94192bindex.qxd 6/3/08 3:29 PM Page 835

Index

Symbols and Numbers 2600 # key, as end of dialing feature, 96 meetings, 512–522 10 reserved bytes, and virus detection, 291 writer indicted, 73 10297, 484 2600 Hz, 221 10457, 484 300 baud modems, 43 10502, 484 311, 483 10811, 484 31337SP34K, hacking, 816–817 10nnn, 93–97 3D glasses, 812–816 110w, 761 411 128-bit keys, cryptosystems, 308 directory assistance, 47 1633 Hz, 31 step offices and, 51 1980s 414 gang, 22 corporate history, see corporations. see 56-bit keys, Data Encryption Standard, 308 corporations, 1980s 62-second trick, and virus detection, 291 early days of Net. see Internet, early days of 64-bit keys, cryptosystems, 308 hacker philosophy. see hackers, philosophy *67, 483, 669 last days of Ma Bell. see Ma Bell 710 trick, 667 new toys. see telecommunications toys, 1980s 800 numbers raids. see raids, 1980s allocating, 92–93 stories. see stories, 1980s types of, 111–112 1990s 802.11b wireless networks, 733–739 computer revolution. see computer revolution background and basics, 733–734 hackers and the law. see law enforcement, 1990s community, 737–738 hackers really discovered in, 233–234 detecting, 734–736 hacking other things. see hacking other things getting to know your neighbors, 739–743 pop culture. see pop culture,COPYRIGHTED 1990s hacking MATERIAL Captivate network, 743–744 stories. see stories, 1990s non-beaconing, 737 2000 and beyond packet types, 734 hacker stories. see stories, 2000 and beyond practical examples, 738–739 lawsuits. see lawsuits, 2000 and beyond securing, 737 retail hacking. see retail hacking SSID cloaking, 736–737 telephony. see telephones, in 21st century threats to, 738 toys. see telecommunications toys, 21st century WEP, 736 2111 conference, 81 900 numbers, 93 94192bindex.qxd 6/3/08 3:29 PM Page 836

836 Index

911 computer program Advanced Multi-Band Excitation (AMBE), facts and rumors, 509–510 XM Radio, 756 negative feedback on hacking, 506–507 Advanced Research Projects Agency Network. seizing of Phrack newsletter, 493–496, 500–501 see ARPANET (Advanced Research Projects seizure of Jolnet, 497–498 Agency Network) views from a Fed, 384–385 advanced transmitters, 360 950 exchange, 84 advertising, while on hold, 90 976 (dial-it) numbers, 62 AEGIS encryption, 364 9999 numbers, 9–11 Aercom, 436 AFCEA (Armed Forces Communications & A Electronics Association), 248 A400S Fortezza Serial Modem, 312 Afghan phone system, 657–659 AB50 California bill, 811 Afghan Wireless Communications Company ABIX cellular interface, 105 (AWCC), 658 absent without leave (AWOL), 628 Aiken Biphase, MetroCards, 790 access charges, 488–490 Air Force law enforcement agencies, 620–623 access codes Airfone, 93 equal access, 93–97 AirSnort, 701 for networks, 109–111 Airsnort, 735 obtaining, 106 Akamai, 738 pseudo-felon obtaining, 630–634 alarms, ATM, 768 safe phreaking and, 106 algorithms, hacking credit card, 370–372 access points ALI (Automatic Location Identification), connecting to wireless network, 740–741 681–682 discovering with Kismet, 740 Alliance Teleconferencing Service, 76–82 exploring, 741 conference controls, 78–79 as security professional’s job, 386 conference numbers, 76–78 WiFi MITM attacks, 744–746 dangers, 79 ACCS (Automated Calling Card Service), 40 other conferences, 81 Acid Phreak, imprisonment of, 526 overview of, 76–77 ACLU (American Civil Liberties Union), stunts, 80–81 185–188 Allnet (Combined Network Services) acoustic modems, cell phones, 105 access code, 94 ACR (Anonymous Call Rejection), 669–670 how it works, 66–69 active detection, wireless networks, 734 leasing lines from AT&T, 96 activity logs, hacking, 400 multi-carrier toll abuse and, 222–223 ACTS (Automated Coin Toll System) sleazy practices of, 171–173 added to red box, 443 all-relay step office, 51–52 how pay phones work, 36–38, 40 alpha numeric pager units why redboxing doesn’t work, 447–448 defined, 340 ad groups, Google AdWords, 796–800 length of messages, 342 addresses sending out messages, 341 guide to credit card fraud, 190 alter tone, pagers, 341 reading network, 153–155 altered bias oscillator frequency, surveillance ad-hoc packets, 734 tape recorders, 361 ADS (Audio Distribution Systems), hacking, Alternate Operator Services (AOS), 158, 169–170 69–71, 181–184 Alvord, Thomas, 114 advanced dial-out slave infinity device, 359 Amateur Action BBS, 559 advanced modulation transmitters, 355 Amateur Radio, 367–369 94192bindex.qxd 6/3/08 3:29 PM Page 837

Index 837

AMBE (Advanced Multi-Band Excitation), Armed Forces Communications & Electronics XM Radio, 756 Association (AFCEA), 248 American Civil Liberties Union (ACLU), Army law enforcement agencies, 620–623 185–188 ARPANET (Advanced Research Projects Agency American Express phone story, 18–19 Network) Ameritech, 83 communications network of, 148–149 AMPS control bus, 104 future of, 148 Amsterdam elections, hacking, 807–809 gateways, 149–150 ANAC (Automatic Number Announcement how it works, 146–147 Circuit), ANI, 664 moving around, 146 analog receivers, satellite TV, 763–764 overview of, 145–146 Andrews, Rich, 497 reading addresses, 154 ANI (Automatic Number Identifier) safety tips and interesting programs, 147 Caller ID vs., 665 Worldnet concept, 151–152 spoofing, 664–669 Worldnet concept and, 151–152 using diverters, 61 Article 15, military law, 621–622 Verizon’s Call Intercept and, 671–672 Article 32 hearing, military hearing, 620 ANI-fails, 665, 667–669 Article 32 hearing, military hearings, 622 Anna Virus, 639–640 ARU (Audio Response Unit), ANI, 664 ANONYMOUS accounts, ARPANET, 147–148 ASPENs (Automated SPeech Exchange Anonymous Call Rejection (ACR), 669–670 Network) voice mail, 472–473 answering machine hacking, 659–662 Astonishing Hypothesis: The Scientific Search for answering services, 62 the Soul (Crick), 826 Answers for Gateway, hacking, 729–730 Astro, 363 antennas AT&T Communications cell phone, 105 800 numbers, 111–112 detecting 802.11b networks, 736 900 numbers, 93 GSM system, 431 access code, 94 pager decoding setup, 347 Advanced 800 Service, 92 radio piracy using, 760 Alliance Teleconferencing Service owned by, XM Radio, 754 76–77 AntennAudio, 724–725 dark side of Ma Bell breakup, 71–73 anti-cybersquatting act, 581, 583 detecting blue box usage, 29 AOS (Alternate Operator Services), 158, how it works, 66–69 169–170 Italian yellow page directory, 114 appeals process, military, 623 multi-carrier toll abuse and, 222–223 Application Processors. see APs (Application phone call rates, 483 Processors) privacy petition of, 99 application-layer encryption, wireless regulated through divesture agreement, 83–84 networks, 737 ATA-186 adapter, Vonage broadband security, APs (Application Processors) 686–687 CampusWide servers, 605 Atlanta Three, 509–510 exploits, 611–612 ATMs, NCR, 765–768 getting into database through, 606 atomic bomb, true story of first, 5–7 area code (NPA), pagers, 346 ATSC standard, 762 area codes ATTRIB command, 291 New York City in 1990s, 486–487 attribute byte, and virus detection, 291 Telnet using, 121–122 A-type pay phone system, 36 Argentina hackers, 557–559 94192bindex.qxd 6/3/08 3:29 PM Page 838

838 Index

AUC (AUthentication Center) database, 430, threatening wireless networks, 738 432–433 XM Radio and, 754–755, 757–758 Audio Distribution Systems (ADS), hacking, banking 69–71, 181–184 1986 technology, 141 authentication, wireless networks, 737 Pronto electronic services, 162–164 authorization codes, phone phreaks, 109 banned books, 310 AUTHORIZE program, hacking VMS, 131–132 Bar Code Sorter (BCS), USPS, 375 AUTODIN (AUTOmatic DIgital Network), bar codes, Home Depot insecurity, 696–697 30–31 .BAS extension, RSTS/E, 129 AUTOEXEC.BAT file, 291 Base Station Controllers (BSCs), GSM, 431, 432 Automated Calling Card Service (ACCS), 40 Base Transceiver Station (BTS), GSM, 431–433 Automated Coin Toll System. see ACTS batteries, mobile scanner, 102 (Automated Coin Toll System) battery-powered transmitters, 354 Automated SPeech Exchange Network BAUDOT, modems and, 48 (ASPENs) voice mail, 472–473 BBS (bulletin board systems) AUTOmatic DIgital Network (AUTODIN), Ghost Board, 397–398 30–31 hacker communications and, 223–224 Automatic Location Identification (ALI), one interpretation of, 223–227 681–682 possible threat of, 229 Automatic Number Announcement Circuit private mailboxes and public levels for, 200 (ANAC), ANI, 664 progress made against victimizing, 194–197 Automatic Number Identifier. see ANI seizing Private Sector, 184–187, 189–192 (Automatic Number Identifier) Sherwood Forest shut down, 197–198 AUTOSEVOCOM (AUTOmatic SECure VOice story about hacked, 398–401 COMmunications), 30 Sysops protection, 192–194 AUTOVON (AUTOmatic VOice Network) victimizing, 187–189 false charges against Private Sector BBS, 190 BCS (Bar Code Sorter), USPS, 375 history of, 30–31 BCwipe, 285 silver box and, 24 beacon packets, 734, 736–737 AWCC (Afghan Wireless Communications Because It’s There network (BITNET), 149–152 Company), 658 beepers, 113, 340 AWOL (absent without leave), 628 beige box, 408–414, 445 Axxess Technologies, 710–711 Bell, Alexander Graham, 22 Bell Atlantic, 83, 482 B Bell monopoly. see Ma Bell Baby Bells, 21–22 Bell step office, 51 NYNEX/New York Telephone as, 83 BellSouth answering machines, 662 baby monitors, 356 Bergsman, Paul, 536 .BAC extension, RSTS/E, 129 Bernie S. (Ed Cummings) Back in Business: Disaster Recovery/Business fallout, 540–543 Resumption (Commonwealth Films), 239 false imprisonment of, 523, 563 Back Orifice (BO) tutorial, 294–296 freedom of speech on Net and, 539–540 backbones, Internet, 303 guilty plea, 535–538 backdoor exits, from U.S. Military, 627–628 how this happened, 544 backscatter modulation, toll pass systems, 328 media guiding perception of, 257–258 backspoofing, 672–675 saga of, 531–534 bandwidth torture of, 569 history of, 816 Best Buy, hacking, 692–695 long-distance charges and, 489–490 94192bindex.qxd 6/3/08 3:29 PM Page 839

Index 839

BHCA (Busy Hour Call Attempts), cell boxing phones, 86 AUTOVON and, 30–31 bias oscillator frequency, surveillance tape beige box, 408–414, 445 recorders, 361 black box, 25, 221, 441–442 Biham, Eli, 309 blue box. see blue box billing building, 25 equal access and, 96 clear box, 32–33 MCI Mail and, 161 color coding scheme, 441–445 Billing Telephone Numbers (BTNs), 665 and fraud, 221–222 BIN account, COSMOS, 59 green box, 38, 221, 444 Bio-API committee, 811 hardwiring your way into, 33–35 Bioc Agent 003, 198 how pay phones work. see pay phones biometrics, 809–812 overview of, 23–24 bioterrorism, 260 rainbow box, 445 birthdate, FirstClass hacking, 616 red box. see red box BITNET (Because It’s There network), 149–152 ringing, 26–27 black box silver box. see silver box fraud, 221 voltages, 25 operation of, 441–442 white box, 445 working with, 25 wiring and, 24–25 Blackboard. see CampusWide system working with, 25–26 blackjack, 644–646 yellow box, 443–444 Blich, Tom, 194–195 British Telecommunications, 89, 558 blind-scan, satellite TV, 764 broadcast bands, satellite TV, 762 Blitzkrieg server, 248 broadcast info, XM Radio signal, 755 Blockbuster, outsmarting, 695–696 brown box, pay phones, 654–655 Bloodaxe, Erik, 495 browsing, with WAP, 748 blue box BSCs (Base Station Controllers), GSM, 431–432 CCIS, 30 BT Group, VoIP, 688–689 co-founders of Apple Computer and, 632–633 BTNs (Billing Telephone Numbers), 664–665 detection devices, 29 BTS (Base Transceiver Station), GSM, 431–433 and fraud, 221 bugs, surveillance. see transmitters genesis, 27 Build Your Own Computer terminals, Best Buy, history of, 28–29, 221 692–695 in-band signaling, 27–28 bulletin boards, Telemail, 123 operation of, 444 burst periods, 431, 432 Private Sector BBS charges and, 194–197 Bush, George W., 583 reaching INWARD operator with, 49 Busy Hour Call Attempts (BHCA), cell phones, 86 from step offices, 50 Busy Line Verification (BLV), 464–466 teleconferencing dangers, 81 BYE command, RSTS/E, 128 blue boxes, 24 blue LEDs, 327 C BlueLight.com, 715 C and FC (Coin and Fee Check), coin boxes, BLV (Busy Line Verification), 464–466 36–37 BO (Back Orifice) tutorial, 294–296 @c command, ARPANET, 146–147 bobby pin lock picks, 780 C1 to C7 (CCITT) signaling systems, 468–471 boconfig.exe, 294 CA (Certification Authority), NSA Boondocks comic strip, 593 cryptography, 311 94192bindex.qxd 6/3/08 3:29 PM Page 840

