==Phrack Inc.== Volume Two, Issue 12, Phile #1 of 11 Index ~~~~~ 3/29/87 Ok, so we made it through another few delayed weeks of saying a release was coming soon. But of course, I finally got motivated and got this issue moving. I'd like to thank many of the people who rushed themselves to get their articles to me when they didn't know that the release was so soon, and for those that haven't gotten their articles in in time (for two issues, mind you [no names mentioned, of course, but I felt a denotation would be sufficient to provide my feelings in the introduction]) a big, "Oh well." We're glad you've continued your patronage (Ha!) with Phrack Inc. over the past year and a half or so and a big thanks to all of the writers who have kept the publication going for all this time. But after this issue comes a break. Not a break in putting Phrack out, but a break in the grind and rush to get it out as I did with this issue. Phrack 13 will be EXTREMELY different, and I guarantee that to you. Phrack 13 will be released on April 1st (hmm...ring any bells?) so be watching for it! Later Taran King Sysop of Metal Shop Private ------------------------------------------------------------------------------ This issue of Phrack Inc. includes the following: #1 Index of Phrack 12 by Taran King (2.3 k) #2 Pro-Phile IX on Agrajag The Prolonged by Taran King (6.7 k) #3 Preview to Phrack 13-The Life & Times of The Executioner (4.9 k) #4 Understanding the Digital Multiplexing System (DMS) by Control C (18.8 k) #5 The Total Network Data System by Doom Prophet (13.2 k) #6 CSDC II - Hardware Requirements by The Executioner (8.1 k) #7 Hacking : OSL Systems by Evil Jay (8.7 k) #8 Busy Line Verification Part II by Phantom Phreaker (9.1 k) #9 Scan Man's Rebuttal to Phrack World News (16.5 k) #10 Phrack World News XII Part I by Knight Lightning (13.3 k) #11 Phrack World News XII Part II by Knight Lightning (14.7 k) ==Phrack Inc.== Volume Two, Issue 12, Phile #2 of 11 ==Phrack Pro-Phile IX== Written and Created by Taran King 3/17/87 Welcome to Phrack Pro-Phile V. Phrack Pro-Phile is created to bring info to you, the users, about old or highly important/controversial people. This month, I bring to you a name from the past... Agrajag The Prolonged ~~~~~~~~~~~~~~~~~~~~~ Agrajag was popular on many boards and hung out with many of the stronger names in the phreak/hack community. ------------------------------------------------------------------------------ Personal ~~~~~~~~ Handle: Agrajag The Prolonged Call him: Keith Past handles: None Handle origin: Fictional character in Hitchhiker Trilogy Date of Birth: 6/14/67 Age at current date: 19 years old Height: 6'2" Weight: 139 lbs. Eye color: Brown Hair Color: Depends on the day (Orange, Brown, Black, Hot Pink, etc.) Computers: TRS Model III, worked his way up to a TVI 950 Dumb Terminal ------------------------------------------------------------------------------ Agrajag started phreaking and hacking in about 1979 through the help of some friends of his. He originally started hacking (programming) on a Vector 8080 in 4th grade. His instructor then is now one of the top 5 computer instructors. Phreaking began with, of course, codes but he was very interested in how the phone system worked. He had read some books on the phone company and their evils in their earlier days and he was very interested in the very idea of becoming an operator. Members of the elite world which he has met include Tuc, BIOC Agent 003, Broadway Hacker (negative), and Cheshire Catalyst, all at a Tap meeting he attended. On regular BBSes, there were listings for other BBSes which turned out to eventually be phreak BBSes. Some of the memorable phreak boards he was on included WOPR, OSUNY, Plovernet, and Pirate 80. His phreaking and hacking knowledge came about with the group of people including Tuc, BIOC, and Karl Marx. Agrajag was a video game programmer for the last American owned video game manufacturer, Cinematronix, Inc. (of Dragon's Lair, Space Ace, World Series, and Danger Zone fame, of which he helped with World Series and a big part of Danger Zone) which went bankrupt a bit over a month ago. Agrajag takes interviews for magazines (such as this) which keeps up his phreak/hack activity. He (and a bunch of others) were written up in a USA Today article as well as being interviewed by a local paper when The Cracker (Bill Landreth) got busted (they took pictures of the back of his head in front of his computer). Agrajag was never in any major phreak groups except for The Hitchhikers (Bring your towel!) which was just a group of local friends. ------------------------------------------------------------------------------ Interests: Telecommunications (modeming, phreaking, hacking, programming), music, concerts, club hopping, and video games. Agrajag's Favorite Thing ------------------------ Club/Bar hopping: