💾 Archived View for gemini.spam.works › mirrors › textfiles › phreak › BIOCAGENT › bioc003.003 captured on 2022-06-12 at 17:08:56.
-=-=-=-=-=-=-
BIOC.IV
BIOC AGENT 003'S COURSE IN [BASIC TELECOMMUNICATIONS] Part IV
Revised 15-Jun-84 Word Processed by Tharrys Ridenow
[PREFACE]:
Part IV will deal with the various types of operators, office hierarchy,
and switching equipment.
OPERATORS:
TSPS Operator:
The TSPS [(Traffic Service Position System) as opposed to this shitty phone
service] operator is probably the bitch (or bastard for the phemale liberation-
ists) that most of us are used to having to deal with.
Here are her responsibilities:
1. Obtaining billing information for calling card or 3rd number calls.
2. Identifying called customer on person-to-person calls.
3. Obtaining acceptance of charges on collect calls.
--More--(4%)
4. Identifying calling numbers. This only happens when the calling #
is not automatically recorded by CAMA (Centralised Automatic Message
Accounting) and forwarded from the local office. This could be
caused by equipment failures (ANIF- Automatic Number Identification
Failure) or if the office is not equipped for CAMA (ONI- Operator
Number Identification).
[I once had an equipment failure happen to me and the TSPS operator came on
and said "What number are you calling from?" Out of curiousity, I gave her the
number to my CO. She thanked me and then I was connected to a conversation
that appeared to be between a frameman and his wife. Then it started ringing
the party I originally wanted to call and everyone phreaked out! (Excuse the
pun.) I immediately dropped this dual line conference!]
You shouldn't mess with the TSPS operator since she knows where you're cal-
ling from. Your number will show up on a 10-digit LED read-out (ANI board).
She also knows whether you're at a fortress fone and she can trace calls quite
readily. Out of all the operators, she is one of the most dangerous.
Inward Operator:
This operator assists your local TSPS ("0") operator in connecting calls.
She will never question a call as long as the call is within her service area.
She can only be reached via other operators or by a Blue Box. From a BB, you
--More--(12%)
would dial KP+NPA+121+ST for the inward operator that will help you connect any
calls within that NPA only. (Blue Boxing will be discussed in a future part of
Basic Telecommunications.)
Directory Assistance Operator:
This is the operator that you are connected to when you dial 411 or NPA-
555-1212. She does not readily know where you are calling from. She does not
have access to unlisted numbers, but she does know if an unlisted number exists
for a certain listing.
There is also a directory assistance operator for deaf people who use tele-
typewriters. [If you modem can transfer BAUDOT (45.5 bps) (the Apple Cat modem
can), then you can call him/her up and have an interesting converstion.] The #
is 800-855-1155. They use the standard TELEX abbreviations such as GA for Go
Ahead. They tend to be nicer and will talk longer than your regular operators.
Also, they are more vulnerable into being talked out of information through the
process of "social engineering" as Cheshire Catalyst would put it.
[Unfortunately, they do not have access to much. I once bullshitted with
one of these operators and I found out that there are 2 such DA offices that
handle TTY. One is in Philadelphia and the other is in California. They have
approximately 7 operators each. Most of the TTY operators think their job is
boring (based on an official "BIOC Poll"). They also feel that they are under-
paid. They actually call up a regular DA # to process your request (sorry, no
fancy computers!).]
--More--(21%)
Other operators have access to their own DA by BlueBoxing KP+NPA+131+ST.
In the confusion due to the aftermath of the Bell System breakup, it seems
that it will now cost 50 cents for each DA call! Exceptions seem to be Canadi-
an DA and the TTY DA (for the time being). Thus you might be able to avoid be-
ing charged for DA calls by using your computer at 45.5 BAUD and their 800 toll
phree number! If they decide to charge from fortresses also, the method of
making DA calls from the fortress and purposely asking for an unlisted number
so you can have the operator credit your home phone number will no longer work!
CN/A Operators:
CN/A operators are operators that do exactly the opposite of what directory
assistance operators are for. [See Part II for more info on CN/A.] In my ex-
periences, these operators know more than the DA operators do and they are more
susceptible to "social engineering." It is possible to bullshit a CN/A opera-
tor for the non-pub DA # (i.e., you give them the name and they give you the
unlisted number). This is due to the fact that they assume you are a phellow
company employee. Unfortunately, the breakup has resulted in the breakup of a
few non-pub #'s and policy changes in CN/A.
Intercept Operator:
The intercept operator is the one that you are connected to when there are
not enough recordings available to tell you that the # has been disconnected or
--More--(29%)
changed. She usually says "What # you callin'?" with a foreign accent. This
is the lowest operator life form. Even though they don't know where you are
calling from, it is a waste of time to try to verbally abuse them since they
usually understand very little English.
Incidentally, a few areas do have intelligent intercept operators.