840 Index

Cable, Internet technology, 303 casual callers, 94 cable boxes, hacking, 331–333 CAT (Customer Activated Terminal), Wal-Mart, cable modems, security holes, 333–335 711–712 Cable Pair, 184 catchall article, 622 CALEA (Communications Assistance for Law CatNet, 613–614 Enforcement Act), 550, 684–686 Cawdapter, 312 call forwarding, 456–457 CB (Citizens Band) radios, 368 Call Gate service, 670–671 C-band, satellite TB, 762 Call Intercept, Verizon, 669–672 CCIS (Common Channel Interoffice Signaling) call routing, GSM, 433–434 impossibility of blue boxing with, 30 call timing, equal access, 96 international use, 469–470 Call*Block, 460 national use, 471 Call*Trace, 460 CCIT (C1 to C7) signaling systems, 468–471 Caller ID CDA (Communications Decency Act), 544, 563 ANI vs., 665 CdC (Cult of the Dead Cow), Back Orifice, backspoofing using, 672–675 294–296 getting around blocking of, 483 Cease and Desist order, State Lottery overview of, 458–463 Commission, 648 spoofing, 664–666 CEGEP, FirstClass, 615–618 Verizon’s Call Intercept and, 669–672 Cellemetry, 435–438 calling cards Cellemetry radios (CRADs), 436–438 marine telephone security and, 423–424 Cellemetry Service Bureau (CSB), 436 spoofing Caller ID with, 666, 668 cellular airtime, required by WAP, 749 verification, and COCOT, 456 Cellular Hacker’s Bible, 534 call-waiting, deluxe, 114 Cellular Mobile Telephone (CMT), 103–108 CAMA (Centralized Automatic Message Cellular Phone Companies (CPCs), 91 Accounting) tapes, 29 cellular phones campaigns, Google AdWords, 796–797 Airfone, 93 CampusWide system, 604–612 cost, 88–89 database, 605–606 Electronic Communications Privacy Act, 98–100 exploits, 611–612 exploring functions of, 425–428 history of, 604–605 fixing Radio Shack PRO-2004 scanner, 100–101 ID cards, 606–607 forbidden frequencies, 100–101 infrastructure, 607–609 fraud bust, 97–98 readers, 609–610 history of, 88 server, 605 how they work, 85–89 simple transaction, 610–611 incoming international collect fraud to, 479 workstations, 606 largest companies, 92 Canadian provincial elections, 805 listening in on, 423–424 canning, 34–35 phreaking, 91–92 capcodes phreaking safely, 103–104 how paging networks work, 345–349 scanning for calls, 116–118 pager, 340–343 widespread fraud of, 102–103 Capstone proposal, 556 censorship Captain Crunch Cereal whistle, 221 in China, 802–805 Captain’s mass, Navy and Marine law, 621–622 finding loopholes to administrative filtering, Captivate networks, 743–744 816–817 card access, biometrics, 810–811 Central Intelligence Agency (CIA), 257 carrier current devices, 356–357 central nervous system, 826 94192bindex.qxd 6/3/08 3:29 PM Page 841

Index 841

Centralized Automatic Message Accounting cloned pagers, 344, 346 (CAMA) tapes, 29 CMD command, DEC-20, 125 CEPT (Conference of Post and CMKRNL privilege, VMS systems, 129 Telecommunication Administrators), 428 CMT (Cellular Mobile Telephone), 103–108 cerebellum, 825 EEPROMs and, 106 Certification Authority (CA), NSA programming, 107 cryptography, 311 CN/A (Customer Name Address) operators, 48 Checkomatic, 174 CNAM databases, 673–674 checksum algorithm, performing on credit cards, Coastel Communications, 92 370–372 coaxial cable microphones, 352 Cheek, Bill, 549 COCOTs (Customer Owned Coin Operated cheese boxes, 40–41, 222 Telephones), 448–458 chemicals, human brain, 824–825 basics, 449–450 China call forwarding, 456–457 hacking firewall of, 801–805 calling card verification, 456 Internet law enforcement in, 299 code theft, 455–456 Chrome Box, 324–325 defeating security, 451–452 Churchill, Sir Winston, 5 destroying, 455 CIA (Central Intelligence Agency), 257 fighting, 458 CINDY voice mail systems, 472–473 future of, 457 Circuit City, 702–704 getting dial tone, 450–451 circular LNBs, 762–763 getting more info, 458 Cirrus system, and MasterCard, 113 getting number of, 453–454 Cisco 575 LRE CPE units, 717 hijacking, 454–455 Cisco cards, monitoring wireless data, 735 identifying, 450 Citizens Band (CB) radios, 368 incoming international collect fraud, 480–481 City University of New York. see UAPC introduction to, 448–449 (University Applications Processing Center) phone line, 455 civil liberties, and EFF, 502 remote connections, 453 CIX, 304 secret numbers, 453 Clarion Hotel, 718–720 third-party billing fraud from, 478–479 Clarke Belt, 761 varieties of, 450 CLASS Calling Services, 113, 459–460 why redboxing doesn’t work, 446–447 classes, switching office, 45–46 codabara, Home Depot insecurity, 696–697 classified drives, Dell, 699 code theft, COCOTs, 455–456 clear box, 32–33, 222 coding, GSM phones, 431–432 CLECs (competitive local exchange carriers), coercion, military investigative agencies, 620 655–657 Coin and Fee Check (C and FC), coin boxes, clemency, military inmates, 625 36–37 click-through-ratio (CTR), Google AdWords, coin boxes 796–797 alternate designs, 38–40 client, Back Orifice, 294–295 coin hacks, 41–43, 653–654 Clinton administration history of pay phone, 36 crack down on hackers, 580 operation logic of, 36–37 FBI monitoring of phone lines/records, 562 what happens to your money, 36–37 hysteria over Internet, 563 COM port redirectors, electronic message monitoring citizens, 556 centers, 771 view of hackers, 258–261 combination locks. see Simplex locks Clipper Chip proposal, 556 94192bindex.qxd 6/3/08 3:29 PM Page 842

842 Index

Combined Network Services. see Allnet Conexiant modem, Dell, 699 (Combined Network Services) Conference of Post and Telecommunication COMMAND.COM file, 400–401 Administrators (CEPT), 428 commands conference operators, 81 ARPANET, 146–147 connections DEC-20, 124–125 to neighbor’s wireless network, 740–741 RSTS/E, 128 sharing broadband, 738 teleconference, 78–79 conspiracy, defined, 522 UAPC, 138 contact microphones, 350–351 Wylbur, 137 continuous tone coded squelch system (CTCSS), Common Channel Interoffice Signaling. see 366–367 CCIS (Common Channel Interoffice control heads, cell phone, 104 Signaling) Cornwall, Hugo, 392 common control, touch tones and, 49 corporations Common MetroCard, 786 crackdown on hackers, 580 Commonwealth Films, 238–239 Denial of Service attacks on, 579–580 Communications Assistance for Law fear of technology, 581–582 Enforcement Act (CALEA), 550, 684–686 Ford Motors lawsuit, 574, 596 Communications Decency Act (CDA), 544, 563 free speech as enemy of, 582–583 community wireless networks, 737–738 parodying sites with four-letter domains, 583 competitive local exchange carriers (CLECs), corporations, 1980s, 157–178 655–657 Allnet, 171–173 compression cheating systems, 157–159 biometric databases, 809 ICN, 173–175 XM Radio, 756 MCI, dishonest tactics of, 168–170 Computer Fraud and Abuse Act, 155 MCI Mail, 159–161 Computer Fraud and Abuse Act, 1986, 155 New York Telephone, 175–176 Computer Insider hacker newsletter, 248–249 PC Pursuit, 164–165 Computer Professionals for Social Responsibility People Express, 166–168 (CPSR), 502, 518–519 Pronto, 161–164 computer revolution, 277–312 Skyline, 170–171 cryptography, 307–312 Telco response, 176–178 getting rid of files, 285–287 COSMOS (Computerized System for Mainframe Internet. see Internet Operations), Bell, 59–60 portable hacking. see portable hacking Court of Criminal Appeals, military, 623 quantum hacking, 287–289 CPCs (Cellular Phone Companies), 91 viruses and Trojans. see viruses and trojans CPSR (Computer Professionals for Social Computer Science network (CSNet), 149–152 Responsibility), 502, 518–519 Computerized System for Mainframe Operations crackdown, 1990s (COSMOS), Bell, 59–60 bittersweet victory, 501 computers hunt intensifies, 496–498 fear vs. misunderstanding of, 211–213 increased restrictions, 498–499 gaining unauthorized access to, 554 major cases, 523–526 government view of Internet, 642–644 no time for complacency, 500–501 hacker communications and bulletin boards, overview of, 493–496 223–224 CRADs (Cellemetry radios), 436–438 motivation of hackers, 209–211, 216 credit cards pager decoding setup, 346 false charges against Kevin Mitnick, 528–529 pagers sending out messages via, 341 false charges against Private Sector BBS, 190 94192bindex.qxd 6/3/08 3:29 PM Page 843

Index 843

fraud at Target, 708–709 D guide to fraudulent use of, 190–191 daily spending limit, Google AdWords, 798 hacker view on fraudulent use of, 218–219 Darden, Frank, Jr., 509–510 hacking algorithm for, 370–372 DARPA (Defense Advanced Research Projects lock picks out of, 780 Agency), 599 for long-distance calls, 115 DAT command, DEC-20, 125 MetroCard receipts when using, 789 Data Encryption Standard (DES), 308–309, 767 PayPal transaction reversals vs., 727–728 data networks, hacking on Telnet, 121–122 spoofing Caller ID and ANI using, 668 data packets, 734 credit history, 1986 suggestions for, 140 databases criminal activity, hacking vs., 505, 553–554 biometric, 809 cryptanalysis, 308 CampusWide, 605–606 cryptography, 307–312 examining student, 602–604 Fortezza project, 310–312 Radio Frequency Identification, 750 options for, 312 DC voltage, telephone, 25 overview of, 307 DDN (Defense Data Network), 31 strong technology of, 307–310 deadlines, reporter, 262 crystal-controlled transmitters, 354 dealer codes, T-Mobile stores, 678 CSB (Cellemetry Service Bureau), 436 debit card transactions, little protection for, 728 CSNet (Computer Science network), 149–152 DEBUG menu, hacking soda machines, 721–722 CSS encryption key DEC (Digital Equipment Corporation), 124–125, creative methods for bypassing, 593 129–130 DeCSS code in words, 584–585 DECCO (DEfense Commercial Communications DVD industry and, 574 Office), 31 CTCSS (continuous tone coded squelch system), decoding setup, pagers, 346 366–367 DeCSS case CTR (click-through-ratio), Google AdWords, appeal, 591 796–797 DVD industry and, 574 CTRL/BREAK, VMS systems, 130 losing appeal decision, 595 C-type pay phone system, 36 overview of, 584–585 Cubic Transportation Systems, 786–787 political commentary on, 593 Cult of the Dead Cow (CdC), Back Orifice, verdict, 588–591 294–296 dedicated lines, MCI, 68–69 Cummings, Ed. see Bernie S. (Ed Cummings) Defense Advanced Research Projects Agency CUNY. see UAPC (University Applications (DARPA), 599 Processing Center) DEfense Commercial Communications Office Customer Activated Terminal (CAT), Wal-Mart, (DECCO), 31 711–712 Defense Data Network (DDN), 31 Customer Name Address (CN/A) operators, 48 Defense Messaging System (DMS), 310–312 Customer Owned Coin Operated Telephones. see Defense Satellite Communications Agency COCOTs (Customer Owned Coin Operated (DSCS), 30–31 Telephones) Defense Satellite Communications System CW.NET, 303–304 (DSCS), 30 Cyber Promotions, 300 Defense Trade Regulations (DTR), 309 Cyberpunk: Outlaws and Hackers on the Computer Dell computers, 697–700 Frontier (Hafner and Markoff) deluxe call-waiting, 114 biased portrayal of Mitinick in, 236–238, 246 Denial of Service attacks, 579–580 fixation on Mitnick saga, 529 Denning, Dorothy, 309 overview of, 235–236 Department of Defense. see DoD (Department cyberterrorism, 260 of Defense) 94192bindex.qxd 6/3/08 3:29 PM Page 844

844 Index

DES (Data Encryption Standard), 308–309, 767 phreaking from step offices, 50 descrambler, making pay TV, 332–333 Soviet phone system, 90–91 detecting wireless networks, 734–736 DirecTV, 754 DF (direction-finding) techniques, 104 DISEqC switches, 763 DHCP, WiFi MITM attacks and, 745–746 dish motor, satellite TV, 764 Dial & Save, 484 distinctive ringing, 114 dial tone first (DTF) service, 33 distributors, of 2600, 295–296 dial tones diverters, 60–62 defeating COCOT security, 451–453 divesture hacking pay phones, 653–654 bad practices after. see corporations, 1980s how boxes are built, 25–26 of Ma Bell, 21–22 voltages and, 25 what happened because of, 82–85 dialog boxes, Back Orifice, 295 DMCA (Digital Millenium Copyright Act) dialup DTMF activated surveillance device, 358 challenges to, 595–596 dialup Internet accounts, 302–305 court cases, 574–575 Dicicco, Lenny, 236–238 easy passage of, 581 Diebold ATM machines, 336 overview of, 578 digit absorbing relay, 49 people realizing true dangers of, 592 Digital Equipment Corporation (DEC), Skylarov case violating, 597 124–125, 129–130 DMS (Defense Messaging System), 310–312 Digital Millenium Copyright Act. see DMCA DNA molecules, 821–824 (Digital Millenium Copyright Act) DNS poison, 802 digital receivers, satellite TV, 763, 764 DoD (Department of Defense) Digital Signature Algorithm (DSA), 311 AUTOVON and silver boxes, 30–31 digital signatures, 164 charges against Private Sector BBS, 190 Digital Telephony Bill, 550, 559–561 circumventing SmartFilter, 628–630 digital trunking systems, 363 classified drives option, 699 Dime Line, 484, 487 Fraud Hotline after-hours recording, 61 Dimension line, Dell, 699 Simplex lock security and, 315–317 dipole antennas, radio piracy, 760 domain names DIR command 1990s talk of expanding, 299–300 DEC-20, 124 four-letter, 583 RSTS/E, 128 overview of, 154–155 Telemail, 124 Donate Now! button, linking to PayPal, 725–729 DIRECT ACCESS, Citibank, 164 DOS directory, and viruses, 291–292 direct connect, electronic message centers, downsizing insurance, story, 414–418 770–771 Draper, John, 221 directional antennas, radio piracy, 760 drug tests, privacy and, 115–116 direction-finding (DF) techniques, 104 drugs, fighting war on, 683 directories DSA (Digital Signature Algorithm), 311 RSTS/E, 129 DSCS (Defense Satellite Communications UAPC, 133–134 System), 30–31 and virus detection, 291–292 DTF (dial tone first) service, 33 when you lose your job, 416 DTMF (Dual Tone MultiFrequency) chip directory assistance AUTOVON and silver boxes, 31 1986 suggestions for technology, 141 COCOT code theft, 455–456 for the deaf, 48 converting tone dialer into red box, 440–441 idiocy in the Telcos, 655–657 defeating COCOT security measures, 451 operator, 47–48 in-band signaling principles, 27–28 94192bindex.qxd 6/3/08 3:29 PM Page 845

