home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
The Hacker Chronicles - A…the Computer Underground
/
The Hacker Chronicles - A Tour of the Computer Underground (P-80 Systems).iso
/
phrk3
/
phrack29.9
< prev
next >
Wrap
Text File
|
1992-09-26
|
22KB
|
371 lines
==Phrack Inc.==
Volume Three, Issue 29, File #9 of 12
\`\`\`\`\`\`\`\`\`\`\`\`\`\`\`\`\`\`\`\`\`\`\`\`\`\`\`\`\`\`\
\`\ \`\
\`\ BLOCKING OF LONG-DISTANCE CALLS... REVISITED \`\
\`\ by Jim Schmickley \`\
\`\ \`\
\`\ Hawkeye PC, Cedar Rapids, Iowa \`\
\`\ \`\
\`\ Previosly Seen in Pirate Magazine \`\
\`\ \`\
\`\`\`\`\`\`\`\`\`\`\`\`\`\`\`\`\`\`\`\`\`\`\`\`\`\`\`\`\`\`\
This file is a continuation of "Block Of Long-Distance Calls" that was seen in
Phrack Inc. Issue 21, file 8. Although the material has already been released
(perhaps on a limited basis) in Pirate Magazine, we felt the information was
important enough to re-present (on a larger scale), especially considering it
was an issue that we had previously detailed. -- Phrack Inc. Staff
The following article begins where the previous article left off:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
November 17, 1988
Customer Service
Teleconnect
P.O. Box 3013
Cedar Rapids, IA 52406-9101
Dear Persons:
I am writing in response to my October Teleconnect bill, due November 13, for
$120.76. As you can see, it has not yet been paid, and I would hope to delay
payment until we can come to some equitable table resolution of what appears to
be a dispute. The records should show that I have paid previous bills
responsibly. Hence, this is neither an attempt to delay nor avoid payment. My
account number is: 01-xxxx-xxxxxx. My user phone is: 815-xxx-xxxx. The phone
of record (under which the account is registered) is: 815-xxx-xxxx.
If possible, you might "flag" my bill so I will not begin receiving dunning
notices until we resolve the problem. I have several complaints. One is the
bill itself, the other is the service. I feel my bill has been inflated
because of the poor quality of the service you provide to certain areas of the
country. These lines are computer lines, and those over which the dispute
occurs are 2400 baud lines. Dropping down to 1200 baud does not help much. As
you can see from my bill, there are numerous repeat calls made to the same
location within a short period of time. The primary problems occured to the
following locations:
1. Highland, CA 714-864-4592
2. Montgomery, AL 205-279-6549
3. Fairbanks, AK 907-479-7215
4. Lubbock, TX 806-794-4362
5. Perrine, FL 305-235-1645
6. Jacksonville, FL 904-721-1166
7. San Marcos, TX 512-754-8182
8. Birmingham, AL 205-979-8409
9. N. Phoenix, AZ 602-789-9269 <-- (The Dark Side BBS by The Dictator)
The problem is simply that, to these destinations, Teleconnect can simply not
hold a line. AT&T can. Although some of these destinations were held for a
few minutes, generally, I cannot depend on TC service, and have more recently
begun using AT&T instead. Even though it may appear from the records that I
maintained some contact for several minutes, this time was useless, because I
cold not complete my business, and the time was wasted. An equitable
resolution would be to strike these charges from my bill.
I would also hope that the calls I place through AT&T to these destinations
will be discounted, rather than pay the full cost. I have enclosed my latest
AT&T bill, which includes calls that I made through them because of either
blocking or lack of quality service. If I read it correctly, no discount was
taken off. Is this correct?
As you can see from the above list of numbers, there is a pattern in the poor
quality service: The problem seems to lie in Western states and in the deep
south. I have no problem with the midwest or with numbers in the east.
I have been told that I should call a service representative when I have
problems. This, however, is not an answer for several reasons. First, I have
no time to continue to call for service in the middle of a project. The calls
tend to be late at night, and time is precious. Second, on those times I have
called, I either could not get through, or was put on hold for an
indeterminable time. Fourth, judging from comments I have received in several
calls to Teleconnect's service representatives, these seem to be problems for
which there is no immediate solution, thus making repeated calls simply a waste
of time. Finally, the number of calls on which I would be required to seek
assistance would be excessive. The inability to hold a line does not seem to
be an occasional anomaly, but a systematic pattern that suggests that the
service to these areas is, indeed, inadequate.