Tijuanna (TJ) Most Memorable Experiences -------------------------- Going officing. Tuc, BIOC, and he were let into a local CO and they used their copying machine to make copies of their manuals. They replaced the paper [over 2 reams] later and didn't steal anything major besides the paper and a few NY Bell signs. Called supervisors saying that they had witnessed some trunks red-lighting and there would be severe problems if they didn't contact this guy, Abbot Went, in San Francisco. There were about 10 supervisors in mass hysteria (on Thanksgiving) wondering what to do. Later, they called up Abbot again saying they were the White House switch and said some kids were fooling around. Breaking into his school's computer in his senior year mid-semester. He had scanned it out on a school prefix and the login and password was the name of his school. It was a TOPS-20 system and he was well enough versed in TOPS-20 to know what to do. The next day, he told the vice-principal that he had broken into the computer and that they had some major security problems. They said he was bullshitting and he told them to read their mail. Then, later, he brought in his equipment and showed them with the principal there. He was threatened by the principal with police, etc. but he told them to go to hell. He was later offered a job helping the security on the system but instead, he told them how they could solve the security problem and didn't take the job. Agrajag's teacher asking him to do a credit check on someone illegally. He eventually did part of it, but the teacher was an asshole so he didn't give all the information to him. Getting flown to the Tap meeting by a friend. Some People to Mention ---------------------- Tuc BIOC Agent 003 Karl Marx Automatic Jack All for being friends and all around good people and phreaks. ------------------------------------------------------------------------------ Agrajag is out and out against the idea of the destruction of data. He hated a person intensely because they posted private lines with instructions on how to maim a system owned by someone who was already hated. He deleted the message (he was co-sysop) and it became a bit controversial. He hated that then and still has no respect for anyone who does this. Where have all the good times gone? ------------------------------------------------------------------------------ I hope you enjoyed this phile, look forward to more Phrack Pro-Philes coming in the near future. ...And now for the regularly taken poll from all interviewees. Of the general population of phreaks you have met, would you consider most phreaks, if any, to be computer geeks? The general populus, yes, but good phreaks, no. Thank you for your time, Agrajag. Taran King Sysop of Metal Shop Private ==Phrack Inc.== Volume Two, Issue 12, Phile #3 of 11 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% % % % The Life & Times of The Executioner % % % % by Oryan QUEST % % % % Written on 3/16/87 % % % %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% Introduction: ------------ This file was not written with the intention of being cute, funny or to tell fellow phreaks and hacks how lame or stupid they are. It was written to open the eyes of these idiots to see what the REAL story is. The Executioner/Mikey --------------------- I'm am sure the majority of you have heard of "Exy." His claim to fame is simply telling people how lame they are or how great and sexy he is. He also claims to be wealthy and that Phreak Klass 2600 is the best bulletin board on this side of the galaxy. Let us examine some key events. When Metal Shop Private was up, Mr. Sexy Exy (oh and I doubt he really is), proceeded to rag on everyone on the system with the exception of a few that he ass-kissed. He then turns around when Phreak Klass 2600 (and I am in no way ragging on Phreak Klass) goes up, to ask everyone he has annoyed for over 2 months and badgers them to call. Now, Mike, I seriously doubt you are as sexy as you claim for several reasons. Just by the nature of your attitude, the way you think you are powerful because you can "tell" people about their lives and families when you yourself are a Chinese bastard who has an unemployed father that can barely speak the English language. "Miko ith no heeahh riiitte nao" (Michael is no here right now) You have ragged on Arthur Dent when you know that you will NEVER receive the admiration or stature whether it be socially or economically he has attained. You have ragged on Dr. Doom when he has achieved more than you can ever hope for. You only commenced to rag on him when he turned down your offer to join PhoneLine Phantoms. This is because he refused to be associated with an asshole like you. You continually show signs of immaturity (I am not saying I am perfect) by poking fun at other people's races (blacks, spics, Iranians) when you