Index 845

signaling system using, 471–472 suit against Secret Service, 511 wiring, 24–25 supporting DeCSS trial, 587–589 DTR (Defense Trade Regulations), 309 supporting Digital Telephony Bill, 561 D-type pay phone system, 36, 42 Effective Radiated Power (ERP), 86 dual line bridge slave, 358–359 ego boost, of hackers, 213–215, 229, 233 Dual Tone MultiFrequency. see DTMF (Dual EIA (Electronic Industries Association), 87 Tone MultiFrequency) chip EIR (Equipment Identity Register), GSM, dual-frequency tone, coin boxes, 36–38 430–431 Dual-Track MetroCards Eisenhower, General, 4–5 defined, 786 Elcomsoft, 598 overview of, 790 elections track 1-2, 792–794 hacking Manitoba, 805–809 track 3, 791–792 hacking to change history, 807–809 duplexers, cell phone, 105 Elections Manitoba, 805–807 Dutch hackers Electric Moon, teleconferencing saga, 11–15 accessing U.S. military computers, 253–254 electroencephalogram (EEG) machines, 826 Hacking at the End of the Universe Electronic Article Surveillance (EAS), convention, 271–272 Wal-Mart, 714 style of, 217–218 electronic brain implantation enhancement, DVB-S digital standard, satellite TV, 762 824–828 DVD CCA (Copy Control Association), 576–577 Electronic Communications Privacy Act DVD industry cellular criminals and, 98–100 DeCSS code and, 574 Feds violate in Jolnet raid, 498 DeCSS verdict, 588–591 fixing Radio Shack PRO-2004 scanner, 100–101 MPAA lawsuit, 576–580 forbidden frequencies, 100–101 legality of system operators to listen in, 560 E Electronic Display Systems, 768–770 E. (Escherichia) coli, 821–823 Electronic Frontier Foundation. see EFF E911 (Enhanced 911), 681–683 (Electronic Frontier Foundation) EARN (European Academic| Research Electronic Industries Association (EIA), 87 Network), 152 electronic message centers, hacking, 768–772 EAS (Electronic Article Surveillance), electronic pay phones, 39–40 Wal-Mart, 714 Electronic Serial Number. see ESN (Electronic eavesdropping, 4–5, 116–118 Serial Number) Echostar 6/8, 761 electronic shut off, surveillance tape economics, journalism and, 264 recorders, 361 EDACS (Enhanced Digital Access Electronic Switching Systems. see ESS Communications System), 363–364 (Electronic Switching Systems) EEG (electroencephalogram) machines, 826 electronic voting, 807–809 EEPROMs (Electronically Erasable Electronically Erasable Programmable Read- Programmable Read-Only Memory) chips Only Memory. see EEPROMs (Electronically CMTs using, 106 Erasable Programmable Read-Only GSM SIM cards, 429 Memory) chips increasing security, 427 elite speak, 816–817 manipulating, 425–426 email E.F. Johnson transceivers, 104 cheating girlfriend story, 637–639 EFF (Electronic Frontier Foundation) Electronic Communications Privacy Act, 498 defining, 501–503 history of, 816 formation of, 492 insecurity of university stations, 602 94192bindex.qxd 6/3/08 3:29 PM Page 846

846 Index

Emmanuel, 587 roaming, 108 emoticons, 816 safe cellular phreaking and, 103 encryption. see also cryptography security of, 106, 427 ATM, 767 transmitted by cell phones, 98 combating terrorism, 562 ESS (Electronic Switching Systems) GSM phones, 432–435 black boxes not working under, 26 when you lose your job, 416 controlling teleconferences with, 76–77 wireless networks, 737 facts about, 53 XM Radio, 754–756 phreaking from step offices and, 50 Enhanced 911, 681–683 safe cellular phreaking and, 103 Enhanced Digital Access Communications Ethereal network sniffer, 635, 701 System (EDACS), 363–364 Ethernet cables, at Hilton Hotel, 716–718 ENIAC computers, 220 European Academic| Research Network entertainment, 1990s, 234–256 (EARN), 152 Cyberpunk , 235–238 European hackers, 216–218 The Fugitive Game , 245–247 European system, 469–470 hacker video (1991), 253–254 EV-DO Revision A protocol, 688–689 Hackers , 243–245 Evergreen State College, Ghost Board, 397–398 Masters of Deception , 239–242 evidence, unshredding, 378–379 media, authorities, and wannabee idiot lies, exchange names, 484–486 247–250 EXE command, DEC-20, 124 The Net , 242–243 exits, U.S. Military, 627–628 overview of, 234–235 extended play, surveillance tape recorders, 362 Takedown, 250–256 extenders, teleconferencing, 80 videos from Commonwealth Films, 238–239 E-Z Pass system, hacking, 327–331 entrapment, and honeypots, 818 Entry Level Separation, 627–628 F enumeration,in elections, 805–806 facial geometry, biometrics, 810 Envision card system, 605, 612 Facing Identification Marks (FIMs), USPS, EPROMs (Erasable Programmable Read-Only 373–374, 376–377 Memory) chips, 425, 427 factorials, calculating lottery using, 783–784 Epstein, Mark, 194–195 factoring, in quantum computing, 288 equal access fare collection devices, MetroCards, 787 getting most out of, 93–97 fast foods, 365–367 overview of, 83–85 Fast Pass system, 722–723 sleazy practices after. see corporations, 1980s FAX machines, 144–145 Equipment Identity Register (EIR), GSM, 431 FBI (Federal Bureau of Investigations) Erasable Programmable Read-Only Memory cellular telephone bust, 97–98, 102–103 (EPROMs) chips, 425, 427 Digital Telephony Bill lobbying of, 561 Ericcson AXE MSC, GSM switch, 431 going after ADS hackers, 181–184 Ericcson EDACS, 363–364 Intelligent Workstation project, 115 ERP (Effective Radiated Power), 86 investigating credit card fraud, 191 error checking, XM Radio signal, 755–756 investigating underground bulletin boards, 226 Escherichia (E.) coli, 821–823 Private Sector BBS seized, 185 ESN (Electronic Serial Number) raids on hackers and phreakers, 22 Cellemetry service, 436 telecommunications surveillance of, 684–686 incoming international collect fraud to F.B.O.P. (Federal Bureau of Prisons), 624–625 cellulars, 479 Feature Group A (FGA), IC networks, 109 programming CMT, 107 Feature Group B (FGB), IC networks, 109–110 94192bindex.qxd 6/3/08 3:29 PM Page 847

Index 847

Feature Group D (FGD), IC networks, 110 fixing your Radio Shack PRO-2004 scanner, Federal Express vaults, 316 100–101 Federal Internet eXchanges (FIXs), 304 listening to cellular phone calls, 100–101 Fermi, Enrico, 5–7 Ford Motor Company, 574, 596 Fermi, Laura, 5–7 foreign coins, pay phones, 653 FGA (Feature Group A), IC networks, 109 Fortezza, 310–312 FGB (Feature Group B), IC networks, 109–110 fortress pay phones. see also pay phones FGB-D, IC networks, 110 how they work, 446 FGB-T, IC networks, 110 phasing out three-hole phone, 655 FGD (Feature Group D), IC networks, 110 Fourteenth Amendment, 520 fiber optics, telephone cabling, 53 Fratianne, Robert, 211–213 FIELD accounts, VMS systems, 131 fraud. see also toll fraud FIELD password, VMS systems, 130 calling card, 423–424 File Transfer Protocol (FTP), ARPANET, cellular, 91 147–148 Computer Fraud and Abuse Act, 155 files credit card. see credit cards getting rid of, 285–287 long-distance fraud lawsuits, 114 virus protection and, 291–293 and telecommunications, 221–223 when you lose your job, 416 “Free Kevin” campaign, 252–253, 255–256 FIMs (Facing Identification Marks), USPS, free mail, 376 373–374, 376–377 Freed, Barry, 230 Fine Print Distributors, 297–298, 348 Freedom Downtime documentary, 591 fine wire laying kits, 351–352 Freedom of Information Act (FOIA), 517–518 FINGER command, ARPANET, 147 freedom of speech fingerprints, biometrics, 810 as enemy of those seeking control, 582–583 fire kits, downsizing insurance, 414–418 preserving right to, 594–596 fireflies, creating transgenic organisms, 821–823 Verizon Wireless fun, 583 firewalls free-running oscillators (FRO), 354 hacking China’s, 801–805 frequencies Vonage broadband security risk and, 687 pager decoding using, 347–348 First Amendment, 387 scanning for calls, 116–118 advice for 2600 meetings, 520–522 Frequency Division Multiple Access (FMDA), Communications Decency Act violating, 563 GSM phones, 431–432 restrictions placed on Kevin Mitnick, 586 frequency hopping transmitters, 355 FirstClass hacking, 615–618 Frequency Shift Keying (FSK), 785, 790 Fixed Line Phone Card, Afghanistan, 659 FRO (free-running oscillators), 354 FIXs (Federal Internet eXchanges), 304 FSK (Frequency Shift Keying), 785, 790 flash patterns, decoding Chrome Box, 324 FTP (File Transfer Protocol), ARPANET, FleetOnline account, 679–680 147–148, 152 flex ANI, 664, 669 Flex pager setup, 346–347 G Flory, David, 230 gadgets, hacking, 339–349 FM transmitters, 352–353 Hallmark Talking Greeting Card, 339 FMDA (Frequency Division Multiple Access), overview of, 339 GSM phones, 431–432 pager systems, 339–345 FOIA (Freedom of Information Act), 517–518 paging networks, 345–349 forbidden frequencies Galactic Hacker Party, 216–218 Electronic Communications Privacy Act, Gang Violence and Juvenile Crime Prevention 98–100 Act, 579 94192bindex.qxd 6/3/08 3:29 PM Page 848

848 Index

Gateway MSCs (GMSCs), GSM phones, 431, 433 Graves, Frank, 194–197 gateways green box Cellemetry, 436 and fraud, 221 overview of, 149–151 operation of, 444 WAP, 747–749 tones, 38 Gaussian-filtered Minimum Shift Keying Group Technologies Corporation, 312 (GMSK), GSM phones, 431 Groupe Special Mobile (GSM), 428 GB2312 format, 803–804 GSM (Global System for Mobile GenBank, 824 Communications), 428–435 gene guns, 822 abuse of, 481–482 general court-martial, military law, 621–622 in Afghanistan, 658–659 generating a triplet, 432 antennas, 431 genetically modified organisms (GMOs), authentication and encryption, 432–433 820–823 call routing, 433–434 genomes, 820–824 coding and multiplexing, 431–432 Germany coming to America, 428–429 computerized identity cards in, 552 defining, 428 hackers in, 217 handoffs and roaming, 433 Internet viewed as threat in, 299 handset, 430 gift cards, Home Depot insecurity, 696–697 news items, 434–435, 481–482 girlfriend, catching cheating, 637–639 SIM card, 429–430 global hacker conventions switches, 431 in Argentina, 557–559 tracking any U.K. mobile phone, 679–680 Hackers on Planet Earth, 272–276, 753 VoIP, 688 Hacking at the End of the Universe, 271–272 GSM (Groupe Special Mobile), 428 Global Positioning System (GPS), 436, 681–682 GTE Sprint Global System for Mobile Communications. see access code, 94 GSM (Global System for Mobile how it works, 66–69 Communications) long-distance fraud lawsuits of, 114 GMOs (genetically modified organisms), task of combining systems, 113 820–823 GTE step office, 51 GMSCs (Gateway MSCs), GSM phones, 431, 433 GTE Telemail GMSK (Gaussian-filtered Minimum Shift leading to ADS hackers, 181–183 Keying), GSM phones, 431 MCI Mail patterned after, 161 Godwin, Mike, 511 trouble with, 122–124 Google, 638 GTE Telemail investigation, 73 Google AdWords, hacking, 795–801 GTE Telnet Google China development, 804–805 hacking on, 121–122 government hacking PC Pursuit, 141–144 best cryptographic technology of U.S., 309 PC Pursuit and, 164–165 Clinton administration. see Clinton trouble with Telemail, 122–124 administration Gulf War printer virus, 289–290 consequences of hacking into, 301–302 FBI. see FBI (Federal Bureau of Investigations) H Fortezza project, 310–312 H2K conference, 589–591 Secret Service. see Secret Service hacker conventions, 271–276 views from a Fed, 384–387 in Argentina, 557–559 GPS (Global Positioning System), 436, 681–682 Hackers on Planet Earth, 272–276, 753 Grant, Adam, 509–510 Hacking at the End of the Universe, 271–272 94192bindex.qxd 6/3/08 3:29 PM Page 849