A second problem concerns the Teleconnect policy of blocking certain numbers.
Blocking is unacceptable. When calling a blocked number, all one receives is a
recorded message that "this is a local call." Although I have complained about
this once I learned of the intentional blocking, the message remained the same.
I was told that one number (301-843-5052) would be unblocked, and for several
hours it was. Then the blocking resumed.
A public utility simply does not have the right to determine who its customers
may or may not call. This constitutes a form of censorship. You should
candidly tell your customers that you must approve of their calls or you will
not place them. You also have the obligation to provide your customers with a
list of those numbers you will not service so that they will not waste their
time attempting to call. You might also change the message that indicates a
blocked call by saying something "we don't approve of who you're calling, and
won't let you call."
I appreciate the need to protect your customers. However, blocking numbers is
not appropriate. It is not clear how blocking aids your investigation, or how
blocking will eliminate whatever problems impelled the action. I request the
following:
1. Unblock the numbers currently blocked.
2. Provide me with a complete list of the numbers you are blocking.
3. End the policy of blocking.
I feel Teleconnect has been less than honest with its customers, and is a bit
precipitous in trampling on rights, even in a worthy attempt to protect them
from abuses of telephone cheats. However, the poor quality of line service,
combined with the apparrent violation of Constitutional rights, cannot be
tolerated. Those with whom I have spoken about this matter are polite, but the
bottom line is that they do not respond to the problem. I would prefer to pay
my bill only after we resolve this.
Cheerfully,
(Name removed by request)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
/*/ ST*ZMAG SPECIAL REPORT - by Jerry Cross /*/
(reprinted from Vol. #28, 7 July, 1989)
===============================================
TELECONNECT CALL BLOCKING UPDATE
Ctsy (Genesee Atari Group)
Background
~~~~~~~~~~
At the beginning of last year one of my bbs users uploaded a file he found on
another bbs that he thought I would be interested in. It detailed the story of
an Iowa bbs operator who discovered that Teleconnect, a long distance carrier,
was blocking incoming calls to his bbs without his or the callers knowledge.
As an employee of Michigan Bell I was very interested. I could not understand
how a company could interfere with the transmissions of telephone calls,
something that was completely unheard of with either AT&T or Michigan Bell in
the past. The calls were being blocked, according to Teleconnect public
relations officials, because large amounts of fraudulent calls were being
placed through their system. Rather than attempting to discover who was
placing these calls, Teleconnect decided to take the easy (and cheap) way out
by simply block access to the number they were calling. But the main point was
that a long distance company was intercepting phone calls. I was very
concerned.
I did some investigating around the Michigan area to see what the long distance
carriers were doing, and if they, too, were intercepting or blocking phone
calls. I also discovered that Teleconnect was just in the process of setting
up shop to serve Michigan. Remember, too, that many of the former AT&T
customers who did not specify which long distance carrier they wanted at the
time of the AT&T breakup were placed into a pool, and divided up by the
competing long distance companies. There are a number of Michigan users who
are using certain long distance carriers not of their choice.
My investigation discovered that Michigan Bell and AT&T have a solid, computer
backed security system that makes it unnecessary for them to block calls. MCI,
Sprint, and a few other companies would not comment or kept passing me around
to other departments, or refused to comment about security measures.
I also discussed this with Michigan Bell Security and was informed that any
long distance company that needed help investigating call fraud would not only
receive help, but MBT would actually prepare the case and appear in court for
prosecution!
My calls to Teleconnect were simply ignored. Letters to the public service
commission, FCC, and other government departments were also ignored. I did,
however, get some cooperation from our U.S. Representative Dale Kildee, who
filed a complaint in my name to the FCC and the Interstate Commerce Commission.
What follows is their summary of an FCC investigation to Mr. Kildee's office.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Dear Congressman Kildee:
This is in further response to your October 18, 1988 memorandum enclosing
correspondence from Mr. Gerald R. Cross, President of the Genesee Atari Group
in Flint, Michigan concerning a reported incidence of blocking calls from
access to Curt Kyhl's Stock Exchange Bulletin Board System in Waterloo, Iowa by
Teleconnect, a long distance carrier. Mr. Cross, who also operates a bulletin
board system (bbs), attaches information indicating that Teleconnect blocked
callers from access via its network to Mr. Kyhl's BBS number in an effort to
prevent unauthorized use of its customers' long distance calling authorization
codes by computer "hackers." Mr. Cross is concerned that this type of blocking
may be occurring in Michigan and that such practice could easily spread
nationwide, thereby preventing access to BBSs by legitimate computer users.