And then there are the mobile, ship-to-shore, conference, marine verify,
"leave word and call back," route and rate (KP+800+141+1212+ST- new # as result
of Bell breakup), and other special operators who have one purpose or another
in the Network.
Problems with an operator? Ask to speak to their supervisor... or better
yet, the group chief (who is the highest ranking individual in any office) who
is the equivalent of the madame in a whorehouse (if you will excuse the analo-
gy).
By the way, some CO's that will allow you to dial a 1 or 0 as the 4th di-
git, will also allow you to call special operators and other phun telco #'s
without a Blue Box. This is very rare, though. For example, 212-121-1111 will
get you an NY inward operator.
OFFICE HIERARCHY
Every switching office in North America (the NPA system), is assigned an
--More--(36%)
office name and class. There are five classes of offices numbered 1 through 5.
Your CO is most likely a Class 5 End Office. All long distance (toll) calls
are switched by a toll office which can be a Class 4, 3, 2, or 1 office. There
is also a 4X office called an Intermediate Point. The 4X office is a digital
one that can have an unattached exchange attached to it (known as a Remote
Switching Unit- RSU).
The following chart will list the office number, name, and how many of
those offices existed in North America in 1981.
CLASS NAME ABBREVIATION NUMBER EXISTING
----- ---------------------- -------------- -----------------
1 Regional Center RC 12
2 Sectional Center SC 67
3 Primary Center PC 230
4 Toll Center TC 1300
4P Toll Point TP
4X Intermediate Point IP
5 End Office EO 19000
R Remote Switching Unit RSU
When connecting a call from one party to another, the switching equipment
usually tries to find the shortest route between the Class 5 End Office of the
--More--(44%)
caller and the Class 5 End Office of the called party. If no inter-office
trunks exist between the 2 parties, it will then move up to the next highest
office for servicing (Class 4). If the Class 4 cannot handle the call by send-
ing it to another Class 4 or 5 office, it will be sent to the next office in
the hierarchy (3). The switching equipment first uses the high-usage interof-
fice trunk groups, if they are busy it then goes to the final trunk groups on
the next highest level. If the call cannot be connected then, you will prob-
ably get a re-order [120 IPM (Interruptions Per Minute) busy signal] signal.
At this time, the guys at Network Operations are probably shitting their pants
to avoid the dreaded network dreadlock (as seen on TV!).
It is also interesting to note that 9 connections in tandem is called Ring-
Around-The-Rosy and it has never occurred in telephone history. This would
cause an endless loop connection [a neat way to really screw up the Network].
The 10 regional centers in the US and the 2 in Canada are all interconnect-
ed. Since there are only 12 of them, they are listed below.
Class 1 Regional Office Location NPA
-------------------------------------------------- ---
Dallas 4 ESS, Texas 214
Wayne, Pennsylvania 215
Denver 4T, Colorado 303
Regina No. 2 SP1-4W [Canada] 306
--More--(52%)
St. Louis 4T, Missouri 314
Rockdale, Georgia 404
Pittsburgh 4E, Pennsylvania 412
Montreal No. 1 4AETS [Canada] 504
Norwich, New York 607
San Bernadino, California 714
Norway, Illinois 815
White Plains 4T, New York 914
The following diagram demonstrates how the various offices may be connect-
ed:
*-------------*-------------*-------------*-------------*
| | | | |
=======>[1]<=========>[1]<=========>[1]<=========>[1]<=========>[1]<======
""" """ "+" """ """
|
==========*============*============*=============*=============*========
| | | | |
[2] [3] [4] [4P] [5]
"+" "+" "+" "++" """
| | | |
--More--(59%)
*=====* | *=====* |
| | | | | |
[3] [4] | [4X] [5] *=========*
""" "+" | """" """ | |
| | [4X] [5]
| | """" """
[5R] \===============|
"++" *============*============*
| | | |
[R] [4P] [4] [5]
""" """" """ """
SWITCHING EQUIPMENT
In the Network, there are 3 major types of switching equipment. They are
known of as: SXS (Step-by-Step), Crossbar, and ESS (Electronic Switching Sys-
tem).
STEP-BY-STEP (SXS):
The Step-by-Step, aka the Strowger switch or two-motion switch, was invent-
ed in 1889 by an undertaker named Almon Strowger. He invented this mechanical
switching equipment because he felt that the biased operator was routing all
--More--(66%)
requests for an 'undertaker' to her husband's business.
Bell started using this system in 1918 and as of 1978, over 53% of the Bell
exchanges used this method of switching. This figure is probably substantially
less now.
