💾 Archived View for clemat.is › saccophore › library › ezines › textfiles › ezines › MISC › ppm01.tx… captured on 2022-01-08 at 16:33:44.
View Raw
More Information
⬅️ Previous capture (2021-12-04)
-=-=-=-=-=-=-
The Phone Punx Network Presents
--Phone Punx Magazine--
----Issue one----
"Carjackers of the Information Super Highway"
April 26, 1999
Last Updated: May 04, 1999
http://fly.to/ppn
phonepunx@yahoo.com
Contents
~Intro by Mohawk
~Seuss
-Better Homes and Telephone Surveillance
-Paper chase
~Security Breach
-NOKIA 2160 NAM PROGRAMMING INFO by Maniac
~Scamming by Nothing
~Beating the Caller ID by the Fixer
~Lineside
- LMOS/MLT CODES AND MEANINGS
- Field Techs and Wiretaps
~Controlled Environmental Vaults by Tom Farely
~Cyber Culture
- The impact of the flag burning amendment by Mr. X2
- Cyber McCarthyism by Mohawk
.....The Staff of Phone Punx Magazine.....
Mohawk..................Editor in chief
Seuss ......................FAQ editor/Head tech. writer
Czechmate...............Staff writer
Phear.......................Staff writer/Graphics
Admiral...................Staff writer
Lineside...................Staff writer
Black Axe...............Staff writer
Maniac....................Staff writer/Head writer of Security Breach
.....Magazine Information.....
-Disclaimer
All information is protected by the 1st ammendment. However, this
information should not be used in any other way except education.
Our purpose is to provoke thought and we might even entertain you,
if you're good. Nothing in this issue has been tested and we do not
garuntee that it will work. We cannot assure your safety both
legally and phsically and what the hell, mentally if you try anything
in this issue.
-Release Dates
Phone Punx Magazine is released about every 4 months, however there is
no set release date. Issues can come out a day or a year after the last
one but we will try to stick to around 3 to 4 months.
-Writers Wanted
We are always looking for more writers. If you want an article published
or if you would like to become a regular writers, send us an email. We would
really like to concentrate on phreaking and large phreaking projects. That is
why the release date for new issues is 3 to 4 months, instead of 2 months
like the OCPP. However, not all articles have to be related to phreaking.
We are experimenting with some new sections that will cater to our audience
with topics other then phreaking. If you feel that you have an article
that would be of interest to phreaks but it is about hacking, cyberculture,
etc, let us know and we will evaluate each article on an individual basis.
We are also looking for ways to compensate our writers for thier time and
effort in writing articles. We will add a link to your webpage but
we may also start a page where we will post a banner or two of your choice.
Any other suggestions are also welcome.
-Distribution Sites
Help us spread the magazine to a wider audience by becoming a
distro site. All you have to do is keep the issues on your website
with a link to them somewhere. Not only will this help us reach more
people, but our readers will have another place to get the zine if
something happens to the site. Email us before you set it up because we
need people to distribute the zine, past issues of the OCPP, and the
FAQ too. If you would like to distribute all 3, you will revcieve a special
link on our page because your just such a nice person.
-Network Links
The Phone Punx Network is more than just one webpage. We hope to span
several webpages that will encompass member websites and distro sites.
To get a network link you must be a staff writer or be involved with the
PPN in another way and have a website that is related to phreaking in some
way or another. If you can't do that, become a distro site and provide
a link back to us. A Phone Punx Network link graphic will be made soon
and must appear on the main page of the site (it won't be that big).
-Issue Updates
Issue updates will occur when the warrant. To make sure you always have
the freshest issue of PPM, check the "last updated" date on the top of the issue.
It is important that you always have the latest issue because we do screw up
often and we are always fixing our mistakes. To be notified of updates of the
issues, join the mailing list.
-Mailing List
To stay up to date with the latest in the Phone Punx Network sign up for the
mailing list. You will be notified of the release of new issues, updates to past
issues and other PPN news. All email address are kept confidential. Just send
an email to ocpp@hotmail.com letting us know you'd like to subscribe.
-Links
Please update your OCPP links. Change the name to Phone Punx Network and the
URL to http://fly.to/ppn, if you have a link to us on your page, let us know and we'll
link you back.
-Letters
We will print your letters. If you would like to make a comment, ask a question, or
whatever, send them in and we will publish them. If you don't want your letter
published, just let us know.
-Contact
Our email address is phonepunx@yahoo.com
To subscribe to the mailing list send an email to ocpp@hotmail.com
Copyright info is located at the end of the issue.
Intro
by Mohawk
Two years since the release of the first issue of OCPP, we are back with a
new name, look, purpose, writers, etc. Change is good. Where did we go, why the
change, what the hell is the PPN/PPM????? . Well let's start from the begining.
You might want to skip this whole paragraph if you don't want to read this
boring stuff but I do owe the readers an explanation. I warn you, it's nothing
exicting. Around the time of the release of OCPP 10, I was thinking about changing
the zine and the page to suit the ever changing needs and goals of our staff and our
readers. The zine grew into something I never thought posible. It was just a
little hobby thing by a couple of people but it wound up being a zine that had a pretty
big readership (with no outside help) which many people look toward as a sign of
authority, reference, help, etc. I still can't believe it that people refered to us
when they we're having problems with something or some people saying that we we're the
best zine. While some may or may not dispute that, it isn't our goal. Those we're just
people's opinions but it was still amazing to see that stuff. So I wanted to change
the format of the zine and the webpage. Between changing the zine and the webpage,
maintaining the FAQ, releasing a new issue, and all my real life activites I just
couldn't handle it all and I didn't want to release a half-done issue. Around
that time, most of the page went down due to someone canceling thier account where we
had most of our stuff. Now on top of that all those other things I had to do, I had
to put the page back up. A few months after that, ml.org went out of business so
almost all of our links were dead so we had almost no traffic coming to the site.
Life just kept swamping me with things I had to do but a couple people reminded me
around the same time about the zine and I decided I had to get to work on it any
chance I get.
As I said before, we changed everything to keep up with the changing needs
and goals with the zine and the readers. This zine will be forever changing and
we will be experimenting with new things. Your input will greatly affect what does
and does not go in the zine. Let us know what you like, don't like, or would like to
see in the zine. This will still be a phreaking zine but we will also cover other
topics such as cyber-culture, hacking, technology, and anything else that we feel
our readers might enjoy. We hope to focus on big phreaking projects so that is why
the projected release date has been made every 3 to 4 months instead of every 2.
The Phone Punx Network, or PPN is made of former OCPP members and other people
that help us out in one way or another. Some people are involved with writing the
zine, distributing it, writing the FAQ, or anything else that helps us out. By
dividing up the work, we are able to bring you a better product. The Phone Punx
Magazine is the zine put out by the some of the members of the PPN. Not all PPN
members are involved in the zine. All of this is still in it's early stages so this
is all subject to change. We are looking for people to get involved in the PPN, email
us for more info. Of course, we will always need articles and staff writers.
We hope that you enjoy the new format. Things will be changing constantly.
We also need people to update thier OCPP links. Change the name to Phone Punx
Network and the URL to http://fly.to/ppn, if you have a link to us on your page,
let us know and we'll link you back. Send us your comments, questions, and
suggestions. Also, this issue is a compilation of articles from the 10th issue of
OCPP that never came out and new articles. As we get established the quality and
quanitity of the articles will increase.
~Seuss
Suess maintains the Alt.Phreaking FAQ, visit the webpage at:
http://members.tripod.com/~SeusslyOne/
Better Homes and Telephone Surveillance
by Seuss
Tapping Phones is old (and black) hat to many phone phreaks. Keeping
your tap undetected for a long period is another matter however. Some
taps are so poorly made or implemented that spy-shop 'tap detectors'
will pick them up. Below are a few suggestions on how to keep your
surveillance on the down-low a little longer by using techniques and
tools somewhat more advanced than a beigebox.
