💾 Archived View for gemini.spam.works › mirrors › textfiles › phreak › PHREAKING › bob-3.phk captured on 2022-06-12 at 17:43:51.

View Raw

More Information

-=-=-=-=-=-=-

	Guide to: Hacking, Carding Phreaking By: The Dark Lord 

	  Introduction:
	  ~~~~~~~~~~~~~~
	      This is a text file is Made By The Mickey Mouse Club and
	would ask  that it would be distibuted to others for there use. 
	This file is going to  go into depth on how to Hack, Phreak, and
	card.  There will be information that should help everyone,
	Hopefully!!

	Hacking:
~~~~~~~~~~
	Hacking is a long hard process, unless you get lucky.  There are
	many programs and aids out to make the job a lot easier, but the
	concept is the same no matter how you use it.  First, at least on
	most things that you  hack, you need to get some type of account or
	vacancy, etc...  This is done by randomly entering numbers and or
	letters until you come up with the proper combination to find the
	account.  Knowing the size of the account number makes this job
	one-hundred times easier.  Thats why I suggest you find out from
	someone who allready has one or card one.  By carding the account,
	it will die quickly but at least it will give you the length of the
	account numbers (More on that topic will be expained in the carding
	section).  The accound numbers, do not always just contain numbers
	or have numbers at all in it.  If it has a mix, it makes it a hell
	of a lot harder to get.  You will just have to experiment to find
	out what charactors are contained in the account.  Some Examples of
	ones that do have mixes of numbers and letters would be Pc Persuit
	accounts. The forms of them are usuall as such:

	            Account: Pgp014764g
    	        Password: 23632k

	    It looks from these that you are pretty much screw because of
	the way letters are mixed with numbers, thats what makes having a
	program so much easier.  In a lot of circumstances, getting the
	account is the hardest part that is why having a good background of
	the system is a major plus in your favor. Once you have got the
	account, it is time to get the password for this account.  Once
	again having the length and such makes this process not only
	easier, but faster.  just keep entering random passwords of the
	length or the thought length in until you get a stoke of luck and
	get it.  You MUST remember that 99.5 out of 100 times, this is a
	long process, and you have to have patience.  If you don't you
	might as well forget ever getting on to the system or have someone
	else do it for you.  Once you have gotten the password, look it
	over long and hard.  Write it down and keep it, examine it. 99% of
	the time there is a pattern to all the account passwords.  Things
	to look at is the password in reference to the account number. 
	check to see if things have been added to the end or beginning like
	00 or 01 or 99 of 0010 thing like that.  If  you see no relations, 


                                  - 141 -


	the only other way to really find out the pattern in to get another 
	one. Look at both of them together, see if there the same or it 
	account 400's password is 3456 and 402's password is 3458 (they go 
	in order) then just those as a reference to other passwords, take 
	away so much from accounts with a lower number and add the required 
	amounts to accounts with a higher number, etc....  But bassicly, 
	LOOK FOR A PATTERN!  Once you have got the password and the account, 
	you have got yourself a passage way in.
    
	Although this is what you do to succeed, you have to take many
	precautions. They do NOT like us messing with the system and they
	obviously want you to pay just like the others, so they will take
	necessary means to nail you.  They trace like you wouldn't belive. 
	They will trace right as you get on, if you happen to be unlucky,
	you will never know when they are doing it either, you must ALWAYS 
	be aware of the dangers and take precautions! Even on things that 
	you wouldn't think that they would trace you but, be carfull.  
	Whether they trace depends on a couple of things, here are a few 
	major ones:

	  1. There bank balance
	  2. There desire to catch you
	  3. The amount of infestation in there system

	There are things that you can do to protect yourself, these are not
	all of them and none of them are sure fire ways, but hey, cutting
	down your chances of getting caught makes a world of difference,
	because remember, All the fun is taken away if you caught.  Some
	things to do to protect yourself is: 

	  1. Use a diverter
	  2. Use false information about you
	  3. Never stay On-line too long
	  4. Call during late or early hours, were there is most likely   
	     no one monitoring the system
	  5. Don't call frequently or during the same hours, regulate it

	   Once again these are not all of them but these are some of the
	"More" helpfull things.  If you follow all the step, you can reduce
	the change of getting caught by about 40%. f you do get caught
	there is not a whole lot that you can do, but some tips are, first,
	don't reveal any information on what you have done. Deny  all
	charges.  Sencond, plea bargin with knowladge of things, like
	hacked sytems etc..  But never admit that you did it.  Three, and
	most important, get a GOOD LAWYER!!!!!!!

	 DIFFERENT TYPES OF SYSTEMS:

	    Pc Persuit     Cp\m,  Trw, Unix, Vmb, Vms



                                  - 142 -


	These are just a few systems, if I made a complete list There would
	be pratically no end to it, there are millions.

	Phreaking:
	~~~~~~~~~~
	Phreaking, Ahhhwwww, the wonderfull world of phreaking.  Well to
	start with Phreaking is "The use of Telecommunications to others
	besides people of the Phone Company".  Well thats my version of the
	definition at least. Using codes is wuit easy, there are different
	parts to it, the Dial-up, the code, and the number.  First you will
	have to dial in the dial-up and on most dial ups you will get a
	tone or a buzz or click or something to that effect.  Once you hear
	this, and you will know when you hear it you dial in the code. 
	Sometime you will get another tone or beep etc. and when you do
	that is when you dial in the number.  If you do not get another
	tone or whatever you just dial in the number right after you 
	enter the code. You might have to have a test dial up to see how 
	the tones go. In dialing the number once agian the nubers differ.  
	You must enter the area code and then the nuber.  Some require that 
	you have a one before the area code but most that I have used do not.
	You can tell if the code worked right after the number has been put 
	in not just by the error recording that you get but if right off the 
	bat the phone begins to ring, it doesn't work. A code can also be busy.
	If it is busy it could mean that the code is dead or that too many 
	people are using it at once.  You might experiance this often. There 
	are numbers that make phreaking much safer, they are called diverters.
	What the do is when the number that you have dial is being traced it 
	diverts it to that number.  Unless this is virgin or nobody else uses 
	it, you will find that with in a couple of days after it is out, it 
	will be busy, that is the annoyance about diverters, and they are 
	also hard to get. Hacking is also put into play in phreaking by 
	using programs to get dial ups and the codes. Getting these are done 
	in the same way you hack anything else. Just get a program like code 
	thief or code hacker, or make one yourself, it is quite easy. There 
	is a danger with useing the codes. If you hack a code yourself, not 
	just the code but the dial up amd no one else has it you can pretty 
	well  bet that it is safe.  A newly hacked dial-up/code is considered
	"Virgin". those Ma bell is not having the problem with people
	phreaking off of it so they don't bother doing anything with it. 
	But after a while, it will either Die (No Longer work) or they will
	start tracing off of it.  The whole pain about it is, is you will
	never positively no when they started doing traces or things like
	that.  The codes might be being traced but you are getting the luck
	of the draw.  On most codes they don't trace on every call, they 
	just file it away and watch for like the 50th or 100th caller and 
	then that person gets nailed.  You might think if they do trace every 
	100 calls, that means you have a 1 in 100 chance of getting caught and 
	those are really good odds.  Well the odd is 100 to 1 but the is a lot 
	of people that live in areas that they can call with that code.  If you 
	figure about 10 million people could use it then about 100,000

                                  - 143 -


	of them are.  100,000,  hummmmmmm, how odes your odds look now.  
	In a couple minute time spand 99 peoplecould have used it, and 
	lucky you might be the 100th caller.  A lot of times the take like 
	every hundered calls and then when they get the 100th caller, that 
	don't just trace one, they trace 100, 101, 102, 103, 104 200, 201, 
	202 etc.  So you chances of getting caught when the heat is on the 
	code is pretty good.  There are a couple different types of codes 
	and the two major ones are 1-800's and 950's.  800's can pretty much 
	be dialed from anywhere in the states, but 950's stay in certain
	areas.  Some 950 dial ups are:

	    9501001
	    9500266
	    9500355
	    9501388

	And there are others, but like take me for example, where I live
	you cannot use 9500266.  It will tell you that you cannot use that
	number from your dialing range or it just won't work.  You might
	get to the point where the dial-up works but not the code.  If this
	is the case it will say: "Invalid authorization Code" Some examples
	of 1-800's are as follows:

	     1-800-255-2255
	     1-800-759-2345
	     1-800-959-8255

	There are many others but those are just a few, very few.  There
	are also 1-800's and others that will send you directly to the
	operator, you must tell her the code and the number you are
	dialing.  These are NEVER safe to use. but in one case they are
	alot better.  I am out of town a lot so I have to use pay phones
	right?  Well, you are safe with anything with pay phones, so that
	is a good way to call people.  The real good thing them though, is
	since you must go throught th operator, the codes stay valid for up
	to 10 times as long as the others.  But thenm again another draw
	back is it is not a line that you want to give real names or
	numbers over. Because these are often tapped, since the
	operator know that you used the code, they will listen in quite
	often, and you will never even notice. Another problem experianced
	with them is if you are what MMC calls

	"Petite Flowers", our home made word for , someone that sounds like
	a little kid, then they  really give you a hastle about using the
	code. I have had a lot of people ask me if the person you are
	calling with the codes can get busted. The answer is "No".  They
	cannot do anything to the person, just ask him who is calling him 
	with the codes, and they rarely do that.  Just let the person you 
	are talking to, if they don't already know, not to tell anyone that 
	you are calling with the codes.  The phone companies do have to option 
	of setting up a trace on that persons line and bust you when you do call

                                  - 144 -



	him with a code. I have never seen this done but do be aware that 
	the phone companies are made up of intellegent adults and they are 
	very smart and can and will nail you in many ways. I am a firm beliver 
	that you should share a the information that you other phreakers and 
	hackers as they should do the same with you. I also see an execption, 
	inexperianced people. They can run it for everyone be not have the 
	knowladge and screwing up.  I realize that they need someway to build 
	themselves up to a good phreaker but be cautions in what you give to 
	them. Codes die really often and you really have to keep up with the 
	phone company. Its kinda of a pain to keep up with it on your own as 
	quickly as they work but thats why there is phreaking communities and 
	groups such as Fhp and MMC, the gives the edge to the phreakers in the 
	way that, you have help in keeping up with the phone companies, and in
	most cases if the groups or communities are working well together,
	you can eve stay one step ahead of good 'ole Ma bell and others. 
	You really need to find ways of getting codes either from getting
	acess to the phreaking sections  on the pirate boards you call or
	throught friends, Vmb's Loops, Confrences, etc., just try to find a 
	good connection to people that are into phreaking too.

	 Carding:
	~~~~~~~~~
	Although everything talked about in the text file to this point is
	illegal, and you will get busted if you get caught, this is one one
	the one that you can get in some major shit over.  About the only
	thing I have talked about that this falls short of is hacking a
	government compter, and thats one of the Grand daddies of them all. 
	Well, although it is a major crime, it is really cool!!!!  This is
	the process in which you find the card number of someone and use it
	to purchase things.  In order to card, there are a few things that
	you must have or it will not work.  You will need to have........

	     1. The Card Number
	     2. The Experation date
	     3. Card type (Master Card, Visa, etc...)

	Those are the main things tha you will need.  Having the name of
	the owner is very helpfull but it is not a must.  You can get by
	without it. You have to order everything you want by mail.  A
	couple of "Beginner" carder that I talked to didn't understand how
	you would do it, but thats when they had the misconception that you
	actually go to the store and purchase things.  That is a complete No, 
	no. You do everything from a phone ordering service. When you call make 
	sure that you are a t a pay phone.  Don't do it your house or anywhere 
	where it can come back to you.  When you order the merchandice, once 
	again do send it to anywhere that it can come back to you like your 
	home, work, etc.  Find a vacant house or building or anywhere else 
	that you can send it to. Also, don't send it to a P.O. box that you 
	have, just as dangerous.

                                  - 145 -


	When you do order it and you think its around the time that you 
	will be reciving it, check the mailbox frequently.  But do it 
	during odd hours.  I mean, hows it going to look you taking a
	package from a vacant house? Most bills are sent at the end of the
	month or at the biginning, so try to time it to where the bill
	won't come to the person untill a couple of days after you have
	recived the package.  Ok heres how to figure it.  I have found out
	that the bills are sent out up around the 26-30th of the month, so
	they will actually recive the bill around the 31-4th.  Have it sent
	right after you think the bill has been sent. Find what you want,
	but try to order it from the place that guarentees the fastest
	delivery.  When you order the item, make sure they have it in stock
	and don't have to get the item in first.  Order the highest class
	of delivery but not COD or next day service.  Thats cutting it too
	close.  It should take around 2-4 weeks before you get it and if
	you timed it right, then it sound get there right before the person
	gets the bill.  You need to have it in your possesion before the
	bill gets to the person because if they complain, they can keep it
	from being sent, or watch who actually gets it even while its going
	throught the mail process. Don't order more than a couple of things
	or overcharge the card, if the people at the Credit card office,
	see irregular charging on the card, they will follow up on it. To 
	actually order the item you will call up the place that you will be 
	ordering from, and when the operator answers let her know what you 
	need to as far as what you are purchasing, etc. When she ask how you 
	will be paying just tell her "Charge" and the the type of card like 
	Master Card, Visa, ect.  Then Tell them your name, if you don't know 
	the name of the actuall owner of the card, Make up a false name that 
	has NO relation to your name, not the same first, last middle what 
	ever, nothing relating to your real name.  Then continue answering all 
	the operators questions, address (Not your own remember!) state, area 
	code etc.  They will also ask for your phone number. Make one up, not 
	your own.  If something happens to go wrong as far as delivery or if 
	they are checking if you are who you say, then your screwed, unless of 
	course, hehehe, the number is ALWAYS busy. Find the busiest number 
	there is and leave them that. When they ask for the card number and 
	experation, just tell them and do what all else you need. Wish them a 
	good day, and hope you get it. Ok heres how you check if the card is 
	good, and how much money can be charged on the card.......

	1. Dail 1-800-554-2265
	2. it will ask for the type of the card.  you must put in 10 for
	   Master Card and 20 for Visa, I am not sure about the others. 
	3. Next it will ask for the Identification.  You will need to enter
	   1067 
	4. After all that you will have to enter the Mecrchant number,
	   which you will either need to put in 24 or 52.  One of them 
	   should work.


                                  - 146 -

	5. You will then have to enter (When Prompted) the card number    
	   itself.
	6. Next, the experation date of the card.
	7. Last but not least the amount you want to try to get on the
	   card. The procedure for this is enter dollars, astricks, then
	   cents. (Example:) 100*30 = One hundred dollars and thirty cents.
	   One thing I do need to mention, after you type in everything you
	   must press pound (#).  Like when it asks you for the type of card,
 	   if you had a Master Card you would put:  10#.  when it asked for
	   identification you would enter 1067#.  If it says invalid, that
	   either means that the card is no good or you can't charge that 
	   amount on the card.  Try it again, but try a lower amount.  If 
	   you get down to $1 and it still doesn't work, hehehe, you can 
	   probably guess that the card is no good. You might not be ordering 
	   just merchandice you might be ordering accounts and things like that 
       and if you are, fine, but you have to remember, the accounts do not 
	   stay good for very long, the owner of the card gets the bill, 
	   complains and its no longer any good.  And when you card and 
	   account, Nine out of ten times, they won't kill the account, they 
	   will trace in and that is when you butts really in a sling.  So 
	   carding accounts and things, isn't the safest way to go, of course. 
	   nothing we have talked about it, right?

