This MCI service also known as MCI Execunet, is for people who travel alot
(ie, business pigs) & need a code that works in several places. Therefore,
the codes on this system are interchangable throughout the dial-ups unlike
the regular MCI service. FORMAT: At tone, 7 digit access code + destination #. {212 dial-up: 248-0151} NOTE: You can usually call up the companies customer service #, and say you just moved or that you are traveling and ask for the access # for your area code. To find out the customer service # call dir. asst. at (800) 555 1212.
==============
=950 Exchange=
==============
The 950 exchange is a nationwide access exchange, in most areas, that includes
several SCC's. All services on this exchange are considered dangerous due to
the fact that they have the ability to trace. The currently working numbers
in many metropolitan areas in the US are: 950-1000 SPC (Sprint) -1022
MCI Execunet -1033 US Telephone -1044 AllNet -1066 Lexitel -1088 Skyline This exchange will probably be phased out when customers choose their LD carrier as a result of "equal access."
SKYLINE:
--------
SBS Skyline is a new service owned by IBM, Comsat and AEtna. It has the same
local access # across the country: 950-1088. It is supposed to have 6
(possibly 8) digit codes and is alleged to be very dangerous.
Most of the services in 950 have crystal clear connections.
===============
=Calling Cards=
===============
Calling cards are Bell's version of Sprint, MCI, etc. Calling cards are used
primarily from pay phones. The format is: NPA-NXX-XXXX-CCCC NPA is usually
the a/c of the billed # that the call is to be billed to. This may be
replaced by a 3 digit RAO (Revenue Accounting Office) code in some NPA's or a
special billing number. NXX-XXXX is the number that the call is to billed to.
CCCC is a checkcode (or PIN--Personal Identification Number) that adds the
security to Calling Cards. The codes used to be predictable until 1983. Now
CCCC appears to be sequentially generated so the codes cannot be calculated
from a formula!
The easiest way to find these codes are in a busy airport or college where
they are used alot. Just get close and copy down someones code (if you are
that unscrupulous!) Don't rip off poor people; go for the rich business
pigs!
You usually call the operator to make a CC Call but on many fortress phones,
you can dial 0+the number you want to call and you will get a recording &
tone where you enter your calling card #. By pressing the # sign (octothorpe)
after each call instead of hanging up, you can make many calls at once without
having to retype the CC # each time. This is good for busy numbers. Also, if
you want to call the # of the card, ie the billed #, you just have to enter
the last 4 digits of the CC # at the tone.
Now, suppose you do get a real operator. Since mostly business people use
calling cards, it is suggested that you act a little like a business person,
ie, rushed, older, businesslike, and SLIGHTLY pissed at the operator
(keyword: SLIGHTLY). All you have to tell her is the CC #. If she asks for
the # you are calling from, tell her, but change the last digit or 2. If she
asks you more questions, she is probably suspicious. Hang up. Although, you
should make up some answers to certain questions to satisfy the operator that
you are legit. The most important thing you should know when making a CC
call is the area code and the city of the card.
Finally, in case the operator is listening, always talk businesslike for the
first few seconds until the operator clicks off [they have been known to
listen in on calls (understatement)]. Also, always use CC's from pay phones
or Charge-A-Call phones only!
CAUTION: All the CC codes are now rapidly checked due to CCIS Channel
Inter-office Signaling) and ESS (Electronic Switching System) If you try to
hack CC codes you can be fairly sure that Bell Security (affectionately known
as the gestapo in the phreaking world) will get a message from the CO
(Central Office, ie, exchange)!
There is also an international code that is in the format of:
1A NPA NXX XXXX 9
Where: 1A is a digit followed by a letter (check characters)
NPA NXX XXXX is the # that the call is to billed to (same as above)
9 is an check digit
The international code is used only when calling from a foreign country.
AT&T has just recently released real plastic calling cards with the domestic &
international codes printed on the front along with the persons name. These
cards also have a magnetic strip on the back that can be read by their new
Calling Card phones that contain a built in CRT & will accept AT&T cards as
well as American Express. These phones should be popping up in airports &
other places where large numbers of business pigs hang out.
==============
=800 Services=
==============
You are probably all familiar with WATS. WATS #'s (Wide Area Telephone
Service, otherwise known as 800 #'s) are very popular due to the fact that
they are toll-free. They often contain WATS extenders. Extenders were
originally used by salesmen in the field who called up their company's 800 #
(INWATS #) and then used the company's low-priced OUTWATS line to make the
call. This is cheaper to the company than using the Bell calling card which
has a surcharge.
On the original extenders there were no codes! Companies soon realized that
their #'s were being used and added the present day security codes. The
salesman would then dial the 800 number and enter the code (usually 4
digits), he would then receive a second dial tone from the companies PBX
(Private Branch eXchange - their own switching equipment - ie, switchboard).
He would then access the OUTWATS line by dialing 8 or 9 and then the #.
These codes were originally hand-hacked, but some pioneer phreak (Capt.
Crunch) added an interface to Charlie, his Apple ][ computer, which was
capable of generating DTMF tones (Dual-Tone-Multi -Frequency - ie, generic
term for Touch -Tone (TM)) and trying all the codes. The only problem was
that Ma Bell got suspicious when they saw that someone called the Joe Blow
Rubber Company 800 # in California 4,568 times at 2 AM and each call lasted
for only 1 second!
TRAVELNET:
----------
Travelnet is a service, owned by GM, that uses WATS as well as local access
#'s.