No matter how well designed or installed, if the person you're
monitoring sees your device, you're screwed. Hiding your tap might seem
obvious, but remember to be creative. If possible, don't hide the tap
on or anywhere near their property. Tracing their line down to a little
used wiring cabinet far away is an option. Secreting away your tap in a
pedestal terminal or wiring enclosure is easier, but runs the risk of a
telco employee finding it. A common solution among 'pros' is to set up
a dummy demarc box or other official looking cover for their tap
(Foraging in the back of company cherrypicker trucks or the Graybar
catalog are the best sources for these things). If you're setting up a
fake demarc or have enough time and privacy to mess with a real
enclosure, find the connection point for the pair you want to tap and
draw traces from them to the back of the circuit board or connector
block with metallic paint. Paint over your traces and no one is likely
to be the wiser. Large wiring cabinets have fat bundles of wire at the
bottom of the blocks, why not secret your device away in the middle of
it or split the monitored pair here? The Phone Book by M.L. Shannon has
some excellent ideas on hiding phone taps and bugs.
- Defeating sweep procedures
Balance tests:
Resistive balance tests are a standard step in phone sweeps.
Effectively a technician measures the resistance from each side of the
pair to an earth ground and looks for discrepancies, as series taps
generate a large imbalance. (Yes, I know that a proper tech would
likely run a more accurate stress balance test) After installing a
series device, run a balance test yourself and add a potentiometer or
a few resistors so the line is more or less perfectly balanced (within
10 ohms should do it). Make sure the total resistance doesn't go up too
far, and remember that the line needs to be disconnected at the CO to
measure resistance.
Tone Sweeps:
Is anyone still using harmonica bugs? I hope not, as these are some of
the easiest things for a TSCM tech (or for that matter anyone who can
dial a tone sweep) to defeat. *DO NOT* use cheap tone activated taps or
bugs. For those of you with a DIY bent, using a series of DTMF tones to
trigger a device would be a much better option. You'll want to make a
note that wardialers might set one of these off. To overcome the
possibility of someone activating the tap by dialing the phone, use A B
C D tones or start the code with something a customer usually doesn't
dial (like X11 codes that are out of use in your area).
Resistance and Capacitance checks:
The most obvious way to check for phone taps is to measure the
resistance of the line under the correct conditions. If the resistance
is much higher than it should be, there's likely something there.
Logical. BUT if the line contains a bridged tap or the cable is
(physically) wet, the resistance of the loop is altered. If your tap
resides on a line with such a flaw, anyone checking the line will
likely chalk the resistance discrepancies up to the bridged tap after
checking for AC faults. For those of you lacking the several thousand
dollars for a line analyzer to determine bridged taps etc. yourself,
call the phone company and ask about having 'your' line tested for ISDN
or DSL readiness. In order to qualify for high speed services a line
must have minimal amounts of bridged taps and no loading coils.
Time Domain Reflectometers:
These things are stock tools of the TSCM trade and the phone company. A
TDR can map out almost anything on a line (like your tap) if used
properly. It's unlikely that you'll have to worry about a TDR being
used to find a tap unless you attempt to surveil a big company or
government agency. Hooking up your tap up behind a loading coil and/or
behind a bridge tap will help obfuscate it, but it can still be found
through near end/far end crosstalk analysis (its an even bigger pain in
the ass than it sounds).
Coils and Hall-Effect transistors:
Using an induction coil (or electric guitar pickups...) around the pair
will make for a VERY hard to detect tap. There�s a debate about the
ability of even a good waveform TDR to find such connections. Hall
effect transistors give the same result, but with better audio.
Splits:
Split the pairs and make a sweeper miserable. Find a dead pair in the
same binder group as the pair that you want to monitor, and connect it
to the pair you want to tap tip to tip and ring to ring and put your
tap on that. Anyone finding it will likely chalk it up to an old
splice.
Series taps:
Install series taps as close as possible to the target telephone.
Putting a series imbalance (like the one caused by a tap or dropout
relay) in an area of high current (near the CO) creates a hum on the
line. This is an important point if you're intercepting data. Modem
users tend to notice when several kbps are chopped off their connect
speed overnight due to line noise.
Parallel taps:
Install parallel taps as far as possible from the subject phone.
Methods of sweeping using o-scopes in conjunction with a tone sweep are
less and less effective the farther away the device is.
DATUs:
Using the audio monitor of a DATU would be the greatest way to monitor
a phone, but to the best of my knowledge no one has done it yet. Due to
the problem of how the signal is inverted, it�s quite possible that it
can't just be reinverted into clear speech. If someone finds out,
please drop me a line.
Paper chase
by Seuss
I've noticed most phone phreaks are rather disorganized. I, quite
frankly, don't give a damn about the state of other people's living
spaces; until someone loses a manual or document of MINE in their
tide of crap. If the idea of pissing off your compatriots doesn't
bother you terribly, what about rooting through your stuff struggling
to burn credit card receipts after you're tipped off that the feds
are preparing to come a'knocking.
Before you start overhauling all your paperwork it's important to
distinguish between notes and archives. Your notes should be in a
small, unobtrusive notebook. In here you should have the dialups,
passwords, et. al that you use on a constant basis. Archives are
your reference library; things that you don't need at your side
24/7. Archives can be squirreled away with minimum
inconvenience.
Keep your archives together. A filing box is ideal if you have a slew
of loose stuff. Accordion folders are great for smaller collections.
If you go trashing a lot get a heavy cardboard box too so you can throw
your unsorted papers somewhere. Make an effort to empty and sort it
regularly. Locking up your documents might be a good idea if you have
nosy siblings/roommates/parents. Remember to keep a spare key somewhere
in case your first is lost, or you want someone else to open your files
in an emergency. Note: cover plates for light switches make ideal
places to hide keys.
Be picky about what you keep in your archives. Credit card receipts,
cellphone contracts and other incriminating documents should have the
important parts transcribed and the originals be disposed of ASAP.
If you want to get rid of something do it right and destroy it. I
don't care what claims pen companies make about "indelible" ink,
lighter fluid or WD-40 has dissolved every ink I've ever run
across. Most phone phreaks are broke, so buying a shredder is
usually out of the question. For those of you with greater resources
try to spring for a cross shredder, as it reduces paper to
confetti. Burning docs is cheap, effective as anything, and can
usually be done quickly. Having a special furnace or burn box for
emergency burning is the best idea. Remember that grinding ash to
powder also helps, and that many plastics generate toxic fumes.
Digital documents require different handling, but allow you to show
off more of your cleverness more in hiding them. No matter what, you
must ENCRYPT YOUR FILES!!! From here you can interlace your docs
into .gif or .jpg files, insert them into program as comments in
the code (I have a copy of my phone directory in a copy of PGP I
compiled myself), or post them on webservers as undisplayed files
(especially handy in case of formats, crashes, beer spills,
etc). Remember not to hide files on your k-rad phreaking page, put up
an innocuous front.
I've accumulated ALOT of stuff in my time, and a lot of it I keep
on tape. After a minute of so of music have recordings of you
reading off dialups, passwords, notes, or whatever else you might
have. If you have a passion for older computers, many of them held
data on audio tape.....
~Security Breach
Maniac
Read back issues of Security Breach on the PPN zine archive.
NOKIA 2160 NAM PROGRAMMING INFO
by Maniac
1. NOKIA 2160 NAM PROGRAMMING INFO
(Maniac note: this is verbatim from the the original sheet. I can probably scan the
original sheet for those who are interested. It has some display pictures on it,
which I can't include in text.)
NOKIA MOBILE PHONES, INC.
FOR AUTHORIZED DEALER USE ONLY
NOKIA 2160 SERIES CELLULAR TELEPHONE
NAM PROGRAMMING INSTRUCTIONS
All Nokia 2160 cellular telephones are capable of supporting authentication. The
programmer must decide which form of A-Key is desired for use. The two options are
either RANDOM or DEFAULT A-Key. If the RANDOM key is desired for use, use the quick
NAM programming sequence. If a DEFAULT A-Key is desired, then the complete NAM
programming method is used to program NAM location number 2. The clear key can be
used to correct mistakes.
MENU DRIVEN EASY NAM PROGRAMMING FOR THE NOKIA 2160 P2/EFR HANDPORTABLES
USE FOR A RANDOM A-KEY
1. Turn on the phone and enter programming access code (*#639#)
2. Enter the 10 digit area code and phone number and press the 'send' key (or the 'OK'
soft key in display)
3. Enter system ID code (SID) supplied by cellular service provider (1-5 digit SID) and
press the 'send' (or 'OK' ) key.
- Optional settings are language and lock code (see below)
- Phone automatically powers off then back on NOTE: Change the lock code by adding a
pound sign and a new lock code after the SID. (Example: 175#7788 ; Lock code = 7788).
