (2) If you go near the CO, it will sound like a typewriter testing factory. (3) Lack of speed calling, call forwarding, & other custom services. (4) Fortress fones that want your money first (as opposed to dial tone first ones). The preceding don't necessarily imply that you have SxS but they surely give evidence that it might be. Also, if any of the above characteristics exist, it certainly isn't ESS! Also, SxS have pretty much been eradicated from large metropolitan areas such as NYC (212). CROSSBAR: There are 3 major types of Crossbar systems called: No. 1 Crossbar (1XB), No. 4 Crossbar (4XB), & No. 5 Crossbar (5XB). 5XB has been the primary end office switch of Bell since the 60's and thus it is in wide-use. There is also a Crossbar Tandem (XBT) used for toll-switching. Crossbar uses a common control switching method. When there is an incoming call, a stored program determines its route through the switching matrix. In Crossbar, the basic operation principle is that a horizontal & a vertical line are energized in a matrix known as the crosspoint matrix. The point where these 2 lines meet in the matrix is the connection. +===+ =ESS= +===+ Electronic Switching System (ESS) The Phreak's Nightmare Come True (or Orwell's Prophecy as 2600 puts it) ESS is Bell's move towards the Airstrip One society depicted in Orwell's 1984. With ESS, EVERY single digit that you dial is recorded--even if it is a mistake. They know who you call, when you call, how long you talked for, & probably what you talked about (in some cases). ESS can (and is) also programmed to print out #'s of people who make excessive calls to 800 #'s or directory assistance. This is called the "800 Exceptional Calling Report." ESS could also be programmed to print out logs of who calls certain #'s--like a bookie, a known communist, a BBS, etc The thing to remember with ESS is that it is a series of programs working together. These programs can be very easily changed to do whatever they want it to do. This system makes the job of Bell Security, the FBI, NSA, & other organizations that like to invade privacy incredibly easy. With ESS, tracing is done in microseconds (Eine Augenblick) & the results are printed at the console of a Bell Gestapo officer. ESS will also pick up any "foreign" tones on the line such as 2600 Hz! Bell predicts that the country will become totally ESS by the 1990's. You can identify ESS by the following which are usually ESS functions: [1] Dialing 911 for help. [2] Dial-Tone-First fortresses. [3] Custom Calling Services such as: Call Forwarding, Speed Dialing, & Call Waiting. (Ask your business office if you can get these.) [4] ANI (Automatic Number Identification) on LD calls. Phreaking does not come to a complete halt under ESS though--just be very careful, though!!! Due to the fact that ESS has a computer generated "artificial" ring, you are not directly connected to the called parties line until he picks up. Therefore, Black Boxes & Infinity Transmitters will not work under ESS! NOTE: Another interesting way to find out what type of equipment you are on is to raid the trash can of you local CO--this art will discussed in a separate article soon. Asking for a tour of your CO for a "school report" can also be helpful. Coming Soon: In the part V, we will start to take a look at telephone electronics. Further Reading: For more information on the above topics, I suggest the following: Notes on the Network, AT&T, 1980. Understanding Telephone Electronics, Texas Instruments, 1983. And subscriptions to: TAP, Room 603, 147 W 42 St, New York, NY 10036. Subscriptions are $10/year. Back issues are $0.75. The current issues is #90 (Jan/Feb 1984) 2600, Box 752, Middle Island, NY 11953. Subscriptions are $10/year. Back issues are $1 each. The current issue is #6 (June 1984). They are both excellent sources of all sorts of information (primarily phreaking/hacking). NOTE: For the most part, I have assumed that you have read my previous 3 courses in the BASIC TELCOM series. Excelsior, *****BIOC *=$=*Agent *****003 Knights of Shadow April 13, 1984 The Year of Big Brother <<=-FARGO 4A-=>> [ RACS III - (914) 942-2638 ] [ Sherwood Forest ][ - (914) 359-1517 ] PS Sysops of other BBS's are welcome to use this series on their own boards providing that you don't change anything. PPS Due to the radical changes taking place in the Network due to the break up this January, I have been forced to make many revisions of certain parts of my BASIC TELCOM series. If something does not seem right, please keep the current revision date in mind. I have tried to keep this series as current as possible.