The knowledge of the phone phreakers: anything still "useful?"

Back to the '70s. Are the skills of the phone phreakers of any use today, not so muck to defraud the phone company–although I’d be interested to find out when learning how to rob stagecoaches became useless after the railroads came in.

But did those skills prove helpful and pertinent to subsequent areas of technology? Did it help them get jobs in the '80’s?

And decades down the line. If rip-van-winkled, would they be able to get their heads around Ringtones, even?

Obsolete skills like phone phreaking just indicate an inclination towards technological curiosity and high intelligence. It isn’t a particularly useful skill on its own and was never meant to be. The point was technological experimentation by (mostly) young males that also tended to gravitate towards similar pursuits such as computer hacking and cracking. Many prominent computer pioneers like Steve Wozniak and Steve Jobs engaged in it when they were young. I am sure a lot of other people who you have never heard of or later became real criminals did as well but the point to those types of activities is just to try to “beat” technology, the government or large companies at their own game. Despite news to the contrary, the vast majority of hacking, cracking or the equivalent of phreaking attempts are driven by curiosity and thrill-seeking rather than actual malice. The real goal is just to solve the puzzle while remaining undetected without hurting anything in the process.

People that can do that successfully are almost universally very bright and talented. They would not have any trouble learning new and different technology at all no matter where or when it came from. Even today, experienced hackers and crackers can turn the tables and get really lucrative jobs as IT security consultants if they are willing to go that route.

The two tricks I knew or knew of were:
Generating a phony ATT credit card number
Bypassing billing system by generating the tones used by the switches*

CC numbers are now easily verified (the old trick involved knowing the internal structure of the number)

Switching is undoubtedly digital, and no more tone switching

    • which is ATT’s own fault - one of their engineers, the story goes, gave an interview to a techie’s techie magazine and divullged the frequencies of the tones.

The phone phreakers really did not independently uncover the means to crack the phone system. What happened is that AT&T used to use in-band-signalling. That means that the signals that told the switches the status of the trunks and how to route the calls were transmitted as tones over the voice path. All you had to do was make the proper tone during the proper point during a phone call and you could control the trunk.

So it was genius kids who discovered this? Not really. AT&T published the specs in the Bell System Technical Journal which was available at college libraries. Once they realized what they had done, they tried to get the issues back from the libraries, but people had already copied them.

OK, the kids did use engineering skills to build boxes that emit the correct frequency tones.

The availability of this information induced AT&T to upgrade its systems to out of band signaling such as SS7 where the trunk control signals were carried separately from the voice.

Alley Dweller nailed it. SS7 made the majority of phone phreaking devices and techniques obsolete. (An exception is the red box, which could get you free phone calls at pay phones well up into the early 2000s.)

When I was a kid I built a blue box from a kit mostly for curiosity’s sake, even though it was obsolete by the time I had ever heard of it.

A really cheap way to build a red box was with one of those mini tape recorders. Mine worked about 60% of the time until my mom made me erase the tape. :frowning:

It was never a secret – just not well known, like any new technology. The American phone system had always depended on in-band signalling: my grandfather “hacked” the system by talking to telephone operators, to get routed around line congestion at Christmas time. “hacked”, as it messed up the billing for that call for all the operators between Michigan and New Mexico. And pay phones depended on the operator listening for the bell tones created by putting change into the phone. (Hacked by holding the receiver close to another phone while you pumped change through the other phone)

When they switched to tone-coded digital switching the tones weren’t always hidden, could be triggered accidentally, and were just an incremental change to the way things had always been done. You could find out more details by talking to phone techs, or by experimenting: people did both.

Average teenagers do not look up obscure technical specifications for specific equipment in college libraries for pleasure. It takes a certain type to do that and they are all extremely smart in my experience. Only a small subset of them have any bad motives. However, there are plenty of copy-cats. Those are the ones that just hear about a vulnerability that someone else found and use that for their own personal gain. Those people generally aren’t dumb either but more opportunistic and not as technically savvy as the people that found the vulnerability in the first place.

I work in a tightly controlled IT environment. One of our biggest concerns isn’t foreign nations but just a lone domestic kid that is both determined and bored.

Is that the one where you were generating the tones that matched the in-band tones for the insertion of various coins?

I knew a guy in college (1991) who had a pretty good trade selling those things… for a while.

So are the boops and beeps when you hit the phone keypad (a desktop phone) just anachronisms to make the anachronistical people happy?

Of course not.
The switching is digital, but the dialing is still analog (at least it is between the telephone and the central office).

The methods used by hackers today are different. Different tools, different tricks. However, I think the fundamental skills are very similar. You pay for access to the information needed to exploit a target system. (back in the day, you bought books via the back of magazines or got from a friend the information. Now, you go on certain forums and have to pay for zero-days) If you are exceptionally good or the target system is really weak, you may be able to discover that information yourself.

You put together the tool that actually performs the hack. Back then, it was soldering irons and signal generators. Now, it’s bits of code in usually C or assembler. Instead of oscilloscopes, you use decompilers and hex dumps to see what is happening.