Index 849

hacker video (1991), 253–254 cable modem security holes, 333–335 hackers Chrome Box, 324–325 2600 taking critical eye to, 265–266 E-Z Pass system, 327–331 consequences of .gov/.mil hacking, 301–302 fast foods, 365–367 crime waves, 266–268 Hallmark Talking Greeting Card, 339 criminal world vs., 553–554 LED signs, 325–327 defending, 205–207 overview of, 313–314, 339 fun ways of prosecuting, 555–556 pager systems, 339–345 hired by corporations, 248 paging networks, 345–349 improving security of systems, 386, 554 Simplex locks, 314–323 inquisitive spirit alive in, 832–833 surveillance devices. see surveillance devices and the law. see law enforcement, 1990s trunking communications monitoring, malignment of, 833–834 362–364 military paid, 405–408 United States Post Office, 372–377 publicity and, 22 unshredding evidence, 378–379 raids. see raids, 1980s Hafner, Katie study of, 392–396 fixation on Mitnick saga, 529 threat of success, 268–271 Kevin Mitnick’s critique of, 237–238 Hackers (film), 243–245, 535 writing Cyberpunk, 235–236 Hackers (Levy), 235 Hallmark Talking Greeting Card, hacking, 339 hackers, philosophy, 207–230 hand geometry, biometrics, 810 of 1980s, 208–209 handoffs, GSM phones, 433 Abbie Hoffman, 229–230 handovers, GSM phones, 433 birth of low-tech hacker, 382–384 Handset-Based ALI, 681–682 bulletin board systems, 224–227 handsets GSM phones, 430–432 communications and bulletin boards, 223–224 hard drives, when you lose your job, 416 David Flory, 230 hardware, ATM, 766–767 The Galactic Hacker Party, 216–218 hardware hacks getting caught, 213–215 pay phones, 653 growth of low-tech hacker, 390–392 retail hardware, 709–711, 714–716 misunderstanding of computers, 211–213 hardwiring motivation, 209–211 canning, 34–35 overview of, 220–221 free telephone service using, 33–34 reader’s reply to, 227–229 room microphones, 351–352 reflecting on, 215–216 taps, 359–360 survey of what is right and what is not, HELP command, RSTS/E, 128 218–220 HiCo (high Coervivity) stripes, 607 telecommunications and fraud, 221–223 hidden-wire line microphones, 351 war dialing story, 401–405 high-speed Internet access Hackers on Planet Earth. see HOPE (Hackers on at Clarion Hotel, 718–720 Planet Earth) hacking the Hilton, 716–718 hacking, portable, 278–284 Highway Master, 436 hacking, quantum, 287–289 Hilton Hotel, hacking, 716–718 Hacking at the End of the Universe, 271–272 HLR (Home Location Register), GSM, 431–434 hacking other things Hoffman, Abbie, 229–230, 655 algorithm for credit cards, 370–372 home and small business (HSB) accounts, Dell, amateur radio, 367–369 697–700 ATMs, 335–338 Home Depot insecurity, 696–697 cable boxes, 331–333 Home Location Register (HLR), GSM, 431–434 94192bindex.qxd 6/3/08 3:29 PM Page 850

850 Index

hookswitch bypass surveillance device, 352, 358 IMTS (Improved Mobile Telephone Service), cell HOPE (Hackers on Planet Earth) phones, 86–87 demolition of Hotel Pennsylvania, 753 in-band signaling, 27–28 opening doors, 274–276 Incoming Call Line Identification Service overview of, 272–273 (ICLID), 459–463 recovering from financial losses for, 297–298 incoming collect call fraud, 478–481 host, creating transgenic organisms, 821–823 incumbent local exchange carriers (ILECs), HOST command, ARPANET, 146 446–447, 558–559, 655–657 Hotel Pennsylvania, 753 Independent Carriers or Inter-Exchange HSB (home and small business) accounts, Dell, Companies (ICs) 697–700 800 numbers, 111–112 HTTP traffic, and China’s firewalls, 804 accessing networks, 109–111 human awareness, 825–826 catching phone phreaks, 109 human brain, 824–825 Independent Communications Network (ICN), human rights. see also privacy 173–175 Bernie S. saga, 543 induction pick-up, telephones, 32 Clipper Chip proposal violating, 556 inductive coupled line pickup, wiretap, 360 military law enforcement, 621 infinity transmitters, 357–358 HYDRA Privacy Card, 312 Information Resource Engineering, 312 in-line amplifier microphones, 351 I input, long-distance services, 67 IBM Audio Distribution System, 69–71 institutions, hacking IBM mainframes, 133 elections, 805–809 ICC (International Country Code), firewall of China, 801–805 Afghanistan, 658 Google AdWords, 795–801 ICLID (Incoming Call Line Identification lottery, 780–785 Service), 459–463 New York’s MTA. see New York’s MTA ICN (Independent Communications Network), Intelligent Vehicle Highways Systems (IVHS), 328 173–175 Intelligent Workstation (IWS) project, 115 ICs (Independent Carriers or Inter-Exchange Intercept operator, 48 Companies) interception, surreptitious, 98 800 numbers, 111–112 intercoms, 356 accessing networks, 109–111 Inter-Exchange Carriers. see IXCs (Inter- catching phone phreaks, 109 Exchange Carriers) IDD (International Direct Dial) code, interfacing audio devices, cell phones, 105 Afghanistan, 658 International Country Code (ICC), IDEA cryptography, 312 Afghanistan, 658 Identification Indicator (II) digits, ANI, 664 International Direct Dial (IDD), Afghanistan, 658 identity theft, 612–614 international incoming collect call fraud, 478–481 II (Identification Indicator) digits, ANI, 664 International Mobile Equipment Identity (IMEI) ILECs (incumbent local exchange carriers), IDs, GSM, 430 446–447, 558–559, 655–657 International Mobile Subscriber Identity (IMSI) ILOVEYOU virus, 581 number, GSM, 429, 434 I.M., Trillian, 749 international signaling systems, 468–469 IMEIs (International Mobile Equipment International Standards Organization (ISO), Identity) IDs, GSM, 430 154–155 IMSI (International Mobile Subscriber Identity) InterNet. see ARPANET (Advanced Research number, GSM, 429, 434 Projects Agency Network) 94192bindex.qxd 6/3/08 3:29 PM Page 851

Index 851

Internet, 298–307 IR remote, hacking Mercedez Benz, 772 censorship in China, 801–805 Irag, 618–619 consequences of .gov/.mil hacking, 301–302 iris scans, biometrics, 810 Cyber Promotions, 300 ISO (International Standards Organization), developing as tool for masses, 557–558 154–155 expanding domain names, 299–300 ISPs (Internet Service Providers) FBI surveillance of, 684–686 cable modem security and, 333–335 fear mongering over, 562–563, 662–663 long distance access charges and, 489–490 freedom of speech on, 538–540 overview of, 302–303 future potential of, 554–555 story about script kiddie, victim and, 648–650 government view of, 580–581, 642–644 warning from caught uncapper, 634–636 hacking Best Buy, 692–695 ITT, 66–69, 94 hacking high-speed access, 716–720 IVHS (Intelligent Vehicle Highways Systems), 328 Hollywood discovers, 242–243 IWS (Intelligent Workstation) project, 115 laws in China, 299 IXCs (Inter-Exchange Carriers) overview of, 298–299 access charges beginning from, 488 peering, 302–305 defined, 490 radio stations, 306–307 directory assistance idiocy, 655–657 viewed as threat in Germany, 299 third-party billing fraud and, 478–479 Internet, early days of ARPANET hopping, 145–148 J FAX machines, 144–145 Jackson, Steve. see Steve Jackson games getting closer to Worldnet, 151–155 Jefferson, Thomas, 582 hacking PC Pursuit, 141–144 Jobs, Steve, 632–633 hacking Telnet, 121–122 Jolie, Angelina, 244–245 hacking UAPC. see UAPC (University Jolnet , 497–498 Applications Processing Center) journalism hacking VMS, 129–132 deadlines in, 262 interesting things to do with DEC-20, 125–126 economic theory of, 264–265 mastering networks, 148–151 interview process, 262–263 milestones for 1986 and beyond, 139–141 reporters as people, 265 Morris found guilty of Internet Worm, 155–156 simplistic language of, 264 overview of, 119–120 Jukt Micronics, 248–249 Resource System Time Sharing Environment, 127–129 K trouble with Telemail, 122–124 Ka-band, satellite TV, 762 Internet Service Providers. see ISPs (Internet Kc, authentication and encryption, 433 Service Providers) Key Pulse (KP) tone, 28 Internet Worm, 155–156 keyboard taps, 383 interviews, in journalism, 262–263 keystroke logging, and Back Orifice, 295 intranet vulnerability, Best Buy, 693–695 keywords, Google AdWords, 796–800 Invacom QPH-031 Low Noise Block, 763 Ki (secret key), SIM card, 429–430, 432–433 invalid codes, equal access, 97 killall script, 287 investigative agencies, military, 620 Kiosk program, Radio Shack, 704–706 Investigen, 824 Kismet wireless network sniffer Inward operator, 47, 77 hacking Kroger’s, 701–702 Inward Wide Area Telephone Service passive detection used by, 735 (INWATs), 92 working with, 739–741 INWATS (Inward Wide Area Telephone Kmart, hacking, 714–716 Service), 92 94192bindex.qxd 6/3/08 3:29 PM Page 852

852 Index

KP (Key Pulse) tone, 28 major crackdowns, 523–526 Kroger’s, hacking 802.11b at, 700–702 misunderstanding of new technology, 552–553 Ku-band, satellite TV, 762 misunderstanding of technology, 562–565 Kuykendall, Bill, 499 negative feedback about hackers, 503–509 Kyl, Senator Jon, 257 no more secrets, 535–538 Kyocera cell phones, 748 Operation Sun Devil. see Operation Sun Devil poorly designed systems, 554 L publicity facts and rumors, 509–510 LAIs (location area identifiers), GSM phones, punishments outweighing crimes, 544–546 431, 433 Secret Service and 2600 . see Secret Service and language 2600 meetings development of elite speak, 816–817 Steve Jackson wins lawsuit, 511 simplistic journalistic, 264 violence, vandals and victims, 566–569 Lantronix MSS100, 771 lawsuits, 2000 and beyond, 573–599 LAPDm (Link Access Protocol for D-channel, DeCSS trial, 584–585, 587–589 modified), GSM, 431 freedom of speech, 594–596 laser listeners, 350 H2K conference, 589–591 LATA (Local Access Transport Area), 488–490 Kevin Mitnick, 586–587 law enforcement litigation madness of, 580–584 military, 620–623 MPAA lawsuit against 2600, 576–580 surveillance in twenty-first century, 683–686 overview of, 573–575 law enforcement, 1980s positivity, 596–599 fraud. see fraud signs of hope, 591–594 getting caught, 213–215 what we are losing, 575–576 hacker raids. see raids, 1980s LCC EPROMs, 427 hysteria around computer crime, 213 LCD displays Morris found guilty, 155–156 electronic pay phones, 39–40 law enforcement, 1990s, 491–569 hacking soda machines, 721–722 Bernie S. (Ed Cummings), fallout, 540–543 New York MTA turnstiles, 789 Bernie S. (Ed Cummings), guilty plea, 535–538 LECs (Local Exchange Carriers) Bernie S. (Ed Cummings), saga, 531–534 defined, 490 Clipper Chip, 556 directory assistance idiocy, 655–657 against COCOTs, 458 incoming international collect fraud and, 480 defendants forced to accept plea agreement, revenue from access charges, 488–489 547–550 third-party billing fraud and, 478–479 Digital Telephony Bill passes, 559–561 LED signs, hacking, 325–327 EFF, defined, 501–503 Left Hand Side (LHS), RFC822 mail addresses, EFF, lawsuit against, 511 153–155 freedom of speech on Net, 538–540 Legion of Doom fun ways to prosecute hackers, 555–556 charges against, 495–496 hacker-bashing in Congress, 550–552 overview of, 525 hackers and, 491–492 sentencing of three members of, 509–510 hackers in jail, 526–528 statement from, 497 hackers vs. criminals, 553–554 Legions of the Underground (LoU), 260 hysteria dictating, 562 Letter Sorting Machine (LSM), USPS, inspiring events, 557–559 374–375, 377 Kevin Mitnick case, 528–530, 534–535 LFSRs (Linear Feedback Shift Registers), DeCSS learning from hackers, 554–555 code, 584–585 LG cell phones, 747–748 94192bindex.qxd 6/3/08 3:29 PM Page 853

