home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
TAP YIPL
/
TAP_and_YIPL_Collection_CD.iso
/
PHREAK
/
GENERAL
/
BIOC4.TXT
< prev
next >
Wrap
Text File
|
1997-07-22
|
18KB
|
601 lines
******BIOC Agent 003's course in*******
* *
* ========================== *
* =BASIC TELECOMMUNCIATIONS= *
* ========================== *
* PART IV *
***************************************
Revised: 15-JUN-84
PREFACE:
--------
Part IV will deal with the various
types of operators, office hierarchy,
& switching equipment.
OPERATORS:
----------
There are many types of operators in
The Network and the more common ones
will be discussed.
TSPS Operator:
The TSPS [(Traffic Service Position
System) as opposed to This Shitty Phone
Service] Operator is probably the bitch
(or bastard for the phemale liberation-
ists) that most of us are use to having
to deal with.
Here are her responsibilities:
1) Obtaining billing information for
Calling Card or 3rd number calls.
2) Identifying called customer on
person-to-person calls.
3) Obtaining acceptance of charges on
collect calls.
4) Identifying calling numbers. This
only happens when the calling # is not
automatically recorded by CAMA
(Centralized Automatic Message
Accounting) & forwarded from the local
office. This could be caused by
equipment failures (ANIF - Automatic
Number Identification Failure) or if
the office is not equipped for CAMA
(ONI - Operator Number Identification).
<I once had an equipment failure
happen to me & the TSPS operator came
on and said, "What # are you calling
FROM?" Out of curiosity, I gave her
the # to my CO, she thanked me & then
I was connected to a conversion that
appeared to be between a frameman & his
wife. Then it started ringing the
party I originally wanted to call &
everyone phreaked out (excuse the pun).
I immediately dropped this dual line
conference!>
You shouldn't mess with the TSPS
operator since she KNOWS where you are
calling from. Your number will show up
on a 10-digit LED read-out (ANI board)
She also knows whether or not you are
at a fortress fone & she can trace
calls quite readily. Out of all the
operators, she is one of the MOST
DANGEROUS.
INWARD Operator:
This operator assists your local TSPS
("O") operator in connecting calls.
She will never question a call as long
as the call is within HER SERVICE AREA.
She can only be reached via other
operators or by a Blue Box. From a BB,
you would dial KP+NPA+121+ST for the
INWARD operator that will help you
connect any calls within that NPA only.
(Blue Boxing will be discussed in a
future part of BASIC TELCOM)
DIRECTORY ASSISTANCE Operator:
This is the operator that you are
connected to when you dial: 411 or
NPA-555-1212. She does not readily
know where you are calling from. She
does not have access to unlisted #'s,
but she does know if an unlisted #
exists for a certain listing.
There is also a directory assistance
for deaf people who use Teletypewriters
If your modem can transfer BAUDOT
[(45.5 baud)/ (the Apple Cat can)],
then you can call him/her up and have
an interesting conversation. The # is:
800-855-1155. They uses the standard
Telex abbreviations such as GA for Go
Ahead. They tend to be nicer & will
talk longer than your regular
operators. Also, they are more
vulnerable into being talked out of
information through the process of
"social engineering" as Cheshire
Catalyst would put it.
<Unfortunately, they do not have access
to much. I once bullshitted with one
of these operators and I found out that
there are 2 such DA offices that handle
TTY. One is in Philadelphia and the
other is in California. They have
approximately 7 operators each. Most
of the TTY operators think there job is
boring (based on an official "BIOC
poll"). They also feel they are
under-paid. They actually call up a
regular DA # to process your request
(Sorry, no fancy computers!).>
Other operators have access to their
own DA by dialing KP+NPA+131+ST (MF).
In the confusion due to the aftermath
of the Bull System break-up, it seems
that it will now cost 50 cents per DA
call! Exceptions seem to be Canadian
DA & the TTY DA (for the time being).