	 Conclusion:
	~~~~~~~~~~~~~~

	Well thats about it for now, there should be a BIG newsletter by
	The mickey Mouse Club comming out soon that you have to be sure NOT
	to miss. I sincerely hope that you have gotten alot out of this
	newsletter and I would like to ask for suggestions and Ideas to
	make MMC a better orginazation.  At this time myself and Cardiac
	Arresst have a Vmb at:  1-800-444-7207 [Ext] 4001. All ideas and
	suggestions, please bring there.  Also, since your making the trip
	anyways, bring along some phreaking codes and all and any types of
	accounts.  I would be greatly appreciated by: The Mickey Mouse
	Club.
















                                  - 147 -


	LOD/H BUST By Pizza Man

	             " U.S. computer investigation targets Austinites "
	           ------------------------------------------------------
	[ The above caption high-lighted the Saturday March 17, 1990
	edition of the Austin American-Statesman [ Austin, Texas ].  The
	article has been copied in its entirety, and the main point for
	typing this up was because of the involvement of the LOD/H
	throughout the article. ]

	The U.S. Secret Service has seized computer equipment from two
	Austin homes and a local business in the past month as part of a
	federal investigation into electronic tampering with the nation's
	911 emergency network. Armed Secret Service agents, accompanied by
	officers from the Austin Police Department, took the equipment in
	three March 1 raids that sources say are linked to a nationwide
	federal inquiry coordinated by the Secret Service and the U.S.
	attorney's office in Chicago. While federal officials have declined
	to comment on the investigation - which focuses on a bizarre mix of
	science fiction and allegations of high-tech thievery - the Austin
	American-Statesman has learned that the raids targeted Steve
	Jackson Games, a South Austin publisher of role-playing games, and
	the home of Loyd Blankenship, managing editor at the company. A
	second Austin home, whose resident was acquainted with Jackson
	officials, also was raided. Jackson said there is no reason for the
	company to be investigated Steve Jackson Games is a book and game
	publisher of fiction, he said, and it is not involved in any
	computer-related thefts. The agents, executing search warrants now
	sealed by a judge from public view, took computer equipment,
	including modems, printers, and monitors, as well as manuals,
	instruction books and other documents.  The equipment has been
	forwarded to federal officials in Chicago. The Secret Service,
	best-known for protecting the president, has jurisdiction in the 
	case, government officials say, because damage to the nation's 
	telephone system could harm the public's welfare. In addition, 
	the system is run by American Telephone & Telegraph Co., a 
	company involved in the nation's defense. The 911 investigation 
	already has resulted in the indictment of two computer "hackers" 
	in Illinois and sources say federal authorities now are focusing 
	on Austin's ties to a shadowy underground computer user's group 
	known as the Legion of Doom.

	The hackers, who live in Georgia and Missouri, where indicted in
	Chicago. they are believed to be members of the Legion of Doom and
	are charged with seven counts, including interstate transportation
	of stolen property, wire fraud, and violations of the Computer
	Fraud and Abuse Act of 1986.  

	The government alleges that the defendants stole a computerized
	copy of Bell South's system that controls 911 emergency calls in
	nine states.  The information was then transferred to a computer 

                                  - 148 -


	bulletin board and published in a hacker publication known as
	Phrack! A trial in the case is scheduled to begin in June. U.S.
	agents also have seized the final drafts of a science fiction
	game written by the Austin-based game company.  Sources say the
	agents are trying to determine whether the game - a dark,
	futuristic account of a world where technology has gone awry - is
	being used as a handbook for computer crime.  Steve Jackson, the
	owner of the local company and a well-known figure in the
	role-playing game industry, said neither he nor his company has
	been involved in tampering with the 911 system.
	
	No one in Austin has been indicted or arrested as a result of the
	investigation.  "It is an on-going investigation.  That is all I
	can say," said Steve Beauchamp, special agent-in-charge of the
	Secret Service Austin field office.  "Until we can put it all 
	together, we just do not comment," he said.

	Bob Rogers, Jackson's Dallas attorney, said federal officials have
	assured him that neither Jackson nor Jackson Games is the target of
	the probe.  The authorities would not tell Rogers whether the
	inquiry focused on other company employees.  As for the science
	fiction game, called Cyberpunk, Jackson said federal authorities
	have mistaken a fictional work for a technical manual [E.N. Why
	does this sound all  too familiar?] . "It's not a manual for
	computer crime any more than a Reader's Digest story on how to
	burglar-proof your house is a manual for  burglars," said Jackson,
	36.  "It's kind of like the hints you get on safe-cracking from a
	James Bond movie." 

	Blankenship, the author of the book, said his attorney has advised
	him not to comment on the book or the Secret Service investigation.
	Jackson said he guesses his company was linked to the 911 probe by
	its use of a computer bulletin board system, called Usenet.  The
	board, one of hundreds throughout the country, is a sort of
	electronic Town Square, where personal computer users from
	throughout the world can tap into the system via phone lines and a
	modem.

	The network, free and relatively unregulated, is an information
	exchange where users can post information, exchange electronic
	messages and debate with keyboards everything from poetry and
	politics to nuclear war. One of the world's largest networks -
	boasting more than 600,000 users - Usenet was tapped by Chinese
	students in North America to organize support for students during
	the pro-democracy demonstrations last year.  The network also was
	infected in 1988 by a now-famous computer "virus" unleashed by
	college student Robert Morris. Jackson said his company has
	maintained a bulletin board on the Usenet network on which it posts
	advanced copies of its role-playing games.  The firm posts the games 
	and requests that the users of the network comment on the text and 
	propose improvements. The Jackson bulletin board, called Illuminati, 
	greets users with the 

                                  - 149 -


	company's logo and a message that states: "Welcome to the
	World's Oldest and Largest Secret Conspiracy." Over the past
	several months, the company has been posting drafts of Cyberpunk
	for review. The resident of the second Austin home raided by the
	Secret Service was acquainted with Jackson and had made comments
	about the game on  Usenet.  He asked to remain anonymous. Typical
	of Cyberpunk literature, the game is set in a bleak future,  much
	like the world portrayed in Max Headroom, formerly a network 
	television program. Computers and technology control people's
	thoughts  and actions and are viewed both as a means of oppression
	and as a method  of escape.  Portions of Jackson's Cyberpunk viewed
	by the Austin American  Statesman include a detailed discussion on
	penetrating government computer  networks and a list of fictitious
	programs used to break into closed  networks.  Bruce Sterling, an
	Austin science fiction writer and one of  the world's best-known
	Cyberpunk writers, said Jackson's game and its  computer-related
	discussions are hardly unusual for the genre. "Cyberpunk is
	thriller fiction."  Sterling said. "It deals to a  great extent 
	with the romance of crime in the same way that mysteries  or 
	techno-thrillers do."  He said the detailed technical discussions 
	in the Jackson games are what draws people to them.  "That's the charm 
	of simulating something that's supposed to be accurate.  If it's 
	cooked up out of thin air, the people who play these games are  going 
	to lose interest."

	Jackson, though, said he has been told by Secret Service agents
	that they view the game as a user's guide to computer mischief.  He
	said they made the comments where he went to the agency's Austin
	office in an unsuccessful attempt to reclaim some of his seized
	equipment.  "As they were reading over it, they kept making
	outraged comments," Jackson said. "When they read it, they became
	very, very  upset.  "I said, 'This is science fiction.'  They said,
	'No.  This is real.'" The text of the Cyberpunk games, as well as
	other computer equipment taken from Jackson's office, still has not
	been returned. The company now is working to rewrite portions of
	the book and is hoping to have it printed next month.  In addition
	to reviewing  Cyberpunk, sources say federal authorities currently
	are investigating  any links between local computer hackers and the
	Legion of Doom.  The  sources say some of the 911 information that
	is the subject of Chicago  indictments has been traced to Austin
	computers. Jackson's attorney said federal officials have told him
	that  the 911 information pilfered from Bell South has surfaced on
	a computer  bulletin board used at Steve Jackson games.  But the
	information  apparently has not been traced to a user.  Jackson
	said that neither  he nor any of his employees is a member of
	the Legion of Doom. Blankenship, however, did consult with the
	group in the course of researching the writing the Cyberpunk game,
	Jackson said. Further, the group is listed in the game's
	acknowledgments for its aid in providing technical information used
	in Cyberpunk.  For these reasons he believes Blankenship is 

                                  - 150 -


	a local target of the federal probe, though none of the
	investigators has yet confirmed his suspicion. "My opinion is that
	he is (being investigated)," Jackson said,  "If that's the case,
	that's gross. he had been doing research for what he hoped would be
	a mass-market book on the computer underground," Jackson said. The
	other Austin resident raided by the authorities, who asked to
	remain anonymous, acknowledged that he is the founding member of 
	the Legion of Doom and that copies of the 911 system had surfaced
	on  the group's local bulletin board.  The 20-year-old college
	student  said the information hardly posed any threat to the 911
	system.  "It was nothing," he said.  "It was garbage, and it was
	boring." In the Chicago indictment accuses the group of a litany of
	electronic abuses, including: disrupting telephone service by 
	changing the routing of telephone calls; stealing and modifying 
	individual credit histories; stealing money and property from  
	companies by altering computer information; and disseminating  
	information about attacking computers to other computer hackers. 
	The Austin Legion of Doom member said his group's worst crime is 
	snooping through other people's computers.  "For the most part, 
	that's all we do," he said.  "No one's out ripping off people's 
	credit cards.  No one's out to make any money. "We're just out to 
	have fun." The group member said the fact that the legion is shrouded 
	in mystery adds to its mystique - and to the interest law enforcement
	agents have in cracking the ring.  "It's an entirely different
	world," the student said.  "It's a very strange little 
	counter-culture.  "Everybody who exists in that world is familiar
	with the Legion of Doom," he said.  "Most people are in awe or are
	intimidated by it."

	A shadowy gang of computer hackers with ties to Austin has become
	the target of a massive federal probe into the nation's high-tech
	underground. Federal and local authorities involved in the inquiry
	seized evidence from three Austin homes and a business in March. 
	They say some action on the local cases, possibly including
	indictments or arrests, is expected in the next month.

	The computer crime crackdown - the largest ever launched by the
	U.S. government - has resulted in the temporary disbanding of the
	Legion of Doom, a notorious national group of young computer
	hobbyists with at least two Austin members. State and federal
	investigators say the 6-year-old group, which once boasted more
	than 150 members in nearly every U.S. state, has been connected
	to a string of computer crimes in Texas, Georgia, Arizona,
	Illinois, California and New Jersey. Officials say group members
	have electronically stolen money and long-distance telephone access
	numbers, changed credit reports, planted datadestroying computer
	viruses in government networks, attempted to tamper with hospital
	patient records, and distributed information that, if used, could
	have debilitated the nation's 911 emergency response network. So 
	far, only four Legion of Doom members have been indicted for the 
	crimes, and none has gone to trial. However, an investigation team

                                  - 151 -


	coordinated by Assistant U.S. Attorney William Cook in Chicago and 
	including the secret Service, the U.S. Department of Justice, the 
	FBI	and a handful of state attorney generals, has in the past six 
	months raided the homes and businesses of about a dozen suspected 
	legion members across the country. In Austin, Secret Service agents,
	local police and officers from the University of Texas Police 
	Department seized computer equipment and documents from three homes 
	as part of the probe. One local business, a role-playing game-
	publishing company called Steve Jackson Games, also was raided in 
	the March crackdown, but officials say the firm is not a primary 
	target of the hacker investigation.  The firm is believed to have 
	been raided because investigators wanted to examine equipment used 
	by an employee. The search warrants used in the raids remain sealed 
	from public view, and Secret Service and UTPD officials declined to
	comment on the case. Law enforcement sources say one of the targets
	of the Austin investigation is a juvenile who is not believed to be
	a member of the hacker group. The two other Austinites under
	investigation are legion members, authorities say, and have been
	linked to the 911 probe centered in Chicago. According to law 
	enforcement sources, the two men helped circulate information about 
	the 911 system's software through a national bulletin board network 
	that hackers could call by using a telephone, a computer and a modem. 
	In addition, details about ways to tamper with the emergency system 
	were published in Phrack, a legion newsletter. While no one in Austin 
	has been indicted or arrested, officials said they expect some action 
	on the local cases in the next month. And state and federal authorities 
	involved in the national investigation say they are preparing dozens of
	additional indictments aimed at the entire membership roster of the 
	Legion of Doom. "It doesn't matter whether you commit a burglary by 
	telephone or by breaking into a building," said Gail Thackeray, an 
	assistant attorney general in Arizona, one of a handful of state 
	investigators working solely on computer crime. "Did they expect that 
	the rest of us would sit by and let every idiot kid in America break 
	into our 911 system?" she said. "I do not respect the right of hackers 
	to learn what they want to learn at the expense of the rest of us." 
	Thackeray, who helped investigate a hacker's attempt to break into 
	the computer system at the Barrow Neurological Institute in Phoenix, 
	said the recent legion crackdown is a result of improved coordination 
	among law enforcement agencies with jurisdiction over computer crime.
	In addition, she said, the effort has been boosted by a new breed of
	investigators with computing expertise. Because of the potential
	for widespread damage to both government and business computer
	systems, officials say the hacker probe has caught the eye of the
	Justice Department, which is pushing U.S. attorneys throughout the
	country to beef up their computer crime-fighting capacity. "There
	is a push on Capitol Hill to shore up our activity in this area,"
	said an assistant U.S. attorney who asked not to be named.  "I
	think this is the beginning of a boom." Said Thackeray: "There's
	more computer crime going on out there than any one agency can

                                  - 152 -


	handle. We're totally flooded." For members of the Legion of Doom, 
	the unwanted law enforcement attention is nothing new. Formed in 84 
	and named for a gang at took on Superman and other heroes in the 
	television cartoon Superfriends, the group has survived two other 
	waves of criminal investigations. The first, in 1985, resulted in 
	the Arrrest and conviction of five of the legion's founders for credit 
	card fraud and theft by wire.  After a brief resurgence, group
	members again were arrested en masse in 1987, only to revive again
	in 88. But according to investigators familiar with the group,
	pressure form the recent legion crackdown is the most intense to
	date.  Several of the investigators said the legion has shut down,
	at least for now. A history of the group written by one of its
	founders and obtained by the Austin American- Statesman seems to
	bear out investigators' suspicions. The 10- page document recounts
	significant developments in the group's history, from its founding
	in 1984 (an event "that would ulti- mately change the face of the
	computer underground forever," the brochure states), to its
	current, besieged status. The pamphlet acknowledges that "there is
	no indication that points to a resurgence in the future" and ends
	with the words "Legion of Doom (84-90)." The brochure also takes
	potshots at federal investiga- tors and the media, often accused by
	legion members of exaggera- ting their crimes and sensationalizing
	the group. "The Legion of Doom has been called everything from
	'organized crime' to a 'communist threat to national security' to
	an 'international conspiracy of computer terrorists bent on
	destroying the nation's 911 service,'" the brochure states.
	"Nothing comes closer to the actual truth than 'bored adolescents 
	with too much spare time.'" Finally, the legion history includes an 
	"alumni" list that conttains the code names of 38 current and former 
	members. According to the legion's own accounting, 14 of the 38 people 
	on the list have either been convicted of computer crimes or are under
	investigation. Officials familiar with the group say the legion's
	characterization of itself as a clique of bored whiz  kids is
	inaccurate. Instead, they portray group members as sophisticated
	and organized malcontents who do not accept conventional concepts
	of respect and trust. "These are not just wacky kids," Thackeray
	said.  "They have absolute contempt for the rest of us." "They are
	constantly in a high-level skill kind of game, part of a thrill.
	They've totally lost touch with reality." William Murray, a systems
	security fellow for the Ernst & Young accounting firm, said even
	though hackers take advantage of the tremendous power of personal
	computers, they still view their crimes as an electronic game of
	cat and mouse. "This whole sense of excitement and joy is not
	tempered," Murray said. "Nobody has told them that they have a
	responsibility for polite behavior." Some states, including
	Arizona, are developing treatment programs for hackers.  Patterned
	after Alcoholics Anonymous and drug-treatment centers, the programs
	are aimed at rehabilitating hackers who have grown dependent on
	their craft. "It is absolutely addictive behavior," Thackeray said. 
	"When they get their hands on tools as powerful as these computers,
	they lost all judgement."

                                  - 153 -


	Operation "Sun-Devil"  by Phreak_Accident
	=====================
	     May 9th and 10th brought on two day thats would be marked in
	every hackers history book.  The reason we assume these days will
	be important to many, is that maybe it's time we opened are eyes
	and saw the witch hunt currently in progress. In less than 48
	hours, 150 Secret Service men and other law officials served 30
	search warrents in 14 cities around the nation (This thing was
	hudge). Operation "Sun-Devil" (As the Attorney General in Phoenix
	called it), was a success on their part. "The investigation though
	is not over,  and there are more warrents to be executed.", said
	Jim Folwer of L.A's Secret Service. Any details of the
	investigation are not being given out at this time. The Asst. 
	Attorney General of Pheonix told Phrack Inc. that there were
	other problems involving the investigation and that it was an
	ongoing investigation for the last TWO years. It is my
	understanding that Gail Thackeray and the Secret Service are not,
	taking this lightly.  She told Phrack inc. that they are not
	distinquishing pirates, hackers, or phreakers.  Basically, it's any
	kid with a modem that calls a BBS with an alias.  Yes, we are the
	witches, and we are being hunted.

	The following are Two news releases obtianed via fax through the
	U.S. Secret Service for Phrack Inc.

	N E W S     R E L E A S E
	FOR IMMEDIATE RELEASE      CONTACT:  Gail Thackeray
	------------------------   Assitant Attorney General
	May 9, 1990 @ 11:00 A.M.   (602) 542-4266



	Attorney General Bob Corbin announced today that in connection with
	an eighteen-month joint investigation into computer crime conducted
	with the United States Secret Service and the United States
	Attorney's office, the Arizona Attorney General's office has
	executed seven search warrants in which computers, electronic
	bulletin boards, telephone test equipment and records have been