Index 853

LHS (Left Hand Side), RFC822 mail addresses, IBM audio distribution systems, 69–71 153–155 in-band signaling principles, 27–28 Light Guide cabling, 53 MCI, 67–69 Lightning, Knight (Craig Neidorf) microwave links, 67 bittersweet victory of, 501 multi-carrier toll abuse, 222–223 EFF legally intervenes in case of, 502–503 pay phone rates, 446–447 facts and rumors, 509–510 signaling system for, 27 indictment against, 494–495 successful teleconferencing, 76–82 views from a Fed, 384–385 Travelnet, 73–76 line reversal, pay phones, 38 where charges come from, 487–490 Linear Feedback Shift Registers (LFSRs), DeCSS long-range listening devices, surveillance, 350 code, 584–585 loop extenders, 359 linear LNBs, 763 loops, Michigan, 12–13 Link Access Protocol for D-channel, modified lottery, hacking, 780–785 (LAPDm), GSM, 431 application, 783–784 LinNeighborhood program, 742–743 conclusions, 784–785 linux-wlan-ng drivers, 739 logistics, 781 listening devices. see surveillance devices myths, 784 LNB (Low Noise Block), satellite dishes, observing, 646–648 762–763 overview of, 780–781 Local Access Transport Area (LATA), 488–490 procedure, 782–783 Local Exchange Carriers. see LECs (Local statistics, 781–782 Exchange Carriers) LoU (Legions of the Underground), 260 local toll calling, 488 Low Noise Block (LNB), satellite dishes, location area identifiers (LAIs), GSM phones, 762–763 431, 433 LSM (Letter Sorting Machine), USPS, location updating, GSM phones, 433 374–375, 377 lock picks, 777–780 Luciferase gene, 822–824 locks, hacking. see Simplex locks Lyngsat Satellite Index, 765 LocusLink, 824 LOD. see Legion of Doom M login M15 emulation, 392 hacking into VMS systems, 130 Ma Bell hacking University Applications Processing diverters, 60–62 Center, 134–135 divesture, 82–85 hacking voicemail, 472 early phreak days, 44–45 RSTS/E, 127–128 friends in high places story, 55–56 logistics, lottery, 781 getting into central office, 52–55 Long Distance Wholesale Club, 484 introducing competition to, 62–63, 68 long-distance services operators, 47–48 1986 suggestions for, 139–140 overview, 44 calling card fraud, 423–424 small-time rural phone companies, 55–56 catching phone phreaks, 109–112 step offices, 49–52 dark side of Ma Bell breakup, 71–73 surveying COSMOS, 59–60 divesture and, 82–85 switching centers, 45–46 equal access and, 93–97 teleconferencing story, 11–12 hacker view on toll fraud, 219–220 tragic side of breakup, 71–73 hacking pay phones, 655 MAC addresses, 741, 743 how companies work, 66–67 MacNeil-Lehrer Report, 189 94192bindex.qxd 6/3/08 3:29 PM Page 854

854 Index

MAEs (Metropolitan Area Ethernets), 304–305 MCI Worldcom backbone provider, 303 mail systems MCI.NET, 303 ARPANET, 148 McKinney, Gene, 622 BITNET, 149 MD-5 cryptography, 312 CSNet, 149 media, in 1990s, 256–265 Mailnet, 149 guiding perceptions about hackers, 256–258 MCI Mail, 159–161 hitting big time, 258–261 networks sharing RFC822 electronic, 152–153 investigation and reporting, 261–265 UUCP network, 149, 152 mega-mergers, telephone, 482 Mailnet, 149–151 Melissa virus, 581 mains powered transmitters, 354 MEM (MetroCard Express Machine), 785, malls, hackers in, 512–514 787–789 Manhattan Project, 5–7 memory, in brain, 824–825 man-in-the-middle attacks (MITMs), WiFi, memory, increasing pager, 345 744–746 MEPS (Military Entry Processing Station), 628 manuals, exploring cell phones, 425 Mercedes Benz, hacking, 772 MapQuest, 638 MESSAGE CENTER voice mail, 473–474 Marine law enforcement agencies, 620–623 Message Transfer Part (MTP) packets, 432 marine telephone fraud, 423–424 messages, pager. see pagers Market Navigation, 81 MetroCard Express Machine (MEM), 785, MARK-facer canceler, USPS, 373–374, 376–377 787–789 marking methods, viruses, 291 MetroCard Vending Machine (MVM), 785, Markoff, John 787–789 lies of, 249–250, 252 MetroCards as portrayed in The Fugitive Game, 246–247 decoding Dual-Track - Track 1-2, 792–794 stories about Kevin Mitnick, 529 decoding Dual-Track - Track 3, 791–792 Marshall, General, 4–5 reading, 790 MasterCard, 113 swiping on turnstile, 789 Masters of Deception (Quittner), 559 system of, 787–788 Masters of Deception (Slatalla and Quittner), terminology, 785–786 239–242 Metrofone, 66–69 Master/Session key management, 709–710 800 numbers, 92 Maxfield, John, 184 Metropolitan Area Ethernets (MAEs), 304–305 McAfee, John, 290–293 Metropolitan Transportation Authority (MTA), 785 McAfee Associates, 292 MF (multifrequency) tones McGruder, Aaron, 593 blue boxes, 24 MCI (Microwave Communications Inc) for cellular telephones, 105 800-FRIENDS update service, 464 history of blue boxing, 28–29 access code, 94 in-band signaling principles, 28 challenging Bell monopoly, 83 Michigan loops, 12–13 dishonest tactics of, 168–170 microphones features of, 68–69 coaxial cable, 352 Friends and Family Circle gimmick, 463–464 contact, 350–351 long-distance fraud lawsuits of, 114 hidden-wire line, 351 multi-carrier toll abuse and, 222–223 with in-line amplifier, 351 in nineties, 463–464 parabolic, 350 no method for finding codes, 68 pizoelectric coaxial, 357 overview of, 67–68 shotgun, 350 MCI Mail, 158–161, 170 spike, 351 94192bindex.qxd 6/3/08 3:29 PM Page 855

Index 855

telephone line, 352 as role model for overcoming adversity, 597 tube, 351 Takedown screenplay and, 249–252, 254–256 Microsoft Outlook security weakness, 581 testifying before Senate about hackers, 580 microwaves what was lost, 575–576 cellular telephones, 87 MLOCR (Multiline Optical Character Reader), long-distance, 67 375–377 toll pass systems, 328 Mobile Identification Number. see MIN (Mobile military Identification Number) consequences of hacking into, 301–302 Mobile Station Integrated Services Digital experiences as paid hacker for, 405–408 Network (MSISDN) number, 429–430, Fortezza project, 310–312 433–434 military and war zone hacking stories, 618–630 Mobile Station Roaming Number (MSRN), GSM, backdoor exits from U.S. Military, 627–628 433–434 circumventing DOD’s SmartFilter, 628–630 Mobile Switching Center (MSC), GSM, 431–434 getting busted, 619–625 Mobile Telephone Switching Office. see MTSO hacker goes to Iraq, 618–619 (Mobile Telephone Switching Office) Military Entry Processing Station (MEPS), 628 mobile telephones. see cellular phones Miller, Johnny Lee, 243–245 Mobile Top Up phone card, Afghanistan, 659 MILNET, 145–146 MOD, 525, 527–528 MIN (Mobile Identification Number) Modern Biology, Inc., 822–823 Cellemetry service, 436–437 modulation transmitters, advanced, 355 cellular fraud and, 98, 479 Monsanto’s Roundup Ready crops, 821 NAM chip containing, 106 Morris, Robert T., 155–156, 235 programming CMT, 107 Morse Code, 368–369 roaming, 108 MOSAIC project, 310 safe cellular phreaking using, 103 Motion Picture Association of America. see miniature tape recorders, 361–362 MPAA (Motion Picture Association of MINIX operating system, 392–396 America) Miramax, Takedown screenplay, 249–256 Motorola, 363 MISSI (Multilevel Information Systems Security motors, surveillance tape recorders, 361 Initiative), 310–312 MPAA (Motion Picture Association of America) MITMs (man-in-the-middle attacks), WiFi, DeCSS code and, 574 744–746 DeCSS trial verdict, 587–591 Mitnick, Kevin lawsuit against 2600 and others, 576–577 conditional freedom of, 564, 586–587 opposition to motions of, 583 on doing time, 586 people realizing true motives of, 591, 593 facts in, 523 MSC (Mobile Switching Center), GSM, 431–434 false charges against, 528–529 MSISDN (Mobile Station Integrated Services forced to accept plea agreement, 538, 547–550 Digital Network) number, 429–430, 433–434 “Free Kevin” campaign, 252–253, 255–256 MSRN (Mobile Station Roaming Number), GSM, how this can happen, 544–546 433–434 imprisonment of, 526 MTA (Metropolitan Transportation Authority), 785 indictment against, 531 MTP (Message Transfer Part) packets, 432 media guiding perception of, 257–258 MTSO (Mobile Telephone Switching Office) as portrayed in Cyberpunk , 235–238, 246 checking valid cellular call number, 98 as portrayed in The Fugitive Game, 246–247 how cell phones work, 86 psychological and physical torture of, 569 recognizing access codes, 106 punishment far outweighing crime, 534–535, roaming, 108 544–546 safe cellular phreaking and, 103 raid on, 202–203 multi-carrier toll abuse, 222–223 94192bindex.qxd 6/3/08 3:29 PM Page 856

856 Index

multifrequency tones. see MF neighborhood security gates, 419–420 (multifrequency) tones neighbors’ networks, hacking, 739–743 Multilevel Information Systems Security net, early days. see Internet, early days of Initiative (MISSI), 310–312 Netcom, Kevin Mitnick case, 528–529 multiline dial-out slave infinity device, 359 NetNorth, 152 Multiline Optical Character Reader NetStumbler, 734 (MLOCR), 377 network code, identifying GSM provider, 429 multiplexing, GSM phones, 431–432 Network Processor. see NP (Network Processor) multitrack recording, surveillance tape Network Solutions, 583 recorders, 362 Network-Based ALI, 681–682 muting mouthpiece, COCOTs, 452 network-layer encryption, wireless networks, 737 MVM (MetroCard Vending Machine), 785, networks 787–789 beginning of Internet, 148–151 MW/MHWMWNC (Wall Mount hacking paging, 345–349 Enclosures), 608 Internet, 303 Mykotronx, Inc., 312 reading addresses, 153–155 Worldnet, 151–153 N Neuromancer (Gibson), 235 Nagra Magnetic Recorders, Inc., 362 New York City Transit Authority (NYCTA), 785 NAM (Number Assignment Module) New York Telephone/NYNEX. see NYNEX/New programming CMT, 107 York Telephone safe cellular phreaking and, 103 New York’s MTA, 785–794 security of, 106 conclusions, 794–795 named exchanges, 484–486 Cubic Transportation Systems, 786–787 NAPs, system of, 304–305 decoding Dual-Track MetroCards - Track 1-2, Napster, 581–582 792–794 narrow band transmitters, 356 decoding Dual-Track MetroCards - Track 3, National Assembly of Hackers, 249 791–792 National Biometrics Test Center, 811 MetroCard system, 787–788 National Direct Dial (NDD) code, Afghan overview of, 785 phone system, 658 reading MetroCards, 790 National RNZ 36, 362 receipts, 788–789 National Science Foundation Network terminology, 785–786 (Nsfnet), 152 turnstiles, 789 National Security Agency. see NSA (National vending machines, 788 Security Agency) newsgroups, elite speak in, 816 National Semiconductor, Fortezza cards, 312 nmap, 742 national signaling systems, 470–472 non-beaconing, 737 NATO allies, AUTOVON tied to, 31 non-judicial punishment, military law, 621 Naval Intelligence, lobbying for Digital NON-PUBDA#, obtaining from CN/A operator, 48 Telephony Bill, 561 no-pick option, and equal access, 97 Navy law enforcement agencies, 620–623 Nortel DMS-MSC, GSM switch, 431 NCR ATMs, hacking, 765–768 Northern Telecommunications, long-distance NDD (National Direct Dial) code, Afghan phone services made by, 67 system, 658 Notepad, 638 near infrared technology, vehicles, 329 Novatel CMTs, 104 Nedap voting machine, 807–808 NOVRAM chips, 427 Neidorf, Craig. see Lightning, Knight (Craig NP (Network Processor) Neidorf) CampusWide infrastructure and, 608–609 94192bindex.qxd 6/3/08 3:29 PM Page 857

Index 857

CampusWide server, 605 OLD command, RSTS/E, 128 conducting simple transaction, 610–611 omnidirectional antennas, radio piracy, 760 exploits, 611–612 OmniMetrix, 436 getting into database through, 606 Omnipoint, 483 NPA (area code), pagers, 346 OneCard system. see CampusWide system NSA (National Security Agency) op-diverting, ANI-fails, 665 Clipper Chip proposal, 556 OpenQubit, 288–289 cryptosystem of, 308 Openwave, 747–749 Digital Telephony Bill lobbying of, 561 Operation Sun Devil Fortezza project, 310–312 bittersweet victory, 501 invasion of citizen privacy, 552 crackdown, 493–496 secretive research of, 309–310 hunt intensifies, 496–498 Nsfnet (National Science Foundation increased restrictions, 498–499 Network), 152 no time for complacency, 500–501 NTS Connection, MCI affiliation with, 169–170 overview of, 492–493 Number Assignment Module. see NAM (Number operators Assignment Module) Amateur Radio, 367–369 number restriction, COCOTs, 452 conferencing and, 81 numbering system, world phone zones, 467–468 enabling calls to special, 48–49 numbers genesis of, 27 800, 92–93, 111–112 pagers sending out messages via, 341 976 (dial-it) numbers, 62 types of, 47–48 Automatic Number Identifier, 61 Optim9000. see CampusWide system determining hot sets of lottery, 646–648 OptoComs, Chrome Box, 324–325 ESN. see ESN (Electronic Serial Number) orangeboxing, 666 MIN. see MIN (Mobile Identification Number) ORed (XORed) burst period, 432 NAM. see NAM (Number Assignment Module) Orinoco cards, 735 numbers, COCOT phone Orion, 436 call forwarding, 456–457 OSUNY bulleting board, 23 overview of, 453–454 outgoing message (OGM), answering machines, numbers, stories about, 7–15 660–662 overview of, 7 out-of-band signaling, 27 scariest number in world, 8–9 overlay codes, 486 teleconferencing saga, 11–15 truth about 9999, 9–11 P Nunn, Senator Sam, 257 Pacific Bell, wiretapping, 555 NYCTA (New York City Transit Authority), 785 Pacific Telesis, 83 NYCWireless group, 737–738 packet types, 802.11b, 734 NYNEX/New York Telephone pagefile.sys, 286 as Baby Bell, 83 pagers, 339–345 changes to pay phones, 482–483 decoding setup, 346–349 competing with Ma Bell, 62 defined, 340 exposing, 175–176 for free, 101–102 mega-mergers, 482 how messages are sent to, 340 sleazy practices of, 157–158 how network works, 345–346 message length, 342 O other questions, 342–345 @o command, ARPANET, 146–147 sending out messages, 341 OGM (outgoing message), answering machines, types of, 340 660–662 94192bindex.qxd 6/3/08 3:29 PM Page 858