Change the language by adding a pound sign and a new language code after the code
(Example: 175#0 ; Language = English). Language code: 0 (default) = English, 1 =
French, 2 = Spanish, 3 = Portuguese Change the lock code and language code by
separating each set of numbers by a pound sign (Example: 175#7788#2 ; where the
SID = 00175, Lock code = 7788,Language = Spanish).
COMPLETE NAM PROGRAMMING INSTRUCTIONS
USE FOR DEFAULT A-KEY
ACCESS NAM PROGRAMMING MODE:
1.Turn the phone on.
2.Enter the NAM access code. Factory default is: *3001#12345[MENU]
3.If the screen to the right appears, you have entered the access code correctly.
(Maniac note: screen to the right looks like this: see below
Field Test
NAM 1
NAM 2
If it does this you're in luck)
If after several attempts you cannot access NAM programming, it is possible that the
access code has been changed, or the phone is in need of service.
MAIN MENU SELECTION
4. Press the [Scroll-Key] up or down until the indicator points at the desired menu
option. Select from the following:
NAM 1 NAM 2 NAM 3 Security Emergency
SW version Serial No. Programmed Field Test
5.Press the [Select] soft key to access the Sub-Menu from and of the above Main
Menu selections.
PROGRAMMING NAM's 1 THROUGH 3
6. Press the [Scroll-Key] to scroll through the selected NAM parameter list. An
optional personalized wake-up message can be programmed during the "Own Number"
sequence by pressing the [ABC] key and entering the text.
7. If the value is incorrect, press the [Select] soft key and use the numeric keypad to make
any changes.
HOME SYSTEM ID HOME SOC OWN NUMBER
PSID/RSID LISTS(Note 1) DEFAULT SETTINGS
"DEFAULT SETTINGS"
NAM STATUS (Enable/Dis) ACCESS METHOD
LOCAL OPTION PRIMARY PAGING CH
DEDICATED A CCH DEDICATED A NUMBER
DEDICATED B CCH DEDICATED B NBR
OVERLAOAD CLASS GROUP ID
SID ALPHA TAG CNTRL A-KEY CODE
PUBLIC SYSTEMS PRIVATE SYSTEMS
RESIDENTIAL SYSTEMS
8. Use the [OK] soft key to store the new information that has been entered.
9. Repeat steps 6 through 8 for the remaining NAM parameter options to be viewed and/or
changed.
10. To program other NAMs, press [Quit] to return to the Main Menu. Select NAM 2 or NAM 3.
Once the Home System ID and Own Number are programmed, the phone will automatically set
the NAM Status to enabled.
PROGRAMMING THE SECURITY CODE:
11. From the Main Menu, use the scroll keys to select the "Security" Sub-Menu, then press
[Select] and the current 5-digit security code will be displayed. The default value is 12345.
12. To change the Security Code at this time, use the numeric keys to enter the new value.
13. Press the soft key [OK] to store changes. Note: The Lock Code will be automatically
changed to the last 4 digits of the new security code.
PROGRAMMING EMERGENCY NUMBERS:
14. From the Main Menu use the scroll key to select the "Emergency" Sub-Menu, press the
[Select] soft key to access the emergency numbers.
EMERGENCY NUMBER 1 (911)
EMERGENCY NUMBER 2 (*911)
EMERGENCY NUMBER 3 (None)
15. To change the current value, use the scroll key to select the desired field and
press [Select]. Use numeric keys to enter new values.
16. To save the value, press the soft key [OK]. Press [Quit] to exit the menu.
SERIAL NUMBER (ESN):
17. From the Main Menu, use the scroll key to display the "Serial No." or ESN of the phone.
Press [Quit] to exit the menu
PROGRAMMED: (DATE THE PHONE IS FIRST PROGRAMMED)
18. From the Main Menu, use the scroll key to display the "Programmed" menu
19. Press [Select] and enter a four-digit number that corresponds to the month and year the
phone is sold. Example (mmyy) 0197 = January 1997, 0996 = September 1996.
NOTE: This menu location can be programmed only one time. Once the date has been
entered it cannot be changed. Any attempt to enter the menu once it has been programmed
will receive a short beep and the message "DATE ALREADY STORED". EXITING NAM
PROGRAMMING:
20. To exit the NAM programming mode, turn the phone off and leave it off for five seconds.
DEFAULT CODES:
Lock Code = 1234, Security Code = 12345
System Acquisition; Public/PSID/RSID Access Code = 123456.
FIELD TEST:
The FIELD TEST MODE is used to investigate how the phone is reacting to the cellular
system. The FIELD TEST information covers signal strength, battery charging status,
cellular state and encryption status. The information is designed to display information
relating to Analog Control Channels, Digital Control Channels, Analog Voice Channels,
and Digital Voice Channels. All the information provided in the FIELD TEST display is in
accordance with IS-136.
To activate the FIELD TEST mode you must be in NAM programming. Instructions for
entering NAM programming are on the opposite side of this page.
(Maniac note: In this case, opposite side means see above).
Use the following steps to enable the FIELD TEST mode.
From the Main Menu use the scroll key to display the "FIELD TEST" menu and press the
[Select] soft key. Use the scroll key to select Enable and press the soft key [OK]. A second
option is available to enable the field test display with back lighting constantly illuminated
while connected to a car kit.
Turn the 2160 off then back on. Once the power up self-test is complete, the FIELD TEST
display will begin automatically. Scroll through the different displays using the scroll key.
To disable the FIELD TEST mode, return to NAM programming and disable the function
under the FIELD TEST menu.
PROGRAMMING PSIDS AND RSIDS:
The Nokia 2160 provides the option to program Private (PSIDs) and Residential (RSIDs)
System ID's as prescribed by IS-136. The PSID/RSID list is programmed to support
system selection/re-selection processes and SID display functions. The Nokia 2160 P2
product will support up to 15 different Private or Residential Systems. These instructions
allow a person to program 5 of the 15available locations. The other 10 locations are
reserved to ensure available locations for automatic programming. Using the NAM
programming menu to program the PSID/RSID is just one of the several ways that this
information can be programmed. The phone also supports automatic programming of the
PSID/RSID values via registration accept message from a Public & Private system, manually
prompting with System Scan Sub-Menu option New Search, or via Over the Air
Programming. Follow these instructions to program the PSID/RSID lists
1. Enter the NAM programming menu and select NAM 1 (or desired NAM).
(Note: PSID/RSID is currently only available in the NAM 1 location. PSID is included in
NAM 2 and 3 for future use.)
2. Use the scroll key to display "PSID/RSID LISTS" and press [Select].
3. Use the scroll key to select the P/RSID 1 or the desired P/RSID (1 through5).
Press the [Select] soft key.
4. Each list contains:
SYSTEM TYPE:
Select Private or Residential system type.
PSID/RSID: System ID of the Private or Residential system. Indicates which
PSID/RSID the mobile will respond to.
CONECTED SYSTEM ID: Connected System ID. The SID that the PSID/RSID is
connected to.
ALPHA TAG: The name of the Private or Residential SID that will be displayed
when the phone uses the PSID/RSID.
OPERATOR CODE: (SOC) This is the System Operator Code.
US-AWS=001,
Canada-Rogers CantelInc.=002,
Bell South Cellular=003,
Southwestern Bell Mobile Systems=004,
Vanguard=007, Century Cellunet=008,
Pacific Telecom Cellular=009,
Midwest Wireless Communications=010,
Rural Cellular Corporation=011,
Cellular Mobile Systems of St. Cloud=012,
Palmer Wireless Inc.=014
COUNTRY CODE: Enter the Country Code of the PSID/RSID.
PUBLIC SERVICE PROFILES: Contains up to 4-channel and color code values for
each private or residential system. This information is necessary to initiate scanning
for the Private or Residential System.
PRIVATE OPER. FREQUENCIES: Enter the actual channel number(s) that the private
system uses. Up to 4channels per PSID/RSID are allowed.
---------END----------
Unfortunately, I don't own this model of phone, so I couldn't test any of this information.
But it's straight off the manufacturer's sheet, so it should all be correct. I did have to fix
a few typos though...Maniac
Scamming
by nothingg
Six Flags Great Adventure:
Well now right away don't be distracted by the fact that I put
Great Adventure. For all I know these could work at ANY theme park,
but I FOR SURE know they will work at Six Flags Parks, and I have
experience at Great Adventure.