	seized. The Organized Crime and Racketeering Division investigation
	involved complaints by Arizona and out of state victims of
	substantial financial losses resulting from credit card fraud and
	theft of long distance telephone and data communications services,
	and by victims of attacks on computer systems operated by
	government agencies, private corporations, telephone companies, 
	financial institutions, credit bureaus, and a hospital. The Arizona 
	Attorney General's office received information and technical 
	assistance from the Glendale, Arizona Police Department's Computer 
	Crime Unit, and from many private sector sources, including Bellcore 
	(Bell Communications Research), American Express, Communications 
	carriers U.S. Sprint, AT&T, MCI,Com Systems, MidAmerican 
	Communications, LDL Communications, and Shared Use Network. Without 
	the cooperation of these companies and of numerous federal,

                                  - 154 -


	state and local law enforcement agencies around the country, this 
	investigation would have been impossible. The privacy of our citizens 
	and the health of our economy depend upon secure, reliable computer 
	systems. Computer fraud and attempts to compromise senstitive public 
	and private computer systems will not be tolerated. Individuals who 
	commit these offenses in Arizona can expect to be prosecuted. 

	.end.
    	       P R E S S     R E L E A S E


	FOR IMMEDIATE RELEASE         Contact:  Wendy Harnagel
	Wednesday, May 9, 1990        United States Attorney's Office
	----------------------        (602) 379-3011


	PHOENIX -- Stephen M. McNamee, United States Attorney District of
	Arizona,
	Robert K. Corbin, Attorney General for the State of Arizona, and
	Henry R. Potosky, Acting Special Agent in Charge of the United
	States Secret Service Office in Phoenix, today announced that
	approximately twenty-seven search warrants were executed on Monday
	and Tuesday, May 7 and 8, 1990, in various cities across the nation
	by 150 Secret Service agents along with state and local law
	enforcement officials.   The warrants were issued as a part of
	Operation Sundevil, which was a two year investigation into alleged
	illegal computer hacking activities. The United States Secret
	Service, in cooperation with the United States Attorney's Office,
	and the Attorney General for the State of Arizona, established an
	operation utilizing sophisticated investigative techniques,
	targeting computer hackers who were alleged to have trafficked in
	and abuse stolen credit card numbers, unauthorized long distance
	dialing codes, and who conduct unauthorized access and damage to
	computers. While the total amount of losses cannot be calculated at
	this time, it is estimated that the losses may run into the millions 
	of dollars.  For example, the unauthorized accessing of long distance 
	telephone credit cards have resulted in uncollectible charges.  The 
	same is  true of the use of stolen credit card numbers. Individuals are
	able to utilize the charge accounts to purchase items for which no
	payment is made. Federal search warrants were executed in the following 
	cities: Chicago, IL - Cincinatti, OH - Detroit, MI - Los Angeles, CA 
	Miami, FL - Newark, NJ - New York, NY - Phoenix, AZ - Pittsburgh, PA - 
	Plano, TX - Richmond, VA - San Diego, CA San Jose, CA

	Unlawful computer hacking imperils the health and welfare of
	individuals, corporations and government agencies in the United
	States who rely on computers and telephones to  communicate.
	Technical and expert assistance was provided to the United States 

                                  - 155 -


	Secret Service by telecommunication companies including Pac Bel,
	T&T, Bellcore, Bell South, MCI, U.S. Sprint, Mid-American,
	Southwestern Bell, NYNEX, U.S. West, and by the many corporate
	victims.  All are to be commended for their efforts for their
	efforts in researching intrusions and documenting losses. McNamee
	and Corbin expressed concern that the improper and alleged illegal
	use of computers may become the White Collar crime of the
	1990's.  McNamee and Corbin reiterated that the state and federal
	government will vigorously pursue criminal violations of statutes
	under their jurisdiction. Three individuals were arrested yesterday
	in other jurisdictions on collateral or independent state charges.
	The investigations surrounding the activities of Operation Sundevil
	are continuing. The investigations are being conducted by agents of 
	the United States Secret Service and Assistant United States  
	Attoryney Tim Holtzen, District of Arizona, and Assistant Arizona 
	Attorney General Gail Thackery. 

	.end.
	_________________________________________________________________
	RIPCO      May 8th, 1990
	-----      -------------
	Operation Sun-Devil claimed more than just a few "Codelords" around
	the states, it claimed one of the oldest and more popular boards. 
	Nobody knows when or if RIPCO shall return. Reportedly, Dr. Ripco
	was charge on a hand-gun violation after his house was searched. 
	Phrack inc. can't comment on this. The following is the exact
	transcript of the message left on RIPCO's answering
	maching after Operation Sun-Devil.
	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 
	This is 528-5020. As you are probably aware, on May 8, the Secret
	Service conducted a series of raids across the country.  Early news
	reports indicate these raids involved people and computers that
	could be connected with credit card and long distance toll fraud.
	Although no arrests or charges were made, Ripco BBS was confiscated
	on that morning.  It's involvement at this time is unknown. Since
	it is unlikely that the system will ever return, I'd just l say
	goodbye, and thanks for your support for the last six and a half
	years. It's been interesting, to say the least. 

	Talk to ya later.
	  {Dr. Ricpo}

	                 *** END OF VOICE MESSAGE ***

	_________________________________________________________________
	{C}omputer {E}mergency {R}esponse {T}eam
	----------------------------------------

	Some call it "Internet Police" -- Others call it "just stupid."
	CERT however is a mix.    But I do give them credit -- After all,
	have your number one goal being 'making the Internet more secure'
	has to be a tough task. Therefore, we give them credit. However, 

                                  - 156 -

	CERT is funded by DARPA, which is a government agency.  And
	anything in my book that the government runs is bad news.  Yes,
	the government pays the 6 man salary and keep their hot-line active
	24 hours a day.  Ahh..  What do you know about CERT?  "Nothing" you
	say?  Well, the following is the press release and other reprints
	of information about CERT. 
	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 
      
	Richard Pethia <rdp@SEI.CMU.EDU>

	DEAR XXXXXXXXX,
	I have been reviewing our correspondence files and have discovered
	that your request for information may not have been filled.  I
	apologize for the delay and hope that the information is still
	useful to you.  If, after reading the following, you have
	additional questions or would like to subscribe to one of
	our information lists, please send email with your
	question/request.

	The Computer Emergency Response Team (CERT) was established by the
	Defense Advanced Research Projects Agency in November of 1988 to
	serve members of the Internet Research community.  The press
	release below describes the general role of the CERT. More
	specifically, the CERT supports individual Internet sites by:
	-Working with site personnel to help resolve individual computer
	security  incidents.  Contact potentially affected sites to warn
	them of possible security breaches.  Work with sites to change the
	conditions that allowed incidents to occur. -Issuing advisories
	that alert the community to specific system vulnerabilities or
	intrusion techniques, as well as the methods to protect against 
	them. -Working with the community and system (primarily Unix) vendors 
	to reslove specific system vulnerabilities. -Maintaining and 
	operating moderated mailing lists that: (1) provide a discussion 
	forum for tools and techniques to improve the security of Unix 
	systems, and (2) provide a discussion forum and alert mechanism for 
	PC viruses, trojan horses, etc. Over the past year we have developed 
	hundreds of working relationships with members of the Internet and 
	other communities and have established an extensive information 
	collection and dissemination network.  Because of this network of
	cooperating individuals and organizations, we are often able to
	advise the community of problems allowing them to take corrective
	action before being affeceted by those problems.

	                                  No.  597-88
	                                 (202) 695-0192 (Info.)
	                                 (202) 697-3189 (Copies)
	IMMEDIATE RELEASE  12 6, 1988    (202) 697-5737 (Public/Industry)

	     DARPA ESTABLISHES COMPUTER EMERGENCY RESPONSE TEAM

	The Defense Advanced Research Projects Agency (DARPA) announced 

                                  - 157 -


	today that it has established a Computer Emergency Response Team
	(CERT) to address computer security concerns of research users of
	the Internet, which includes ARPANET. The Coordination Center for
	the CERT is located at the Software Engineering Institute (SEI),
	Carnegie Mellon University, Pittsburgh, PA. In providing direct
	service to the Internet community, the CERT will focus on the
	special needs of the research community and serve as a prototype
	for similar operations in other computer communities.  The National
	Computer Security Center and the National Institute of Standards
	and Technology will have a leading role in coordinating the
	creation of these emergency response activities. The CERT is
	intended to respond to computer security threats such as the recent
	self-replicating computer program ("computer virus") that invaded
	many defense and research computers. The CERT will assist the
	research network communities in responding to emergency situations. 
	It will have the capability to rapidly establish communications
	with experts working to solve the problems, with the affected
	computer users and with government authorities as appropriate. 
	Specific responses will be taken in accordance with DARPA policies. 


	It will also serve as a focal point for the research community for
	identification and repair of security vulnerabilities, informal
	assessment of existing systems in the research community,
	improvement to emergency response capability, and user security
	awareness. An important element of this function is the development
	of a network of key points of contact, including technical experts,
	site managers, government action officers, industry contacts,
	executive level decision-makers and investigative agencies, where
	appropriate. Because of the many network, computer, and systems
	architectures and their associated vulnerabilities, no single
	organization can be expected to maintain an in-house expertise to
	respond on its own to  computer security threats, particularly
	those that arise in the research community.  As with biological
	viruses, the solutions must come from an organized community
	response of experts.  The role of the CERT Coordination Center at
	the SEI is to provide the supporting mechanisms and to coordinate
	the activities of experts in DARPA and associated communities. The
	SEI has close ties to the Department of Defense, to defense and
	commercial industry, and to the research community.  These ties
	place the SEI in a unique position to provide coordination support
	to the software experts in research laboratories and in industry
	who will be responding in emergencies and to the communities of
	potentially affected users. 

	The SEI is a federally-funded research and development center,
	operating under DARPA sponsorship with the Air Force Systems
	Command (Electronic Systems Division) serving as executive agent. 
	Its goal is to accelerate the transition of software technology to
	defense systems.  Computer security is primarily a software 


                                  - 158 -


	problem, and the presence of CERT at the SEI will enhance the
	technology transfer mission of the SEI in security-related areas.

	                         -END-

	QUESTIONS AND ANSWERS:   DARPA ESTABLISHES CERT, 12/6/88
	Q: Can you provide background on earlier break-ins?
	A: On November 2, 1988, thousands of computers connected to       
	   unclassified DoD computer networks were attacked by a virus.   
	   Although the virus did not damage or compromise data, it did   
	   have the effect of denying service to thousands of computer    
	   users.  The computer science research community associated     
	   with the Defense Advanced Research Projects Agency (DARPA),    
	   along with many other research laboratories and military sites 
	   that use these networks, quickly responded to this threat.     
	   They developed mechanisms to eliminate the infection, to block 
	   the spread of the self-replicating program, and to immunize
	  against further attack by similar viruses.  Software experts   
	  from the University of California at Berkeley, with important  
	   contributions from the Massachusetts Institute of Technology   
	   and other network sites, rapidly analyzed the virus and        
	   developed immunization techniques.  These same software        
	   experts also provided important assistance in the more recent  
	   Internet intrusion of 27-28 November.  As the events unfolded, 
	   DARPA established an ad hoc operation center to help           
	   coordinate the activities of software experts working around   
	   the clock and to provide information to appropriate government 
	   officials.  The operations center had three main tasks.  It    
	   facilitated communications among the many groups affected, it  
	   ensured that government organizations were promptly informed   
	   of developments, and it provided initial technical analysis in 
	   DoD.  Although the threat was contained quickly, a more        
	   maliciously designed virus could have done serious damage. The 
	   recent events serve as a warning that our necessarily          
	   increasing reliance on computers and networks, while providing 
	   important new capabilities, also creates new kinds of          
	   vulnerabilities.  The Department of Defense considers this an  
	   important national issue that is of major concern in both the  
	   defense and commercial sectors.  The DoD is developing a       
	   technology and policy response that will help reduce risk and  
	   provide an emergency reaction response. 

	Q: Who will be on the CERT?

		A: The CERT will be a team of over 100 experts located throughout 
		   the U.S. whose expertise and knowledge will be called upon     
		   when needed. When not being called upon, they will continue    
		   their normal daily work.  As noted in the release, these       
		   experts will include: technical experts, site managers,        
		   government action officers, industry contacts, executive-level 
		   decision-makers and representatives from investigative         
		   agencies. recommendations that will be acted upon by DoD       
		   authorities.
                                  - 159 -


	Q: Is the CERT fully operational now?

	A: We are in the very early stages of gathering people for the    
	   CERT. We are first concentrating on collecting technical       
	   experts.  A staff is in place at SEI, but details are still    
	   being worked out. 

	Q: Will there just be one CERT?

	A: The intent is that each major computer community may decide to 
	   establish its own CERT.  Each CERT will therefore serve only a 
	   particular community and have a particular technical           
	   expertise.  (The DARPA/SEI CERT will serve, for example, the   
	   research community and have expertise in Berkeley-derived UNIX 
	   systems and other systems as appropriate.)  The National       
	   Computer Security Center and the National Institute of         
	   Standards and Technology will support the establishment of the 
	   CERTs and coordinate among them. 

	Q: What are the special needs of the research community that      
	   their CERT will serve?

	A: The special challenge of the research community is improving   
	   the level of computer security without inhibiting the          
	   innovation of computer technology.  In addition, as is often   
	   DARPA's role, their CERT will serve as a prototype to explore  
	   the CERT concept so that other groups can learn and establish  
	   their own.

	Q: Does the CERT Coordination Center have a press point of        
	   contact?

	A: No. Their function is to serve as a nerve center for the user  
	   community.

	.end
	_________________________________________________________________ 
	USA Today and the devil
	-----------------------

	Many controversies have been made of the article printed in USA 
	Today after Operation Sun-Devil took it's toll.

	 Phrack inc. tried to contact the author, and with no luck she wast
	accepting phone calls.   Please remember, this is only a USA Today
	article -- C'mon, get real USAT.


	byline 'Debbie Howlett, USA Today' reads:

	A network of computer hackers operating in 14 cities -- which
	bilked phone companies of $50 million -- has been unplugged, police
	say.

                                  - 160 -


	"We're not talking about somebody who played Space Invaders too
	many times," says Tim Holtzen, spokesman for the U.S. attorney in
	Phoenix.

	The hackers -- the largest such ring discovered in the USA --broke
	into phone company and bank computer systems to obtain account
	numbers and run up an unknown total in debts, police say.
	
	"The main thing is the life-threatening information these computer
	hackers were trying to get into," says Richard Adams of the Secret
	Service.  "It goes beyond being monetary to totally mischievous." 

	The ring was uncovered 18 months ago, when members tried and failed
	to infiltrate computers at Barrows Neurological Institute in
	Phoenix.

	They later tried to block incoming calls to the 911 emergency
	service in Chicago.  The motivation?  "The primary reason is as
	kind of a malicious hobby." says Gary Chapman of Computer
	Professionals for Social Responsibility.  "People are interested in
	testing their skills against security measures." But, Adams says,
	"I hate to minimize it by saying it was just for kicks."

	Police seized 40 computers and 23,000 disks during searches Tuesday
	in 14 cities, officials said Wednesday.  Five men, between the ages
	of 19 and 24, have been arrested.

	What's been uncovered so far, says Holtzen, may be "just the tip of
	the iceberg."




















       


                                  - 161 -


	THE ART OF INVESTIGATION By The Butler

	There are many ways to obtain information about individuals.  I am
	going to cover some of the investigative means of getting the low
	down on people whom you wish to know more about.

	Some of the areas I will cover are:

	Social Security Checks
	Driving/Vehicular Records
	Police Reports
	FBI Records
	Insurance Records
	Legal Records
	Credit Bureau Checks
	Probate Records
	Real Estate Records
	Corporate Records
	Freedom Of Information Act
	Governmental Agency Records
	Maps
	Tax Records

	To obtain information from some organizations or some individuals
	one must be able to "BULLSHIT"!!! Not only by voice but in writing. 
	Many times you must write certain governmental bodies requesting
	info and it can only be done in writing.  I can't stress enough the
	need for proper grammer and spelling. 

	For you to obtain certain information about another person you must
	first get a few KEY pieces of info to make your investigation
	easier.  The persons Full Name, Social Security Number, Date &
	Place of Birth will all make your search easier and more complete.

	First of all in most cases you will know the persons name you want
	to investigate. If not you must obtain it any way you can.  First
	you could follow them to their home and get their address.  Then
	some other time when they are gone you could look at their mail or
	dig through their trash to get their  Full Name. While in their
	trash you might even be able to dig up more  interesting info like: 
	Bank Accout Numbers, Credit Card Numbers, Social Security Number, 
	Birth Day, Relatives Names, Long Distance Calls Made, etc.

	If you can't get to their trash for some reason take their address
	to your local library and check it against the POLKS and COLES
	Directories.  This should provide you with their Full Name, Phone
	Number, Address, and how long they have lived at the current
	location.

	You can also check the Local Phone Book, Directory Assistance, 


                                  - 162 -


	City Directories, Post Office, Voter Registration, Former
	Neighbors, Former  Utilities (water, gas, electric, phone, cable,
	etc.)

	If you know someone who works at a bank or car dealer you could
	have them run a credit check which will reveal all of their credit
	cards and if they have ever had any late payments or applied for
	any loans. If you are brave enough you could even apply for a loan
	impersonating the individual under  investigation The Credit Bureau
	also has Sentry Services that can provide  deceased social security
	numbers, postal drop box address and known  fraudulent information.

	You can get an individuals driving record by sending a letter to
	your states Department of Revenue, Division of Vehicles.  You can
	also get the following:

	Driver Control Bureau For Driving Record send Name, Address, Date
	of Birth and usually a $1  processing fee for a 5 year record.