858 Index

PAI (public and international) accounts, Dell, PayPal, transaction reversals, 725–729 697, 699 PBX (Private Branch eXchange) Paketto Keiretsu, 701 digital telephone abuse, 43 PANI (Pseudo-ANI), 665 electronic pay phones, 39–40 Pansat 2500A receivers, 763–764 multi-carrier toll abuse, 222–223 paper clips, as lockpickers, 778 teleconferencing dangers, 79 parabolic microphones, 350 teleconferencing using, 77 ParadisePoker.com blackjack story, 644–646 PCMCIA card, 310 parallel transmitters, 360 PCP (PC Pursuit), 141–144, 164–165 parasitic grids, 737–738 PCS (Personal Communications Services), GSM, parole eligibility, military, 624–625 428–429 party lines, wiring for, 24 PCs, Kmart, 715 Passback Period, New York’s MTA, 786 peering, Internet, 302–305 passive detection, wireless networks, 734–735 pen registers, 183 passwords, 163 Pengo, 235 answering machine hacking, 660–662 Pentagon City Mall, 512 Answers for Gateway, 730 People Express, 166–168 COSMOS, 59 Peripheral Interchange Program (PIP), DEC-20, 124–125 RSTS/E, 128 electronic message center, 769 peripheral nervous system, 826 FirstClass, 617 Personal Communications Services (PCS), GSM, IBM’s Audio Distribution System, 69–71 428–429 Internet radio stations, 306 personal identification code (PIC), Pronto, 164 MCI Mail, 160–161 Personal Identification Number (PIN), GSM SIM military, 406–408 cards, 430 negative feedback on hacking, 503–504 Personal Unblocking Key (PUK), 430 printing password file, 60 personalized info, XM Radio signal, 755 Radio Shack screensaver, 706 Pfaelzer, Mariana, 549 RSTS/E, 127–128 PHALSE (Phreakers, Hackers, and Laundromat Telemail, 122–124 Service Employees), 525 UAPC, 135–136 pharmacy computers, Wal-Mart, 714 VMS systems, 130 phase-locked look (PLL) transmitter, radio Watson system at T-Mobile stores, 676 piracy, 759–761 patterns, lottery number, 784 Phiber Optick case, 523, 526–527 pay phones, 35–43. see also COCOTs (Customer philosophy. see hackers, philosophy Owned Coin Operated Telephones) phone cards, Afghan, 659 abuse of, 41–43 phone phreaking, 21st century, 659–680 alternate designs, 38–40 ANI and Caller ID spoofing, 664–669 charging for toll-free numbers from, 487 answering machine hacking, 659–662 cheese box, 40–41 backspoofing, 672–675 clear box working on post-pay, 32–33 feeding the frenzy of Internet threats, 662–663 hacking three holed, 652–655 fun of prosecuting for, 555 history of, 36 getting more from T-Mobile, 675–679 in the nineties, 482–483 tracking any U.K. GSM mobile phone, 679–680 operation logic, 36–37 Verizon’s Call Intercept, 669–672 types of, 39 phone phreaking, in 1980s what happens to your money, 37–38 access codes and, 106 why redboxing doesn’t work, 446–448 antennas, 105 pay TV descramblers, making, 332–333 and bulletin boards, 223–227 94192bindex.qxd 6/3/08 3:29 PM Page 859

Index 859

catching hackers for, 109–112 PKZIP, 416 cellular phones, 91–92 PL tone, 366–367 equipment, 104–105 Plain Old Telephone Service (POTS) motivations for, 209 backspoofing using, 672–675 one interpretation of, 221–223 VoIP using, 688–689 overview of, 103–104 planning, to get into Central Office, 52–55 programming CMT, 107 plasmids, 822–824 reflections on, 216 plausible credibility, 414–415 roaming, 108 Playboy channel, XM Radio, 757–758 social engineering story, 16–17 PLL (phase-locked look) transmitter, radio phone phreaking, in 1990s, 466–472. see also piracy, 759–761 toll fraud; voicemail hacking PMSP (Pre Message Security Protocol), 310 getting started, 467 POCSAG (Post Office Standards Advisory international signaling systems, 468–470 Group) pager setup, 346–347 national signaling systems, 470–472 point-of-sale (POS) numbering plans for world zones, 467–468 hacking hardware, 709–711 in prison, 388–390 readers, 610 war dialing, 401–405 Points of Presence (POPs), 303 phone rates, 1990s, 483–484, 487 political commentary, DeCSS case, 593 PhoneNet, 149–151 pop culture, 1990s Phrack newsletter crime waves, 266–268 charges dropped against, 501 entertainment. see entertainment, 1990s crackdown on, 493–496 hacker conventions, 271–276 facts of case, 500 media. see media, in 1990s no time for complacency, 501 overview of, 233–234 views from a Fed, 384–385 threat of success, 268–271 Phreakers, Hackers, And Laundromat Service POPs (Points of Presence), 303 Employees (PHALSE), 525 portable hacking, 278–284 phreakers, publicity and, 22 future of, 284 PIC (personal identification code), Pronto, 164 modems and couplers, 280–281 PICCs (Pre-subscribed Interexchange Carrier overview of, 278–280 Codes), bypassing ACR, 669 planning, 283–284 Pick Up & Go service, People Express, 166–168 where to go, 281–283 Pick-6 lottery, 647 portable tape recorders, phreaking with, 222 PIN (Personal Identification Number), GSM SIM ports cards, 430 and Back Orifice, 295 pin pads, Kmart, 714–716 Internet radio station access, 306–307 pin pads, Wal-Mart, 710 POS (point-of-sale) pink noise, avoiding blue box detection, 30 hacking hardware, 709–711 PIP (Peripheral Interchange Program), readers, 610 RSTS/E, 128 Positive Roamer Verification (PRV), 108 piracy Post Office Standards Advisory Group cellular phone, 103, 106 (POCSAG) pager setup, 346–347 DVD, 576–580 post offices, and credit card fraud, 191 radio, 758–761 Postal Numeric Encoding Technique television, 113 (POSTNET), 373, 377 pizoelectric coaxial microphone, 357 POSTNET (Postal Numeric Encoding PKCS (Public Key Cryptography Standard), 312 Technique), 373, 377 PKUNZIP.BAT file, 400–401 94192bindex.qxd 6/3/08 3:29 PM Page 860

860 Index

post-pay phones privs, DEC-20, 125 activating, 677 probe packets, 734 clear box working on, 32–33 processes, Back Orifice, 295 history of, 36 Pronto, 158, 161–164 POTS (Plain Old Telephone Service) Proposition 21, 579 backspoofing using, 672–675 Prosecutor’s Brief publication, 555–556 VoIP using, 688–689 PROTECTION files, RSTS/E, 129 power source, for radio piracy, 759–760 PRV (Positive Roamer Verification), 108 powerline carrier current devices, 357 PSAP (Public Safety Answering Point), 681–682 Pre Message Security Protocol (PMSP), 310 Pseudo-ANI (PANI), 665 PREOP account, COSMOS, 59 pseudo-felon, making of, 630–634 pre-pay phones, 36, 677 PSTN (Public Switched Telephone Network), presets, 3D glasses, 813–816 VoIP, 688 Pre-subscribed Interexchange Carrier Codes public and international (PAI) accounts, Dell, (PICCs), bypassing ACR, 669 697, 699 pretexts, and social engineering, 828–830 Public Key Cryptography Standard (PKCS), 312 PRI (Primary Rate) ISDN line, spoofing Caller public networks, wireless, 737–738 ID, 665 Public Safety Answering Point (PSAP), 681–682 price tags, Circuit City, 702–703 public services, 140 printing Public Switched Telephone Network (PSTN), Gulf War printer virus, 289–290 VoIP, 688 password file, 60 PUK (Personal Unblocking Key), 430 Priority*Call, 460 punch cards, UAPC, 134 Prism2 cards, 735 push-button locks. see Simplex locks prison letter from, 387–390 Q military sentences, 623–624 Q VOICEMAIL system, 474 privacy QAM standard, 762 Busy Line Verification vulnerability, 464–466 QModem script, 404–405 Digital Telephony Bill provisions, 560–561 QoS (Quality of Service), 634–636 Electronic Communications Privacy Act, Q.T. (quick termination) service, 114 98–100 quantum hacking, 287–289 government invasion of, 115–116, 500, 505 qubits (quantum bits), 288 MCI gimmicks, 463–464 Question Authority, 90 negative feedback on hacking, 504–509 Quick-Scribe terminal, 710–711 September 11, 2001 and America’s right to, Quittner, Josh, 239–242, 559 626–627 student databases and, 602–604 R wiretapping and invasion of, 552 R (ring) telephone wires, 24 privacy hole, 464–466 R1 signaling system, 470–471 Private Branch eXchange. see PBX (Private R2 signaling system, 469–470 Branch eXchange) radio, hacking Private Sector bulletin board system amateur radio, 367–369 false charges against, 189–192 fast food fun, 365–367 protecting Sysops, 192–194 Internet stations, 306–307 returning online, 194–197 listening in. see surveillance devices seizure by law enforcement, 184–187 overview of, 361–362 threat to us all, 187–189 pager, 101–102, 340, 342–343 privileged accounts, VMS systems, 131 pirating airwaves, 758–761 94192bindex.qxd 6/3/08 3:29 PM Page 861

Index 861

RFID (Radio Frequency Identification) and, operation of, 442–443 749–751 phreaking with, 41–43 trunking communications monitoring, portrayal of in Hackers, 244 362–364 why it doesn’t work, 446–448 XM Radio, 753–758 Reduced-Fare MetroCard (RFM), 785, 788–789 Radio Common Carrier (RCC), 87 Regional Bell Operating Companies (RBOCs), Radio Frequency Identification (RFID), 749–751 21–22, 92 radio modem, electronic message centers, registers, Wal-Mart, 712–713 769–770 registry Radio Shack getting rid of Back Orifice on, 295 fixing PRO-2004 scanner, 100–101 getting rid of files, 286–287 hacking into, 704–706 Relationship accounts, Dell, 697 raids, 1980s remote activation transmitters, 354–355 conclusions, 205–207 remote connections, COCOTs, 453 FBI goes after ADS hackers, 181–184 remote functions, Cellemetry, 435–438 Herbert Zinn, Jr., 203–204 remote listening post infinity device, 359 Kevin Mitnick, 202–203 remote modem (dialup), 770 Private Sector BBS. see Private Sector bulletin remote secrets, hacking, 773–777 board system Remote Source Control System (RSCS) Sherwood Forest BBS, 197–198 protocol, 149 at teenagers` houses, 198–200 Remote Switching Unit (RSU) class, 45 raids, 1990s. see Operation Sun Devil remotes rainbow box, 445 hacking Mercedes Benz with universal, 772 rakes, lockpicking with, 780–781 re-programming car, 772–776 RAM, 285, 425–427 Reno, Janet, 260 RAND (random number), GSM, 432 Repeat*Call, 460 Rappa, Charles, Sr., 536 report cards, UAPC, 134 RBOCs (Regional Bell Operating Companies), reporters, dealing with, 262–265 21–22, 92 reputation, journalistic, 264–265 RCA cables, 347 resistors, telephone voltage, 25 RCC (Radio Common Carrier), 87 Resource System Time Sharing Environment RCI, 222–223 (RSTS/E), 127–129 readers Restil, Ian, 248–249 CampusWide, 609–611 restoration to active duty, military, 625 MetroCards, 787, 790 retail hacking, 691–730 Real Encoder, 307 802.11b at Kroger’s, 700–702 Real Networks, 306 Answers for Gateway, 729–730 Real Producer, 307 Best Buy, 692–695 receipts, New York’s MTA, 788–789 Blockbuster, 695–696 receivers Circuit City, 702–704 re-programming car remotes, 775–776 Clarion Hotel, 718–720 satellite, 763, 764 Dell computers, 697–700 Recording Industry Association of America electronic applications, 720–721 (RIAA), 591, 593 Hilton Hotel, 716–718 recycling bins, hacking FirstClass in, 617 Home Depot, 696–697 red box PayPal hurts, 725–729 Bernie S. saga, 531–534 Radio Shack, 704–706 converting tone dialer into, 439–441 retail hardware, 709–711, 714–716 defined, 24, 221 soda machines, 721–722 94192bindex.qxd 6/3/08 3:29 PM Page 862