yourself are nothing but a rice dick. You bad mouth people but, when you need their help you beg for it and ask them to be cool. You write stupid poems and rhymes about people when they are a TOTAL misrepresentation of facts. You claim Dr. Doom is so ugly he could never leave his room. Tell me, have you ever met Dr. Doom? Isn't it true that you ragged on him only because he didn't want anything to do with you, your group, and your image? Are you going to rag on me now and prove all the points I have brought out? I think so. You ragged on me, telling me my family receives government cheese handouts and telling me what a loser I am when you yourself have never met me or bothered to seek the real facts. You then proceeded to badger me to join your new "legion of queers," The Network Technicians telling me how cool it would be and begging me to help you learn. But don't I receive government cheese handouts? Aren't I such a loser? Mr. Solid State trusted you and joined PLP. He thought nothing bad of you at the time. He just considered all the rumors about you to be false or misrepresentation. When PLP dissolved, he saw no purpose to be in any longer and dropped out. You proceeded to rag on him, when you know you aren't half the man he is. You don't even possess half the knowledge or personality he has. Tell me, what gives you such authority to rag on people? What makes you so supreme? Why are you so rich, when you are 18 and don't even have a car, when you go on and on about your parents? You rag on Atlantis because you were kicked off. Now you tell people how lame it is and how stupid The Lineman and Sir William are. When you know that they were sick of your, "I am supreme attitude," of your childish antics and your lack of knowledge of any kind. Well, Exy, rag on me now, tell me how lame I am, insult me. Make your poems, songs, and raps. Tell me what kind of a loser I am. Insult Solid State, show us just how childish you can be. Until then, go back into your dream world and leave us alone. Oryan QUEST ==Phrack Inc.== Volume Two, Issue 12, Phile #4 of 11 <%><%><%><%><%>

<%><%><%><%><%> A Tribunal Communications Ltd. (c) 1987

Understanding the Digital Multiplexing System (DMS) Part 1 By Control C <%><%><%><%><%><%><%><%><%><%><%><%> The DMS switching system, is a lot smaller than normal systems. It takes up less than 16% of the space for the same number of Step-By-Step (SXS) lines and 20% of cross bar. This is done by taking the hardware out of the CO and putting them closer to a group of subscribers. Then central office services can be provided over shorter loops. DMS offers remote switching with a bunch of remote modules in a bunch of sizes and capabilities. Some include SXS replacement or growth, Outside plant cable relief, and Office feature's. The use of remote modules give the CO more floor space that would usually be used by the Line Concentrating Modules (LCMs), Main Distribution Frame (MDF), and cable equipment. The advantage of these modules is that it extends the service radius of the CO, this means outside plant savings. Remote modules can be located up to 150 miles away without messing up transmissions. Other advantages of the DMS system are that it allows integration between Transmission facilities and switching systems. It's hardware & software is designed to give a full range of switching applications for Private Branch Exchange (PBX) business systems, local, toll, and local/toll requirements. The same Central Control Complex (CCC) and switching networks are used throughout the whole system. The only difference between each system is the peripheral units, and software packages. It has a Maintenance and Administration Position (MAP) which is a integrated multifunction machine interface that switch maintenance, line and trunk network management, and service order changes can be carried out. The software for the central processor is written in PROTEL, a high level pascal based language. Peripheral processors use a XMS-Pascal software language. DMS has a high line and trunk capacity. It has up to 100,000 lines on a DMS-100 or 60,000 trunks on a DMS-200. It also gives up to 1.4 million two-way CCS through the switching network. The processor can accept up to 350,000 call attempts. Here's a list of the DMS systems in use today: DMS-100 - is a class 5 local office with the ability to handle 1,000 to 100,000 lines. It can give basic telephone service or expanded to handle IBN custom calling features. The DMS-100 MTX gives cellular radio services. A local office can also be adapted to Equal Access End Office (EAEO). Remote Switching Center (RSC) - Ability to handle up to 5,760 lines. Remote Line Concentrating Module (RLCM) - Ability to handle up to 640 lines. It uses host Line Concentrator Module (LCM) that can be used by the RSC or directly by the host DMS-100. Outside Plant Module (OPM) - Ability to handle up to 640 lines. This also can be used by the RSC or directly by the host DMS-100. Subscriber Carrier Module (SCM-100) - There are three basic types of SCM-100's: 1- Subscriber Carrier Module Rural (SCM-100R) - This eliminates the central office Central Control Terminal (CCT) by integrating directly into the DMS-100 through the DMS-1 span lines. 