	Titles & Registration Bureau For ownership information (current and
	past).

	Driver License Examination Bureau To see what vision was rated.

	Motor Carrier Inspection & Registration Bureau To check on
	licensing and registration of trucks/trucking companies.

	Revocation Dept Can verify if someone's driver's license has ever
	been suspended or revoked.

	You can even obtain a complete vehicle history by sending the
	vehicle description, identification # for the last registered
	owner, and a small fee. Send this info to your states Dept of
	Vehicles.  It is best to contact them first to get their exact
	address and fees.  I would advise using a money orders and a P.O.
	Box so they cannot trace it to you without a hassle.

	Police Records

	All Police and Fire Records are Public record unless the city is
	involved. You can usually get everything available from the police
	dept including: Interviews, maps, diagrams, misc reports, etc.


	FBI Records

	If the individual you are inquiring about is deceased the FBI will
	provide some info if you give them Full Name, SSN, Date & Place of
	Birth.  Contact you local FBI office to get the details.


                                  - 163 -


	Real Estate Records

	Recorder of Deeds offices in each county maintain land ownership
	records. Most are not computerized and you have to manually search. 
	Then you must review microfilm/fiche for actual deeds of trust,
	quit claim deeds, assignments, mortgage, liens, etc.

	A title company can run an Ownership & Equity (O&E) search for a
	fee  ($80-$100) which will show ownership, mortgage info,
	easements, taxes owned, taxes assessed, etc.

	Most county assessors will provide an address and value of any real
	property if you request a search by name.


	Social Security Records

	Social Security Administrator
	Office of Central Records Operations
	300 North Greene Street
	Baltimore, Maryland 21201
	301-965-8882

	Title II and Title XVI disability claims records, info regarding
	total earnings for each year, detailed earnings information show
	employer, total earnings, and social security paid for each quarter
	by employer.

	Prices are approximately as follows:

	1st year of records                        $15.00
	2nd-5th year of records                    $ 2.50 per person
	6th-10th year of records                   $ 2.00 per person
	11th-15th year of records                  $ 1.50 per person
	16th-on year of records                    $ 1.00 per person

	**  Call for verification of these prices.  **

	Social Security records are a great source of information when
	someone has been relatively transient in their work, or if they are
	employed out of a union hall.

	If you want to review a claim file, direct your request to the
	Baltimore office.  They will send the file to the social security
	office in your city for you to review and decide what you want
	copies of.

	The first three digits of a social security number indicate the
	state of application.




                                  - 164 -


	                 The Social Security Number

	SSA has continually emphasized the fact that the SSN identifies a
	particular record only and the Social Security Card indicates the
	person whose record is identified by that number. In no way can the
	Social Security Card identify the bearer. From 1946 to 1972 the
	legend "Not for Identification" was printed on the face of the
	card.  However, many people ignored the message and the legend was
	eventually dropped.  The social security number is the most widely
	used and carefully controlled number in the country, which makes it
	an attractive identifier.

	With the exception of the restrictions imposed on Federal and some
	State and local organizations by the Privacy Act of 1974,
	organizations requiring a unique identifier for purposes of
	controlling their records are not  prohibited from using (with the
	consent of the holder) the SSN. SSA records are confidential and
	knowledge of a person's SSN does not give the user  access to
	information in SSA files which is confidential by law.

	Many commercial enterprises have used the SSN in various
	promotional efforts. These uses are not authorized by SSA, but SSA
	has no authority to prohibit such activities as most are not
	illegal. Some of these unauthorized uses are: SSN contests;
	skip-tracers; sale or distribution of plastic or metal cards;
	pocketbook numbers (the numbers used on sample social security
	cards in wallets); misleading advertising, commercial enterprises
	charging fees for  SSN services; identification of personal
	property.

	The Social Security Number (SSN) is composed of 3 parts,
	XXX-XX-XXXX, called the Area, Group, and Serial.  For the most
	part, (there are exceptions), the Area is determined by where the
	individual APPLIED for the SSN (before 1972) or RESIDED at time of
	application (after 1972). The areas are assigned as follows:

	000     unused   387-399 WI    528-529 UT
	001-003 NH       400-407 KY    530     NV
	004-007 ME       408-415 TN    531-539 WA
	008-009 VT       416-424 AL    540-544 OR
	010-034 MA       425-428 MS    545-573 CA
	035-039 RI       429-432 AR    574     AK
	040-049 CT       433-439 LA    575-576 HI
	050-134 NY       440-448 OK    577-579 DC
	135-158 NJ       449-467 TX    580     VI Virgin Islands
	159-211 PA       468-477 MN    581-584 PR Puerto Rico
	212-220 MD       478-485 IA    585     NM
	221-222 DE       486-500 MO    586     PI Pacific Islands*
	223-231 VA       501-502 ND    587-588 MS
	232-236 WV       503-504 SD    589-595 FL
	237-246 NC       505-508 NE    596-599 PR Puerto Rico
	247-251 SC       509-515 KS    600-601 AZ

                                  - 165 -


	252-260 GA       516-517 MT    602-626 CA
	261-267 FL       518-519 ID    *Guam, American Samoa,
	268-302 OH       520     WY     Northern Mariana Islands,
	303-317 IN       521-524 CO     Philippine Islands
	318-361 IL       525     NM
	362-386 MI       526-527 AZ
	627-699 unassigned, for future use
	700-728 Railroad workers through 1963, then discontinued
	729-899 unassigned, for future use
	900-999 not valid SSNs, but were used for program purposes
    	    when state aid to the aged, blind and disabled was
	        converted to a federal program administered by SSA.

	As the Areas assigned to a locality are exhausted, new areas from
	the pool are assigned.  This is why some states have non-contiguous
	groups of Areas. The Group portion of the SSN has no meaning other
	than to determine whether or not a number has been assigned. SSA
	publishes a list every month of the highest group assigned for each
	SSN Area.  The order of assignment for the Groups is: odd numbers
	under 10, even numbers over 9, even numbers under 9 except for 00
	which is never used, and odd numbers over 10. For example, if the
	highest group assigned for area 999 is 72, then we know that the
	number 999-04-1234 is an invalid number because even Groups under
	9 have not yet  been assigned.

	The Serial portion of the SSN has no meaning. The Serial is not
	assigned in strictly numerical order. The Serial 0000 is never
	assigned.

	Before 1973, Social Security Cards with pre-printed numbers were
	issued to each local SSA office. The numbers were assigned by the
	local office. In  1973, SSN assignment was automated and
	outstanding stocks of pre-printed  cards were destroyed.  All SSNs
	are now assigned by computer from head-quarters.  There are rare
	cases in which the computer system can be forced to accept a manual
	assignment such as a person refusing a number with 666 in
	it.

	A pamphlet entitled "The Social Security Number" (Pub. No.05-10633)
	provides an explanation of the SSN's structure and the method of
	assigning and validating Social Security numbers.


	Tax Records

	If you can find out who does the individuals taxes you might be
	able to get copies from them with the use of creative social
	engineering. If you want to run a tax lien search there is a
	service called Infoquest. 1-800-777-8567 for a fee.  Call with a
	specific request.


                                  - 166 -


	Post Office Records

	If you have an address for someone that is not current, always
	consider  writing a letter to the postmaster of whatever post
	office branch services the zip code of the missing person.  Provide
	them the name and the last known address and simply ask for the
	current address.  There might be a $1 fee for  this so it would be
	wise to call first. City Directory, Polk's, Cole's, etc.
	Information in these directories is contained alphabetically by
	name, geographically by street address, and numerically by
	telephone number, so if you have any of those three pieces of info,
	a check can be done.  The Polk's directory also shows whether the
	person owns their home or rents, their marital status, place of
	employment, and a myriad of other tidbits of information. However, 
	these books are not the be-all and end-all of the  information as 
	they are subject to public and corporate response to surveys. These 
	directories are published on a nationwide basis so if you are looking  
	for someone outside of your area, simply call the public library in 
	the area  you have an interest  and they also can perform a crisscross 
	check for you.

	You can also call a service owned by Cole's called the National
	Look up Library at 402-473-9717 and either give a phone number and
	get the name & address or give the address and get the name and
	phone number. This is only available to subscribers, which costs
	$183.00 dollars for 1991.  A subscriber  gets two free lookups per
	day and everyone after that costs $1.25.  A  subscriber can also
	mail in a request for a lookup to:

	National Look Up Library
	901 W. Bond Street
	Lincoln, NE 68521-3694

	A company called Cheshunoff & Company can, for a $75 fee, obtain a
	5-year detailed financial analysis of any bank.

	505 Barton Springs Road
	Austin, Texas 78704
	512-472-2244

	Professional Credit Checker & Nationwide SSN-locate.

	!Solutions! Publishing Co.
	8016 Plainfield Road
	Cincinnati, Ohio 45236
	513-891-6145
	1-800-255-6643

	Top Secret Manuals



                                  - 167 -


	Consumertronics
	2011 Crescent Drive
	P.O. Drawer 537-X
	Alamogordo, New Mexico 88310
	505-434-0234


	Federal Government Information Center is located at

	1520 Market Street
	St. Louis, Missouri
	1-800-392-7711


	U.S. Dept of Agriculture has located aerial photos of every inch of
	the  United States.

	2222 West 2300 S.
	P.O. Box 36010
	Salt Lake City, Utah 84130
	801-524-5856

	To obtain general information regarding registered agent,
	principals,  and good standing  status, simply call the Corporate
	Division of the  Secretary of State and they will provide that
	information over the phone. Some corporate divisions are here:

	Arkansas Corporate Division   501-371-5151
	Deleware Corporate Division   302-736-3073
	Georgia Corporate Division    404-656-2817
	Indiana Corporate Division    317-232-6576
	Kansas Corporate Division     913-296-2236
	Louisiana Corporate Division  504-925-4716
	Missouri Corporate Division   314-751-4936
	New York Corporate Division   518-474-6200
	Texas Corporate Division      512-475-3551


	Freedom Of Information
	The Freedom of Information Act allows the public to request
	information submitted to, or generated by, all executive
	departments, military  departments, government or government
	controlled corporations, and  regulatory agencies. Each agency, as
	described above, publishes in the  Federal Register, descriptions
	of its central and field organizations and  places where and how
	requests are to be directed. Direct a letter to the  appropriate 
	person designated in the Federal Register requesting reasonably  
	described records be released to you pursuant to the Freedom of 
	Information  Act.  Be sure to follow each agency's individually 
	published rules which  state the time, place, fees, and procedures 
	for the provisions of information. The agency should promptly respond.


                                  - 168 -


	How to Find Information About Companies, Ed. II, 1981, suggests,
	"Government personnel you deal with sometimes become less helpful
	if you approach the subject by threatening the Freedom of
	Information Act action - it's best to ask for the material
	informally first."  While this will probably enable  you to find
	the correct person to send your request to, be prepared to spend
	at least half an hour on the phone talking to several people before
	you find the person who can help you.  The book also has a brief
	description of what  each governmental agency handles.

	If you want to see if someone you are trying to locate is a
	veteran, has a federal VA loan, or receives some sort of disability
	benefit, use Freedom of Information and provide the person's SSN.

	You will get a bill but you can ask for a fee waiver if this
	contributes to a public understanding of the operation of the
	government.  You can also request an opportunity to go through the
	files yourself and then decide what you want copied.


	Insurance Records

	PIP carrier records (may contain statements, medical records, new
	doctors/hospital names,  records of disability payments, adjuster's
	opinions, applications for insurance coverage, other claim info,
	etc.)

	Health insurance records (may contain medical records, record of
	bills, new doctors/hospital names, pre-existing conditions
	information, info regarding other accidetns/injuries, etc.)

	Often you will have to go through the claims office, the
	underwriting dept, and the business office to get complete records
	as each individual dept maintains its own seperate files.

	Workers Compensation

	Some states will let you simply request records.  Just submit your
	request including the SSN and Birthdate, to the Department of Human
	Resources,  Division of Worker's Compensation.  They will photocopy
	the records and send you the copies.  Other states require an
	authorization to obtain these  records.

	You can always call your local Private Investigator pretending you
	are a student doing a research paper on the methods of getting
	personal information about people or even trash his place to find
	tips on tracking down people.





                                  - 169 -


	Frankie's Fireside Phreak Primer
	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
	A few words of advice that apply to phreaks every-where.  Whether
	a telecom veteran, or a K0dez Kid, the following guidelines may
	keep you out of trouble and make life in the Computer Underground
	a little more pleasant. Brought to you by the CULT, o'course.


	>> A CULT Publication by High Priest and Scribe, Franken Gibe <<
	     -cDc- Cult of the Dead Cow Dissemination Council -cDc-

	=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=I
	think we could all use a little refresher on Phreak Safety and
	Hygiene. It seems that phreaks are getting more and more
	careless...and it's when you think you can't get caught
	that...yeah: You do. Most of you know these, or think about them
	occasionally, but try to put the following stuff into practice. A
	Safe Phreak is an Informed Phreak; A Safe Phreak is a Phreak who
	Respects the Telecom Medium.  Those are trite epigrams, but very
	true.
	=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
	1) Due to the proliferation of Traffic Pattern Monitoring software
       among independent carriers, it is DEADLY to scan. If you must 
       scan, NEVER use big name IC's (notably MCI [Real Time Toll Fraud
	   Detection System], U.S. Sprint [those 950's are NOT fun-and-games],
       etc). If you MUST scan, remember these few commandments:

	  A) Thou shalt never scan sequencially.
	  B) Thou shalt never scan in predictable or detectable patterns.
	  C) Thou shalt never scan a single access port all night, in     
	     closely-spaced increments. Best not to scan.  Best to have   
	     some little kid who doesn't know you scan.

	2) Alternate codes as MUCH as you can. Using a code-a-call isn't  
	   a bad idea if you have those kinds of resources.  Coupled with 
	   the no-scanning doctrine, though, notebooks full of codes will 
	   not be so common.

	3) This is the important corollary to number 2...NEVER EVER EVER  
	   overuse codes, nor use codes that you've abused earlier in a   
	   given month later on in the same month (generally, after the   
	   20th, when d'bills start to roll out).

	4) Do as MUCH remote phreaking as is humanly possible. If you can 
	   roll your computer out to some fortress fone, and hook up an   
	   acoustic coupler, AND not attract attention...Go for it.       
	   (Heck, I'd do it!)

	5) Local access ports and AT&T WATS access ports are generally    
	   safer than 950's. WATS #'s owned by Ind. Carriers are DEADLY.  
	   Here's a little list of advantages and disadvantages of all    
	   the above...
                                  - 170 -


	  A) Local Access Ports: Depending on the size of the LDS, these  
	     ports can be more or less safe. Almost NEVER have any sort   
	     of ANI hooked up, but if abuse becomes notable, they CAN     
	     install an incoming trap, discover a phreak's Central Office 
	     Code, and then put an outgoing trap in his CO. After that,   
	     it's only a matter of time.  Traffic Pattern software can    
	     give an LDS a good idea of what action it needs to take.

	  B) AT&T WATS numbers: Not a free ride by ANY means, but         
	     generally pretty safe. According to No Severance, AT&T WATS  
	     lines receive no ANI information. Like the local ports, the  
	     area from which a phreak is calling can be determined, but   
	     abuse would have to be pretty dramatic. Between local and    
	     AT&T WATS, I'd take WATS ("But what about the 800 Excessive  
	     Calling List?" Well, if it exists, then it's best not to use 
	     WATS too much...i.e. Do NOT Scan).

	  C) Most 950's are safe, contrary to popular belief. There are a 
	     number of Feature Groups into which these numbers fall. I    
	     don't really remember what they are, and it doesn't really   
	     matter. I just wouldn't be too anxious to use these 'cause   
	     they're sorta bizarre, and they're VERY abused (never a good 
	     thing). But if you must, it's better than...

	  D) Independent Carrier-Owned WATS numbers: God, DO NOT use      
	     these. When an IC owns its own carrier, it receives KP + II  
	     + 10Dig (YOUR phone number) + ST. In other words, these guys 
	     are generally ANI equipped. How can you tell? Well, if       
	     you've got an 800 access port, and the exchange is NXX       
	     (i.e., you've got a number :1-800-NXX-XXXX), then FIRST dial 
	     1-800-NXX-0000. If you get the "You have reached the AT&T    
	     Long Distance Network" recording, the # is AT&T. If you get  
	     a "Your call cannot be completed " recording, DO NOT use     
	     that WATS number. Simple.

	6) [or whatever number...sigh]  PLEASE...for your own good, and   
	   that of Phreakdom, DO NOT advertise what you do. Yeah, some    
	   kids at school might think it's pretty k-radical. Those same   
	   kids are the ones to nark, or to mention stuff to the friendly 
	   administrators should they ask around. The less non-phreaks    
	   know the better.  Keep your MOUTH SHUT.

	That reminds me of poor Disk Demon [of 915]. The kid really wasn't
	expecting trouble, but he made the fatal mistake of talking:
	probably to someone he trusted, and probably he didn't say much.
	All he mentioned was bringing a pirated disk to school the next day
	over the phone which was all the cops needed to search his house,
	and bam...they have him with telecom fraud evidence. The cops don't 
	need much to get a warrant to monitor your telfo. It's a scary 
	reality in a nation that takes less and less seriously the Bill of 
	Rights.


                                  - 171 -


	8) NEVER phreak voice calls. Sigh. I know, I'm sure there are a   
	   thousand screams of "Oh, COME ON, that's going too far". Okay, 
	   let me qualify that, then. Voice-phreak only if you're 1) sure 
	   you're not monitored (and who is ever sure?) and 2) know that  
	   the recipient can handle possible threats and unpleasantness   
	   from the friendly operator who may give him a buzz.  Feds and
	   investigators ain't stupid...or at least, not THAT stupid. As  
	   long as no one admits anything, it's okay. But the minute you  
	   start voice-phreaking, you open a lot of loose ends. Some      
	   suggestions, then, for voice phreaking:

	  A) Try to remain anonymous. Not too hard.
	  B) IF you're talking to strangers, don't mention where you're   
	     calling from, much less leave a number. Yeah, just common    
	     sense.
	  C) Don't talk about phreaking over the line if you don't think  
	     the line is secure. Duh!
	  D) If you trust the kid you're calling, tell him you've         
	     phreaked a call to him. Ask him if it's "cool". Make sure he 
	     can handle possible (and usually improbable) inquiries. Make 
	     sure his 'rents know NOTHING.

	9) That's another thing. This doesn't have to do with safe        
	   phreaking, but with keeping phreaks safe. Know what you'll say 
	   if you ever get called by an operator or investigator type. If 
	   you have a bbs or data line, great. If not, have a story ready 
	   and rehearsed. When you think about it, it IS kinda hard for
	   these people to believe that you don't know WHO called you for 
	   5 hours last Sunday night...be prepared. (Ee! Boy scouts       
	   rule.)

                                
	 This file was just to be a short set of definitions for those of
	you who don't know all the phreaking terms.  This was requested by
	a few people on a small 312 board called The Magnetic Field Elite
