• TE~ L GY Hacking systems has existed ever since the that passwords get changed on a regular basis, and the telephone system started using electronic switching devices password of anyone who has left your library is removed . Phreaking instead of local operators. The term "phreak" comes from Besides being technically savvy, phreakers use "social Out combining phone and freak. According to Wikipedia, "Phreaking engineering:' This is the technique of sounding convindng enough is a slang term coined to describe the activity of a subculture so that an employee will unknowingly provide aroute into the of people who study, experiment with, or exploit , system . A caller can reach someone inside a system and the telephone company, and systems connected to or composing request to be transferred to extension 9011. If this is not an the Public Switched Telephone Network (PSTN) for the purposes assigned extension within the system, it provides a 9 to get to of hobby or utility:' an outside line and then the 011 that is the international code . The PSTN used tones to tell its devices what to do. In the After that, the phreaker adds the country code and phone mid '60s these tones became known to the world outside of number and has a call to wherever at no charge. the telephone company. Early phreakers could whistle some Sprint has published two pages of tips that can help. The of those tones. Blue boxes that could reproduce the signals page at www.help4nonprofits.com/PDFJiles/PBX.pdf has electronically became common in the 1970s. Even Steve technical tips, and that at www.help4nonprofits.com / Wozniak and , founders of Apple, were interested in PDFJiles/SE.pdf talks about social engineering. To prevent I, them. both types of phreaking, owners of PBX systems need to One signal used by many early phreakers was 2600 Hz. educate their employees and take precautions. This tone would tell the long­distance switch that a call was And what about cell phones? How can they be haCked? Cell ''Phreaking is a ended. However, since the caller had not really hung up his phones are really just fancy computer chips that perform all slang term telephone, there was still aphysical connection to along distance sorts of functions. As the phones contain more features, the trunk line.The next step would be for the caller to use his blue chips have all of these functions programmed into them. coined to box to generate tones to call the long distance number with However, there are functions in the chips that are not made describe the which he wanted to communicate. Since the telephone company available to the common user. To get into the chip takes a could locate what appeared to be long calls to 800 numbers, password. At least one obtained the password by activity 0/ ... many phreakers used pay phones to avoid giving away their requesting acopy of the technical manual for the cell phone. people who own telephone numbers. Many of the loopholes used by early An article in Wired magazine (March/April 1993) phreakers have been plugged by today's new technologies. demonstrates the power of some of these commands, based study, Today, a number of businesses have their own Private on the experience of VT and NM, two phreakers: "These experiment Business exchange (PBX). Actually, there are Private Automated commands are not found in the phone's user manual. Suddenly, eXchanges (PABX) and Private Manual eXchanges (PM BX), but voices emerge from the phone's earpiece. The first is that of a with, or exploit since all are automated today, people tend to use just PBX. The salesman getting his messages from a voice mail system. VT telephones, the PBX connects telephones within the bUSiness to one another shifts frequencies. Another voice. A woman giving her boss as well as connecting them to the outside world. It also keeps directions to his next apPOintment. What's going on here? VT telephone an accounting of calls that have taken place. In addition to these and NM have discovered that every cellular phone possesses company, and basic services, it can provide voice mail boxes, call forwarding, a secret mode that turns it into a powerful cellular scanner:' Direct Inward System Access (DISA), and other services. In The phreakers were able to determine who came into range systems today's technological environment, it is this PBX that is most of what cell. The next step might be to monitor calls, and connected to or vulnerable to hacking. capture credit card information being given over the phone. Of Most of the time, phreakers gain access to a telephone course, it is illegal to eavesdrop on any telephone line, but that composing the system through a PBX that has not been thoroughly secured. is not likely to stop a determined phreaker. Public Switched DISA allows a user to call in from outside the business and For some interesting reading about the history of telephone make use of the telephone lines. The user is given acode that hacking, you can read the following: Telephone must be used for this access. like any other kind of password, • stuff.mit.edu/hacker/partl.html Hacker Crackdown Network/or the length of the code and the security around the code can • en.wikipedia.org/wiki / Phreak Wikipedia's article on make it vulnerable. Also, a PBX system may come with a phreaking the purposes 0/ default code supplied by the vendor. If DISA is enabled, and • www.hackcanada.com/telco/arsenal.htmITips to protect your hobby or that code not changed, it provides an easy way inSide the telecommunication system. Exploring this site can also pro- utility. " system. Once someone has gained access to your system's vide you with directions on how to become a phreaker. DISA capabilities, they can use it to call any place. Make sure Isabel Danforth is director of library services, International College ofHospitality Management, SUffield.

CONNECTICUT LIBRARIES' FEBRUARY 2006 • PAGE 8