2- Subscriber Carrier Module SLC-96 (SCM-100S) - This gives a direct interface between DMS-100 and AT&T's SLC-96 digital loop carrier systems. 3- Subscriber Carrier Module Urban (SCM-100U) - It's used as an interface to the DMS-1 Urban. The DMS-1 urban is a digital subscriber carrier system modified for use in Urban areas. It gives Plan Ordinary Telephone Service (POTS) and special services between a central office and residential and business communities. It has the ability to handle 576 lines of POTS and special services. DMS-200 - Has the ability to handle from a few hundred to 60,000 trunks. This switch can also serve a Access Tandem (AT) function. The Traffic Operator Position System (TOPS) puts operator services into the DMS-200. Operator Centralization (OC) allows a single operator location by using the TOPS positions to transfer operator services from other DMS-200 toll centers. The Auxiliary Operator Services System (AOSS) let operator services on calls that need outside information (Such as Directory assistance). DMS-100/200 - Allows local and toll features described above but also includes a Equal Access End Office (EAEO)/Access Tandem (AT) combination. It has the ability to handle up to 100,000 lines or 60,000 trunks. DMS-250 - This is a high capacity toll system for specialized common carriers needing tandem switching operations. DMS-300 - This is a toll system designed for international use. To my knowledge there are only two DMS-300 switches in use at this time. DMS switches are divided into four "Functional" areas designed to do certain operations. These areas are: 1- Central Control Complex (CCC) 2- Network (NET) 3- Peripheral Modules (PM) 4- Maintenance and Administration (MAP) Here's a description of those areas. Central Control Complex Within the Central Control Complex (CCC), the main program in the switch controls the processing of calls, maintenance and administrative routines, and changes the activity for these routines to other areas of the switch. The CCC sends messages to the network, the maintenance and administrative areas trough message links and directs the functions to be run in those areas. Network The Network Modules (NMs) handle the routing of speech paths between the Peripheral Modules (PMs) and keep these speech connections for the rest of the call. The network handles message and speech links between the PMs and the CCC. Maintenance and Administration Within the Maintenance and Administration includes Input/Output Controllers (IOCs) - IOCs interface local or remote input/output devices. The I/O devices are used to do testing, maintenance, or administrative functions for the system. Peripheral Modules Peripheral Modules (PMs) are used as interfaces between digital carrier spans (DS-1), analog trunks, and subscriber lines. The PMs are used for scanning lines for changes of circuit state, doing timing functions used for call processing, creating dial tones, sending, receiving signaling, and controlling information to and from the CCC, and checking the network. Before 1984 only four types of PMs gave trunk interfaces to the DMS system; these include Trunk Modules (TMs), Digital Carrier Modules (DCMs), Line Modules (LMs), and Remote Line Modules (RLMs). Since then ten more have been added, these include Digital Trunk Controller (DTC), Line Group Controller (LGC), Line Trunk Controller (LTC), Line Concentrating Module (LCM), Remote Switching Center (RSC), Remote Line Concentrating Module (RLCM), Outside Plant Module (OPM), Subscriber Carrier Module Rural (SCM-100R), Subscriber Carrier Module SLC-96 (SCM-100S), and Subscriber Carrier Module Urban (SCM-100U). Here's and explanation of those modules: Trunk Module The Trunk Module (TM) changes incoming speech into digital format, it has the ability to handle 30 analog trunks. The Pulse Code Modulation (PCM) information is combined with the trunks supervisory and control signals then transmitted at 2.56 Mb/s over speech links to the network. The TM also uses service circuits such as Multifrequency (MF) receivers, announcement trunks, and test circuits. Each TM has the ability to interface 30 analog trunks or service circuits to the network over one 32-channel speech link. The TM is not traffic sensitive so each trunk can carry 36 CCS. Digital Carrier Module The Digital Carrier Module (DCM) gives a digital interface between the DMS switch and the DS-1 digital carrier. The DS-1 signal consists of 24 voice channels. The DCM takes out and puts in signaling and