	(312-966-0708, call, board has potential) like The Don.  But I have
	decided against making this small file that is common in many
	places but instead to make something that I have never
	seen before.  Not just a common file but one of high technical use. 
	With a printout of this you will never need to missout on a
	definition again.  But that's not all. The file will discuss,
	indepth, the working of each of these operations below.  If you are
	viewing this file simply for the sake of finding one meaning I
	suggest that you get the entire thing and then never  need to call
	and view phreak files again.

	        Topic 1:  The Phone/Modem

	Scince phreaking is impossible without a phone or modem you I will
	start with the most important and most complex part of phreaking. 
	The Phone.  Now, the phone is a device that transfer sounds as
	sound enters a receiver, is transfered to an amount of 

                                  - 172 -


	voltage, sent through the telephone lines and decode back to sound. 
	A modem is based on a universal language of sounds transfered
	through the modem.  Modem stands for the work
	Modulator/Demodulator.  This is like receiveing and sending.  Now,
	with most modems, before connecting, tones just are just the same
	as the tones that a common phone can make.  But the phone can make
	many tones and some have purposes that are very useful, tones that
	are reserved for At&t, and thus dangerous.  To go through all the
	tone would be senseless and a book on tones alone could be written
	(Hmm...maybe I could...) so I will not go into that. But, assuming
	that you know what a box is I will explain what the odd types of
	modems can do. If you own an Apple Cat modem you may use it to 
	generate any tone.  This is very useful.  Some people are against 
	the Cat for various.  I will remain neutral on the topic but if you 
	have no understand then phreak the way you see easiest and safest. 
	The ther way is by using an acoustic modem.  You may modify a phone 
	to make certain tones and you may make then send these tones through 
	the acoustic modem by placing the headset of the phone on the 
	acoustic's couplers.  You may also attempt to make the box 
	modfications directly to the modem but if you error and damage the 
	modem alot of money is wasted while you could have used an acoustic 
	and messed up a twenty dollar phone. Basicaly the common phone can 
	make 18 tones.  For example, when you press a number on the phone two 
	tones are made together and make the signal for the number or charater 
	you hit.  This is the entire phone to line explantion of the phone.  
	Now the actual internal working of the phone is very complex and can be 
	best under stood by getting a book from the library on it.

	       Topic 2:  The Calling of Numbers

	 When you call a local number as soon as you hit a number other
	than one you the phone knows that you are calling localy.  Once
	seven digits are entered the numbers are sent to the nearest
	switching station and you call goes out.  The station deter mines
	the units per minute and start billing as soon as the called phone
	answers.  All calls are automaticaly one minute long.  If you hit
	a one as the first digit you dial the phone recignizes this as a
	long distance call and sends you to either the At&t switching
	station or to another long distance service if you have chose to
	use other than At&t. If you are using a At&t the call goes through
	the long distance switching station where unit per minute is 
	determined and then it is refured to the number you called.  The 
	call may be slowed down depending on how many times the switching 
	station changes between you and the place you are calling.  If it 
	changes between ESS and X-Bar (described below) one it would go through 
	fast.  If it changed between them 50 times it would be a very slow 
	call going through.  Plus the sound quality may decrease but that is 
	not a fact, just an understanding I have come to when callign long 
	distance with At&t. If you are calling through any other service, 
	such as MCI, Alnet, Teleco, US Sprint or any of the other endless 
	companies,


                                  - 173 -


	then things are not the same for long distance calls. You call
	first goes to the company you call through and price of call is
	determined by any of the ways a company determines price.  The call
	then goes out through the lines to the long distance companie's
	station nearest to the number you dialed and tres to
	go though.  If the number is too far away from a station you may
	get a "The number you have dialed cannot be reached from your
	calling area." Thus, you have the basic information of how call
	goes out.  Now to get to phreaking and the real reson you read this
	file.

    	    Topic 3:  The Long Distance Company and Codes.

	The way of using a different long distance company or not paying a 
	quarter when calling from a payphone.  Using the phone card or the
	code.Names for these numbers: 950's, 800's, Extenders, PBX's, 950 
	ports, Port, Code port, (Company name) port

	The above mentioned names are the phreaks lifeline.  They are
	places where you call and enter a code, then the area code of the
	place you want to call and finally the number for the place you
	want to call.  When the code is entered it is checked if it is
	valid and then the person how owns the code pays for the call.  If
	the code is not valid you normaly get a message saying that the
	code you entered is not valid.  When a call goes through it is the
	same as a normal long distance call except that it is charged to
	the owner of the card.  Some places may require that you enter a
	nine or a one before you enter the code. Now, the phreak uses these
	places by calling them over and over again until they get a code. 
	But they do this with a computer and a program such as
	Hack-a-Matic, Hacking Construction Set (often called HCS), Hack
	This Buddy, Intellihacker (Old), C at-(and then a name, for the
	Apple Cat.  Has to many names to list), and some others.  These are
	all Apple programs but there are also code hackers for the Commodor
	64, 128, Amiga, IBM (of course) and so on.  Most computers have
	them.  One thing I have found useful is to use a Radio Shack
	portable computer with a built in modem and hack from other houses,
	this is much safer.  Secrity in these companies run from really
	tough (MCI) to sad (like the places that tryo to scare off hackers
	with tape recordings).  950 ports in the ESS area are set up to 
	trace and could do so very easily but for some reson they are against 
	it.  Possibly the time and modey to cheack the calls and pay for 
	tracing.  Places have gotton tougher though, if three people get 
	busted off a number in one week and this has never happened before 
	then you can almost be sure that they have stepped up security and 
	that it is time to use a new port.
 
	        Now I will discuss some of the things used by the Phreak.

	        Topic 4: The Loop



                                  - 174 -


	Loops, although they may seem fun they are really rather useless. 
	They work as follows.  Two numbers are looped together.  Usually
	they are almost the same just a digit different from one another. 
	If you call the lower number you will wait a few secounds and then
	hear a 1000mhz. tone.  If you call the higher number you will hear
	nothing.  If you can one number (dosen't matter which) and someone
	else calls the other number you will be able to talk to each other. 
	The purpose of these is to test trunk lines.  This way they could
	make sure there was no break in each trunk.  Now the old purpose
	for loops was that they where free to call so one person would call
	one and another would call the other and they would get to talk for
	free.  Also, one person might call one number and just wait and talk 
	to whoever called the other number.  Like a two line bridge. Today you 
	cannot call these without being charged because the phone company 
	caught on.  But you can split a phone call with these so if there 
	is a loop between you and a person you want to talk to you can only 
	pay for half by calling the loop.  And the phone company dosen't care 
	 because either way they get their money. The billing service for a 
	loop is one all by itself, not like normal local calling and for this 
	reson I might almost belive the rumor that Blue Box tones can be used 
	to call loops. The loops billing service didn't exist awhile back so a 
	call to one was free.  Now, if you call this new billing system picks 
	it up.  But the loops billing system is just something that At&t
	scraped together and there are most likly some holes in the system
	(like not recording blue box tone generation numbers). 

	        Topic 5: The Diverter

	The diverter has been a very simple, yet incredibly usefulthing
	through the years.  To use one you must call, after hours and let
	someone answer the phone, don't answer them, let them hang up and
	get a faint dialtone.  Then you dial again and call from the
	diverter. Before, you could use a diverter and call through it. 
	The you would only be charged for the call to the diverter, not the
	one after it.  That bill went to the diverter itself.  But they fix
	this problem easily and now you still get charged if you are in the
	ESS area. Also before, you could use a diverter to call a number
	that traces and instead of being traced to your number it is traced
	to the diverter.  But ESS eliminated that too. But you can still
	use a diverter to call hard to reach numbers.  Like if you called
	a place and it gave you a "The number you have dial cannot be reach
	from your calling area" then if you knew of a diverter in the area
	of the number you could call through it to the unreachable number
	and get through. The way a diverter works is after hours when you
	call a place the call is forwarded to another place.  Then, when
	you don't answer the person at the other place hangs up and your
	call tries to  disconnect from the forwared number and you end up
	at the diverter with it's dialtone.



                                  - 175 -


	HACKING TYMNET 

	  AS MOST OF YOU ALREADY KNOW, TYMNET IS AN INFORMATION SYSTEM
	ACCESSABLE BY COMPUTERS WITH MODEMS FROM ALMOST ANYWHERE IN THE
	COUNTRY.  TYMNET INCLUDES MANY SUB-SYSTEMS OF INFORMATION WHICH CAN
	BE USEFUL FOR BUSINESSES OR JUST PHUN.  ONE SUB-SYSTEM WHICH I WILL
	WRITE A SEPARATE ARTICLE ON IS THE ATPCO'S ELECTRONIC TARIFF
	SYSTEM.  BUT FOR NOW, I'LL MAKE ALL OF YOU EXPERTS IN TYMNET SO YOU
	CAN HAVE AS MUCH PHUN AS YOURS TRUELY.

	ACCESS NUMBERS
	--------------
	FOR YOUR LOCAL ACCESS NUMBER YOU COULD CALL THE NICE PERSON AT
	800-336-0149 AND REQUEST IT FOR YOUR AREA.  IF YOU LIVE NEAR A
	METROPOLITAN AREA ASK FOR THAT AREA CODE SINCE THEY RARELY HAVE
	ACCESS NUMBERS FOR OUT-OF-CITY AREAS. FOR THOSE OF YOU IN THE 914
	AREA YOU CAN USE: POUGHKEEPSIE : 914-473-0401 WHITE PLAINS :
	914-684-6075

	LOGGING IN TO TYMNET
--------------------
	1. WHEN YOU HAVE CONNECTED WITH THE NETWORK, THE FOLLOWING REQUEST
	WILL BE DISPLAYED: PLEASE TYPE YOUR TERMINAL IDENTIFIER ENTER YOUR
	TERM.IDENTIFIER ACCORDING TO THE FOLLOWING CHART:

	KEY: IDENT  = IDENTIFIER
	     ASC    = ASCII
	     EBCD   = EBCD CORRESPONDENCE
	     <R>    = CARRIAGE RETURN

	SPEEDS ARE GIVEN IN CPS (CHARACTERS PER SECOND). TO TRANSLATE TO
	BAUD RATE JUST MULTIPLY BY 10.

	IDENT  CODE  SPEED   TERMINAL TYPE
	-----  ----  -----   -------------
	  A    ASC   30,120  PERSONAL COMP.
                     WITH CRT

	[ MOST EVERYBODY AT HOME WILL USE THIS OPTION SO IF YOU AREN'T SURE
	USE A ]

	  B    ASC   15      ALL TERMINALS
	  C    ASC   30      IMPACT PRINTMRS
	  D    ASC   10      ALL TERMINALS
	  E    ASC   30      THERMAL PRINTERS
	  F    ASC  15 IN    BETA TERMINALS
	            30 OUT
	  G    ASC  30,120    BELT PRINTERS
	                      G.E. TERMINET
	  I    ASC  120       MATRIX PRINTERS
	  P<R> EBCD 14.8      SELECTRIC-TYPE
	                      TERMINALS (E.G., 2741)

                                  - 176 -


	IF THE MESSAGE DOES NOT APPEAR JUST WAIT A FEW SECONDS THEN ENTER
	IT.  NOTE THAT ONLY P IDENTIFIERS NEED A <R>  THEM BUT SINCE MOST
	OF YOU WON'T BE USING P FORGET IT. 

	2. TYMNET WILL THEN DISPLAY THE NUMBER OF THE REMOTE ACCESS NODE TO
	WHICH YOU ARE CONNECTED, FOLLOWED BY THE NUMBER OF YOUR PORT ON THE
	NODE, AND WILL DISPLAY THIS REQUEST:

	   -NNNN-PPP-
	   PLEASE LOG IN:

	3. TYPE YOUR USER NAME AND <R> THIS USER NAME SEEMS TO BE THE
	ABBREVIATION FOR THE COMPANY WHO OWNS THE SUB-SYSTEM. FOR EXAMPLE,
	FOR ELECTRONIC TARIFF THE USER NAME
	IS ATP WHICH STANDS FOR AIRLINE TARIFF PUBLISHING, THE COMPANY THAT
	RUNS THE ELECTRONIC TARIFF.

	4. TYMNET WILL THEN REQUEST:

	   PASSWORD:

	TYPE YOUR PASSWORD AND <R>. THE PASSWORD MAY NOT BE DISPLAYED ON
	YOUR SCREEN.

	5. TYMNET WILL THEN DISPLAY SOME CHARACTER OR MESSAGE INDICATING
	THAT YOU HAVE LOGGED ON. SINCE BUSINESSES DON'T REALLY GET
	COMPLICATED WITH PASSWORDS AND THE SUCH, JUST ENTER VALID USER
	NAMES AND FOR PASSWORDS YOU CAN FORGET CTRL-CHARACTERS... PASSWORDS
	HAVE A LENGTH OF 8 CHARACTERS (AS FAR AS I KNOW).

	TYMNET CONTROL CHARACTERS
	-------------------------

	CTRL-CHAR    OPERATION
	--------     ---------
	   H         HALF-DUPLEX
	   P         EVEN PARITY
	   R         ALLOWS THE TERMINAL TO
	             CONTROL THE INCOMING FLOW
	             OF DATA WITH X-ON/OFF
	             CHARACTERS (SEE BELOW)
	   S         X-OFF CHARACTER
	   Q         X-ON CHARACTER

	ACCESSING DATAPAC
	-----------------
	THE STANDCRD PROCEDURE FOR ACCESSING A HOST ON THE DATAPAC NETWORK
	IS DESCRIBED BELOW.  TYMNET'S INFORMATION DIRECTORY INCLUDES FILES
	OF MATERIAL ABOUT DATAPAC AND TYMNET'S INTERNATIONAL SERVICES.



                                  - 177 -


	LOGGKNG IN TO DATAPAC
	---------------------
	1. DIAL-UP TYMNET (SEE ABOVE)
	
	2. ENTER YOUR TERMINAL IDENTIFIER

	3. AT THE "PLEASE LOG IN:" PROMPT, ENTER THE LOG-IN COMMAND,
	SPECIFYING: THE DATAPAC NETWORK (DPAC), A SEMICOLON (A SECOND
	SEMICOLON WILL ECHO AT YOUR END) , THE DATAPAC NETWORK
	IDENTIFICATION CODE (3020), THE 8-DIGIT HOST ADDRESS AND <R>.

	E.G., DPAC;;3020HOST ADDRESS <R>

	IF YOU NEED TO ENTER FUTHER USER DATA ENTER A COLON AFTER THE HOST
	ADDRESS THEN A <R>.

	E.G., DPAC;;3020HOST ADDRESS:USER DATA <R>
	
	5. DATAPAC WILL THEN DISPLAY A MESSAGE OR CHARACTER TO SHOW THAT
	YOU	ARE ON-LINE.

	THIS LITTLE BIT OF INFORMATION SHOULD GET SOME OF YOU GOING.  MY
	EXPERIENCES WITH TYMNET HAVE BEEN MAINLY RESTRICTED TO THE ATPCO
	SYSTEM SO COMMANDS MAY DIFFER.





























                                  - 178 -


	THE PHREAKER'S HANDBOOK #1 by Phortune 500 
	----------------------------------------------
	a useful source for the phreaker covering both the basics and
	advances of phreaking

    	                             GENERAL NOTE
        	                         ------------
	The purpose of this newsletter is purely educational. It has been
	released in order to teach and advance the knowledge of today's
	declining phreaks. However, the author does not take  any
	responsibility over the  misuse of  the herein contained
	information, and the newsletter itself does not encourage or
	support the  above type of  activity. Also, any wrong or old
	information in this document is not to the responsibility of the 
	author, and the  reader accepts any consequences due to information
	that may be mistaken in this manner. 


    	                            NOTE TO ABUSERS
        	                        ---------------
	All information contained within this document was intended towards
	educational purposes. Any  misuse or illegal use of the information 
	contained in  this document is strictly at the  misuser's risk. The 
	author assumes  NO responsibility of the reader's actions following
	the release this document (in otherwords, you're on your own if you
	get nailed!) 

	  TPH Issue #1, Volume 1               Release Date::July 3, 1989

    	                        Introduction To TPH #1
        	                    ======================
	This  phile  was  written  for  beginning  as  well as those
	uninformed  "advanced"  phreaks  who  need  something  as  a 
	reference  when reading or writing  philes concerning phreaking or
	fone phraud. Of course, you could be a  beginning  phreak and use
	this phile to B.S. your way into a big group by acting  like  you
	know a lot, or something, but that is up to you. Anyway, I
	compiled  this  listing  phrom  various  sources,  the majority is
	listed as references at the end of this phile.

	This  phile's  only  goal  is  to  educate  and  inform. Any
	illegal or fraudulent  activity  is  neither  encouraged nor
	supported by the author of this  phile,  not  by  the  majority  of
	the >TRUE< phreaking community. The author assumes NO
	responsibility for the actions of the reader.

	Also,  I  know  that  some  of the stuff covered in this release of
	TPH will  be old and outdated; however, I will try to clean that up
	by the next release  of  TPH,  and  will  notify  you, the reader,
	of the changes due to these revisions.



                                  - 179 -


	                             The Phreak's Vitals:
    	                         ====================

        	                True Definition Of The Phreaker
            	            -------------------------------
	"Many  people  think of phone phreaks as slime, out to rip off Bell
	for all  she  is  worth. Nothing could be further from the truth!
	Granted, there are  some  who  get  their kicks by making free
	calls; however, they are not true  phone  phreaks.  Real phone
	phreaks are 'telecommunications hobbyists'who  experiment,  play 
	with, and learn from the phone system. Occasionally, this 
	experimenting  and  a  need to communicate with other phreaks,
	without going  broke,  leads to free calls. The free calls are but
	a small subset of a >TRUE< phone phreak's activities."         
   	- Wise Words Of The Magician


	                      The Phone Phreak's Ten Commandments
    	                  -----------------------------------
	I.   Box  thou  not over thine home telephone wires, for those    
    	 who doest will surely bring the wrath of the Chief           
	     Specialent down upon thy head.
	II.  Speakest  thou  not of important matters over thine home     
    	 telephone wires, for to do so is to risk thine right of      
	     freedom. 
	III. Use  not  thine own name when speaking to other phreaks,     
	     for that every third phreak is an FBI agent is well known.
	IV.  Let  not overly many people know that thy be a phreak, as to 
	     do so is to use thine own self as a sacrificial lamb.
	V.   If thou be in school, strive to get thine self good grades,  
	     for the authorities well know that scholars never break the  
	     law.
	VI.  If thou  workest, try to be an employee and impressest thine 
	     boss with thine enthusiasm, for important employees are      
	     often saved by their own bosses.
	VII. Storest thou not thine stolen goodes in thine own home, for  
	     those who do are surely non-believers in the Bell System     
	     Security Forces, and are not long for this world.
	VIII.Attractest  thou  not  the  attention of the authorities, as 
	     the less noticeable thou art, the better.
	IX.  Makest  sure  thine  friends  are instant amnesiacs and      
	     willst not remember  thou  hast  called  illegally,  for     
	     their  cooperation  with  the authorities willst surely      
	     lessen thine time for freedom on this earth.
	X.   Supportest thou TAP, as it is thine newsletter, and without  
	     it, thy  work would be far more limited.

    	                        The Phreaker's Glossary
        	                    =======================
	1XB - No.1 Crossbar system. See XBAR for more information.


                                  - 180 -


	2600   -  A  hack/phreak  oriented  newsletter  that  periodically 
	was released  and still is being released. See Phile 1.6 for more
	information on the magazine and ordering.

	4XB - No.4 Crossbar system. See XBAR for more information.

	5XB  -  No.5  Crossbar  system.  The  primary end office switch of
	Bell since the 60's and still in wide use. See XBAR for more
	detail. 

	700  Services  -  These services are reserved as an advanced
	forwarding system,  where the forwarding is advanced to a
	user-programed location which could be changed by the user.

	800  Exceptional  Calling  Report  - System set up by ESS that will
	log any  caller  that excessively dials 800 numbers or directory
	assistance. See ESS for more information.

	800  Services  -  Also known as WATS. These services often contain
	WATS extenders  which,  when  used  with  a code, may be used to
	call LD. Many LD companies  use  these services because they are
	toll-free to customers. Most 800  extenders  are  considered 
	dangerous  because most have the ability to trace.

	900  Services  -  Numbers  in  the  900 SAC usually are used as
	special services,  such  as  TV polls and such. These usually are
	$.50 for the first minute  and  $.35 for each additional minute.
	Dial (900)555-1212 to find out what the 900 services currently have
	to offer.

	950  -  A  nationwide  access exchange in most areas. Many LD
	companies have  extenders located somewhere on this exchange;
	however, all services on this  exchange  are  considered dangerous
	due to the fact that they ALL have the ability to trace. Most 950
	services have crystal clear connections.

	ACCS  -  Automated  Calling  Card  Service.  The typical
	0+NPA+Nxx+xxxx method  of  inputting  calling cards and then you
	input the calling card via touch tones. This would not be possible
	without ACTS.