1. Employee Notice
2. Ok, so how do I get in?! I'm broke!!!
3. Whew! It's hot! I need a drink, but I'm still broke!!!
4. Ai-ite, it's night, but now I'm hungry, and still broke!!!
5. Hey check out this laser tag game, however, I'm broke!!!
6. How would I go about changing my monetary status?
7. I need to go home, but my redbox's all wet and I have no change!!!
1. Well, if you work there, like I no longer do (I quit) DON'T BE A
FOOL! Don't even attempt to steal money and watch it while sneaking
a pretzel or churro or funnel cake, They're watching. By they I mean
the Loss Prevention Department. They're high tech bastards. Ok, ever
see on TV those tiny pencil point type cameras? Oh yeah, they use
those, ALOT of them, and they don't just monitor, they RECORD. I've
seen too many friends go down like this. Stealing money WILL get you
caught. By the way, don't pull ANY of these Six Flags scams
if you work there or plan to work there, many employees will
recognize you and report you. This is a precaution, do what you
want, but as a FINAL warning, PLEASE be careful, and ALWAYS remember,
you leave footprints wherever you walk, COVER THEM GOOD!
2. On to the goods. You're standing outside the gate. You do
NOT have a ticket. How the hell are you going to get in?! Well,
ALAS, there is only one way I know of. Great adventure uses a stamp
that can barely be seen as a yellow stamp, but glows in the black
light. Now many of us have this stupid SpyTech inkpad which can
only be seen in the dark. If you have that you're so set, smear
some on your left hand and walk into the re-enter gate. If they ask
questions get REALLY bitchy and say you aren't a slob and you wash
your hands, it seems to be smeared, anyhow, bitch until you get in,
whatever you do DON'T GIVE UP. That's how you get caught. Well, in
the case that you have NO IDEA what SpyTech is cuz you weren't an
eleet little kiddo like I was, you're not out of luck! As long as
someone in your party, preferably a clean someone, has a season pass
or a ticket. In this case, let them go in, then they should come
out and get their hand stamped. Next they should find a secluded
place to meet you. Now comes the cool part, Lick your hand, get it
really wet (you could always use the water fountain, but saliva
ALWAYS seems to work better). Smack your left hands' together
until the saliva/water forms an airtight seal, and PRESTO! you
are both stamped! Now, don't be an idiot and come in at the same
time as your friend, people may get suspicious.
3. Ok, so now you're hot, thirsty, and broke, right? Get over it,
go to the water fountain! Haha, just kidding. Now the only choice
is do you want soda or water? Water is the easy one, go up to a stand
with a soda fountain and say, can I have some icewater, but none of
that expensive poland spring shit. Now, soda's a little trickier.
You'll have to be with another person for best results. Go up to a
stand with a fountain and say, my friend and I both want
some water, can we have it in a big cup so we can share it? Now cups
aren't counted so they'll usually be happy to oblige, and if they
aren't...BITCH! The customer is #1 all the time, they'll give it to
you. Now, I know what you're thinking, now I just have a big water
idiot! Well, spill it out, or drink it if you so desire. Go up to
another stand that has a fountain (out of sight from the first> and
say that you spilled your soda/juice. They'll give you a new
one, company policy, and even if they don't believe you, just act
cool and don't worry, they'll do it, it's company policy.
4. Hungry eh? Well you have a few options here. You can get
anything for free, no problem. Lets start small: fries. Make
sure you know exactly what you want. Lets say you want fries and a
burger. Go to a place that has MANY ordering windows. Go up to one
and say you dropped your burger and fries, but make sure you remember
EXACTLY what you told them you dropped. They should give it to you
no problem, and if they don't, you guessed it, BITCH. Now if they
ask you WHERE you dropped it, just say oh, over by the (insert ride
name here), some asshole bumped into me, he didn't even apologize
(go on until they're sick of you're little spontaneous story) and
they'll give it to you. Now, if you want to risk getting thrown out
of the park, go for the biggs. There are two big places in the park
to go to: the grill and the pizza place. Now, lets say you want a
4 person order of ribs, which comes to like $40. Now that's a scam,
so take your time and stalk the restaurant. Wait until you see one
of the cashiers get replaced and when the supervisor who
accompanied them leaves, and get on their line. If for
some reason you get on the line of a cashier who's been around, abort.
Now once you get in this person's line and remember your order good
<ie. 4 orders of ribs and 4 cokes> and come up with an exact place
where you "dropped it" and a BIG story, and STAY calm while keeping
in mind, it IS company policy to replace dropped food. Tell the
cashier what you dropped where you dropped it and your sob story.
Now, first thing they'll ask you is, do you have you're receipt? Of
course you don't so search your pockets and after pulling out no
receipt say that it must have been on one of the trays. Now the
next question they'll ask is where you dropped it so they can get
someone to (wink)(wink) clean it up. A.K.A. check out if you really
dropped it. Your response must be immediate and sound something
like: well when I dropped it these grounds guys wearing green
clothes said they'd clean it up for me and told me that I could get a
replacement. This should get you either food or a manager. If
you get a manager, retell the SAME story and they'll probably
ask you to sign something which you should proceed to do with
a false name. If none of this works walk away cursing under your
breath loud enough for them to hear you and loudly say,
I am going to complain, and I'm never coming back to great
adventure again (loud enough to get everyone in the
restaurant's attention). If this STILL doesn't work, then you're
out of luck, keep walking.
5. Well, if you've never played laser tag, definitely pull this
one off. All you have to do is pay for a game, play it, and there's
a big timer at the top, when it gets down to the last minute, scream
for the attendant and act VERY frustrated with your laser. Tell him
it doesn't work and it hasn't worked since the game started, act really
bitchy and shake the laser. When he tries it say "See, see!!!" He'll
say that it's working perfectly. But you must claim that it isn't.
By now the game should be over, and you've had your 14 minutes. Now
bitch to the attendant at the desk and he'll either give you a
refund or a free game, and if you don't want the free game, bitch
until you get a refund!
6. No money? Need money to play Area 51 at the arcade and try to
beat me but I am #1 (NIN) anyhow, perhaps you want to win a souvenir
for you're girlfriend. These are too risky to scam, so here's what
you do. Walk around the park, find 2 arcades and 2 soda machines,
the expensive bottle ones. Now tell the attendant you stuck a dollar
in the change machine and no change came out, tell them you stuck 2
dollars into the soda machine but the light blinked and NO soda came
out, and you pushed ALL of the buttons, you should come out with
around 6 bucks, more than you had before. This is a fairly well
known trick, but whatever you do, do not claim to have put a $5 in
because they open the machine and look at the last 3 bills, and if
none of them are $5's, they warn the park about a possible scammer
and you're screwed out of ANY type of scamming.
7. Now this one is kind-of Great Adventure specific. There is a
giant chair that morons pay like $10 to get their picture taken in.
At night the chair is closed due to lack of light. BEHIND the chair
is a phone. Since you're a Phreakish Punk, pick it up dial 9, your
area code and your number. And nobody will notice, because you are
behind a GIANT chair! Anywhere else, just look for
a phone with nobody around and use it, be careful though.
Thanks for putting up with my typos and I hope this has taught
you a bit about scamming Six Flags to death, but wait! There's
more, non-six flags scams!
Ok, here's the generic scam section.
1. I'm at the movies, but drinks are $3, help me!
2. Mall + Broke + Hungry = scam!
3. Final Note (Springer)
1. Well here's the deal, go over to a garbage can and pull out a cup.
Most movie theaters offer free refills. Take a key or any sharp object
and poke a tiny hole in the bottom of the cup. Now splash some water
on your shirt in the bathroom or at the water fountain. Bring the cup
to the attendant and say I'd like a refill of (insert beverage here)
but my cup has a leak man, can I get a new one? They'll give you a
new one, with unlimited refills of course.
2. Ok, so you have the situation set up what are you going to do?
Well, all these Chinese places are willing to give out samples and
so is roli boli. Pass by those places and pick up some samples.
Now put a hat on and get some more. Next it's time for desert. Go
over to McDonalds and say can I have a free sample of ice cream.
They'll give it to you, in a nifty little cone too.
3. Well as my final note, I'd like to say that neither nothingg (me)
or the PPN or the Twisted Nickel endorse using any of these methods
to rip off evil domineering companies nor to we encourage using these
methods. I am merely pointing out the many flaws in a system thought
to be perfect.