Thus you might be able to avoid being
charged for DA calls by using your
computer [running at 45.5 baud!] and
their 800 TOLL-FREE #! If they decide
to charge from fortresses also, the
method of making DA calls from the
fortress and purposely asking for an
unlisted # so you can have the operator
credit you home # will no longer work!
CN/A Operators:
CN/A operators are operators that do
exactly the opposite of what directory
assistance operators are for. See part
II, for more info on CN/A & #'s. In my
experiences, these operators know more
than the DA op's do & they are more
susceptible to "social engineering." It
is possible to bullshit a CN/A operator
for the NON-PUB DA # (ie, you give them
the name & they give you the unlisted
#). This is due to the fact that they
assume your are a phellow company
employee. Unfortunately, the break-up
has resulted in the break-up of a few
NON-PUB #'s and policy changes in CN/A.
INTERCEPT Operator:
The intercept operator is the one that
you are connected to when there are not
enough recordings available to tell you
that the # has been disconnected or
changed. She usually says, "What # you
callin'?" with a foreign accent. This
is the lowest operator lifeform. Even
though they don't know where you are
calling from, it is a waste of your
time to try to verbally abuse them
since they usually understand very
little English.
Incidentally, a few areas do have
intelligent intercept operators.
OTHER Operators:
And then there are the: Mobile,
Ship-to-Shore, Conference, Marine
Verify, "Leave Word & Call Back," Rout
& Rate (KP+800+141+1212+ST - new # as
result of Bell breakup), & other
special operators who have one purpose
or another in the Network.
Problems with an Operator? Ask to
speak to their supervisor...or better
yet, the Group Chief (who is the
highest ranking official in any office)
who is the equivalent of the Madame
in a whorehouse (if you will excuse the
analogy).
By the way, some CO's that will allow
you to dial a 1 or 0 as the 4th digit,
will also allow you to call special
operators & other phun Telco #'s
without a blue box. This is very rare
though! For example, 212-121-1111
will get you a NY Inward Operator.
==================
=OFFICE HIERARCHY=
==================
Every switching office in North America
(the NPA system), is assigned an office
name & class. There are five classes
of offices numbered 1 through 5. Your
CO is most likely a class 5 or end
office. All Long-Distance (Toll) calls
are switched by a toll office which can
be a class 4, 3, 2, or 1 office. There
is also a 4X office called an
intermediate point. The 4X office is a
digital one that can have an unattended
exchange attached to it (known as a
Remote Switching Unit-RSU).
The following chart will list the
Office #, name, & how many of those
offices existed in North America in
1981.
Class Name Abb # Existing
----- ---------------- --- ------------
1 Regional Center RC 12
2 Sectional Center SC 67
3 Primary Center PC 230
4 Toll Center TC 1,300
4P Toll Point TP
4X Intermediate Pt IP
5 End Office EO 19,000
R RSU RSU
When connecting a call from one party
to another, the switching equipment
usually tries to find the shortest
route between the Class 5 end office of
the caller & the Class 5 end office of
the called party. If no inter-office
trunks exist between the 2 parties, it
will then move upto the next highest
office for servicing (Class 4). If the
Class 4 office cannot handle the call
by sending it to another Class 4 or 5
office, it will be sent to the next
office in the hierarchy (3). The
switching equipment first uses the
high-usage interoffice trunk groups, if
they are busy it then goes to the final
trunk groups on the next highest level.
If the call cannot be connected then,
you will probably get a re-order
[120 IPM (Interruptions Per Minute)
busy signal] signal. At this time, the
guys at Network Operations are probably
shitting in their pants and trying to
avoid the dreaded Network Dreadlock (as
seen on TV!).
It is also interesting to note that 9
connections in tandem is called
ring-around-the rosy and it has never
occurred in telephone history. This
would cause an endless loop connection.
[a neat way to really screw-up the
Network]
The 10 regional centers in the US & the
2 in Canada are all interconnected.