	ACD - Automatic Call Distributor.

	ACD  Testing Mode - Automatic Call Distributor Test Mode. This
	level of phreaking  can  be  obtained  by pressing the "D" key down
	after calling DA. This  can  only  be done in areas that have the
	ACD. The ACD Testing Mode is characterized  by  a pulsing dial
	tone. From here, you can get one side of a loop  by  dialing  6, 
	the  other side is 7. You may also be able to REMOB a line.  All 
	possibilities  of  the ACD Test have not been experimented with.
	See silver box for more details.


                                  - 181 -


	ACTS  -  Automated  Coin  Toll  Service. This is a computer system
	that automates  phortress  fone  service by listening for red box
	tones and takes appropriate  action.  It is this service that is
	commonly heard saying, "Two dollars  please.  Please  deposit  two 	
	dollars for the next three minutes." Also,  if  you  talk for more
	than three minutes and then hang up, ACTS will call back and demand 
	your money. ACTS is also responsible for ACCS. 

	Alliance  -  A  teleconferencing  system  that is apart from AT&T
	which allows  the general public to access and use its conferencing
	equipment. The equipment   allows  group  conversations  with 
	members  participating  from throughout  the United States. The
	fone number to Alliance generally follows the  format  of
	0-700-456-x00x depending on the location the call originates from
	and is not accessible direct by all cities/states.

	AMA  -  Automated  Message  Accounting. Similar to the CAMA system;
	see CAMA for more info.

	analog  -  As  used  for  a  word  or data transmission, a
	continuously varying electrical signal in the shape of a wave.

	ANI  -  Automatic  Number  Identification  - This is the system you
	can call,  usually  a  three digit number or one in the 99xx's of
	your exchange, and  have  the  originating  number  you  are 
	calling from read to you by a computer.  This is useful if you
	don't know the number you are calling from, for  finding 
	diverters,  and  when  you  are playing around with other fone
	equipment  like  cans  or  beige boxes. The ANI system is often
	incorporated into  other  fone  companies  such as Sprint and MCI
	in order to trace those big bad phreaks that abuze codez.

	ANIF  - Automatic Number Identification Failure. When the ANI
	system of a particular office fails.

	APF  -  All  PINs Fail. This is a security measure which is
	designed to frustrate attempts at discovering valid PINs by a
	hacking method.

	aqua  box  -  A  box  designed to drain the voltage of the FBI
	lock-in- trace/trap-trace  so  you  can  hang  up  your  fone  in 
	an  emergency  and phrustrate  the  Pheds  some more. The apparatus
	is simple, just connect the two  middle wires of a phone wire and
	plug, which would be the red and green wires  if  in  the jack, to
	the cord of some electrical appliance; ie, light bulb  or  radio.  
	KEEP  THE  APPLIANCE  OFF.  Then,  get  one  of those line splitters  
	that  will  let  you hook two phone plugs into one jack. Plug the end  
	of  the  modified  cord into one jack and your fone into the other. THE 
	APPLIANCE  MUST  BE  OFF! Then, when the Pheds turn their lame tracer 
	on and you  find  that  you  can't hang up, remove your fone from the
                                  - 182 -


	jack and turn the  appliance ON and keep it ON until you feel safe; it 
	may be awhile. Then turn  it  off,  plug  your fone back in, and start
	phreaking again. Invented by: Captain Xerox and The Traveler.

	BAUDOT - 45.5 baud. Also known as the Apple Cat Can.

	BEF  - Band Elimination Filter. A muting system that will mute the
	2600 Hz tone which signals hang-up when you hang up.

	beige  box  - An apparatus that is a home-made lineman's handset.
	It is a  regular  fone  that  has  clips  where  the  red and green
	wires normally connect  to  in  a  fone jack. These clips will
	attach to the rings and tips found  in  many  of  MA's output
	devices. These are highly portable and VERY useful  when  messing 
	around  with  cans  and other output devices the fone company has 
	around. Invented by: The Exterminator and The Terminal Man.

	BITNET  -  Nationwide  system for colleges and schools which
	accesses a large  base  of  education-oriented information. Access
	ports are always via mainframe.

	bit  stream  -  Refers  to  a continuous series of bits, binary
	digits, being transmitted on a transmission line.

	black  box  -  The infamous box that allows the calling party to
	not be billed  for  the call placed. We won't go in depth right
	now, most plans can be  found on many phreak oriented BBS's. The
	telco can detect black boxes if they suspect one on the line. Also,
	these will not work under ESS.

	bleeper  boxes  -  The  United  Kingdom's  own version of the blue
	box, modified  to  work  with the UK's fone system. Based on the
	same principles. However, they use two sets of frequencies,
	foreword and backwards.

	Blotto  box  -  This  box  supposedly  shorts  every  fone  out  in
	the immediate  area,  and  I  don't  doubt  it. It should kill
	every fone in the immediate  area,  until  the  voltage reaches the
	fone company, and the fone company  filters  it.  I  won't  cover 
	this  one  in  this issue, cuz it is dangerous,  and  phreaks
	shouldn't destroy MA's equipment, just phuck it up. Look  for  this  
	on your phavorite BBS or ask your phavorite phreak for info if you 
	really are serious about seriously phucking some fones in some area.

	blue  box  -  An  old  piece of equipment that emulated a true
	operator placing  calls,  and  operators  get  calls for free. The
	blue box seizes an open  trunk  by  blasting  a  2600  Hz tone
	through the line after dialing a party  that  is  local  or in the	
	800 NPA so calls will be local or free for the  blue 


                                  - 183 -


	boxer. Then, when the blue boxer has seized a trunk, the boxer may
	then,  within the next 10-15 seconds, dial another fone number via
	MF tones. These  MF  tones  must be preceded by a KP tone and
	followed with a ST tone. All of these tones are standardized by
	Bell. The tones as well as the inter-digit  intervals  are around
	75ms. It may vary with the equipment used since ESS  can  handle
	higher speeds and doesn't need inter-digit intervals. There are 
	many  uses to a blue box, and we will not cover any more here. See
	your local  phreak or phreak oriented BBS for in depth info
	concerning blue boxes and  blue  boxing.  Incidentally, blue boxes
	are not considered safe anymore because  ESS  detects  "foreign" 
	tones,  such as the 2600 Hz tone, but this detection  may  be 
	delayed  by  mixing pink noise of above 3000 Hz with the 2600  Hz 
	tone. To hang up, the 2600 Hz tone is played again. Also, all blue
	boxes  are  green  boxes because MF "2" corresponds to the Coin
	Collect tone on  the  green box, and the "KP" tone corresponds to
	the Coin Return tone on the  green  box.  See  green  box  for 
	more  information.  Blue  boxing  is IMPOSSIBLE  under  the new 
	CCIS system slowly being integrated into the Bell system.

	blue  box  tones  -  The MF tones generated by the blue box in
	order to place  calls,  emulating  a  true operator. These dual
	tones must be entered during  the  10-15 second period after you
	have seized a trunk with the 2600 Hz tone.



	                       700:  1 :  2 :  4 :  7 : 11 :    KP= Key
	Pulse
	parallel Frequencies   900: ** :  3 :  5 :  8 : 12 :    ST= STop
	  2= Coin Collect     1100: ** : ** :  6 :  9 : KP :   KP2= Key
	Pulse 2
	 KP= Coin Return      1300: ** : ** : ** : 10 :KP2 :    **= None
	 (green box tones)    1500: ** : ** : ** : ** : ST :
	                          : 900:1100:1300:1500:1700:   75ms
	pulse/pause
	
	BLV  -  Busy  Line  Verification.  Allows  a TSPS operator to
	process a customer's  request  for  a  confirmation  of  a  
	repeatedly busy line. This service is used in conjunction with 
	emergency break-ins.

	BNS - Billed Number Screening. break  period  -  Time  when  the 
	circuit during pulse dialing is left pen.  In  the  US,  this
	period is 40ms; foreign nations may use 33ms break periods.

	break  ratio  -  The  interval  pulse dialing breaks and makes the
	loop when  dialing.  The US standard is 10 pulses per second. 


                                  - 184 -


	When the circuit is opened,  it  is called the break interval. When
	the circuit is closed, it is called  the make interval. In the US,
	there is a 60ms make period and a 40ms break  period.  This  is 
	often  referred  to  as  a 60% make interval. Many
	foreign nations have a 67% make interval. 

	bridge - I don't really understand  this  one, but  these  are
	important phreak toys. I'll cover them more in the next issue of
	TPH.

	British Post Office - The United Kingdom's equivalent to Ma Bell.

	busy  box  - Box that will cause the fone to be busy, without
	taking it OFF-HOOK.  Just  get a piece of fone wire with a plug on
	the end, cut it off so  there  is a plug and about two inches of
	fone line. Then, strip the wire so  the  two middle wires, the tip
	and the ring, are exposed. Then, wrap the ring  and  the  tip 
	together,  tape with electrical tape, and plug into the fone jack.
	The fone will be busy until the box is removed.

	cans  -  Cans  are  those  big  silver  boxes  on  top of or around
	the telephone  poles. When opened, the lines can be manipulated
	with a beige box or whatever phun you have in mind.

	calling  card  -  Another  form of the LD service used by many
	major LD companies  that  composes of the customers fone number and
	a PIN number. The most  important  thing  to  know when questioned
	about calling cards are the area code and the city where the
	calling card customer originated from.

	CAMA  -  Centralized  Automatic Message Accounting. System that
	records the  numbers called by fones and other LD systems. The
	recording can be used as evidence in court.

	CC - Calling Card.

	CC - Credit Card.

	CCIS   -  Common  Channel  Inter-office  Signaling.  New  method 
	being incorporated  under  Bell  that will send all the signaling
	information over separate data lines. Blue boxing is IMPOSSIBLE
	under this system.

	CCITT  -  The  initials  of  the  name  in  French of the
	International Telegraph  and Telephone Consultative Committee. At
	CCITT representatives of telecommunications  authorities, 
	operators  of  public  networks  and other interested  bodies  meet 
	to  agree  on  standards  needed for international intermarrying of
	telecommunications services.

	CCS - Calling Card Service.


	                                  - 185 -


	CCSS   -  Common  Channel  Signalling  System.  A  system  whereby 
	all signalling  for a number of voice paths are carried over one
	common channel, instead of within each individual channel.

	CDA - Coin Detection and Announcement.

	CF  -  Coin First. A type of fortress fone that wants your money
	before you receive a dial tone.

	Channel  - A means of one-way transmission or a UCA path for
	electrical transmission  between  two  or  more points without
	common carrier, provided terminal equipment. Also called a circuit,
	line, link, path, or facility.

	cheese  box  -  Another  type  of  box  which,  when  coupled with
	call forwarding  services, will allow one to place free fone calls.
	The safety of this  box  is unknown. See references for information
	concerning text philes on this box.

	clear  box  - Piece of equipment that compromises of a telephone
	pickup coil  and  a  small  amp. This works on the principal that
	all receivers are also  weak  transmitters.  So,  you amplify your
	signal on PP fortress fones and spare yourself some change.

	CN/A  -  Customer  Name  And  Address.  Systems  where  authorized
	Bell employees  can  find  out  the  name and address of any
	customer in the Bell System.  All  fone  numbers  are listed on
	file, including unlisted numbers. Some  CN/A  services ask for
	ID#'s when you make a request. To use, call the CN/A  office 
	during  normal  business hours, and say that you are so and so from 
	a  certain  business or office, related to customers or something
	like that,  and  you  need the customer's name and address at
	(NPA)Nxx-xxxx. That should  work.  The  operators  to  these 
	services usually know more than DA operators  do  and  are  also 
	susceptible  to  "social  engineering." It is possible  to 
	bullshit  a CN/A operator for the NON PUB DA number and policy
	changes in the CN/A system.

	CO  Code  - Central Office code which is also the Nxx code. See Nxx
	for more details. Sometimes known as the local end office.

	conference  calls  - To have multiple lines inter-connected in
	order to have  many  people talking in the same conversation on the
	fone at once. See Alliance and switch crashing for more
	information.

	credit  operator - Same as TSPS operator. The operator you get when
	you dial "0" on your fone and phortress fones. See TSPS for more
	information.



                                  - 186 -


	CSDC  -  Circuit Switched Digital Capability. Another USDN service
	that has no ISDN counterpart.

	DA - Directory Assistance. See directory assistance.

	DAO - Directory Assistance Operator. See directory assistance.

	data   communications   -   In   telefone   company  terminology, 
	data communications   refers  to  an  end-to-end  transmission  of 
	any  kind  of information  other  than  sound, including voice, or
	video. Data sources may be either digital or analog.

	data  rate - The rate at which a channel carries data, measured in
	bits per second, bit/s, also known as "data signalling rate."
	data signalling rate - Same as "data rate." See data rate.

	DCO-CS - Digital Central Office-Carrier Switch.

	DDD - Direct Distance Dialed.

	Dial-It Services - See 900 Services.

	digital  -  A  method  to  represent  information  to  be  discrete 
	or individually  distinct  signals,  such as bits, as opposed to a
	continuously variable analog signal.

	digital  transmission - A mode of transmission in which all
	information to  be  transmitted  is first converted to digital form
	and then transmitted as  a  serial  stream of pulses. Any signal,
	voice, data, television, can be converted to digital form.
	
	Dimension 2000 - Another LD service located at (800)848-9000.
	
	directory  assistance  -  Operator  that  you  get when you call
	411 or  NPA-555-1212.  This call will cost $.50 per call. These
	won't know where you are  calling from, unless you annoy them, and
	do not have access to unlisted numbers.  There  are  also 
	directory assistance operators for the deaf that transfer  BAUDOT.
	You can call these and have interesting conversations. The fone 
	number is 800-855-1155, are free, and use standard Telex
	abbreviations such  as  GA  for  Go  Ahead. These are nicer than
	normal operators, and are often   subject   to   "social 
	engineering"  skills  (bullshitting).  Other operators   also  
	have   access   to  their  own  directory  assistance  at
	KP+NPA+131+ST. 

	diverter  - This is a nice phreak tool. What a diverter is is a
	type of call  forwarding  system done externally, apart from the
	fone company, which is  a piece of hardware that will foreword the
	call to somewhere else. These can  be  found  on  many  24 hour
	plumbers, doctors, etc. When you call, you will  often  hear  

                                  - 187 -


	a  click  and then ringing, or a ring, then a click, then another 
	ring,  the second ring often sounds different from the first. Then,
	the  other  side  picks  the  fone  up  and  you  ask about their
	company or something  stupid, but DO NOT ANNOY them. Then
	eventually, let them hang up, DO  NOT  HANG  UP  YOURSELF.  Wait 
	for the dial tone, then dial ANI. If the number  ANI  reads  is
	different from the one you are calling from, then you have  a 
	diverter.  Call  anywhere you want, for all calls will be billed to
	the  diverter.  Also,  if  someone uses a tracer on you, then they
	trace the diverter  and  you  are safe. Diverters can, however,
	hang up on you after a period  of  time; some companies make
	diverters that can be set to clear the line  after  a  set period
	of time, or click every once in a while, which is super  annoying,
	but it will still work. Diverters are usually safer than LD
	extenders,  but  there are no guarantees. Diverters can also be
	accessed via phortress  fones.  Dial  the  credit  operator  and 
	ask for the AT&T CREDIT OPERATOR.  They  will  put on some lame
	recording that is pretty long. Don't say  anything  and  the 
	recording will hang up. LET IT HANG UP, DO NOT HANG UP.  Then  
	the  line will clear and you will get a dial tone. Place any call 
	you  want  with  the following format: 9+1+NPA+Nxx+xxxx, or for local 
	calls, just  9+Nxx+xxxx. I'd advise that you call ANI first as a local 
	call to make sure you have a diverter.

	DLS - Dial Line Service.

	DNR - Also known as pen register. See pen register.

	DOV - Data-Over-Voice.

	DSI  -  Data  Subscriber  Interface.  Unit in the LADT system that
	will concentrate  data  from  123  subscribers  to a 56k or a 9.6k
	bit-per-second trunk to a packet network.

	DT - Dial tone.

	DTF  -  Dial Tone First. This is a type of fortress fone that gives
	you a dial tone first.

	DTI - Digital Trunk Interface.

	DTMF  - Dual-Tone-Multi-Frequency, the generic term for the touch
	tone. These  include  0,1,2,3,4,5,6,7,8,9  as  well as A,B,C,D. See
	silver box for more details.

	DVM  -  Data  Voice  Multiplexor.  A system that squeezes more out
	of a transmission  medium  and  allows  a  customer  to  transmit 
	voice and data simultaneously to more than one receiver over the
	existing telefone line.



                                  - 188 -


	emergency  break-in  -  Name given to the art of "breaking" into a
	busy number  which  will  usually  result  in  becoming a third
	party in the call taking place.

	end office - Any class 5 switching office in North America.

	end-to-end  signalling  -  A  mode  of  network  operation in which
	the originating   central  office,  or  station,  retains  control 
	and  signals directly  to  each successive central office, or PBX,
	as trunks are added to the connection.

	ESS  - Electronic Switching System. "The phreak's nightmare come
	true." With  ESS,  EVERY  SINGLE  digit  you  dial  is recorded,
	even mistakes. The system  records  who  you  call, when you call,
	how long you talked, and, in some  cases,  what  you  talked 
	about.  ESS  is programed to make a list of people  who make
	excessive 800 calls or directory assistance. This is called
	the  "800  Exceptional  Calling  Report."  ESS can be programed to
	print out logs  of  who called certain numbers, such as a bookie,
	a known communist, a BBS,  etc.  ESS is a series of programs
	working together; these programs can be  very  easily  changed  to 
	do whatever the fone company wants ESS to do. With  ESS,  tracing 
	is  done in MILLISECONDS and will pick up any "foreign" tones  on
	the line, such as 2600 Hz. Bell predicts the whole country will be
	on  ESS  by  1990!  You can identify an ESS office by the
	functions, such as dialing  911  for  help, fortress fones with DT
	first, special services such as  call forwarding, speed dialing,
	call waiting, etc., and ANI on LD calls. Also, black boxes and
	Infinity transmitters will NOT work under ESS.

	extender  -  A  fone  line  that serves as a middleman for a fone
	call, such  as  the  800  or 950 extenders. These systems usually
	require a multi- digit code and have some sort of ANI to trace
	suspicious calls with.

	facsimile  -  A  system  for  the  transmission of images. The
	image is scanned  at  the  transmitter,  reconstructed  at the
	receiving station, and duplicated on some form of paper. Also known
	as a FAX.

	FAX - See facsimile for details.

	FiRM - A large cracking group who is slowly taking the place of PTL
	and the endangered cracking groups at the time of this writing.

	fortress  phone  - Today's modern, armor plated, pay fone. These
	may be the  older,  3  coin/coin  first  fones or the newer, 1
	coin/DT first fones. There  are  also  others, see CF, DTF, and PP.
	Most phortresses can be found in the 9xxx or 98xx series of your
	local Nxx. 

                                  - 189 -


	gateway city - See ISC.

	Gestapo  - The telefone company's security force. These nasties are
	the ones  that  stake  out  misused  phortresses  as  well as go
	after those bad phreaks that might be phucking with the fone
	system.

	green  base - A type of output device used by the fone company.
	Usually light  green  in  color  and stick up a few feet from the
	ground. See output device for more information.

	green  box - Equipment that will emulate the Coin Collect, Coin
	Return, and  Ringback  tones.  This  means  that if you call
	someone with a fortress fone  and  they  have  a  green  box,  by 
	activating it, your money will be returned.   The   tones   are,  
	in   hertz,   Coin  Collect=700+1100,  Coin Return=1100+1700,  and 
	Ringback=700+1700.  However,  before these tones are sent,  the  MF 
	detectors  at  the  CO  must be alerted, this can be done by
	sending  a  900+1500  Hz  or  single 2600 Hz wink of 90ms followed
	by a 60ms gap, and then the appropriate signal for at least 900ms.

	gold  box  -  This  box  will  trace  calls,  tell if the call is
	being traced, and can change a trace.

	grey box - Also known as a silver box. See silver box.

	group  chief  -  The  name  of the highest ranking official in any
	fone office. Ask to speak to these if an operator is giving you
	trouble. high-speed  data  -  A rate of data transfer ranging upward 
	from 10,000 bits per second.

	H/M - Hotel/Motel.

	ICH - International Call Handling. Used for overseas calls.