~ nothingg
Please send any questions to n0thingg@hotmail.com
Beating Caller ID
by The Fixer
v.1.03
(C) 1998 The Fixer's Tech Room
For free distribution - you may freely repost & distribute this but not
for profit without permission of the author. See further restrictions
at the end of this file.
To start off with - 12 Ways to beat Caller ID
(0) This doesn't count as a way to beat CID, but there's a general
principle to consider when contemplating ways to beat CID.
Generally, the CID signal your target sees corresponds to the owner
of the dial tone you call him from. If you call direct, you dial
from your own dial tone and your line is identified. If you call a
third party, and by whatever means manage to acquire his dial tone,
and from there dial out, it is the number associated with that
second dial tone that your target sees. Some of the ideas following
this were developed with this basic idea in mind.
(0.5) This also doesn't count, but remember that beating Caller ID as
such is only the first layer of your protection. If your calling is
sufficiently annoying or criminal, there is *always* a paper trail
(ANI data, billing data, trouble reports, *57 traces, etc) leading
back to the phone you first called from. That trail is not always
easy or worthwhile to track you down with. Whether or not the trail
is followed depends entirely upon how pissed off your target is and
how much co-operation he can get from the phone company, law
enforcement, etc.
(1) Use *67. It will cause the called party's Caller ID unit to
display "Private" or "Blocked" or "Unavailable" depending on the
manufacturer. It is probably already available on your line, and if
it isn't, your local phone company will (most likely - please ask
them) set it up for free. This is the simplest method, it's 100
percent legal, and it works.
(2) Use a pay phone. Not very convenient, costs 25 or 35 cents
depending, but it cannot be traced back to your house in any way,
not even by *57. Not even if the person who you call has Mulder and
Scully hanging over your shoulder trying to get an FBI trace (sic).
Janet Reno himself couldn't subpoena your identity. It's not your
phone, not your problem, AND it will get past "block the blocker"
services. So it's not a totally useless suggestion, even if you
have already thought of it.
(3) Go through an operator. This is a more expensive way of doing it
($1.25-$2.00 per call), you can still be traced, and the person
you're calling WILL be suspicious when the operator first asks for
them, if you have already tried other Caller ID suppression methods
on them.
(4) Use a prepaid calling card. This costs whatever the per-minute
charge on the card is, as they don't recognize local calls. A lot
of private investigators use these. A *57 trace will fail but you
could still be tracked down with an intensive investigation (read:
subpoena the card company). The Caller ID will show the outdial
number of the Card issuer.
(5) Go through a PBX or WATS extender. Getting a dial tone on a PBX is
fairly easy to social engineer, but beyond the scope of this file.
This is a well-known and well-loved way of charging phone calls to
someone else but it can also be used to hide your identity from a
Caller ID box, since the PBX's number is what appears. You can even
appear to be in a different city if the PBX you are using is! This
isn't very legal at all. But, if you have the talent, use it!
(6) I don't have proof of this, but I *think* that a teleconference
(Alliance teleconferencing, etc.) that lets you call out to the
participants will not send your number in Caller ID. In other
words, I am pretty sure the dial tone is not your own.
(7) Speaking of dial tones which aren't yours, if you are lucky enough
to live in an area with the GTD5 diverter bug, you can use that to
get someone else's dial tone and from thence their identity.
(8) Still on the subject of dial tones that aren't your own, you can
get the same protection as with a payphone, but at greater risk,
if you use someone else's line - either by just asking to use the
phone (if they'll co-operate after they hear what you're calling
about) or by the use of a Beige Box, a hardware diverter or bridge
such as a Gold Box, or some other technical marvel.
(9) This won't work with an intelligent human on the other end, it
leaves you exposed if the called party has a regular Caller ID box
with memory, and has many other technical problems which make it
tricky at best and unworkable for all but experts. A second Caller
ID data stream, transmitted from your line after the audio circuit
is complete, will overwrite the true data stream sent by the telco
during the ringing. If the line you are calling is a BBS, a VMB, or
some other automated system using a serial port Caller ID and
software, then you can place your call using *67 first, and then
immediately after the other end picks up, send the fake stream. The
second stream is what the Caller ID software processes, and you are
allowed in. See the technical FAQs below for an idea of the
problems behind this method; many can be solved.
(10) Someone in alt.2600 (using a stolen AOL account, so I can't credit
him or her properly) suggested going through 10321 (now 10-10-321)
or 10288. Apparently using a 10xxx even for a local call causes
"Out of Area" to show up on the Caller ID display. I live in Canada
where we don't have 10xxx dialing so I can't verify nor disprove
this.
(11) There are 1-900 lines you can call that are designed to circumvent
Caller ID, ANI, traces, everything. These services are *very*
expensive, some as high as $5.00 a minute, but they include long
distance charges. This was first published in 1990 in 2600
magazine, and in 1993 the IIRG reported that 1-900-STOPPER still
works. Beware - even if you get a busy signal or no answer, you
will get charged at 1-900 rates! Another one published in 2600 in
1990: 1-900-RUN-WELL. That one supposedly allows international
calls. I'm not about to call either one to find out. Note that you
could still be caught if the operators of these services were to be
subpoenaed.
(12) Use an analog cellular phone. Most providers of plain old analog
service show up on Caller ID as "Private" or "Out of Area" or a main
switchboard number for the cell network. This is becoming less and
less true as cellular providers move to digital cellular and PCS,
which pass the phone's number on Caller ID. Corollary: Rent a
cellphone by the day. This might even be cheaper than using a
prepaid phone card.
How Caller ID Works
Caller ID is a data stream sent by the Phone Company to your line
between the first and second ring. The data stream conforms to Bell
202, which is a 1200 baud half-duplex FSK modulation. That is why
serial Caller ID boxes run at 1200 baud.
The data stream itself is pretty straightforward. Here's an example:
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUU�'^D 032415122503806467x
The first thing of note is the 30 U's. Those are actually sync pulses.
A "U" is 55 hex, or 01010101 binary. This is called the "Channel
Seizure Signal."
After that comes 130 milliseconds of 1200 Hz (the Bell 202 "mark"
frequency) which usually shows up in the datastream as a character or
two of garbage.
That is followed by the "message type word", which is 04 hex for
standard Caller ID, 07 hex for Name & Number. A word, by the way, is 8
bits for our purposes.
That is followed by the "message length word" which tells us how many
bytes follow.
The next four bytes are the date, in ASCII. In the example above, the
date is 0324, or March 24th.
The next four bytes after the date are the time, also in ASCII. In the
example, the time is 1512, or 3:12pm.
The next 10 digits is the phone number that is calling. In the
example, the phone number is 250-380-6467. The number is also in ASCII
and doesn't contain the hyphens. Some phone companies will leave out
the area code and only transmit 7 digits for a local call, others will
always send the area code as well.
If this were a name-and-number Caller ID data stream, the number would
be followed by a delimiter (01h) and another message length byte to
indicate the number of bytes in the name. This would be followed by the
name itself, in ASCII.
If this call originated from an area that doesn't support Caller ID,
then instead of the phone number, a capital "O" is transmitted (4F hex).
If the call was marked "private" as a result of the caller using *67 or
having a permanent call blocking service, then instead of the phone
number, a capital "P" (50 hex) would be sent.
The very last byte of the data stream is a checksum. This is calculated
by adding the value of all the other bytes in the data message (the
message type, length, number and name data, and any delimiters) and
taking the two's complement of the low byte of the result (in other
words, the two's complement of the modulo-256 simple checksum of the CID
data).
Some Technical FAQ's
Q: When I block Caller ID with *67, does it send my number anyway and
just set a "private bit" so that the other person's Caller ID Display
unit won't display it?
A: No. The person you're calling doesn't get your phone number anywhere
in his data stream if you block your call that way. All he/she gets
is "P" and the date/time of the call.
I would like to refer to an experiment I performed in March, 1998
with a Serial Port Caller ID, which delivers the raw data stream to a
PC for software interpretation. The following Usenet message (edited
for this file) is the report I published on that experiment:
Newsgroups: alt.2600
From: The Fixer <fixer@bc1.com>
Date: Tue, 24 Mar 98 16:12:58 -0800
Subject: Caller ID and *67 - The Facts
OK, it's time to shovel the bullshit that is piling up in this
newsgroup about Caller ID.