Step-by-Step switching is controlled directly by the dial pulses which move
a series of switches (called the switch train) in order. When you first pick
up the fone under SXS, a linefinder acknowledges the request (sooner or later)
by sending a dial tone. If you then dialed 1234, the equipment would first
find an idle selector switch. It would then move vertically 1 pulse, it would
then move horizontally to find a second free selector, it would then move 2
vertical pulses, step horizontally to find the next selector, etc. Thus the
first switch in the train takes no digits, the second takes 1 digit, the third
takes 1 digit, and the last switch in the train (called the connector) takes
the last 2 digits and connects your calls. A normal (10,000 line) exchange re-
quires 4 digits (0000-9999) to connect a local call and thus it takes 4
switches to connect every call (linefinder, 1st and 2nd selectors, and the con-
nector).
While it was the first, SXS sucks for the following reasons:
[1] The switches often become jammed thus the calls often become blocked.
[2] You can't use DTMF (Dual Tone Multi-Frequency, aka Touch-Tone) directly.
It is possible that the Telco may have installed a conversion kit but then the
calls will go through just as slow as pulse, anyway!
--More--(74%)
[3] They use a lot of electricity and mechanical maintenance (bad from Telco
point of view).
[4] Everything is hardwired.
They can still hook up pen registers and other shit on the line so it is
not exactly a phreak haven.
You can identify SXS offices by:
[1] Lack of DTMF or pulsing digits after dialing DTMF.
[2] If you go near the CO, it will sound like a typewriter testing factory.
[3] Lack of speed calling, call forwarding, and other custom services.
[4] Fortress fones that want your money first (as opposed to dial tone first
ones).
The preceding don't necessarily imply that you are on SXS but they surely
give evidence that it might be. Also, if any of the above characteristics ex-
ist, it certainly isn't ESS! Also, SXS have pretty much been eradicated from
large metropolitan areas such as New York City (212).
CROSSBAR (nXB):
There are 3 major types of Crossbar systems called: # 1 Crossbar (1XB); # 4
Crossbar (4XB); and # 5 Crossbar (5XB). 5XB has been the primary end office
switch of bell since the 60's and thus it is widespread use. There is also a
--More--(81%)
crossbar tandem (XBT) used for toll switching.
Crossbar uses a common control switching method. When there is an incoming
call, a stored program determines its route through the switching matrix.
In Crossbar, the basic operation principle as that a horizontal and a vert-
ical line are energized in a matrix known as the crosspoint matrix. The point
where these 2 lines meet in the matrix is the connection.
-=*ESS*=- ELECTRONIC SWITCHING SYSTEM!- THE PHREAK'S NIGHTMARE COME TRUE:
ESS is the Telco's move towards the airstrip society depicted in Orwell's
1984.
With ESS, every single digit that you dial is recorded- even if it is a
mistake. They know who you call, when you call, how long you talked for, and
probably what you talked about (in some cases). ESS can (and is) also pro-
grammed to print out #'s of people who make excessive calls to 800 #'s or
directory assistance. This is called "The 800 Exceptional Calling Report."
ESS could also be programmed to print out logs of who calls certain #'s-- like
a bookie, a known Communist, a BBS, etc. The thing to remember with ESS is
that it is a series of programs working together. These programs can be very
easily changed to do whatever they want it to do. This system makes the job of
Bell security, the FBI, NSA, and other organisations that like to invade priva-
cy incredibly easily.
--More--(89%)
With ESS, tracing is done in microseconds (eine augenblick) and the results
are printed at the console of a Bell Gestapo officer. ESS will also pick up
any "foreign" tones on the line such as 2600 Hz!
Bell predicts that the country will become entirely ESS by the 1990's.
You can identify ESS by the following which are usually ESS functions:
[1] Dialing 911 for help.
[2] Dial tone-first fortresses.
[3] Custom calling services such as call forwarding, speed dialing, and call
waiting (ask your business office if you can get these).
[4] ANI (Automatic Number Identification) on all LD calls.
Phreaking does not come to a complete halt under ESS- just be very careful
though!
Due to the fact that ESS has a computer generated "artificial" ring, you
are not directly connected to the called party's line until he picks up.
Therefore, Black Boxes and Infinity Transmitters will not work under ESS!
NOTE: Another interesting way to find out what type of equipment you are
on is to raid the trash can of your local CO (this art will be
discussed in a seperate article soon). Asking for a tour of your CO
for a "school report" can also be helpful.
[COMING SOON]:
--More--(96%)
In Part V, we will take a look at telephone electronics.
[FURTHER READING]:
For more information on the above topics, I suggest the following:
Notes on the Network, AT&T, 1980
Understanding Telephone Electronics, Texas Instruments, 1983
And subscriptions to:
TAP, room 603, 147 W 42 St, New York, NY 10036. Subscriptions are
$10/year, back issues $.75, current issue #90 (Jan/Feb 1984).
and: 2600, box 752, Middle Island, NY 11953. Subscriptions $10/year, back
issues $1, current issue #6 (June 1984).
{G-Files} Command <?>:
Please enter either [file-name], [l], [h], [q], or [?]