They form the foundation of the entire
telephone network. Since there are
only 12 of them, they are listed below:
Class 1 Regional Office Location NPA
---------------------------------- ---
Dallas 4 ESS 214
Wayne, PA 215
Denver 4T 303
Regina No.2 SP1-4W [Canada] 306
St. Louis 4T 314
Rockdale, GA 404
Pittsburgh 4E 412
Montreal No.1 4AETS [Canada] 504
Norwich, NY 607
San Bernardino, CA 714
Norway, IL 815
White Plains 4T, NY 914
The following diagram demonstrates how
the various offices may be connected:
^----------^----------^ Regional
!1! <----> !1! <----> !1!
--- --- ---
! Others\/
-^-------^-------^------^---------^
!2! !3! !4! !4P! !5!
--- --- --- -^^- ---
! ! ! !
^----^ ! ^----^ !
!3! !4! ! !4X! !5! ^-----^
--- -^- ! ---- ---
^ ! !4X! !5!
!5R! !-------------^
-^^- /--------!---------\
!R! !4P! !4! !5!
--- ---- --- ---
=====================
=SWITCHING EQUIPMENT=
=====================
In the Network, there are 3 major types
of switching equipment. They are known
as: Step, Crossbar, & ESS.
STEP-BY-STEP (SxS)
The Step-By-Step, a/k/a the Strowger
switch or two-motion switch, was
invented in 1889 by an undertaker named
Almon Strowger. He invented this
mechanical switching equipment because
he felt that the biased operator was
routing all requests for an
'undertaker' to her husband's business.
Bell started using this system in 1918
& as of 1978, over 53% of the Bell
exchanges used this method of
switching. This figure is probably
substantially less now.
Step-by-Step switching is controlled
directly by the dial pulses which move
a series of switches (called the switch
train) in order. When you first pick
up the fone under SxS, a linefinder
acknowledges the request (sooner or
later) by sending a dial tone. If you
then dialed 1234, the equipment would
first find an idle selector switch. It
would then move vertically 1 pulse, it
would then move horizontally to find a
free second selector, it would then
move 2 vertical pulses, step
horizontally to find the next selector,
etc. Thus the first switch in the
train takes no digits, the second
switch takes 1 digit, the third switch
takes 1 digit, & the last switch in the
train (called the connector) takes the
last 2 digits & connects your calls.
A normal (10,000 line) exchange
requires 4 digits (0000-9999) to
connect a local call & thus it takes
4 switches to connect every call
(linefinder, 1st & 2nd selectors, & the
connector) .
While it was the first, SxS sucks for
the following reasons:
[1] The switches often become jammed
thus the calls often become blocked.
[2] You can't use DTMF (Dual-Tone
Multi-Frequency a/k/a Touch-Tone)
directly. It is possible that the Telco
may have installed a conversion kit but
then the calls will go through just as
slow as pulse, anyway!
[3] They use a lot of electricity &
mechanical maintenance. (bad from Telco
point of view)
[4] Everything is hardwired.
They can still hook up pen registers &
other shit on the line so it is not
exactly a phreak haven.
You can identify SxS offices by:
(1) Lack of DTMF or pulsing digits
after dialing DTMF.
(2) If you go near the CO, it will
sound like a typewriter testing
factory.
(3) Lack of speed calling, call
forwarding, & other custom services.
(4) Fortress fones that want your
money first (as opposed to dial tone
first ones).
The preceding don't necessarily imply
that you have SxS but they surely give
evidence that it might be. Also, if
any of the above characteristics exist,
it certainly isn't ESS! Also, SxS have
pretty much been eradicated from large
metropolitan areas such as NYC (212).
CROSSBAR:
There are 3 major types of Crossbar
systems called: No. 1 Crossbar (1XB),
No. 4 Crossbar (4XB), & No. 5 Crossbar
(5XB). 5XB has been the primary end
office switch of Bell since the 60's
and thus it is in wide-use. There is
also a Crossbar Tandem (XBT) used for
toll-switching.