	ICVT - InComing Verification Trunk.

	IDA  -  Integrated  Digital  Access. The United Kingdom's
	equivalent of ISDN.

	IDDD  -  International  Direct  Distance Dialing - The ability to
	place international  calls  direct  without processing through a
	station. Usually, one  would  have to place the call through a 011,
	station, or a 01, operator assisted, type of setup.

	IDN  -  Integrated  Digital  Networks.  Networks  which provide
	digital access and transmission, in both circuit switched and
	packet modes. 





                                  - 190 -


	in-band  -  The  method of sending signaling information along with
	the conversion using tones to represent digits.

	INS - Information Network System. Japan's equivalent of ISDN.

	Intercept  -  The  intercept  operator  is the one you get
	connected to when  there  are not enough recordings available to
	tell you that the number has  been  disconnected  or  changed. 
	These usually ask what number you are calling and are the lowest
	form of the operator.

	intermediate  point  -  Any class 4X switching office in North
	America. Also known as an RSU.

	international  dialing  -  In order to call across country borders,
	one must  use  the  format PREFIX + COUNTRY CODE + NATION #. The
	prefix in North America  is  usually  011  for  station-to-station
	calls or 01 for operator-assisted calls. If you have IDDD, you
	don't need to place this prefix in.

	INTT - Incoming No Test Trunks.

	INWARD  -  An  operator  that  assists  your local TSPS '0'
	operator in connecting  calls.  These  won't  question you as long
	as the call is within their  service  area. The operator can ONLY
	be reached by other operators or a  blue  box.  The  blue box
	number is KP+NPA+121+ST for the INWARD operator that will help you
	connect to any calls in that area ONLY.

	INWATS  -  Inward  Wide  Area Telecommunications Service. These are
	the 800  numbers  we  are all familiar with. These are set up in
	bands; 6 total. Band  6  is the largest, and you can call band 6
	INWATS from anywhere in the US  except  the  state  where  the call
	is terminated. This is also why some companies  have  a  separate
	800 number for their state. Band 5 includes the 48  contiguous 
	states.  All the way down to band 1, which only includes the states 
	contiguous to that one. Understand? That means more people can
	reach a band 6 INWATS as compared to the people that can access a
	band 1 INWATS.

	IOCC  -  International  Overseas Completion Centre. A system which
	must be  dialed  in  order  to  re-route fone calls to countries
	inaccessible via dialing  direct.  To  route a call via IOCC with
	a blue box, pad the country code  to  the RIGHT with zeroes until
	it is 3 digits. Then KP+160 is dialed, plus the padded country
	code, plus ST.

	IPM  -  Interruptions  Per  Minute.  The number of times a certain
	tone sounds during a minute.




                                  - 191 -


	ISC  -  Inter-Nation  Switching  Centers.  Most  outgoing  calls
	from a certain  numbering  system  will be routed through these
	gateway cities" in order to reach a foreign country.

	SDN   -  Integrated  Services  Digital  Network.  ISDN  is  a 
	lanned hierarchy  of  digital  switching  and transmission
	ystems. Synchronized so that  all  digital elements speak the same
	language" at the same speed, the ISDN would provide voice, data,
	nd video in a unified manner.

	TT  -  This  is  another large LD service. The extenders owned by
	his company are usually considered dangerous. The format    is
	CC-ESS#,(NPA)Nxx-xxxx,1234567.

	kpk  -  Key  Pulse.  Tone that must be generated before inputting a
	one number using a blue box. This tone is, in hertz, 1100+1700.

	P2  - Key Pulse 2. Tone that is used by the CCITT SYSTEM 5 for
	pecial international calling. This tone is, in hertz, 1300+1700.
	
	ADT  -  Local Area Data Transport. LADT is a method by which
	ustomers will send and receive digital data over existing customer
	oop wiring. Dial-Up  LADT  will  let  customers use their lines
	or occasional data services; direct  access LADT will transmit
	imultaneous voice and data traffic on the same line.

	LAN - Local Area Network.

	LAPB - Link Access Protocol Balanced.

	LD - Long Distance

	leave Word And Call Back - Another new type of operator.

	local  loop  -  When  a loop is connected between you and your CO.
	his occurs when you pick the fone up or have a fone OFF-HOOK.

	Loop  -  A  pair  or group of fone lines. When people call these
	lines, they  can  talk  to  each  other. Loops consist of two or
	more numbers, they usually  are  grouped  close  together somewhere
	in the Nxx-99xx portions of your  exchange.  The lower number in a
	loop is the tone side of the loop, or the  singing switch. The
	higher number is always silent. The tone disappears on  the  lower  
	#  when someone dials the other side of the loop. If you are the  
	higher  #,  you  will  have  to  listen to the clicks to see if 
	someone dialed  into  the  loop. There also are such things as Non-
	Supervised loops, where  the call is toll-free to the caller. Most 
	loops will be muted or have annoying  clicks  at  connection, but 
	otherwise, you might find these useful 

                                  - 192 -


	goodies  scanning  the  99xx's in your exchange. Some loops allow
	multi-user capability;  thus,  many  people  can talk to each other
	at the same time, a conference  of  sorts.  Since loops are genuine
	test functions for the telco during the day, most phreaks scan and
	use them at night.

	MA  -  Ma  Bell,  the Bell Telesys Company. Telco, etc. See Ma Bell
	for more information.

	Ma  Bell  -  The telephone company. The Bell Telesys Phone Company.
	The company  you  phreak  and  hack  with. The company that doesn't
	like you too much.  The company you often phuck with, and sometimes
	phuck up. The company that can phuck u up if u aren't careful.

	make  period  -  The  time  when,  during pulse dialing, the
	circuit is closed.  In  the US, this period is 60ms; however,
	foreign nations may use a 67ms  make  period.  Make  periods are
	also referred to in percentages, so a 60ms make period would be
	60%, a 67ms as 67%.

	marine verify - Another type of operator.

	MCI  -  Yet  another  LD service that owns many dial-ups in most
	areas. However,  the  codes from various areas may not be
	interchangeable. Not much is  known  about  MCI;  however,  MCI 
	probably has some sophisticated anti-phreak equipment. The format
	is ACC-ESS#,12345,(NPA)Nxx-xxxx.

	MCI  Execunet  -  The  calling  card  equivalent  of the regular
	MCI LD service,  but the codes are longer and interchangeable. For
	the local access port  near  you,  call  (800)555-1212.  The 
	format  for  the  port  will be ACC-ESS#,1234567,(NPA)Nxx-xxxx.

	Metrofone  -  Owned  by Western Union. A very popular system among
	fone phreaks.  Call  Metrofone's  operator and ask for the local
	access number at (800)325-1403.  The  format  is 
	ACC-ESS#,CODE,(NPA)Nxx-xxxx.  Metrofone  is alleged to place trap
	codes on phreak BBS's.

	MF  - Multi-Frequency. These are the operator and blue box tones.
	An MF tone  consists  of  two  tones  from  a  set  of  six master
	tones which are combined  to  produce  12  separate  tones.  These
	are NOT the same as touch tones. See blue box tones for
	frequencies.

	mobile - A type of operator.

	NAP/PA - North American Pirate/Phreak Association. A large group of
	bbs boards which include a lot of pirates/phreakers. I'm not quite
	sure where the group will go from here.


                                  - 193 -


	NON  PUB  DA  - A reverse type of CN/A bureau. You tell the service
	the name  and the locality, they will supply the fone number.
	However, they will ask  for  you  name,  supervisor's  name,  etc. 
	Use your social engineering skills  here  (aka,  bullshitting
	skills). You also can get detailed billing
	information from these bureaus.

	NPA  -  Numbering Plan Area. The area code of a certain city/state.
	For example,  on  the  number  (111)222-3333,  the  NPA would be
	111. Area codes never  cross state boundaries sans the 800, 700,
	900, and special exchanges. 

	Nxx  -  The exchange or prefix of the area to be dialed. For 
	example of the number (111)222-3333, the Nxx would be 222.

	OGVT - OutGoing Verification Trunk.

	OFF-HOOK  - To be on-line, to have the switchhook down. To have a
	closed connection. At this point, you also have a local loop.

	ON-HOOK  -  To  be off-line, to have the switchhook up. To have an
	open connection.

	ONI  -  Operator Number Identification. Identifies calling numbers
	when an office is not equipped with CAMA, the calling  number  is 
	not automatically recorded by CAMA, or has equipment failures, such
	as ANIF.

	OPCR  -  Operator  Actions  Program.  Standard  TBOC  or equivalent
	"0" operator.

	OPEN  -  Northern  Telecom's  Open  Protocol  Enhanced  Networks 
	World Program.

	OSI   -  Open System Interconnection. Form of telecommunication
	architechture which will probobly fail to SNA.

	OST - Originating Station Treatment.

	OTC - Operating Telefone Company.

	out-of-band  -  Type  of signaling which sends all of the signaling
	and supervisory  informations,  such  as  ON  and  OFF  HOOK, over
	separate data links.

	output  device  -  Any  type  of interface such as cans, terminal
	sets, remote  switching centers, bridging heads, etc., where the
	fone lines of the immediate  area are relayed to before going to
	the fone company. These often are  those  cases  painted light
	green and stand up from the ground. Most of these  can  be  opened 
	with a 7/16 hex driver, turning the security bolt(s)
	1/8  of  an  inch  counter-clockwise,  and  opening. Terminals on 

                                  - 194 -


	the inside might  be  labeled "T" for tip and "R" for ring.
	Otherwise, the ring side is usually on the right and the tip side
	is on the left.

	OUTWATS  - Outward Wide Area Telecommunications Service. These are
	WATS that are used to make outgoing calls ONLY.

	Paper  Clip  Method  -  This method of phreaking was illustrated in
	the movie  War Games. What a phortress fone does to make sure money
	is in a fone is  send  an  electrical  pulse  to  notify  the  fone 
	that a coin has been deposited,  for  the  first  coin  only. 
	However,  by  simply grounding the positive  end  of  the
	microphone, enough current and voltage is deferred to the  ground 
	to  simulate  the first quarter in the coin box. An easy way to
	accomplish  this is to connect the center of the mouthpiece to the
	coin box, touch  tone  pad,  or anything that looks like metal with
	a piece of wire. A most  convenient  piece  of wire is a bend out
	of a paper clip. Then you can send  red  box  tones  through the
	line and get free fone calls! Also, telco modified  fones  may 
	require  you  to  push  the  clip  harder  against the mouthpiece, 
	or  connect  the mouthpiece to the earpiece. If pressing harder
	against the mouthpiece becomes a problem, pins may be an easier
	solution.

	PBX  -  Private Branch eXchange. A private switchboard used by some
	big companies  that  allow  access  to  the  OUTWATS line by
	dialing  a 8 or a 9 after inputting a code.

	PCM - Pulse Code-Modulated trunks.

	PC  Pursuit  -  A  computer  oriented LD system, comparable to
	Telenet, which  offers low access rates to 2400 baud users. Hacking
	on this system is virtually impossible due to the new password
	format.

	pen  register  -  A  device  that the fone company puts on your
	line if they  suspect  you  are fraudulently using your fone. This
	will record EVERY SINGLE  digit/rotary  pulse  you  enter  into 
	the  fone  as  well  as other pertinent  information,  which  may 
	include a bit of tapping. Also known as DNR.

	Phortune 500 - An elite  group  of  users  currently paving the way
	for better quality in their trade.

	PHRACK   -  Another  phreak/hack  oriented  newsletter.  See 
	reference section, phile 1.6 for more information.

	PHUN  -  Phreakers and Hackers Underground Network. They also
	release a newsletter that is up to #4 at the time of this writing.
	See phile 1.6 for more information on finding this phile.


                                  - 195 -


	PIN  -  Personal  Identification  Number  -  The  last four digits
	on a calling card that adds to the security of calling cards.

	plant  tests  -  test  numbers  which include ANI, ringback, touch
	tone tests, and other tests the telco uses.

	Post Office Engineers - The United Kingdom's fone workers.

	PP  -  Dial  Post-Pay  Service. On phortress fones, you are
	prompted to pay  for the call after the called party answers. You
	can use a clear box to get around this.

	PPS - Pulses Per Second.

	printmeter  -  The  United  Kingdom's equivalent of a pen register.
	See pen register for more info.

	PTE - Packet Transport Equipment.

	PTL - One of the bigger cracking groups  of all time. However, the
	group has been dying off and only has a few nodes as of this
	writing.

	PTS - Position and Trunk Scanner.

	PTT - Postal Telephone Telegraph.

	pulse - See rotary phones.

	purple  box  -  This one would be nice. Free calls to anywhere via
	blue boxing,  become  an  operator  via  blue box, conference
	calling, disconnect fone  line(s),  tap  fones,  detect  traces, 
	intercept directory assistance calls. Has all red box tones. This
	one may not be available under ESS.

	rainbow  box  -  An  ultimate  box. You can become an operator. You
	get free  calls,  blue  box. You can set up conference calls. You
	can forcefully disconnect  lines.  You can tap lines. You can
	detect traces, change traces, and  trace as well. All incoming
	calls are free. You can intercept directory assistance.  You have
	a generator for all MF tones. You can mute and redial. You  have 
	all  the  red-box tones. This is an awesome box. However, it does
	not exist under ESS.

	RAO  -  Revenue  Accounting Office. The three digit code that
	sometimes replaces the NPA of some calling cards.

	RBOC - Regional Bell Operating Company.

	red  box  -  Equipment that will emulate the red box tone generated
	for coin recognition in all phortress fones.

                                  - 196 -


	red  box  tones - Tones that tell the phortress fone how much money
	was inserted  in  the  fone  to make the required call. In one slot
	fones, these are  beeps in pulses; the pulse is a 2200+1700 Hz
	tone. For quarters, 5 beep tones  at 12-17 PPS, for dimes it is 2
	beep tones at 5-8.5 PPS, and a nickel causes  1  beep  tone  at 
	5-8.5  PPS.  For  three slot fones, the tones are
	different.  Instead of beeps, they are straight dual tones. For a
	nickel, it is  one  bell  at 1050-1100 Hz, two bells for a dime,
	and one gong at 800 Hz for  a  quarter.  When  using  red  box 
	tones, you must insert at least one nickel  before playing the
	tones, cuz a ground test takes place to make sure some  money  has 
	been  inserted. The ground test may be fooled by the Paper
	Clip  Method.  Also,  it has been known that TSPS can detect
	certain red box tones, and will record all data on AMA or CAMA of
	fraudulent activity.

	regional center - Any class 1 switching office in North America.

	REMOB  -  Method  of  tapping  into  lines by entering a code and
	the 7 digit  number you want to monitor, from ACD Test Mode. A
	possibility of this may be mass conferencing.

	ring  -  The  red wire found in fone jacks and most fone equipment.
	The ring  also is less positive than the tip. When looking at a
	fone plug on the end  of typical 4 wire fone line from the top,
	let's say the top is the side with  the  hook,  the ring will be
	the middle-right wire. Remember, the ring is red, and to the right.
	The three "R's" revived!

	ring-around-the-rosy  -  9  connections  in tandem which would
	cause an endless loop connection and has never occurred in fone
	history.

	ringback  -  A  testing  number that the fone company uses to have
	your fone  ring  back  after  you  hang  up.  You  usually  input
	the three digit ringback  number  and  then  the last four digits
	to the fone number you are calling from.

	ring  trip  -  The  CO  process  involved  with stopping the AC
	ringing signal when a fone goes OFF-HOOK.

	rotary  phone  -  The dial or pulse phone that works by hooking and
	un-hooking  the  fone  rapidly  in  secession  that  is directly
	related to the number  you  dialed.  These  will  not  work  if
	another phone with the same number is off-hook at the time of
	dialing.

	Rout  & Rate - Yet another type of operator; assists your TSPS
	operator with rates and routings. This once can be reached at
	KP+800+141+1212+ST.

	RPE - Remote Peripheral Equipment.

                                  - 197 -


	RQS  -  The  Rate  Quote System. This is the TSPS operator's
	rate/quote system.  This  is  a  method your '0' operator gets info
	without dialing the rate and route operator. The number is
	KP+009+ST.

	RSU  -  Remote  Switching  Unit.  The  class 4X office that can
	have an unattended exchange attached to it.

	RTA - Remote Trunk Arrangement.

	SAC  -  Special  Area Code. Separate listing of area codes, usually
	for special services such as TWX's, WATS, or DIAL-IT services.

	SCC  -  Specialized  Common  Carriers.  Common  Nxx  numbers  that 
	are specialized for a certain purpose. An example is the 950
	exchange. sectional center - Any class 2 switching office in North
	America. service monitoring - This is the technical name of phone
	tapping. 

	SF  -  Supervision Control Frequency. The 2600 Hz tone which seizes
	any open trunk, which can be blue boxed off of.

	short-haul - Also known as a local call.

	signalling  -  The  process  by  which  a  caller  or  equipment on
	the transmitting  end of a line in: forms a particular party or
	equipment at the receiving  end  that a message is to be
	communicated. Signalling is also the supervisory  information 
	which  lets  the  caller  know the called know the called  party 
	is  ready  to talk, the line is busy, or the called party has
	hung up.

	silver  box  -  Equipment that will allow you to emulate the DTMF
	tones A,B,C,D.  The  MF  tones  are, in hertz, A=697+1633,
	B=770+1633, C=852+1633, D=941+1633.  These  allow  special
	functions from regular fones, such as ACD Testing Mode.

	Skyline  -  Service  owned  by  IBM,  Comsat, and AEtna. It has a
	local access  number in the 950 exchange. The fone number is
	950-1088. The code is either a 6 or 8 digit number. This company is
	alleged to be VERY dangerous. 

	SNA  - System Network Architechture, by IBM. A possible future
	standard of architechture only competed by OSI.

	SOST  -  Special  Operator Service Treatment. These include calls
	which must  be  transferred  to  a  SOST switchboard before they
	can be processed; services such as conferences, appointments,
	mobile, etc.



                                  - 198 -


	SPC  -  Stored  Program  Control.  Form of switching the US has
	heavily invested in.

	Sprint  -  One of the first LD services, also known as SPC. Sprint
	owns many  extender  services  and is not considered safe. It is
	common knowledge that Sprint has declared war on fone phreakers.

	SSAS  -  Station  Signaling  and  Announcement  System.  System on
	most fortress  fones  that will prompt caller for money after the
	number, usually LD  numbers,  has  been  dialed,  or the balance
	due before the call will be allowed to connect.

	stacking  tandems  -  The  art  of  busying  out all trunks between
	two points. This one is very amusing.

	STart  -  Pulse  that  is transmitted after the KP+NPA+Nxx+xxxx
	through operator or blue boxed calls. This pulse is, in hertz,
	1500+1700.

	station # - The last four digits in any seven digit fone number.

	STD  -  Subscriber Trunk Dialing. Mechanism in the United Kingdom
	which takes  a  call from the local lines and legimately elevates
	it to a trunk or international level.

	step  crashing  -  Method  of  using a rotary fone to break into a
	busy line.  Example,  you  use  a rotary fone to dial Nxx-xxx8 and
	you get a busy signal.  Hang  up  and  dial  Nxx-xxx7 and in
	between the last pulse of your rotary  dial  and  before  the  fone
	would begin to ring, you can flash your switchhook  extremely 
	fast.  If  you do it right, you will hear an enormous
	"CLICK" and all of a sudden, you will cut into your party's
	conversation. 

	STPS  -  Signal  Transfer  PointS.  Associated  with  various
	switching machines and the new CCIS system.

	switchhook  -  The  button on your fone that, when depressed, hangs
	the fone up. These can be used to emulate rotary dial fones if used
	correctly.

	SxS  -  Step-By-Step.  Also  known  as  the Strowger Switch or the
	two-motion  switch.  This  is  the switching equipment Bell began
	using in 1918. However,  because  of  its  limitations,  such  as
	no direct use of DTMF and maintenance  problems,  the  fone 
	company has been upgrading since. You can identify  SxS  switching 
	offices  by  lack  of DTMF or pulsing digits after 	dialing  DTMF, 
	if you go near the CO it will sound like a typewriter testing factory,  
	lack  of  speed  calling,  lack  of  special  services  like  call 
	forwarding  and  call  waiting,  and  fortress  fones want your money 
	first, before the dial tone.

                                  - 199 -


	TAP - The "official" phone phreak's newsletter. Previously YIPL.

	T&C - Time and Charge.

	tapping  -  To listen in to a phone call taking place. The fone
	company calls this "service monitoring."

	TASI  - Time Assignment Speech Interpolation. This is used on
	satellite trunks,  and basically allows more than one person to use
	a trunk by putting them on while the other person isn't talking.

	Telenet  -  A  computer-oriented  system  of relay stations which