A few people are saying that when you block your Caller ID with
*67, the switch sends your number anyway along with a so-called
"private bit" that tells the Caller ID display unit to suppress
display of the number.
In order to squelch those who'd rather flame back with "show me
proof" than just read a FAQ, here is the proof. These are
actual raw data captures from a Bell 202 demodulator (better
known as a serial port Caller ID) which I captured myself today.
They prove conclusively that the "Private Bit" is a myth.
Here is what I got in my raw data stream when I called my voice
line from one of my BBS lines (which is unlisted, hence the
PRIVATE string in the name field):
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUU�'^A^H03241512^A2503806467^G^OPRIVATE x
This is what I got when I did the same thing with *67:
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUU�^P^A^H03241512^D^AO^H^AP(�
The number I was calling from was 250-380-6467. That string is
clearly displayed in the first (non *67) call. In the number
field of the second call, only the letter "O" is transmitted.
In the name field, only the letter "P" is transmitted.
In both calls, the date and time (03/24, 15:12) is transmitted,
but transmission of the calling telephone number is suppressed
in the second call. There is no "private flag" suppressing
display of the number by the display unit; the calling number is
not transmitted at all!
For those of you unfamiliar with the CID raw data stream, the
U's are actually sync pulses (an ASCII "U" is 01010101 binary).
The control characters are field delimiters. The first 8-digit
number is the date and time in MMDDHHSS format. The second
number in the first call is the phone number, in NPANXXXXXX
format. That is followed by the name (for those of us with name
& number CID). The ^O (0Fh) just before the name indicates how
many characters are in the name - in this case "PRIVATE" is
padded out with 8 spaces (20h) to make 15 characters. At the
very end is an 8-bit checksum.
Believe me, if I were wrong about this, there would be a huge
marketing frenzy to sell "*67 proof Caller ID boxes" and I would be
making a fortune selling my Serial Caller ID software, which works
directly with the data streams illustrated above!
Q: Can't I just send noise down the line to scramble the Caller ID
signal between the rings?
A: No. Your phone line doesn't generate the Caller ID signal. It is
made by the switch on your calling party's line, and the audio
circuit between your line and his is not completed until after he
picks up the phone.
Q: Do 1-800 numbers have Caller ID? Can I hide my identity from them?
A: Some do have Caller ID, and the *67 block will work, but many more
have real-time ANI - Automatic Number Identification. This is an
older technology which uses a separate line to deliver your number,
and cannot be blocked. And all 800 subscribers get a list of
everyone who called them on their monthly bill, blocked or not.
Q: Can I hide my identity by sending a fake Caller ID signal down the
line before they answer?
A: *Generally*, no. The audio circuit between your phone line and their
line is not completed until the other party picks up. Once they do,
they would hear your fake signal and know what you were doing...
unless the person you're calling is very poorly informed or
untrained. Even so, most Caller ID devices have memory and so the
person you're calling could just as easily scroll back through the
box's memory and find your true number.
Once upon a time, the phone system worked differently, and the audio
circuit WAS connected even before the called party picked up. A
device called a "mute" or a "black box" was used to take advantage of
this fact and allow anyone calling a line with a black box to do so
toll-free. If the system still worked that way (and there's no
technical reason why it couldn't in these days of digital switching)
then yes, it would be very feasible to send a fake Bell 202 data
stream down the line; in fact you'd hear the real one every time you
called someone with Caller ID and you'd get a really good feel for
the timing involved. But if it worked that way, then black boxes
would also still work, and they don't.
Q: How about *69? If I protect my call using *67, can they still call
me back?
A: Not in 604/250 anyway, and probably not most places.
Some interesting notes about this: When *69 was first introduced
here in 250, if you tried to *69 a blocked call, you would get a
recording telling you that the number could not be announced. And it
would then offer to connect you anyway! I guess it was business who
asked for the change because that meant a telemarketer using *67
would have people call back and their switchboard answer "Sleazebag
Marketing, how can I help you?". At that point the number was a
white pages lookup away. So BC Tel, and I would venture to guess its
parent company GTE and many others, changed it so that *69 won't even
call back.
If you find in your area that you CAN call back with *69 to a *67
protected number, you're a lucky sonofabitch! Why is that? Well,
with the "old" working of *69, you may still be able to get the
number of a blocked caller if you are (a) lucky and (b) patient. Take
your phone off the hook until midnight (if it's a business) or early
afternoon (if it's a person). THEN activate *69. No incoming calls
will have come into your line since it was off-hook, so your line's
*69 last-call register will still have their phone number in it, and
at those times you are far more likely to get an answering machine
which may spill the beans as to who called you... clever huh?
Final Word
Caller ID can be worked around in so many ways that it really offers no
value to its subscribers. I am not against the existence of Caller ID,
as I have been on the receiving end of harassing phone calls and slimy
telemarketers, all of whom I've been able to put in their place thanks
to this technology. There's no doubt that Caller ID can help bring
those who deserve it to justice. But at the same time, we all have the
right to privacy, and the option to not share your identity with someone
you're calling is, and always should be, available.
For this reason, I think that Caller ID should be available free on
every line as part of the basic service. It's worth nothing anyway!
---------------------------------------------------------------------------
That's it. This file may be updated as I receive more information.
Look for updates on my web site at
http://techroom.base.org
or if that doesn't work,
http://bc1.com/users/fixer
---------------------------------------------------------------------------
This file is a freely-distributable copyrighted work. You may repost
this file free of charge without modifications, but no for-profit
distribution is allowed without prior arrangement with the author.
Two individuals who have stolen my work in the past are hereby
prohibited and enjoined from possessing or distributing this file:
Pinhead the Cenobite and Jolly Roger. If you are either of these
individuals, you must delete this file from your system now. If you are
not, you may not knowingly allow either of these individuals to receive
this file if it is in your power to prevent such reception. Retention
of this file on your system or on any backup constitutes acceptance of
this term.
(C) Copyright 1998 The Fixer's Tech Room, a division of Whirlwind
Software (British Columbia). All rights reserved.
~Lineside
LMOS/MLT CODES AND MEANINGS
assembled by Lineside
If you didn't know, LMOS stands for Loop Maintenance Operating
system, and MLT is the mechanized Loop Test. The following are codes and
their meanings for the BellSouth LMOS. They may however be similar, the same
or totally different in other areas. Hopefully someone out there will put
these to good use.
OUTSIDE PLANT (04xx)
0400 Trouble not cleared
0401 Pair change
0402 Pair cut dead ahead
0403 Pair transposed
0407 Pair reconstructed
0408 Miscellaneous
0409 Wrong pair assigned
0410 Cable
0412 Cable damage (non-telco)
0420 Non-accessible plant
0430 Accessible plant
0431 Accessible cross box/SAC etc
0440 Wire
0450 Lightwave/ fiber cable
0461 Repeater plug-in
0462 Apparatus case
0463 RT-common equipment circuit pack
0464 RT-POTS channel unit
0466 RT-Wiring/physical/etc
0467 RT-power
0468 Protection
0470 (DLC) Lockups and precaution measures
0480 Multi-channel and other loop electronics
0490 Air pressure systems
PUBLIC COMMUNICATION (02xx)
0200 Other station equipment standard
0210 Full money box
0220 Enclosure/support equipment
0230 Portable phone cart
0240 Coin and card set
0250 1F2 coin telephone
0260 RACTS/OMNI phone
0270 Collect call timing device (CCTD)
0280 AUGAT monitoring equipment
0290 SMART coin telephone
WIRE (03xx)
0300 Corporate com./ public wire
0340 Network interface
0350 Network terminating wire
0370 Protection
0381 Service drop wire buried/ permanent
0382 Service drop wire buried/ temporary
0383 Service drop wire buried/ cutover
0384 Service drop aerial
FOUND OK- IN (08xx)
0800 Found ok- in
0890 FOK- in for data base driven services
0891 FOK- in calling card service
0892 FOK- in automatic intercept system
0893 FOK- in Expanded 911 service (E911)
0895 FOK- in watch alert
0897 FOK- in 700 service
0898 FOK- in expanded 800 service
0899 FOK- in dial it
CAUSE CODES
100 Telephone company employee
200 Non-employee
210 Customer action
220 Other utility
222 Foreign worker
230 Motor vehicle
270 Telco master contractor
280 Petroleum/ chemical
300 Plant or equipment
400 Weather
410 Lightning
500 Miscellaneous
600 Unknown
Central Office (05xx)