The other half - the part that has barely changed at all, just gotten harder - is social engineering. The easiest way to get in to any system is to convince a human with access to the system that you are an authorized user.

There were a bunch of talented people, but there were also a lot of people who were the equivalent of script kiddies who just copied the work of others.

Those were different times, though. I remember talking to Cheshire after he had been suddenly let go from his legit job. The people who hired him did so specifically for his skills in getting stuff done, but after he was profiled in a business magazine, they decided his fame was a liability. [IIRC, the article didn’t mention the name of the company he was working for.]

When Kevin Mitnick was released after his first incarceration, nobody would touch him with a 10 foot pole. I talked with him at length back then - he was banned from a public DECUS conference even though he’d paid for admission. Perhaps that was why he became a repeat offender. And now he’s a security consultant (has been for many years now).

Actually, there was a substantial national security incentive to implement CCIS. With inband signalling it was relatively easy to locate traffic of interest, since the originating and terminating numbers appeared “in the clear” inband, and a lot of the traffic was on analog links (much of it microwave). Moving the control channel out-of-band made it harder to determine which conversations might be of interest unless both the voice traffic and the control traffic could both be intercepted and correlated. Easy for “us”, hard for “them”.

Nitpick: Phreaks, not “phreakers.”

I’ve done some of this professionally as a penetration tester (breaking into the clients information systems, phreaking their phones, and straight up breaking into their facilities). Most businesses these days use VoIP phones, which have their own set of vulnerabilities - they’re ultimately a regular node (like the computer on your desk) with different exploit vectors.

Sadly, most implementations are pretty insecure - operational concerns being the only concerns. Default passcodes, are almost universally in use on both the back end and - especially - on the desk phones.

With mobile phones, you pretty much need to have physical access. It seems like Apple, for example, re-creates the same vulnerability with every software update to its iPhones. This vulnerability makes it trivially easy to slap the phone into emergency mode and gain access to damn near everything stored. That, of course, is beating up on the phone’s owner, rather than the carrier. But is a publicly-known example of hacking a phone and getting potentially valuable information.

It also scares the hell out of 20-something girls who do everything on their iPhones, makes them think you’re a god, and leads to them waking up next to you wondering how this old bastard tricked them into sleeping with them.

Nit pick: the dialing is *digital[/], it is encoded with audible in-band tones. The tone signalling was also digital, it was encoded with slow audible in-band tones (slow enough that fast mechanical switches could follow it).

The phone system has moved to out-of-band signalling. Even audible in-band signalling (“analog modems”) sounds like noise/static now, because it is compressed, encoded, much faster, and much denser than the original tone signalling.

The reason touch-tone signalling is audible is that it has to go (in-band) over a channel that is restricted to audible frequencies. The reason it is slow enough to follow is that when the system was designed, that was the only economically/technically feasible way to get acceptable error rates.

An important clarification: the Touch-Tone multifrequency tones are not what used to be used for internal telco multifrequency signaling in long-distance calling. A Touch-Tone® 6, for instance, is 770 Hz & 1477 Hz, unusual frequencies chosen specifically because they were unlikely to occur together in recorded music or television sound audible in a room where someone had just picked up a phone.

The in-band signalling used by operators (and blue boxes) was developed decades earlier, and used more prosaic frequencies: a 6 was represented by 1100 Hz & 1300 Hz. Comparison here.

Yes - you could build circuits that generated the tones, but a more common way was to just record them with a mini tape recorder and play them back.

ETA: I also once attempted to modify one of the old Western Electric touch-tone phones to generate the 4th column of tones, then used by various miscellaneous networks and the obsolete military AUTOVON system (but not the public-switched phone system). I couldn’t get it to work (not sure if I had the wrong model phone, or screwed up the wiring.) But I did later find a program on CompuServe or something that generated the full range of DTMF tones. I found out that the extra tones could be used to control certain undocumented features in my high school’s PBX system.

Well, that’s social engineering of a kind I wouldn’t have expected to find even in the most interesting issue of 2600…

There is an interesting book on the history of phone hacking, written by someone who actually knows what he is talking about. The analogy to script kiddies is exactly right. People who bought blue boxes from others didn’t have to know anything about how the phone system worked.
There were also lots of other vulnerabilities and holes, just like in early OS’s (and current ones.) For instance, in the old days you could put a diode one of the wires of a payphone that let the operator hear the coins dropping, but blocked the signals that put the coins into the coin box. When you hung up, the coins got returned.
After I got admitted to MIT I went on a visit, and stayed in a dorm with some people whose hobby was using various tie lines to call odd places - like bombers flying over Vietnam. And when I did logic labs my friends came over to borrow my scope to test their blue boxes. The aforementioned BSTJ issue was the most checked out magazine in the MIT Engineering Library, or so I was told.

Besides the technical advances already mentioned, why hack when telephone calls to anywhere are dirt cheap or free? The demand side got reduced as well as the difficulty being increased.