Crossbar uses a common control
switching method. When there is an
incoming call, a stored program
determines its route through the
switching matrix.
In Crossbar, the basic operation
principle is that a horizontal &
a vertical line are energized in a
matrix known as the crosspoint matrix.
The point where these 2 lines meet in
the matrix is the connection.
+===+
=ESS=
+===+
Electronic Switching System (ESS)
The Phreak's Nightmare Come True
(or Orwell's Prophecy as 2600 puts it)
ESS is Bell's move towards the Airstrip
One society depicted in Orwell's 1984.
With ESS, EVERY single digit that you
dial is recorded--even if it is a
mistake. They know who you call, when
you call, how long you talked for, &
probably what you talked about (in some
cases). ESS can (and is) also
programmed to print out #'s of people
who make excessive calls to 800 #'s or
directory assistance. This is called
the "800 Exceptional Calling Report."
ESS could also be programmed to print
out logs of who calls certain #'s--like
a bookie, a known communist, a BBS, etc
The thing to remember with ESS is that
it is a series of programs working
together. These programs can be very
easily changed to do whatever they want
it to do. This system makes the job of
Bell Security, the FBI, NSA, & other
organizations that like to invade
privacy incredibly easy.
With ESS, tracing is done in
microseconds (Eine Augenblick) & the
results are printed at the console of a
Bell Gestapo officer. ESS will also
pick up any "foreign" tones on the line
such as 2600 Hz!
Bell predicts that the country will
become totally ESS by the 1990's.
You can identify ESS by the following
which are usually ESS functions:
[1] Dialing 911 for help.
[2] Dial-Tone-First fortresses.
[3] Custom Calling Services such as:
Call Forwarding, Speed Dialing, &
Call Waiting. (Ask your business
office if you can get these.)
[4] ANI (Automatic Number
Identification) on LD calls.
Phreaking does not come to a complete
halt under ESS though--just be very
careful, though!!!
Due to the fact that ESS has a computer
generated "artificial" ring, you are
not directly connected to the called
parties line until he picks up.
Therefore, Black Boxes & Infinity
Transmitters will not work under ESS!
NOTE: Another interesting way to find
out what type of equipment you
are on is to raid the trash can
of you local CO--this art will
discussed in a separate article
soon. Asking for a tour of your
CO for a "school report" can
also be helpful.
Coming Soon:
In the part V, we will start to take
a look at telephone electronics.
Further Reading:
For more information on the above
topics, I suggest the following:
Notes on the Network, AT&T, 1980.
Understanding Telephone Electronics,
Texas Instruments, 1983.
And subscriptions to:
TAP, Room 603, 147 W 42 St, New York,
NY 10036. Subscriptions are $10/year.
Back issues are $0.75. The current
issues is #90 (Jan/Feb 1984)
2600, Box 752, Middle Island, NY 11953.
Subscriptions are $10/year. Back
issues are $1 each. The current issue
is #6 (June 1984).
They are both excellent sources of all
sorts of information (primarily
phreaking/hacking).
NOTE: For the most part, I have
assumed that you have read my previous
3 courses in the BASIC TELCOM series.
Excelsior,
*****BIOC
*=$=*Agent
*****003
Knights of Shadow
April 13, 1984
The Year of Big Brother
<<=-FARGO 4A-=>>
[ RACS III - (914) 942-2638 ]
[ Sherwood Forest ][ - (914) 359-1517 ]
PS Sysops of other BBS's are welcome to
use this series on their own boards
providing that you don't change
anything.
PPS Due to the radical changes taking
place in the Network due to the
break up this January, I have been
forced to make many revisions of
certain parts of my BASIC TELCOM
series. If something does not seem
right, please keep the current
revision date in mind. I have
tried to keep this series as
current as possible.