862 Index

Target, credit card fraud, 708–709 Sandza, Richard, 225 on vacation, 722–725 SAT (Supervisory Audio Tone), cell phones, Wal-Mart, 711–714 427–428 retinal scans, biometrics, 810 satellite dishes, satellite TV, 762–763 Return*Call, 461 Satelliteguys FTA/MPEG forum, 765 RFC822 mail addresses, 152–155 satellites RFID (Radio Frequency Identification), 749–751 Afghan phone system, 658–659 RFM (Reduced-Fare MetroCard), 785, 788–789 charges against Private Sector BBS, 189–190 RHS (Right Hand Side), RFC822 mail addresses, how paging networks work, 345–346 153–155 nationwide paging, 344 RIAA (Recording Industry Association of TV broadcasts, 761–765 America), 591, 593 XM Radio signal transmission, 754–755 Riggs, Robert, 509–510 SBDN (Southern Bell Data Network), 509–510 Right Hand Side (RHS), RFC822 mail addresses, SBS (Skyline), 66–69, 170–171 153–155 Scan, McAfee Associates, 292 ring trip, 26 scandisk, 286 ringing, telephone SCANFILE.BAT file, 400–401 distinctive, 114 Scanner World, 102 overview of, 26–27 scanners step office sounds, 50 eavesdropping with, 116–118 roaming pager decoding with, 346–347 GSM, 433 paging for free with, 101–102 phone phreaks and, 108 trunk trackers, 363 reconfiguring cell phone to, 427 VHF marine telephone frequencies and, 424 Robinson, Jr., Clarence A, 248 virus, 290–293 robots, brain-driven, 826 scanning, importance of thorough, 218 “Rock” satellite, XM Radio, 754–755 scariest number in world story, 8–9 Rockoff, Alan, 185–186, 195 Schindler, David, 545 Rockwell Wescom, 67 school hacking stories, 602–618 Roosevelt, President, 5 CampusWide, 604–612 ROOT account, 754–755 FirstClass hacking, 615–618 ROOT account, COSMOS, 59 school ID numbers, 614–615 Roscoe Gang, 203 student databases, 602–604 rotary phones, 24, 49–52 university of insecurity, 612–614 roulette wheels, 646–647 Scorch, 285 routers, and China’s firewalls, 803 Scorpion, 526 RS-232 interface, 607–608, 767 scrambled transmitters, 355 RS-485 drop lines, 607–609, 611–612 scrambling data, 193 RSA cryptography, 312 Screaming Fist II virus, 398–401 RSCS (Remote Source Control System) screensaver passwords, Radio Shack, 706 protocol, 149 script kiddies, 648–650 RSTS/E (Resource System Time Sharing Sdu voting machine, 807 Environment), 127–129 searches, military law, 621 RSU (Remote Switching Unit) class, 45 Sears Watch Service, 710–711 Second World War eavesdropping story, 4–5 S secret detector units, E-Z Pass system, 328 S., Bernie. see Bernie S. (Ed Cummings) secret numbers, COCOTs, 453 safety pins, lock picks, 778–780 Secret Service Safeware, 162 Bernie S. and, 532–538, 540–543 94192bindex.qxd 6/3/08 3:29 PM Page 863

Index 863

pseudo-felon story and, 631–634 September 11, 625–627 raid on Sherwood Forest, 197–198 September 11, 2001, 625–627 raids on computers at teenagers`houses, series transmitters, 360 198–200 servers Steve Jackson Games lawsuit against, Back Orifice, 294 496–497, 511 CampusWide, 605 underground bulletin boards, 226 Internet radio stations, 306 Secret Service and 2600 meetings, 512–522 Service Provider ID (SIDH), 427 advice, 519–522 service tags, Dell BIOS chip, 698 fallout, 515–516 Session Initiation Protocol (SIP), VoIP, 688 lawsuit against Secret Service, 517–518 Shamir, Adi, 309 mall police actions, 512–514 Sherwood Forest BBS raid, 197–198 mania, 518–519 Shimomura, Tsutomu our plans, 516–517 fabrications in Takedown , 249–252 overview of, 512 false charges against Kevin Mitnick, 529–530 what it was all about, 514–515 protesting Takedown screenplay, 255 Secrets of Lockpicking (Hampton), 778–780 Shor, Peter W., 288 secure delete programs, 285–287 shotgun microphones, 350 Secure program, 293 Shredder, 287 security. see also cryptography SID (System ID), 108 802.11b networks, 737, 738 SIDH (Service Provider ID), 427 Busy Line Verification vulnerability, 464–466 signal, XM Radio, 755–756 cable modem holes in, 333–335 Signal magazine, 248 calling card flaws, 423–424 signal transmission, XM Radio, 754–755 CampusWide flaws. see CampusWide system Signaling System 7 (SS7) protocol, 673 cellular user flaws, 98–100 signaling systems, 469–472 eavesdropping story, 4–5 signature verification, biometrics, 810 freedom of speech restricted in name of, signed response (SRES), GSM, 432 594–596 silver box hacker bulletin boards and, 224 defined, 24, 221 hackers as checks to, 210–211, 384–387 how to use, 31–32 MCI flaws, 463–464 operation of, 445 neighborhood gate flaws, 419–420 SIM (Subscriber Identity Module) cards obsession of society with, 832 activating post-pay phones, 677 overview of, 675–679 activating pre-pay phones, 677 Pronto electronics flaws, 163–164 adding line to someone’s existing account, 678 scanning calls for, 117 authentication and encryption, 432–433 Simplex lock flaws, 315 mobile station made up of, 431 university of insecurity story, 612–614 overview of, 429–430 Vonage broadband risk, 686–687 Simple Mail Transfer Protocol (SMTP), security readers, CampusWide, 609–610 ARPANET, 152 Select*Forward, 460 simple transaction, CampusWide, 610–611 selectors Simplex locks, 314–323 dialing and, 49 hacking, 317–323 step switching and, 50 illusion of security in, 314–317 Self Service System Software, 767 single-coil relay, pay phones, 38 self vending readers, 610–612 Single-Track MetroCard, 786 sensormatic handheld deactivators, SIP (Session Initiation Protocol), VoIP, 688 Wal-Mart, 714 Site Management Guide, 129–130 94192bindex.qxd 6/3/08 3:29 PM Page 864

864 Index

size, surveillance tape recorders, 361 speed enforcement, vehicles, 328–330 Skipjack, 309, 310–311 speed number recording, long-distance, 67 Skylarov, Dmitry, 595, 597–598 spike microphones, 351 Skyline (SBS), 66–69, 170–171 spoofing slaves, surveillance, 358–359 ANI and Caller ID, 664–669 sliver band transmitters, 356 cellular IDs, 91 Sloane, W. Evan, 90 spot beaming signals, 754 slugs, pay phones, 653 spread spectrum transmitters, 355 smart cards, and biometrics, 811 Sprint backbone provider, 303 SMART system access, Wal-Mart, 713–714 Spyrus, 312 Smartcard Developer Association, 434 SRES (signed response), GSM, 432 SmartFilter, circumventing DOD’s, 628–630 SS Decoder, XM Radio, 756 Smartnet, 363 SS7 (Signaling System 7) protocol, 673 SMTP (Simple Mail Transfer Protocol), SSID cloaking, 736–737 ARPANET, 152 SSNs (Social Security Numbers), 612–614, sniffing 677–678 cable modem security and, 334–335 ST (STart) tone, in-band signaling, 28 detecting 802.11b networks, 734–735 STA450 source decoder, 755–756 social engineering standard cards CN/A operator susceptibility to, 48 MetroCards vs., 788 hacking FirstClass, 616 New York’s MTA, 786 hacking UAPC with, 136 standard readers, New York’s MTA, 786 installing Back Orifice using, 294 standards phone phreak story, 16–17 1987 FAX, 144–145 and pretexts, 828–830 biometric, 811 spoofing Caller ID and ANI, 667–668 standing wave ratio (SWR) meter, 760 Social Security Numbers (SSNs), 612–614, Stasi secret police, 683 677–678 State Lottery Commission, 648 Socotel, 471 statistics, lottery, 781–783, 784–785 soda machines, hacking, 721–722 Steal This Book (Hoffman), 655 software step crashing, 51 ATM, 767 step offices, 49–52 electronic message center, 769, 771–772 Steve Jackson Games Voter Enumeration System, 806 harrassment of, 492 software hacks, pay phones, 655 lawsuit against Secret Service, 511 Software Piracy Association (SPA), 238–239 negative feedback on, 506–507 Software Publishers Association, and crime, 553 raid on, 496–497 soul, 825 Stevens, Fisher, 244–245 SoundBlaster compatible sound cards, 346 STM CD, Dell, 699 Southern Bell Data Network (SBDN), 509–510 stories, 1980s, 3–19 Southwestern Bell, 83, 92 American Express phone, 18–19 Soviet Union eavesdropping, 4–5 phone system, 90–91 first atomic bomb, 5–7 as a surveillance society, 683 friends in high places, 55–56 SPA (Software Piracy Association), 238–239 from hacker world, 3 Speaker-Verification API (SVAPI) standard, 811 numbers. see numbers, stories about special court-martial, military law, 621–622 phone phreak, 16–17 Special MetroCard, 786 trashing, 17–18 speech-scramblers, 4 94192bindex.qxd 6/3/08 3:29 PM Page 865

Index 865

stories, 1990s Summercon, 512 birth of low-tech hacker, 382–384 Sun Microsystems, 549 confessions of beige boxer, 408–414 Superpages, 748 downsizing insurance, 414–418 Supervisory Audio Tone (SAT), cell phones, Ghost Board, 397–398 427–428 growth of low-tech hacker, 390–392 support.dell.com, 699 hacker’s day, 398–401 surreptitious interception, 98 hacking for the military, 405–408 surveillance, Soviet Union, 683 letter from prison, 387–390 surveillance devices, 349–362 neighborhood security gates, 419–420 carrier current devices, 356–357 study of hackers, 392–396 Digital Telephony Bill, 559–561 view of Fed, 384–387 hardwired room microphones, 351–352 war dialing, 401–405 infinity transmitters, 357–358 stories, 2000 and beyond, 601–650 long-range listening devices, 350 aftermath of September 11, 625–627 miniature tape recorders, 361–362 Anna Kournikova virus, 639–640 reasons to learn, 349 backdoor exits from U.S. Military, 627–628 slaves and loop extenders, 358–359 CampusWide, 604–612 takeover of nation’s phone system, 559–561 catching my cheating girlfriend, 637–639 telephone traps and transmitters, 359–360 circumventing DOD’s SmartFilter, 628–630 through-wall listening devices, 350–351 examining student databases, 602–604 transmitters (bugs), 352–356 FirstClass hacking, 615–618 in twenty-first century, 683–686 future of computing, 642–644 SVAPI (Speaker-Verification API) standard, 811 getting busted military style, 619–625 SWAGIMA, 66 hacker goes to Iraq, 618–619 swap files, 286 ISP story, 648–650 Swisscom, 434 looking back, 640–641 switches making of pseudo-felon, 630–634 Afghan phone system, 658 observing lottery, 646–648 GSM, 431–432 overview of, 601 long-distance, 67 ParadisePoker.com blackjack, 644–646 satellite TV, 763 school ID numbers, 614–615 switching centers, 45–46 university of insecurity, 612–614 step switching and, 50 warning from caught uncapper, 634–636 SWR (standing wave ratio) meter, 760 strobe light, Chrome Box, 324 SYSNAM privilege, VMS systems, 132 Strowger system, step office, 51–52 Sysops Student Database story, 602–604 charges against Private Sector BBS, 194–197 Student ID stories protecting themselves, 192–194 CampusWide cards, 606–607 SYSTAT (SY), 124–125, 128 FirstClass hacking, 615–618 SYSTEM accounts, VMS systems, 131 fun with numbers, 614–615 System ID (System ID), 108 student databases, 602–604 SystemOne software, 769 university of insecurity, 612–614 stunts, teleconferencing, 80–81 T subcarrier transmitters, 356 T (tip) telephone wires, 24 subdirectories, and viruses, 291 “table ready” signal, 723–724 Subscriber Identity Module. see SIM (Subscriber Takedown (film) Identity Module) cards fabrications in, 249–252 success, threat of, 268–271 “Free Kevin” campaign, 252–253 94192bindex.qxd 6/3/08 3:29 PM Page 866

866 Index

overview of, 250–253 equal access, 93–97 re-writing of screenplay, 235, 254–255 forbidden frequencies, 100–101 Talk Cents, 484 IBM audio distribution systems, 69–71 Talkabout, 89 long distance, 66–69 Talking Greeting Card, hacking, 339 Ma Bell breakup, 71–73 tandem, 490 overview of, 65–66 TAP publication, 229–230 paging for free, 101–102 phreakers and, 23 phone choices, 89–92 tapping modem lines, 136 Radio Shack PRO-2004 scanner, 100–101 TAPR (Tucson Amateur Packet Radio), 368–369 results of divesture, 82–85 taps scanning for calls, 116–118 keyboard, 383 telecom informer, 113–116 telephone, 359–360 teleconferences, 76–82 Target, credit card fraud, 708–709 Travelnet, 73–76 TASI (Time Assignment Speech Interpolation), telecommunications toys, 21st century, 732–830 189–190 31337SP34K, 816–817 TCAP (Transaction Capabilities Application 3D glasses, 812–816 Part), 432 802.11b networks, 733–739 Tcimpidis, Tom, 211–213 biometrics, 809–812 TCP RST (reset connection), China’s Internet, Captivate networks, 743–744 803–804 elections, 805–809 TCP/IP protocol, 148–149, 151–152, 771 electronic message centers, 768–772 TDMA (Time Division Multiple Access) frames, firewall of China, 801–805 GSM, 431, 432 genome, 820–824 tech support Google AdWords, 795–801 Answers for Gateway, 729–730 honeypots, 818–820 Dell, 697–699 lock picks, 777–780 technology, 574 lottery, 780–785 addressing side-effects of, 552 Mercedes Benz with universal remote, 772 corporations scared by new, 581 NCR ATMs, 765–768 hackers vs. criminals, 553–554 neighbors’ networks, 739–743 positive developments towards, 596–599 New York’s MTA. see New York’s MTA restrictions on new, 565 overview of, 732 teenagers, Secret Service raids on, 198–200 pirate radio primer, 758–761 telecommunications real electronic brain implantation and fraud, 221–223 enhancement, 824–828 privacy and, 115–116 remote secrets, 773–777 Telecommunications Act of 1996, 581 RFID, 749–751 telecommunications toys, 1980s satellite TV broadcasts, 761–765 800 number allocation, 92–93 social engineering and pretexts, 828–830 Airfone, 93 WAP, 747–749 catching phone phreaks, 109–112 WiFi and MITM, 744–746 cellular phone companies, 92 XM Radio, 753–758 cellular phones, fraud, 103–108 teleconferences, 7, 11–15 cellular phones, fraud bust, 97–98 teleconferences, running successful, 76–82 cellular phones, how they work, 85–89 conference controls, 78–79 cellular phones, phreaking, 91–92 conference numbers, 76–78 Electronic Communications Privacy Act, dangers, 79 98–100 other conferences, 81 94192bindex.qxd 6/3/08 3:29 PM Page 867