The 800 # is (800) 521-8400.
After the tone, enter the 8 digit code, if the code was right you'll get a
second tone, then enter the area code and number.
Travelnet is also unique in that it accepts voice recognition for those times
when touch-tone is not available (How convinient!). If you don't do anything
after the tone, you will hear a voice that says, "authorization #, please."
You then say each digit SLOWLY. It will beep after you say each digit.
After each group of digits, it will repeat what you have said. Say yes if it
is right, otherwise, say no. If the authorization code is correct, it will
say thank you and it'll then ask for the destination #. Follow the same
procedure as above. The voice system is very user friendly and you should
have no problems with it.
TEL-TEC:
--------
TEL-TEC is at (800) 323-3026. In my experiences, you usually get a very shitty
connection. This I use for last resorts.
FORMAT: 6 digit code + dest. #
Tel-Tex (for TX only): (800) 432-2071
CAUTION: Like the 950 exchange, 800 numbers can be easily traced. This
doesn't mean that they trace everything, though.
Others:
-------
There are many other 800 services and PBX's (such as the Dimension 2000 at
800-848-9000). There is just not enough room to discuss them all. As you
have probably noticed, I have posted no codes. Check the phreak section of
various BBS's to find the latest codes or hack them yourself. I suggest that
you don't use codes found on BBS's though since they may be traps! Hand-hack
good possibilities or use a "smart" modem with a hacking program (contact
your local pirate).
HOW MA BELL CATCHES PHONE HACKERS:
----------------------------------
Besides suspicion and random checks, Ma Bell sets up "trap numbers". Trap
numbers were set up on certain dial-ups such as Sprint, MCI, etc. Whenever,
the dial-up is called a "trouble card" is dropped at the central office.
This means that a record of the called #, the CALLERS #, and time are printed
out. These cards (or printouts in an ESS CO) are usually ignored unless SPC
or somebody detects fraud, ie, unauthorized use of a customers acct., then
they call Bell and find out the name and number and instantly nail the phreak
who made the call. They will then either demand that you pay some enormous
fee and they'll forget the whole matter; give them info on other phreaks,
boards, etc.; or prosecute you on the federal rap of Theft of Communications
service, which carries fines of upto 10 years in jail and/or $10,000. They
usually don't go for legal action first, though. If you don't actually use
any codes, they can still nail you for harrassing phone calls.
"Trap & Trace" is another favorite of the gestapo. With this method you
cannot hang up until the trace is completed! Why does Bell help their
competion? Actually, it is rather simple. People were using Sprint to break
into Bell's ESS computers. Bell could only trace the call back to Sprint.
So, Sprint helps Bell catch the people it wants and visa-versa. ("You rub my
back and I'll rub yours" type of deal.) By the way, trap numbers are also
how Bell catches people who make harrasing phone calls to private residences.
Also, certain Telco exchanges running ESS (see part IV) generate reports
called the "800 Exceptional Calling Report" which list people who have made
extensive or long calls to 800 #'s. Since many people use legit 800's alot,
they also wind up on the list. If Bell does have a certain problem with an
800 #, though, they just have to check their records. If Bell has sufficient reason to suspect you of illegal activities, they may put a pen register on your line to record EVERY single digit you dial along with other pertinent information. Finally, do not forget that these services have a copy of the number that you called. So, if a customer says he didn't call a certain #, they will usually call up that # and try to find out who did call at that time. So, to be safer on SPC, MCI, and others, follow the following suggestions: 1) Use a fortress phone (pay phone) whenever possible. Although, they have been know to stake out pay phones. Just don't use the same phone over and over again. In other words, move around. 2) Only call institutional switchboards, business that have no record of your call, and friends who are instant amnesiacs. 3) Try to keep all calls under 15 minutes when possible. NOTE: No system is totally safe! When I classify something as safe or dangerous, that is just with respect to my opinion as well as that of several other phreaks. These opinions are based on how many people have been busted on them, what type of equipment they are using, and inside information. I cannot possibly guarantee that you will or will not get caught. Actually, with CCIS and ESS nothing is really safe anymore. Besides, what phun would there be in life without risks! Also, I have known people who used 800 #'s & SCC's for several years daily with no problems...I also know people who used a system for a week and were busted!
At this point, I would like to mention the "official" phreak newsletter, TAP.
TAP contains much info about phone phreaking and other illegal activities.
Send a SASE for their info sheet, "What The Hell Is TAP?" Their address is:
TAP Room 603 147 West 42 Street New York, NY 10036
Coming soon: ------------ In Part II, we will look at the special Bell
numbers such as CN/A, ATT Newslines, loops, ANI, ringback, and 99XX
scanning.
Until next time, I would like to leave you with a quote from Gilroy
"Many people think of phone phreaks as slime, out to rip off Bell
for all she is worth. Nothing could be further from the truth! Granted,
there are some who get their kicks just by making free calls, however they
are not true phone phreaks. Real phone phreaks are "telecommunications
hobbyists" who experiment, play with and learn from the phone system.
Occasionally this experimenting, and a need to communicate with other phreaks
(without going broke), leads to free calls. The free calls are but a small
subset of a TRUE phone phreaks activities." Have Phun, *****BIOC
*=$=*Agent *****003 November 15, 1983 NOTE: This article was written in
upper & lower case. PS: Please feel free to leave any corrections
additions,comments, and/or threats.******END PART 1******