	relay computer  calls  to  LD  numbers.  Telenet  has a vast array
	of access ports accessible at certain baud rates.

	Tel-Tec  -  Another LD company that usually give out a weak
	connection. The format is (800)323-3026,123456,(NPA)Nxx-xxxx.

	Tel-Tex  -  A  subsidiary  of  Tel-Tec,  but is only used in Texas.
	The number is *800)432-2071 and the format is the same as above.

	terminal   -   A   point   where  information  may  enter  or 
	leave  a communication  network.  Also,  any device that is capable
	of sending and/or receiving data over a communication channel.

	tip  -  The green wire found in fone jacks and most fone equipment.
	The tip  is  the more positive wire compared to the ring. When
	looking at a fone plug  from  the  top, lets say the hook side is
	the top, the tip will be the middle wire on the left.

	toll center - Any class 4 switching office located in North
	America. 

	toll point - Any class 4P switching office in North America.

	Toll LIB - Reverse CN/A bureau. See NON PUB DA for more info.

	touch tone phone - A phone that uses the DTMF system to place
	calls.

	touch  tone  test  - This is another test number the fone company
	uses. You  dial  the  ringback  number and have the fone ring back.
	Then, when you pick  it up, you will hear a tone. Press your
	touch-tone digits 1-0. If they are correct, the fone will beep
	twice.

	trace  -  Something  you don't want any fone company to do to you.
	This is  when the fone company you are phucking with flips a 

                                  - 200 -


	switch and they find the  number you are calling from. Sometimes
	the fone company will use ANI or trap  and  trace  methods  to
	locate you. Then the local Gestapo home in and terminate the caller
	if discovered.

	trap  and  trace  - A method used by the FBI and some step offices
	that forces  a  voltage  through  the  line and traces
	simultaneously, which mean that  you  can't  hang  up  unless the
	Pheds do, and pray you aren't calling from your own house. Trap and
	trace is also known as the lock-in-trace.

	trap  codes  -  Working  codes owned by the LD company, not a
	customer, that,  when  used,  will  send  a  "trouble card" to Ma
	Bell, no matter what company  the  card  is coming from, and ESS
	will immediately trace the call. Trap  codes  have  been in use for
	some time now, and it is considered safer to  self-hack  codes 
	opposed  to  leeching them off of BBS's, since some LD
	companies post these codes on phreak oriented BBS's.

	Travelnet  - Service owned by GM that uses WATS as well as local
	access numbers. Travelnet also accepts voice validation for its LD
	codes.

	TSPS  -  Traffic  Service Position System. Operator that usually is
	the one  that  obtains billing information for Calling Card or 3rd
	number calls, identifies  called customer on person-to-person
	calls, obtains acceptance of charges  on  collect  calls,  or
	identifies calling numbers. These operators have an ANI board and
	are the most dangerous type of operator.

	TWX  -  Telex  II  consisting of 5 teletypewriter area codes. These
	are owned  by  Western  Union.  These  may  be  reached  via
	another TWX machine running at 110 baud. You can send TWX messages
	via Easylink (800)325-4122.

	USDN  -  United  States  Digital  Network. The US's version of the
	ISDN network.

	videotext  -  Generic  term  for  a  class of two-way, interactive
	data distribution  systems  with  output typically handled as in
	teletext systems and input typically accepted through the telephone
	or public data network.

	WATS  -  Wide  Area Telecommunications Service. These can be IN or
	OUT, see the appropriate sections.

	WATS  Extender  - These are the LD companies everyone hacks and
	phreaks off of in the 800 NPA. Remember, INWATS + OUTWATS = WATS
	Extender.

	white box - This is a portable DTMF keypad.


                                  - 201 -


	XBAR  -  Crossbar.  Crossbar is another type of switching equipment
	the fone  company  uses  in  some areas. There are three major
	types of Crossbar systems  called  No.1 Crossbar (1XB), No.4
	Crossbar (4XB), and No.5 Crossbar (5XB).  5XB  has been the primary
	end office switch of MA since the 60's and
	is  still  in  wide  use. There is also Crossbar Tandem (XBT) used
	for toll-switching.

	XBT - Crossbar Tandem. Used for toll-switching. See XBAR.

	YIPL - The classic "official" phreak's magazine. Now TAP.


    	                        Other Fone Information
        	                    ======================

            	              Voltages & Technical Stuff
                	          --------------------------
	      When  your telephone is ON-HOOK, there is 48 volts of DC
	across the tip  and  the  ring.  When  the  handset of a fone is
	lifted a few switches close  which  cause a loop to become
	connected between you and the fone company, or  OFF-HOOK.  This  is 
	also known as the local loop. Once this happens, the DC current  is
	able to flow through your fone with less resistance. This causes 
	a  relay  to  energize  which  causes other CO equipment to realize
	that you  want  service.  Eventually,  you  will  end  up  with a
	dial tone. This also  causes  the 48 VDC to drop down to around 12
	VDC. The resistance of the loop  also  drops  below the 2500 ohm
	level; FCC licensed telephone equipment must  have an OFF-HOOK
	impedance of 600 ohms.
	      When  your  fone rings, the telco sends 90 volts of pulsing
	AC down the  line  at  around 15-60 Hz, usually 20 Hz. In most
	cases, this causes a metal  armature  to  be attracted alternately
	between two electromagnets; thus, the  armature  often  ends up
	striking two bells of some sort, the ring you often  hear  when 	
	non-electronic  fones  receive  a  call. Today, these mechanical 
	ringers  can  be  replaced  with  more  modern  electronic  bells 
	and other  annoying  signaling  devices,  which  also explains why
	deaf people can have lights and other equipment attached to their
	fones instead of ringers.
	      When  you  dial on a fone, there are two common types of
	dialing, pulse  and  DTMF.  If  you  are like me, you probably
	don't like either and thought  about  using  MF  or  blue  box 
	tones.  Dialing  rotary  breaks  and  makes  connections  in  the 
	fone  loop, and the telco uses this to signal to their  equipment 
	that  you  are  placing  a  call.  Since  it  is one fone that is
	 disconnecting  and  reconnecting  the  fone  line,  if someone
	else picks up  another  fone on the same extension, both cannot
	make pulse fone calls until  one  hangs  up. DTMF, on the other
	hand, is a more modern piece of equipment  and  relies  on tones
	generated by a keypad, which can be characterized by a 
	0,1,2,3,4,5,6,7,8,9/A,B,C,D   keypad.  Most  fones  don't  have  
                                  - 202 -


	an  A,B,C,D  keypad,  for  these  frequencies  are  used  by the
	telco for test and other  purposes.

    	                       Scanning Phun Fone Stuff
        	                   ------------------------
	      Scanning  is  the  act  of either randomly or sequentially
	dialing fone  numbers  in  a  certain  exchange when you are
	looking for several different  things.  These  things  could  be 
	carriers,  extenders, ANI, "bug tracers,"  loops,  as  well  as 
	many other interesting "goodies" the fone company uses  for test
	purposes.
    	  When  scanning  for carriers, your local BBS probably has
	some scanning  programs,  as  these became popular after the movie
	WARGAMES, but what these  do  are  to  call  every  fone  in an
	exchange, or a specified range of fone  numbers  in  certain 
	exchanges  to  look  for  possible  carriers and other
	 interesting  computer  equipment.  So,  if your computer finds a
	carrier, or  what  seems  like  a carrier, it will either print it
	out or save it in some  file  for  later  reference.  With  these
	carriers one finds, one can either  call  them  and find out what
	each is or, if one of them is interesting, one  can  hack  or 
	attempt to break into some interesting systems available, not  to
	the general public, of course.
    	  Scanning telephone "goodies" requires time and patience.
	These goodies  usually  cannot  be traced by most unmodified
	modems, as the frequencies and  voice  transmissions  cannot be
	differentiated from other disturbances, such  as  the  annoying 
	operator saying, "We're sorry... blah blah..". Anyway, to  scan 
	these,  you  usually get a regular carrier scanner and, with the
	modem  speaker  on,  sit  by  your wonderful computer and listen in
	on the scanning  for  any  interesting  tones, voices, or silences,
	which could be telco fone  phun  numbers,  for  us  of  course! 
	Then write these down, and spread them around,  use,  abuze,  etc. 
	if  you dare. Anyway, most telefone goodies are
	 located  in  the 99xx suffixes of any fone exchange. If you found
	everything  you  think in the exchanges you have scanned, try the
	0xxx and 1xxx suffixes  in  that order. You might even find loops,
	ANI, and other phun things if you  mess around enough.


    	                    References & Suggested Reading
	       	                ==============================
	      The  following  is  a  list of references and suggested
	reading for the  beginning,  as well as advanced phreak. See you
	local fone phreak for these,  or  call  your  local  phreak 
	oriented  BBS for information regarding these publications.

	 2600 Magazine

	 Aqua Box, The By Captain Xerox & The Traveler


                                  - 203 -


	 Basic Alliance Teleconferencing By The Trooper
 
	 Bell Hell By The Dutchman & The Neon Knights

	 Better Homes And Blue Boxing By Mark Tabas

	 BIOC Agent 003's Course In Basic Telecommunications
    	  By BIOC Agent 003

	 History Of British Phreaking, By Lex Luthor & The Legion Of Doom

	 Home Phone Tips By 13th Floor Enterprises

	 How To Build A Blotto Box By The Traveler

	 How To Build A Cheese Box By Mother Phucker

	 Introducing The Beige Box - Construction & Use
	      By The Exterminator and The Terminal Man

	 Integrated Services Digital Network [ISDN]
	      By Zander Zan

	 LOD/H Technical Journal

	 Loops I've Known And Loved By Phred Phreak

	 PHRACK Magazine
    	  Edited By Taran King and Knight Lightning UMCVMB
























                                  - 204 -

	950's:  The Real Story: by Jester

	    Ever heard (actually, seen) people on various hacking boards
	around the  country telling you how you are going to get caught for
	sure if you use the in state-WATS (950) telephone numbers to make
	your phreaks off of? This file is to tell you what the story is
	with 950's and how to SAFELY use them. The 950 prefix was created
	by the old Bell System for all the SSC's  (Specialized Common
	Carrier), or Extenders as they are called, to place their services
	upon.  This was done for the long distance company's benefit so
	they could have the same dialup in all cities across the USA. For
	some reason, the Long Distance companies rejected the 950 prefix in
	favor of local lines and 1-800 numbers.

    	 Disadvantages to 950's are that they are run on a special ESS
	of their own that can trace you call before you can say 'shit!'. 
	But tracing only  occurs on special occasions.  The companies on
	950's will only trace when the computer controlling the calls sees
	that there is an unusually high number of calls to the extender on
	that particular day.  The computer then will  auto-trace every
	100th call or so.  Which means that, if used in moderation, 950's
	are fantastic!

    	  Advantages:  By having the same dialup in all cities, you can
	go on vacation and just hack codez to use for while you are there
	on your favorite  950 extender.  Being a free call (in most cases,
	some phones not) from a pay phone, this is very advantageous.  
	Also, and anyone who has used a 950 knows this, the connections on 
	950 extenders are VERY clear usually, making for  excellent 
	error-free data transfer on AE lines, etc.

    	   With the breakup of the Bell System in January of 1984, the
	950 prefix was supposed to be dragged down with it and the
	companies were supposed to  have switched over to either local or
	1-800 numbers, but as is very typical of the phone company, they
	never got around to it.

    	   Here is the list of the 950's that are currently in use in
	the U.S.  :

    	        950-1000..........Southern Pacific Communications
        	    950-1022..........MCI Exec-U-Net
            	950-1033..........U.S. Telephone
	            950-1044..........AllNet
    	        950-1066..........Lexitel
        	    950-1088..........SBS Skyline

	      Personally, I favor the use of 950-1088, because it has many
	users and the codez (which, by the way are 6 digits, but they are
	switching over to 8  igits) are easy to hack out from a 
	pay phone.  You may want to try the other services so you can have
	a few codez from each available for use.

                                  - 205 -


	Automatic Number Identifier: By Jester

    	                    Automatic Number Identification


	    Automatic Number Identification (ANI) is nothing more than
	automatic means for immediately identifying the Directory Number of
	a calling subscriber. This process made it possible to utilize
	CAMA* (Centralized Automatic Message Accounting) systems in SxS,
	Panel, and Xbar #1 offices. The identity of the calling line is
	determined by ANI circuits installed in the types of CO's mentioned
	above. Xbar#5 offices have their own AMA (Automatic Message
	Accounting) equipment and utilize an AMA translator for
	automatically identifying the calling line.

    	Before ANI was developed, each subscriber line (also called a
	local loop) had a mechanical marking device that kept track of toll
	charges. These devices were manually photographed at the end of the
	billing period and the amount of the subscribers bill was
	determined from that. This process was time consuming, so a new
	system (ANI) was developed.

		The major components of the ANI system used in SxS and Crossbar #1
	are: Directory number network and bus arrangement* for connecting
	the sleeve (the lead that is added to the R(ing) and T(ip) wires of
	a cable pair at the MDF* (Main Distribution Frame)); A lead of each
	line number through an identifier connector to the identifier
	circuit; Outpulser and Identifier connector circuit to seize an
	idle Identifier; Identifier circuit to ascertain the calling
	party's number and send it to the outpulser for subsequent
	transmission through the outpulser link to the ANI outgoing trunk;
	An ANI outgoing trunk to a Tandem office equipped with a CAMA system.

	    The following is a synopsis of the ANI operations with respect
	to a toll call through a #1Xbar office. The call is handled in the
	normal manner by the CO equipment and is routed through an ANI
	outgoing trunk to a Tandem office. The identification process
	starts as soon as all digits of the called number are received by
	the CAMA sender in the Tandem office and when the district juncture
	in the Xbar office advances to its cut-through position (a position
	of the connecting circuits or paths between the line-link and
	trunk-link frames in the CO).

    	  Upon receiving the start identification signal from the CAMA
	equipment, the ANI outgoing trunk (OGT) establishes a connection
	through an outpulser link to an idle outpulser circuit. An idle
	identifier is then seized by the outpulser circuit through an
	internal Identifier connector unit. Then the identifier through 
	the connector unit connects to the directory number network and 
	bus system.



                                  - 206 -


	    At the same time, the identifier will signal the ANI trunk to
	apply a 5800Hz identification tone to the sleeve lead of the ANI
	trunk. The tone is transmitted at a two-volt level over the S lead
	paths through the directory number network and bus system. It will
	be attenuated or decreased to the microvolt range by the time the
	identifier circuit is reached, necessitating a 120dB voltage
	amplification by the amplifier detector equipment in the
	identifier to insure proper digit identification and registration
	operations.

	    A single ANI installation can serve as many as six CO's in a
	multi-office building. The identifier starts its search for the
	calling line number by testing or scanning successively the
	thousands secondary buses of each CO. When the 5800Hz signal is
	detected, the identifier grounds corresponding leads to the
	outpulser, to first register the digit of the calling office and
	then the thousands digit of the calling subscriber's number. The
	outpulser immediately translates the digit representing the calling
	office code into its own corresponding three digit office code. The
	identifier continues its scanning process successively on the
	groups of hundreds, tens, and units secondary buses in the calling
	office, and the identified digits of the calling number are also
	registered and translated in the outpulser's relay equipment for 
	transmission to the tandem office.  The outpulser is equipped with 
	checking and timing features to promptly detect and record troubles 
	encountered (This process may be responsible for some of the cards 
	found while trashing). Upon completion of the scanning process, it 
	releases the identifier and proceeds to outpulse in MF tones the 
	complete calling subscriber's number to the CAMA equipment in the 
	tandem office in the format of KP+X+PRE+SUFF+ST where the X is an 
	information digit. The information digits are as follows: 
	0-Automatic Identification (normal)     
	1-Operator Identification (ONI)*
	2-Identification Failure (ANIF)*

	(There is also other types of outpulsing of ANI information if the
	calling line has some sort of restriction on it).

	    When all digits have been transmitted and the ANI trunk is
	cut-through for talking, the outpulser releases.

	    In the tandem office, the calling party's number is recorded on
	tape in the CAMA equipment together with other data required for
	billing purposes. This information, including the time of when the
	called station answered and the time of disconnect, goes on AMA
	tapes. The tapes themselves are usually standard reel to reel
	magnetic tape, and are sent to the Revenue Accounting Office or RAO
	at the end of the billing period.




                                  - 207 -


	    So, to sum the entire ANI process up:

	The toll call is made. The CO routes the call through ANI trunks
	where an idle identifier is seized which then connects to the
	directory number network and bus system while signalling the ANI
	trunk to apply the needed 5800Hz tone to the Sleeve. The identifier
	begins a scanning process and determines the calling office number
	and the digits of the calling subscriber's number, which is sent by
	way of the outpulser in MF tones to the CAMA equipment in the
	tandem office. The call information is recorded onto AMA tapes and
	used to determine billing.

	    Note that your number does show up on the AMA tape, if the
	circumstances are correct, (any toll call, whether it is from a
	message-rate line or from a flat-rate line). However, the AMA tapes
	do not record the calling line number in any separated format. They
	are recorded on a first-come, first-serve basis.


	Misc. Footnotes (denoted by an asterisk in the main article)
	---------------

	* ANIF-Automatic Number Identification Failure. This is when the
	ANI equipment does not work properly, and could occur due to a wide
	variety of technicalities. When ANIF occurs, something called ONI
	(Operator Number Identification) is used. The call is forwarded to
	a TSPS operator who requests the calling line number by saying
	something similar to 'What number are you calling from?'

	* CAMA-Centralized Automatic Message Accounting. CAMA is a system
	that records call details for billing purposes. CAMA is used from
	a centralized location, usually a Tandem office. CAMA is usually
	used to serve class 5 End Offices in a rural area near a large city
	which contains a Tandem or Toll Office. CAMA is similar to LAMA,
	except LAMA is localized in a specific CO and CAMA is not.

	* The Directory Number Network and bus system is a network involved
	with the ANI process. It is a grid of vertical and horizontal
	buses, grouped and classified as Primary or Secondary. There are
	100 vertical and 100 horizontal buses in the Primary system. In the
	Secondary system, there are two sub-groups: Bus system #1 and Bus
	system #2, both of which have ten horizontal and vertical buses.
	These buses as a whole are linked to the Identifier in the ANI
	trunk and are responsible for identifying tens, hundreds, thousands
	and units digits of the calling number (After the Identifier begins
	its scanning process).

	* MDF-Main Distribution Frame. This is the area where all cable
	pairs of a certain office meet, and a third wire, the Sleeve wire,
	is added. The Sleeve wire is what is used in gathering ANI 

                                  - 208 -


	information, as well as determining a called lines status (off/on
	hook) in certain switching systems by presence of voltage. (voltage
	present on Sleeve, line is busy, no voltage, line is idle.) 

	* ONI-Operator Number Identification. See ANIF footnote.

	NOTE: There are also other forms of Automatic Message Accounting,
	such as LAMA (Local Automatic Message Accounting). LAMA is used in
	the class 5 End Office as opposed to CAMA in a Toll Office. If your
	End Office had LAMA, then the ANI information would be recorded at
	the local level and sent from there. The LAMA arrangement may be
	computerized, in which it would denoted with a C included (LAMA-C
	or C-LAMA).







































                                  - 209 -