control information on the DS-1 bit streams which then makes them DS-30 32-channel speech links. The DCM can interface five DS-1 lines; 5*24=120 voice channels; into four 32- channel speech links. The DCM can carry a maximum of 36 CCS of traffic on each trunk. Line Module The Line Module (LM) gives an interface for a maximum of 640 analog lines and condenses the voice and signaling into two, three, or four DS-30, 32-channel speech links. Four speech links have the ability to handle 3,700 Average Busy Season Busy Hour (ABSBH) CCS per LM. Remote Line Module The Remote Line Module (RLM) is a LM operating in a remote location from the DMS host. The RLMs can be located up to 150 miles from the host office, depending on the transmission facilities. Digital Trunk Controller The Digital Trunk Controller (DTC) has the ability to interface 20 DS-1 lines. Then the DS-1 lines are linked to the network by a maximum of 16 DS-30 speech links; each trunk is able to handle 36 CCS. Line Group Controller The Line Group Controller (LGC) dose medium level processing tasks, with the ability to use host and remote subscriber line interfaces. The LGC has the ability to use Line Concentrating Modules (LCMs), Remote Switching Centers (RSCs), Remote Line Concentrating Modules (RLCMs), and Outside Plant Modules (OPMs). The LGC can interface up to 20 DS-30 speech links from the LCMs or up to 20 DS-1 links with the ability to serve RSCs, RLCMs, or OPMs. Line Trunk Controller The Line Trunk Controller (LTC) combines the DTC and LGC functions and gives a way to use all the equipment inside the office. The LTC has the ability to handle the LCM, RSC, RLCM, OPM, and digital trunk interfaces. The LTC has the ability to give interfaces to a maximum of 20 outside ports from DS-30A speech links or DS-1 links to 16 network side DS-30 speech links. Line Concentrating Module The Line Concentration Module (LCM) when used with the LGC or LTC is just an expanded version of the line Module. It can serve up to 640 subscriber lines interfaced with two to six DS-30A speech links. Using six speech links 5,390 CCS can be handled per LCM. Remote Switching Center The Remote Switching Center (RSC) interfaces subscriber lines at a remote location to a DMS-100 host. It has the ability to handle interface for 5,760 lines and is used a replacements for dial offices or Private Branch Exchanges (PBXs). It can handle 16,200 CCS with the use of 16 DS-1 links. The RSC consists of the following: Line Concentrator Module (LCM) - These modules do line interface function. They are the same as the LCMs that are used in the DMS-100 host. Remote Cluster Controller (RCC) - This controller gives DS-1/LCM interface, Local switching inside the remote, and Local intelligence and signaling when in ESA. Remote Trunking - Handles the use of RSC originating or terminating traffic for digital trunking off the RSC. It can give trunking to a CDO co-located with the RSC or within the service range of the RSC, Private Automatic Branch Exchanges (PABXs), or Direct Inward Dialing (DID) trunks. Remote-off-Remote - Lets the RLCMs and OPMs connect to the RCC through DS-1 interfaces. It lets RLCM and OPM subscribers to use the same lines to the host as the RSC subscribers. Emergency Stand-Alone (ESA) - If communication with the DMS-100 is lost this will allow you to call internal to the RSC. It will give station-to-station and station-to-trunk calls for POTS, IBN, and electronic business sets. Remote Line Concentrating Module The Remote Line Concentrating Module (RLCM) is just a LCM used is a remote location from the DMS-100 host. The RLCM can handle 640 lines; this can is sometimes used as a replacement for CDOs or PBXs. Outside Plant Module The Outside Plant Module (OPM) is an outside plant remote unit. The OPM can handle 640 lines over six DS-1 links. Subscriber Carrier Module The Subscriber Carrier Module (SCM) gives a direct interface for remote concentrators. SCM-100R - It can interface up to five Northern Telecom DMS-1 Rural Remote Terminals (RTs). A DMS-1 rural remote terminal can interface up to 256 lines. Communication between the RT and SCM- 100R is done through one or two span lines for voice and one protection line. SCM-100U - It can interface up to three DMS-1 Urban RTs. A DMS-1 Urban can interface up to 576 POTS or special service lines. Communication from the RT to the SCM-100U us done through a maximum of eight DS-1 links. SCM-100S - It can interface up to four Mode I (non-concentrated) SLC-96 systems or up to six Mode II (concentrated) systems. A SLC-96 can give interface for up to 96 lines. The SCM-100 takes away the need for central concentrating terminals and analog line circuits at the host. Operator Features With the use of DMS-200 or DMS 100/200 switch, operator features are available by the following: Traffic Operator Position System (TOPS) Operator Centralization (OC) Auxiliary Operator Service System (AOSS) Traffic Operator Position System (TOPS) gives many operator function on inward and outward calls. The TOPS integrates the operator system with the DMS-200 or DMS-100/200 toll switch. One voice and one data circuit are needed for each operator position. The voice circuit is connected to a port of a three-port conference circuit. The other two ports are connected to the calling and called parties. The data circuit is used for a digital modem and is used to transmit data punched in by the operator to the CCC for processing. Operator Centralization Operator Centralization (OC) lets the operator use the services given by the DMS-200 or DMS-100/200 with TOPS. With OC operator traffic from surrounding DMS sites can be routed to a central host site. Operator Centralization Diagram Routing - - - <-----\ DMS-200 | AMA | \ Remote TC / - - - = = = = = = = / | \ ----- ___|_/ | \: DMS : | | : 200 : | Host TC ----- | : : | = = = = = = = = /| POS | | : (OC:___| | --------- | / |- - -| | : : |\ | : DMS-200 : | / |Oper.| | -----\ | \ | : (TOPS) :__|_/ ----- = = = = = = = \____________|__: : | Trib Ope Traffic->\ ____________|__:OC) : | \ / | : : | Non-DMS Remote TC / | --------- | = = = = = = = = = = = = = = = = = = = | -------- ----- | | : TDM : : (OC: | | : Switch : : : | ----- | : : : DMS :_|_____: AMA : | : : : 200 : | ----- | /-------- -----\ | = = = = = = = = = = = /Routing \ <-Trib Opr Traffic \-------> \ Auxiliary Operator Services System The Auxiliary Operator Services System (AOSS) is made to handle directory assistance, intercept, and that type of operator services, automatic call distribution, call processing, call detail recording, and operator administration functions for other operator services that do not need call completion to a called party. AOSS position uses the same hardware as the TOPS links to the switch. Equal Access Equal Access (EA) is accessible through DMS switches with the addition of software packages. Both Equal Access End Office (EAEO) for the DMS-100 and Access Tandem (AT) for the DMS-200 provide equal access features. Equal Access Network Application --------- __________________________________ (Phone)--------| DMS-100 |___________ | --------- | | NON-EAEO | |IC/INC -------- -------- /---------\ TO (Phone)---| |------------| DMS-200 |------------ ---- IC/INC -------- --------- \---------/ /-----> | | --------- ___________| | (Phone)--------| DMS-100 |__________________________________| --------- DMS-100 EAEO The DMS-100 EAEO gives direct access to interLATA (Local Access and Transport Area) carriers Point of Presence (POP) inside the LATA. The DMS-200 AT gives a traffic concentration and distribution function for interLATA traffic originating or terminating inside a LATA. It allows the following: 10XXX and 950-1XXX dialing presubscription dialing equal access and normal network control signaling Automatic Number Identification (ANI) on all calls custom calling services Common Channel Interoffice Signaling Common Channel Interoffice Signaling (CCIS) uses a separate data link to transmit signaling messages between offices for many trunks and trunk groups. There are two types of CCIS available in the DMS-200 or DMS-100/200, Banded Signaling (CCIS-BS) and Direct Signaling (CCIS-DS). CCIS-BS is for interoffice trunk signaling to give information on digits dialed, trunk identity, and other class and routing information. This kind of trunk signaling takes less time to setup calls and put's an end to Blue Boxing. CCIS-DS is used to transfer call handling information past what is required for trunk setup. This type of signaling lets calling card validation, mechanized calling card services and billed number screening to be used. Cellular Mobile Radio Service Cellular Mobile Radio Service is possible with the DMS-100 Mobile Telephone Exchange (MTX). The MTX has the ability to serve from a few hundred to over 50,000 people in up to 50 cells. Thanks to Northern Telecom and my local CO. Control C ToK! March 1987 End of Part 1 <%><%><%><%><%> ==Phrack Inc.== Volume Two, Issue 12, Phile #5 of 11 THE TOTAL NETWORK DATA SYSTEM BY DOOM PROPHET The Total Network Data System is a monitoring/analysis network used by several offices within the Telco to analyze various levels of switching systems in relation to maintenance, performance, and future network planning purposes. The systems and the offices that use them will be described in detail in the following text. All switching entities that are in one particular serving area collect traffic information that is classified in three ways: peg count, overflow, and usage. Peg count is a count of all calls offered on a trunk group or other network component during the measurement interval, which is usually one hour. It includes calls that are blocked, which is classified as overflow traffic. The other