On November 7, 1988, the Informal Complaints Branch of the Common Carrier
Bureau directed Teleconnect to investigate Mr. Cross' concerns and report the
results of its investigation to this Commission. Enclosed, for your
information, is a copy of Teleconnect's December 7, 1988 report and its
response to a similar complaint filed with this Commission by Mr. James
Schmickley. In accordance with the commission's rules, the carrier should have
forwarded a copy of its December 7, 1988 report to Mr. Cross at the same time
this report was filed with the Commission. I apologize for the delay in
reporting the results of our investigation to your office.
Teleconnect's report states that it is subject to fraudulent use of its network
by individuals who use BBSs in order to unlawfully obtain personal
authorization codes of consumers. Teleconnect also states that computer
"hackers" employ a series of calling patterns to access a carrier's network in
order to steal long distance services. The report further states that
Teleconnect monitors calling patterns on a 24 hour basis in an effort to
control, and eliminate when possible, code abuse. As a result of this
monitoring, Teleconnect advises that its internal security staff detected
repeated attempts to access the BBS numbers in question using multiple
seven-digit access codes of legitimate Teleconnect customers. These calling
patterns, according to Teleconnect, clearly indicated that theft of
telecommunications services was occurring.
The report states that Teleconnect makes a decision to block calls when the
estimated loss of revenue reaches at least $500. Teleconnect notes that
blocking is only initiated when signs of "hacking" and other unauthorized usage
are present, when local calls are attempted over its long distance network or
when a customer or other carrier has requested blocking of a certain number.
Teleconnect maintains that blocking is in compliance with the provisions of
Section A.20.a.04 of Teleconnect's Tariff FCC No. #3 which provides that
service may be refused or disconnected without prior notice by Teleconnect for
fraudulent unauthorized use. The report also states that Teleconnect customers
whose authorizations codes have been fraudulently used are immediately notified
of such unauthorized use and are issued new access codes. Teleconnect further
states that while an investigation is pending, customers are given instructions
on how to utilize an alternative carrier's network by using "10XXX" carrier
codes to access interstate or intrastate communications until blocking can be
safely lifted.
Teleconnect maintains that although its tariff does not require prior notice to
the number targeted to be blocked, it does, in the case of a BBS, attempt to
identify and contact the Systems Operator (SysOp), since the SysOp will often
be able to assist in the apprehension of an unauthorized user. The report
states that with regard to Mr. Kyle's Iowa BBS, Teleconnect was unable to
identify Mr. Kyle as the owner of the targeted number because the number was
unlisted and Mr. Kyhl's local carrier was not authorized to and did not release
any information to Teleconnect by which identification could be made. The
report also states that Teleconnect attempted to directly access the BBS to
determine the identity of the owner but was unable to do so because its
software was incompatible with the BBS.
Teleconnect states that its actions are not discriminatory to BBSs and states
that it currently provides access to literally hundreds of BBSs around the
country. The report also states that Teleconnect's policy to block when
unauthorized use is detected is employed whether or not such use involves a
BBS. Teleconnect advises that when an investigation is concluded or when a
complaint is received concerning the blocking, the blocking will be lifted, as
in the case of the Iowa BBS. However, Teleconnect notes that blocking will be
reinstated if illegal "hacking" recurs.
Teleconnect advises that it currently has no ongoing investigations within the
State of Michigan and therefore, is not presently blocking any BBSs in
Michigan. However, Teleconnect states that it is honoring the request of other
carriers and customers to block access to certain numbers.
The Branch has reviewed the file on this case. In accordance with the
Commission's rules for informal complaints it appears that the carrier's report
is responsive to our Notice. Therefore, the Branch, on its own motion, is not
prepared to recommend that the Commission take further action regarding this
matter.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
This letter leaves me with a ton of questions. First, let's be fair to
Teleconnect. Long distance carriers are being robbed of hundreds of thousands
of dollars annually by "hackers" and must do something to prevent it. However,
call blocking is NOT going to stop it. The "hacker" still has access to the
carrier network and will simply start calling other numbers until that number,
too, is blocked, then go on to the next. The answer is to identify the
"hacker" and put him out of business. Teleconnect is taking a cheap, quick fix
approach that does nothing to solve the problem, and hurts the phone users as a
whole.