0501 Dial up port
0502 Data port
0503 Packet switch
0504 Data link
0510 CO equipment
0511 Common equipment
0512 Linkage/network/grid
0514 Billing equipment
0515 Trunk
0516 Public service trunk
0517 Office conversation
0520 Translation
0521 Generic/par. work error
0522 Generic/par. document error
0525 Line work error
0526 Line document error
0527 Network work error
0528 Network document error
0529 Line work error CCSR
0530 Distribution frame
0531 MDF cross connection missing
0532 MDF cross connection broken
0533 MDF cross-connection work error
0540 Frame other
0541 MDF cable protector
0544 Terminal wire clipping/conn.
0550 Power
0551 DC power equipment
0552 AC power equipment
0553 Ringing plant
0554 Standby emergency power
0560 Misc. equipment
0562 Line testing equipment
0563 Concentrator
0564 Range extender
0565 Carrier system
0566 AMARC
0567 ISDN service
0568 SLC channel unit
0569 SLC common circuit pack
0570 Special services equipment
0572 Wiring option
0573 Carrier channel
0574 Signaling
0581 Mechanized system failure
0582 Line translations unknown
0586 Signal transfer point (stp)
0587 Tandem office
0588 Switching system design
0590 Data base for data base driven services
0591 Calling card services (ccs)
0592 Automatic callback calling
0593 Enhanced 911 service
0594 Equal access
0595 Watch alert other
0596 TOUCHSTAR
0597 700 series services
0598 Expanded 800 service
0599 Dial-it service
Field Techs and Wiretaps
by Lineside
1......General information
2......Wiretap check request
3......Field tech inspection
4......Wiretaps discovered during routine field inspections
5......Other unlawful use of the companies service
1...General
The purpose of this section is to specify the terms and
conditions of assistance of the telephone company to law enforcement
agencies engaged in, or about to be engaged in, wiretapping activities.
Also the procedure for handling reports of the use of telephone
facilities for bookmaking and dissemination of wagering information.
This practice is being revised to remove the Customer
Service Center and the Annoyance Call Center from the trouble report
flow. Any call to the CSC reporting a wiretap or suspected wiretap
should be transferred to the Centralized Repair Service Attendant
Bureau (CRSAB).
The security organization has the exclusive responsibility
for acceptance of Federal or State Court orders written emergency
certifications, which is required for a lawful wiretap. Any
request received for information or assistance in this regard shall
be referred to immediately to the security organization.
The security organization has complete responsibility for
the direction of the company actions following the discovery of an
actual or suspected wiretap. A follow-up procedure will be followed
by security to ensure that all assistance provided by the company is
terminated when the court order or emergency certification expires.
Protection of the privacy of telephone communication is
fundamental to the telephone business. It is Bell policy to
investigate and resolve any actual or suspected threat to the customers
privacy. In line with this policy, every reasonable effort will be
made to resolve all customer complaints. However, it is unlawful for
Bell personnel to disclose the existence of a lawful wiretap to the
customer. Therefore, the following procedures must be observed
strictly in processing customer requests for wiretap inspection or
in reporting any wiretap device that may be found.
All company personnel who discover an actual or suspected
wiretap device shall report the discovery through the lines of
organization to security, without taking further action. In those
instances where a trouble is caused by the wiretap device, it may
be disconnected only after the security organization has been notified.
2...Wiretap Check Request
The centralized repair service attendant bureau (CRSAB)
shall have the responsibility for handling initial customer
complaints concerning wiretaps or other illicit activities. The
RSA will take the report on any call received at the CRSAB
concerning wiretaps or other illicit activities. This report will
be taken as a Category 1. Customer Direct (CD). The CRSAB shall
transmit all requests of this nature to the installation maintenance
center (IMC). The handling code "WIRETAP" will be used to transmit
this report.
The IMC should input additional auto screen rules to direct
these type reports for manual screening. All personnel handling this
type report will document findings utilizing the EST transaction
in LMOS. This means, MA's will document the test and referral
information. SCC will document their findings, I&M will document
their findings etc. Each action taken on this report must be
documented accurately.
The maintenance administration (MA) will perform trouble
verification tests. If a wiretap exists, it may be indicated by the
test results. It no trouble is indicated or a CO fault is indicated,
the MA will refer the report to the switching control center (SCC)
for further analysis. The SCC will assign the appropriate CO the
task of inspecting the office equipment for the suspected wiretap.
The CO will inform the SCC of its findings during the inspection.
The SCC will close the report to the IMC. In those instances where
the CO may locate wiretap, it must not be disturbed. The technician
must inform the manager who in turn will notify the security
department. If after analysis has been completed by the SCC and
the IMC a wiretap has not been found, it may be necessary to
dispatch a field technician for a complete inspection.
3...Field Technician Inspection
Reports involving suspected wiretaps should be dispatched on
the same day on which they were received, when practicable. It is
strongly recommended that a field manager accompany the technician
during the inspection.
The technician will inspect only equipment/wiring that
is owned/provided by Bell. Equipment/wiring that is provided by the
customer or agent of the customer, will not be inspected. The
customer will not be billed for the inspection of equipment/wiring
provided by Bell. If the customer subscribes to a wire maintenance
plan, the technician will inspect through the customers connection
block. If the customer does not subscribe to a wire maintenance plan,
the technician offer to inspect the wiring for time and material.
If the inspection does not uncover an unlawful wiretap, the
technician may advise the customer that no wiretap was found. When
a wiretap, or what appears to be a wiretap is found, security
must be notified immediately. Under no circumstances will any Bell
personnel disclose or verify the existence of an actual or
suspected wiretap to a customer.
If a wiretap is trouble inducing, security may direct the
technician to correct the trouble or disconnect the device from the
line. The security department shall notify the appropriate
law enforcement agency and shall determine if further action is
required.
After the trouble is cleared, the technician will close
the report using established procedures. The customer must be
advised that the trouble is cleared, but the only statement that
may be made about a wiretap device is "NO UNLAWFUL WIRETAP DEVICE
WAS FOUND".
4...Wiretaps Discovered During Routine Field Operations
If a wiretap, or what appears to be a wiretap, is discovered as a
result of routine field operations, where there has been no customer
complaint or request for a wiretap inspection, security shall be
notified immediately. Under no circumstances will Bell personnel, other
than security or individuals acting under the express direction of
security, disclose the existence of the actual or suspected wiretap
to a customer.
-If security determines that a wiretap discovered in this fashion
is lawful, no report shall be made to the customer.
-If security determines that a wiretap discovered in this fashion
is unlawful, law enforcement and the customer shall be notified.
5...Other Unlawful Use of the Companies Service
If in the course of one's work an employee overhears a conversation
or otherwise obtains information indicating that any services
provided by Bell are being used for bookmaking or for the
dissemination of wagering information or other unlawful
purposes, all facts will be reported to the employee's immediate
supervisor, or will notify security.
- *** THERE IS NO VIOLATION OF SECRECY OF COMMUNICATIONS WHEN
DURING THE NORMAL COURSE OF BUSINESS WITHOUT INTENT TO MONITOR
FOR THE PURPOSE OF OBTAINING SUCH INFORMATION, AN EMPLOYEE
OVERHEARS A COVERSATION WHICH INDICATES UNLAWFUL USE OF
TELEPHONE COMPANY FACILITIES AND REPORTS THE CONVERSATION TO
HIS/HER SUPERVISOR. ****
Controlled Environmental Vaults
by Tom Farley
Visit Tom Farley's website for more articles and past issues of Private Line
at http://www.privateline.com
I wrote about controlled environmental vaults in "private
line" Number 7 (Volume 2, Number 4, July/August 1995). A C.E.V. is
an underground structure that often houses telephone equipment .
The one I went into and took pictures of for that issue's Outside
Plant article housed a 5ESS. In effect, it is a small central office
underground. These inconspicuous, buried buildings allow companies
like RTC to distribute its switching capacity more equally around its
serving area. Your only clue to a C.E.V.'s location is its top -- a four
by four foot flat steel panel two or three feet off the ground, rising
out of the earth like a green, squarish mushroom.
