💾 Archived View for gemini.spam.works › mirrors › textfiles › phreak › WIRETAPPING › ptapping.phk captured on 2022-06-12 at 17:54:27.
-=-=-=-=-=-=-
%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+ %+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+ %+% UNDER SURVEILLANCE +%+ %+% - +%+ %+% PHONE TAPPING +%+ %+% - +%+ %+% BY +%+ %+% THE DARK KNIGHT +%+ %+% - +%+ %+% 11/3/90 +%+ %+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+ %+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+%+ DISCLAIMER: The author takes no responsiblity for, nor does he assume any liability for, damages resulting from the use of information in this document. This document is for informational purposes only. WARNING: Connection of unauthorised equipment to a public (or indeed private system is illegal and could lead to prosecution. INTRODUCTION: Now with the warnings over here is the equipment. Because of the highly sophisticated nature of the modern telephone network, the installation of the tap is a very tricky business indeed. It will take a capacitor (100nf), a pair of high impedance headphones, anything up to two crocodile clips and at least twelve seconds of concentrated effort. (See fig. 1) FIG 1: X---------------*---------------------------Y phone lines | | X---------------|----------*----------------Y | | --- | capacitor --- | | | |HEADPHONES| One alternative to hanging around waiting for the telephone to answer is to connect up a tape recorder. Now we come to the really sophisticated electronics: since it is waste of tape to run the recorder continuosly, it is useful to switch it on only when the phone is being used. Voice activated switches? Why bother. A relay will do the trick, connected in series with one of the lines. See plans on how to build a TAN box. There are plenty around. RADIO BUGS: The next step up is some kind of radio bug. In the days not so long ago when the BT issue phone was a wedge of cheese shaped affair with a dial on the front, a favourite bugging device used to be the 'drop in' mike. The handset microphone was a carbon granule device, quite bulky but easy to remove; unscrew the mouthpiece, slip off a pair of wires from their terminals and its out. The crafty buggers found a much better use for all that space than filling it with carbon granuals. Buying microphones from the very same people who supplied BT, they would empty out of the granuals, put in a much smaller mike and would empty out the granuals, put in a much smaller mike and a small radio transmitter, then seal the whole thing back together again. Drop it into the handset and off you go. It is estimated that the numbers made around the world ran into millions, so they were not uncommon! Still used for bugging public telephones, but not much good for the wide varity of office and home phones now in use. SERIES AND PARALLEL BUGS: Also very common and readily available are a variety of bugs which connect either in series with one telephone wire or in parallel across the two. The series bug has the advantage of only transmitting when the telephone is used; the parallel one transmits continuosly in its crudest form (and most commercial bugs are pretty crude) but can be a little more difficult to detect by simple voltage measurements. Let's face it, it would be a trivial matter to design a bug that is both triggered by use of the phone and virtually impossible to detect by voltage measurements, but since almost nobody takes seriously the idea that they may be a suitable target (do you think you are, for instance?) and therefore won't be checking, why bother with anything complicated? See picture 1 and 2 for details. (End of file) INFINITY TRANSMITTER: The most exotic of the commonly used listerning devices is the 'infinity transmitter', so called because once the victim can be snooped on from anywhere in the world. Anywhere his phone can be reached by direct dialling, that is. This is what you do: dial up the victim's number and hold your little black mystery box close to the mouthpiece. In the simplest versions, the mystery box just sends a tone down the line which is picked up by a frequency selective circuit inside the bug. The mystery box activates the infinity transmitter, which you previously attached to the victim's phone. Once activated, the transmitter prevents the phone from ringing, and instead sends down the line any sounds picked up by the victim's telephone, or by the bug's own internal microphone. This is how it works. On recieving the activating tone, the transmitter passes enough current between the two lines to fool BT's equipment into thinking that the phone has been answered, so the ringing tone is cancelled and the line is opened. Once connection is made, all the bug has to do is to modulate the line voltage in just the way the telephone itself would. Not very difficult. The victim is entirly unaware of anything happening and, with a hookswitch defeat installed, it could be his own telephone acting as a microphone for the transmitter. The bug will automatically cut out if the handset of the victim's phone is lifted, allowing it to be used normally. See picture 2 for details. (End of file) HOOK SWITCH DEFEAT: Much simpler than the infinity transmitter, and used in much the same way, is the hookswitch defeat. When you hang up the telephone, a switch disconnects the handset... unless, that is, somebody has doctored the phone. The simplest method is just to wire a resistor across the switch. In use you phone the victim, apologise for having called up the wrong number, let him hang up but keep your phone off the hook to hold open the connection. Then you listen in. The sound level won't be very high, so you may need an amplifier. The difficulty with a plain hookswitch is that you need access to the telephone itself and enough time to dismantle it. There is also the possibility that an innocent caller may be slow to hang up and find himself accidently eavesdroping. A bit of a giveaway. Hookswitch defeats are easy to spot by anyone familiar with the insides of a telephone, but can often be overlooked in inspection by a suspicious buggee since, unlike infinity transmitters and the like, it could easily be part of the workings of the phone. Take the idea of 'looking as if it belongs' to its conclusion and you have the 'lost' tranmitter. What you do is to find a large-ish component in the telephone (or typewritter, calculator, or whatever) which itself uses any signal you need access to. You then rush home to your garden shed and knock up a device which not only does what this component does, but contains a transmitter too. You package it to look exactly like the component you're replacing. Then you pop back one night and swap the two around. Anyone inspecting the phone or whatever will find it contains exactly the components it should - no more and no less. The transmitter is really and truly lost. This really is big league stuff - the kind of trick employees of rival governments like to play on each other. Not the kind of thing you will personally come across unless you have access to very valuable information indeed. There's an American company called Fox which could be persuaded to come up with the goodies if you approach them in the right way and have the funds. They're in the phone book. Okay that is about it for this document, but do bear in mind that BT are very touchy about having alien equipment connected to their lines, even if it is just a capacitor and headphones. And stay away from my phone, if you don't mind!! +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + CIRCUIT DIAGRAMS: + +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ CIRCUIT 1: SERIES PHONE BUG: -=-=-=-=-=-=-=-=- ! ! W ! ! *-------*-------------*------* ! ! ! ! ! C1 % TC & C4 % ! ! L1 &) R2 $ *------*----* ! ! ! ! ! !! ! ------ ! *------*-----(+)Q1 ! ! *-*----! ~ + !-* ! ! ! ! ! ! ! ! ! ! ! ! ! R1 $ ! BR1 ! R3 $ C2 % R4 $ C3 % ! ! ! ! ! ! ! ! ! *-*----! ~ - !---------*------*------*------* ! ! ------ ! ! ! ! ! ! ! ! ! ! % = CAPACITOR $ = RESISTOR (+) = TRANSISTOR & = TUNING COIL &) = INDUCER W = AERIAL PARTS NEEDED: R1 = 270K R2 = 10K R3 = 10K R4 = 1K0 C1 = 15pF C2 = 1nF0 C3 = 1nF0 C4 = 5pF0 Q1 = ZTX300 L1 = INDUCER 33uH BR1= BRIDGE RECTIFIER TC = TUNING COIL 3mm (4 OR 5 TURNS) CIRCUIT 2: PARALLEL PHONE BUG: -=-=-=-=-=-=-=-=-=- L1 W ! ! *-------*----*------&)----* ! ! ! + = ! ! *---*--* ! ! ! ! B1| ! R3$C2% C4%T1&--* %C6 ! ! - = ! ! ! ! ! ! ! ! R1 ! ! ! ! *--*-----*