Index 867

overview of, 76–77 first atomic bomb, 5–7 stunts, 80–81 hacking American Express, 18–19 Telemail. see GTE Telemail phone phreak scores, 16–17 Telemetrac, 436 scariest number in world, 8–9 Telemetry, 435 teleconferencing saga, 11–15 Telephone Exchange Name Project, 485 WW II eavesdropping, 4–5 telephone line surveillance devices Tele-Tria, 224–225 carrier current devices, 357 Telnet, 121–122, 152 infinity transmitters, 357–358 @ Telnet prompt, 121–122 microphones, 352 Temporary Mobile Subscriber Identity (TMSI) slaves and loop extenders, 358–359 number, 430, 432, 433 taps and transmitters, 359–360 terminals, pager, 341 telephones terminology making of pseudo-felon, 630–634 hacker, 7 traps and transmitters, 359–360 New York’s MTA, 785–786 telephones, in 1990s, 421–490 Terms of Service (ToS), Google AdWords, area code system, 486–487 797–798 Caller ID, 458–463 terrorism COCOTs. see COCOTs (Customer Owned combating, 562 Coin Operated Telephones) feeding frenzy of, 662–663 long-distance charges, 487–490 Tessera Cryptographic Card, 310 MCI gimmicks, 463–464 test calls, spoofing Caller ID and ANI, 667–668 mega-mergers, 482 TFPC (Toll Fraud Prevention Committee), naming exchanges, 484–486 478–479, 480–481 overview of, 421–422 The Art of Deception (Mitnick), 829 pay phones, 482–483 The Cuckoo’s Egg (Stoll), 235–236, 819 phone rates, 483–484, 487 The Fugitive Game (Littman), 245–247 phreaking in the nineties, 466–472 The Good, The Bad, and the Ugly (film), 239 privacy hole, 464–466 The Hacker Crackdown (Sterling), 245 special call numbers, 483 The Net (film), 242–243 toll fraud, 478–481 The New Republic journal, 248 voicemail hacking, 472–478 The New York Times web page hack, 255–256 wireless. see wireless communications The Phoenix Project (bulletin board), 496–497 telephones, in 21st century, 651–689 The Point, 499 in Afghanistan, 657–659 The Whiz Kids (TV program), 210 ANI and Caller ID spoofing, 664–669 The Whole Spy Catalog, 532 answering machine hacking, 659–662 third number billing fraud, 478 backspoofing, 672–675 Thomas, Carleen, 559, 563 future of enhanced 911, 681–683 Thomas, Robert, 559, 563 getting more from T-Mobile, 675–679 threats, Internet, 662–663 hacking three holed pay phones, 652–655 three holed pay phones, hacking, 652–655 idiocy in the Telcos, 655–657 Three Strikes Law, California, 435, 579 surveillance in twenty-first century, 683–686 through-wall listening devices, 350–351 tracking any U.K. GSM mobile phone, 679–680 TIA (Total Information Awareness), 598–599 Verizon’s Call Intercept service, 669–672 Time Assignment Speech Interpolation (TASI), VoIP cell phones, 687–689 189–190 Vonage broadband security risk, 686–687 Time Division Multiple Access (TDMA) frames, telephones, stories. see also Ma Bell GSM, 431, 432 9999 numbers, 9–11 94192bindex.qxd 6/3/08 3:29 PM Page 868

868 Index

time-to-live (TTL) parameter, China’s Internet, infinity, 357–358 803–804 mains powered, 354 tip (T) telephone wires, 24 narrow band, 356 TIPS system, 598 parallel, 360 T-Mobile, 675–679 radio piracy using, 759–761 TMSI (Temporary Mobile Subscriber Identity) remote-activated, 354–355 number, 430, 432, 433 re-programming car remotes, 775–777 toll fraud scrambled, 355 diverter, 62 series, 360 incoming international collect, 479–481 sliver band, 356 Telco investigating, 25 spread spectrum, 355 Toll Fraud Prevention Committee, 478–479 subcarrier, 356 Toll Fraud Prevention Committee (TFPC), UHF, 353 478–479, 480–481 VHF, 353 toll passes (transponders or tags), 328 VOX-activated, 354–355 toll-free numbers wafer, 353 charging owners for calls from pay phones, 487 wideband, 355 spoofing ANI to, 668 trap and trace, step offices, 50 tone dialer, converting into red box, 439–441 trashing story, 17–18 Tone*Block, 461 Travelnet, 73–76 tones, coin signal pay phone, 36–37 Trillian Pro multinetwork chat program, 749 ToS (Terms of Service), Google AdWords, trojans. see viruses and trojans 797–798 trunking communications monitoring, 362–364 Total Information Awareness (TIA), 598–599 trunks, in-band signaling, 27–28 TouchPaks, 723–724 Truphone, VoIP, 688–689 touch-tone decoders, 412 trustees, military prisons, 624 touch-tone entry, pagers, 341 TRW computer, 190, 211–213 touch-tone phones .TSK extension, RSTS/E, 129 AUTOVON and silver boxes, 31–32 TSPS (Traffic Service Position System) operators, common control and, 49 36, 47 hardwiring, 33–34 TTL (time-to-live) parameter, China’s Internet, wiring, 24 803–804 traceroute, Internet peering, 303 TTY’s (Teletypewriters), 48 Traffic Service Position System (TSPS) operators, tube microphones, 351 36, 47 Tucson Amateur Packet Radio (TAPR), 368–369 Transaction Capabilities Application Part turnstiles, New York’s MTA, 789 (TCAP), 432 TV broadcasts, hacking satellite, 761–765 transaction reversals, PayPal, 725–729 two-way communication pagers, 345 transceivers, cellular phone, 104 TXT command, DEC-20, 124–125 transcripts, UAPC, 134 transgenes, 821–823 U transgenic organisms, creating, 820–823 U. K. (United Kingdom), tracking GSM phones, transmitters, 352–358 679–680 advanced modulation, 355 UAF (User Authorization File), hacking into advanced telephone, 360 VMS systems, 129 battery-powered, 354 UAPC (University Applications Processing crystal-controlled, 354 Center), 132–139 free-running oscillators, 354 about Wylbur, 136–137 frequency hopping, 355 applications that run on, 137–138 94192bindex.qxd 6/3/08 3:29 PM Page 869

Index 869

changing grades, 138–139 USNet system, 642–644 defining, 132–133 USPS (United States Postal Service), 372–377 finding out if your school is on, 134 Bar Code Sorter, 375 getting password, 135–136 FIMs, 374 location of, 133 Letter Sorting Machine, 374–375 logging onto, 134–135 mail hacks and, 376–377 technical information about, 133–134 MARK-facer canceler, 373 U.C.M.J. (Uniform Code of Military Justice), 620 Multiline Optical Character Reader, 375 UHF transmitters, 353 overview of, 372–373 UMA (Unlicensed Mobile Access) chips, VoIP POSTNET, 373 using, 688 UTF-8 format, and China’s firewalls, 804 uncapping, 634–636 UUCP (Unix to Unix Copy Programs) network, Unican/Simplex locks. see Simplex locks 149–152, 154 Uniden Bearcat trunked systems, 363 UUNet, 305 United Kingdom (U.K.), tracking GSM phones, 679–680 V United States Court of Appeals for the Armed V4 boxes, electronic message centers, 769 Forces, 623 vacation, hacking on, 722–725 United States Post Office. see USPS (United valet switch, programming car remotes, 774 States Postal Service) Value Transfer Stations, 610–612 units, pager, 340 Varney, Thomas, 533, 540–541, 543 Universal Express tickets, hacking, 722–723 VAXes, 129–132, 159 universal remotes, hacking Mercedes Benz, 772 VCO (voltage controller oscillator) transmitter, Universal Studios/Islands of Adventure, 722–723 759–761 universities. see school hacking stories Vectorone Cellular, 117 University Applications Processing Center. see vending machines, New York’s MTA, 788 UAPC (University Applications Processing Verifone PinPad 1000, 709–710 Center) Verizon UNIX, imitating for hackers, 392–396 anti-cybersquatting act and, 583–584 Unix to Unix Copy Programs (UUCP) network, Call Intercept, 669–672 149–152, 154 registration of 706 domain names, 583 UNREAD command, Telemail, 124 VES (Voter Enumeration System), 806 unshredding evidence, 378–379 VHF transmitters, 353 UPS dropboxes, 316 video enforcement of speed, 329 Urban Fortress phones, 655 video standards, satellite TV, 762 URL History, getting rid of files, 286 Vietnam War, 221, 230 U.S. Sprint, 222–223 virtual memory, getting rid of files, 285 U.S. Telecom, 94 Virus: Protection, Prevention, Recovery U.S. West, 83 (Commonwealth Films), 239 U.S.D.B. (United States Disciplinary Barracks), viruses and trojans, 289–296 623–624 Back Orifice tutorial, 294–296 User Authorization File (UAF), hacking into Gulf War printer virus, 289–290 VMS systems, 129 overview of, 289 usernames virus scanners exposed, 290–293 accessing Internet radio stations, 306 Visitor Location Register (VLR), GSM, 431–434 DEC-20, 124–125 VLR (Visitor Location Register), GSM, 431–434 hacking into MCI Mail, 160–161 VMBs (voice mailboxes). see voicemail hacking hacking into VMS systems, 130 VMS systems, 129–132 Watson system at T-Mobile stores, 676 94192bindex.qxd 6/3/08 3:29 PM Page 870

870 Index

voice actuation circuit (VOX) transmitters, Washburn, Mark, 293 354–355, 359 WATS service, 111, 173–175 Voice over Internet Protocol. see VoIP (Voice Watson system, T-Mobile stores, 675–679 over Internet Protocol) cell phones WC (wire center), 59 voice pagers, 340 WDW (Walt Disney World), Fast Pass, 722–723 voice verification, biometrics, 810 We Lost Control: Illegal Software Duplication voicemail hacking, 472–478 (Commonwealth Films), 238–239 box takeover, 475 Wellenreiter, 735 common defaults, 477–478 WEP (Wired Equivalence Protection) finding login sequence, 473 changing keys, 743 finding valid boxes on system, 472–473 defined, 733–734 finding virgin VMB system, 472 discovering with Kismet, 740 getting in, 474 myth and truth of, 736 scanning boxes from inside, 474–475 Western Electric/AT&T phones, 39 system identification, 475–477 Western Union (Metrofone), 66–69, 94 voice-paging systems, for free, 101–102 white box, 445 VoIP (Voice over Internet Protocol) cell phones wideband transmitters, 355 backspoofing using, 672–675 WiFi (wireless fidelity), 733, 744–746 hackers and, 490 Wildcat BBSs, 400–401 overview of, 687–689 Wildfeeds, satellite TV, 764 Vonage broadband security risk, 686–687 WIN system, 76 voltage controller oscillator (VCO) transmitter, win386.swp file, 285–286 759–761 WinAMP with AVS Studio, 812–816 voltages, telephone Windows Active Directory policies, 746 detecting black boxes, 25 Windows Help vulnerability, Best Buy, 693 overview of, 25 Windows registry, 286 ringing and, 26 winks, step offices and, 50 Vonage broadband security risk, 686–687 wire center (WC), 59 Voter Enumeration System (VES), 806 Wired Equivalence Protection. see WEP (Wired VOX (voice actuation circuit) transmitters, Equivalence Protection) 354–355, 359 Wireless Access Protocol (WAP), 747–749 wireless communications W Cellemetry, 435–438 wafer transmitters, 353 cellular phones, 425–428 Walkman, pay phone abuse, 41 coding scheme of boxes, 441–445 Wal-Mart converting tone dialer into red box, 439–441 Customer Activated Terminal, 711–712 GSM. see GSM (Global System for Mobile hacking retail hardware at, 710 Communications) pharmacy computers, 714 listening in, 423–424 registers, 712–713 news items, 434–435 sensormatic handheld deactivators, 714 overview of, 422 SMART system access, 713–714 telephones. see cellular phones WAP (Wireless Access Protocol), 747–749 why redboxing doesn’t work, 446–448 WAP Proxy, 747–748 wireless fidelity (WiFi), 733, 744–746 War Games, 22, 211, 214, 223 Wireless Mapquest, 748 war on drugs, 683 Wireless Markup Language (WML), 748 war zone stories. see military and war zone wireless mesh, 737–738 hacking stories wireless toys of 21st century, 732–765 warranty, Dell computers, 698–700 exploring neighbor’s network, 739–743 94192bindex.qxd 6/3/08 3:29 PM Page 871

Index 871

guide to 802.11b networks, 733–739 X hacking Captivate network, 743–744 XM Radio, 753–758 overview of, 732 activation, 757 pirate radio primer, 758–761 compression, 756 RFID, 749–751 encryption, 756 satellite TV broadcasts, 761–765 exploitation, 757 WAP, 747–749 further strain, 757–758 WiFi and MITM, 744–746 future of, 758 XM Radio, 753–758 myths about, 754 wires, worn for surveillance, 352–353 signal, 755–756 wiretapping signal transmission, 754–755 building into digital phone systems, 552 XORed (XORed) burst period, 432 honeypots akin to, 819 legalities of phone company, 555 Y obtaining evidence in hacker investigations, 524 yellow box, 443–444 surveillance using, 359–360 YIPL (Youth Independent Party Line) newsletter, wiring, telephone, 24–25 221, 229 WML (Wireless Markup Language), 748 workstations, CampusWide, 606 Worldnet, 151–155 Z ARPANET and, 151–152 Zener diode, 25 basic concepts, 151 ZIF (Zero Insertion Force) DIP socket, 107 BITNET and, 151–152 Zinn Jr., Herbert, 203–206 others, 153 ZIP+4 code, POSTNET, 373 reading network addresses, 153–155 zones, world phone, 467–468 UUCP and, 152 Zudic Plea, 538 Wozniak, Steve, 632–633 Zyklon, 567–569 Wylbur shell, 133, 136–137 ZZTop program, Dell, 699 94192bindex.qxd 6/3/08 3:29 PM Page 872