It turns out that Roseville Telephone Company installed the
first C.E.V. in California back in 1986. Here's a history of that vault,
reprinted with permission, from Steve Chanecka's book, _The History
of The Roseville Telephone Company_:
"'The company is looking at the serving area west of Antelope
Road by using a controlled environmental vault which meets the
concerns of nearby residents since it is aesthetically appealing. We
will use it to house a remote switching unit which will serve this
area. Plant from our central office to the 'CEV' will be fiber optics
and from the remote location to the subscribers will use normal
copper wire. Basically, this unit will serve the same function as a
mini-substation, but will be underground and therefore does not
detract from homes in the neighborhood.'
"Ned Kindelt explained the CEV in more detail in a late 1985
article in _Line Chatter_. 'A CEV is a central office located
underneath the ground. The equipment vault is 10 feet, six inches
wide and 24 feet long, and will contain a remote unit in Citrus
Heights for control. The remote switch unit will be wired for 4,608
lines.' In addition, the CEV had air conditioning, a dehumidifier, an
automatic sump pump and an alarm system.
"The use of CEVs was pioneered by Roseville Telephone in
California. The state's first one was placed on Lichen Drive in Citrus
Heights in late 1986. The engineering, splicing and installation was
a long, arduous process, according to project director, splicer Jim
Hood. He reported in the October 1986 _Line Chatter_
'Our first CEV is almost past history. This has been a very
difficult project for many departments. This vault is powered from
the Citrus Heights central office by our first fiber optic cable. Our
second vault, already a work-day reality for some departments will
be located on Antelope Road near the Foothill Christian Center. To
say that this has been a learning experience is being tactful.'
"That first CEV may have been challenging but the concept was
a lifesaver for Roseville Telephone. Faced with an aggressive
expansion of residential housing in the Antelope area of Citrus
Heights, the company's conduit capacity to run copper cable from its
Citrus Heights central office under Interstate 80 was insufficient
for the long term. Had there been no other option, the company would
have faced costly construction to increase its underground conduit
system.
"The CEV approach solved this. Rather than making the conduit
system larger, the use of fiber optics resulted in the cable bundle
running through the conduits being smaller in diameter. Thin, very
high capacity fiber optics connected the central office and the CEV.
The far thicker copper cable ran from the CEV to the customer. Fiber
optics enabled much more information to be transmitted through a
much smaller bundle of wires. Leon Bower, director of outside plant
engineering, explained to fellow employees why CEVs and fiber
optics made sense in the fall of 1985:
'If you read local papers, you are aware that the area roughly
north of Antelope Road, between the railroad and Watt Avenue in
Sacramento County, is about to be developed. They are projecting
between 13,000 and 14,000 new homes in the Antelope Urban
Reserve in the next 20 years. For the area west of the freeway we
are projecting a requirement of 16,000 lines for that 20 year
period.'
'To serve this area with conventional copper cables would
require an investment of some $3.5 million at today's cost in outside
plant alone. Underground conduit systems would have to be
reinforced, at a very high cost, to accommodate the fourteen 1500-
pair, 24 gage feeder cables needed. A fiber cable will cost us about
$102,000. . .'
"Since 1986, 12 more CEVs scattered evenly throughout the
company's service have placed impressive digital switching
power and data transmission capacity close to the users at
an economical price. Moreover, all but one of the company's 13
operating CEVs at the end of 1994 were located inside utility right-
of-ways. The company did not have to buy the site of the CEV or
obtain permits to put them in the ground. Most people are not even
aware of where the CEVs are placed."
It is my understanding that each vault is backed up with
alternative routing, that is, a separate fiber comes in from two
directions to the vault. A single accident will not cause any vault to
go down. The _History of the Roseville Telephone Co._, by the way, is
a fascinating read and an important contribution to independent
telephony. RTC is the 23d largest telephone company in America and
one of the most progressive. The book is over four hundred pages in
hardback. $20 in the U.S. plus $3.50 shipping. Call (916) 786-1117.
There's a discount for orders of five or more. Or order by mailing
from the following: Telephone Book, Roseville Telephone, P.O. Box
969, Roseville, CA 95678. And make sure to visit their telephone
museum at 106 Vernon Street in Roseville from 10:00 to 4:00 p.m. on
Saturdays.
~Cyber Culture
In this section, issues in the cyber world that will effect the H/P scene in
one way or another will be discussed. Submissions for this section are
always welcome.
The impact of the flag burning amendment
by Mr. X2
There has been a lot of talk lately about the proposed amendment that
would make flag burning illegal. Now I have never burned a flag and
I don't have any intentions of doing so. However, burning a flag is
part protected under free speech. Anyone who studies constitutional law
learns that our freedoms are not a 100% guaranteed. If that was the case
there would be anarchy. We give up some freedoms in certain situations
to protect our other rights and the rights of other people. For example,
you cannot yell fire in a movie theater or call in a bomb threat. As
long as your expressions does not infringe on the rights of others, than
it is basically OK. With all that out of the way, how the hell does
burning a flag infringe someone else's rights? Unless you catch someone
on fire in the process than I just don's see it. Well this bill is being sent
to the government to be kicked around for a while and if it passes it will
be put up for vote to become law. In that case, 2/3 of the states have to
ratify it in order for it to become law. While it may be a ways off, it
is important for everyone reading this zine to keep in the back of your
mind. I know your wondering where this is all going in a phreak zine. Well,
I'm sure that most of you reading this support free speech and especially
free speech on the net. When you support such issues, it is important to
look at the big picture and support all related issues. If flag burning is
made illegal, then what else isn't protected under free speech? Previous
court cases and other laws are taken into account when deciding issues
that are new and confusing. If the flag burning amendment passes and then
some time down the road, a bill comes up restricting speech on the net,
people will look at other free speech issues such as the flag burning
amendment. It is also important to support any reasonable free speech issue
not just flag burning. When you support something, you have to support
other's related beliefs as well.
Cyber McCarthyism
by Mohawk
I'm not gonna go into the Colorado shooting but it is important to focus
on one event related to the shooting. Shortly after the media first
reported about the shooting, people went on their computers and made
fake profiles claiming they were in the Trench Coat Mafia, made jokes
about it, and even made a couple of TCM webpages. Once the FBI started
it's investigation, there was a broad search conducted on the Internet
for any clues about the shooting. This was because Eric Harris had various
webpages that gave some signs as to what would happen on april 20th. They
also wanted to see if anyone else was involved. All of Eric Harris'
accounts and webpages were shut down so that no one could tamper with
evidence. Even while I am writing this, there is still a shroud of
mystery as to what exactly happened, why, and if anyone else was
involved or knew about it. During this Internet investigation, anyone
who had anything mentioned about the trench coat mafia on line got
their accounts cancelled, webpages removed, and anything else they had
on the net deleted. Some people on AOL lucked out and just got
warnings although they got all thier files deleted. I've talked to people
that go their accounts cancelled for just posting somewhere that the
trench coat mafia sucks. While this wasn't a wide spread epidemic
it has the implications of someday becoming one. What if a hacker did
some major damage. I mean kill a lot of people. Then the hacker
is painted as this evil person who just wants to cause havoc for
other people and he is just one out of a whole subculture full of
these evil hackers. The media has a field day. They do profiles on
hackers, ya know pimples face nerds who no one likes, plays doom all
day and listens to manson. Can you imagine what would happen to
hackers? No one would want anything to do with hackers on their
service. Thousands of accounts would be canceled, webpages
would be removed, and we would have more than just a crackdown
on our hands. Pretty disturbing huh? How do we prevent this?
That's a good question. Be responsible and try to keep a good
image of hackers would be my best guess. It would be a lot easier
to get people to think that most hackers are nice people before this
happens than afterwards. This has already happened in spurts but to
no major extent. Even if there was a large hackers are nice guys
campaign it probably won't even do that much good. I would like to hear
from you on this topic of Cyber McCarthyism. Is it something to
think about? Is it a problem now? Will it be a problem in the future?
What can we do to prevent it? It's not just hackers that have to
worry about this, any cyber-community may be vulnerable to this.
Copyright 1999 Phone Punx Network. Feel free to distirbute this issue however,
do not modify this file in any way. All issues are free and are not allowed to
be sold in any form. If you are sellling issues you can only charge what it cost
to reproduce them. Keep the information free. All works are owned by the PPN
and/or the authors of the article. If you feel that you own the copyright to a
work printed in this issue and have not given the permission of the author to
republish it, please email us.