They claim that their customers are able to use other networks to complete
their calls if the number is being blocked. What if other networks decide to
use Teleconnect's approach? You would be forced to not only keep an index of
those numbers you call, but also the long distance carrier that will let you
call it! Maybe everyone will block that number, then what will you do? What
if AT&T decided to block calls? Do they have this right too?
And how do you find out if the number is being blocked? In the case of Mr.
Kyhl's BBS, callers were given a recording that stated the number was not in
service. It made NO mention that the call was blocked, and the caller would
assume the service was disconnect. While trying to investigate why his calls
were not going through, Mr. James Schmickley placed several calls to
Teleconnect before they finally admitted the calls were being blocked! Only
after repeated calls to Teleconnect was the blocking lifted. It should also be
noted that Mr. Kyhl's bbs is not a pirate bbs, and has been listed in a major
computer magazine as one of the best bbs's in the country.
As mentioned before, MBT will work with the long distance carriers to find
these "hackers." I assume that the other local carriers would do the same. I
do not understand why Teleconnect could not get help in obtaining Mr. Kyhl's
address. It is true the phone company will not give out this information, but
WILL contact the customer to inform him that someone needs to contact him about
possible fraud involving his phone line. If this policy is not being used,
maybe the FCC should look into it.
Call blocking is not restricted to BBSs, according to Teleconnect. They will
block any number that reaches a $500 fraud loss. Let's say you ran a computer
mail order business and didn't want to invest in a WATS line. Why should an
honest businessman be penalized because someone else is breaking the law? It
could cost him far more the $500 from loss of sales because of Teleconnect's
blocking policy.
Teleconnect also claims that "they are honoring the request of other carriers
and customers to block access to certain numbers." Again, MBT also has these
rules. But they pertain to blocking numbers to "certain numbers" such as
dial-a-porn services, and many 900-numbers. What customer would ever request
that Teleconnect block incoming calls to his phone?
And it is an insult to my intelligence for Teleconnect to claim they could not
log on to Mr. Kyhl's BBS. Do they mean to say that with hundreds of thousands
of dollars in computer equipment, well trained technicians, and easy access to
phone lines, that they can't log on to a simple IBM bbs? Meanwhile, here I sit
with a $50 Atari 800xl and $30 Atari modem and I have no problem at all
accessing Mr. Kyhl's bbs! What's worse, the FCC (the agency in charge of
regulating data transmission equipment), bought this line too! Incredible!!!
And finally, I must admit I don't have the faintest idea what Section A.20.a.04
of Teleconnect's Tariff FCC No. 3 states, walk into your local library and ask
for this information and you get a blank look from the librarian. I know, I
tried! However, MBT also has similar rules in their tariffs. Teleconnect
claims that the FCC tariff claims that "service may be refused or disconnected
without prior notice by Teleconnect for fraudulent, unauthorized use". This
rule, as applied to MBT, pertains ONLY to the subscriber. If an MBT customer
were caught illegally using their phone system then MBT has the right to
disconnect their service. If a Teleconnect user wishes to call a blocked
number, and does so legally, how can Teleconnect refuse use to give them
service? This appears to violate the very same tarriff they claim gives them
the right to block calls!
I have a few simple answers to these questions. I plan, once again, to send
out letters to the appropriate agencies and government representatives, but I
doubt they will go anywhere without a mass letter writing campaign from all of
you. First, order that long distance companies may not block calls without the
consent of the customer being blocked. Every chance should be given to him to
assist in identifying the "hacker," and he should not be penalized for other
people's crimes. There should also be an agency designated to handle appeals
if call blocking is set up on their line. Currently, there is no agency,
public service commission, or government office (except the FCC) that you can
complain to, and from my experience trying to get information on call blocking
I seriously doubt that they will assist the customer.
Next, order the local phone carriers to fully assist and give information to
the long distance companies that will help identify illegal users of their
systems. Finally, order the Secret Service to investigate illegal use of long
distance access codes in the same manner that they investigate credit card
theft. These two crimes go hand in hand. Stiff fines and penalties should be
made mandatory for those caught stealing long distance services.
If you would like further information, or just want to discuss this, I am
available on Genie (G.Cross) and CompuServe (75046,267). Also, you can reach
me on my bbs (FACTS, 313-736-4544). Only with your help can we put a stop to
call blocking before it gets too far out of hand.
>--------=====END=====--------<
Downloaded From P-80 International Information Systems 304-744-2253 12yrs+