measurement types that the TNDS network analyzes and collects are as follows: Maintenance Usage (for 1ESS, 2ESS, 5XB, 1XB, XBT) Incoming Usage (for 1E, 2E, 4AETS) All trunks busy (SxS) Last Trunks Busy (SxS) Completions (SxS, 5XB, XBT, 1XB) Incoming Peg Count (DMS) Maintenance Busy Count (2E, 3E) Detector Group Usage (SxS, 5XB, XBT, 1XB) In ESS and DMS offices, traffic data is collected by the central processor of the switch. In electomechanical offices such as crossbar, a Traffic Usage Recorder is used to scan trunks and other components about every 100 seconds, counting how many are in use. This data when compiled is sent to the EADAS system, which is located in the Operating Company's Network Data Collection Centers and runs on a minicomputer. 4ESS and 4Xbar toll offices do not use EADAS, but their own system called the Peripheral Bus Computer for traffic data analysis. After receiving the traffic data from up to 80 switching offices, EADAS performs two basic functions: It processes some data in near real time (shortly after it is received) to provide hourly and half hourly reports and a short term database for network administrators. It also collects and summarizes data that it will pass on to the other TNDS systems via data links or magnetic tape. Three other systems receive directly from EADAS. These systems are ICAN, TDAS, and EADAS/NM. ICAN stands for Individual Circuit Analysis plan and is used to study individual circuits in central office equipment that have been specified by network administrators. TDAS is the Traffic Data Administration System, which formats traffic data for use by the remaining downstream systems. ICAN and EADAS/NM are the only two systems with data links to EADAS that don't have their data formatted by TDAS before reception. TDAS is run on a mainframe in the NDCC and can be thought of as a distribution facility for the traffic data. EADAS/NM is used to watch switching systems and trunk groups designated by network managers, and reports existing or anticipated congestion on a display board at the Network Management Centers, where the system is located. Problems can be analyzed with this system and dealt with within a short period of time after they occur. Central Office Reporting Systems -------------------------------- There are five TNDS engineering and administrative systems that provide operating company personnel with reports about CO switching equipment. These are the LBS, 5XBCOER, SPCSCOER, ICAN, and SONDS. LBS, the Load Balance System, helps assure that the customer traffic load is uniformly distributed over each switching system. It minimizes congestion on the concentrators, which allow subscribers to share the equipment in the switch. The LBS analyzes traffic data coming to it from TDAS to determine the traffic load on each line group that the system serves. LBS generates reports used by the NMC to determine line groups that can have new incoming subscriber lines assigned to them. LBS also does a load balance indexes for the entire operating company, indicating how effectively each CO has avoided congestion. Crossbar #5 Central Office Equipment Reports (5XBCOER) and Stored Program Control Systems COER used for 1, 2, and 3 ESS offices, analyze traffic data to indicate the overall service provided by the switching system and to tell how much of its capacity is being used. This info helps determine if new equipment is needed. ICAN, which was described briefly above, detects switching system equipment faults by identifying abnormal load patterns on individual circuits. A series of reports printed at the Network Administration Center helps network administrators analyze individual circuit usage and verify circuit grouping. ICAN is located at the BOC main computer center along with 5XBCOER. The fifth CO equipment reporting system is called the Small Office Network Data System, or SONDS. SONDS performs a full range of data manipulation functions, and is used to provide economically the full TNDS features for step by step offices. Step offices send data directly to this system, and it is not formatted by EADAS or TDAS, as it doesn't go through these systems. Weekly, monthly, exception and on demand reports are automatically distributed by SONDS to the NAC personnel. Trunk Network Reporting Systems ------------------------------- These systems are parts of the TNDS used by the Circuit Administration Center to support trunk servicing and forecasting. The Trunk Servicing System helps trunk administrators develop short term plans to make the best use of the trunks that are already in use. It receives and processes data received from TDAS and computes offered load. Offered load is the amount of traffic a trunk group would have carried had the number of circuits been large enough to handle the load without trunk blocking (giving the caller a re-order or all circuits busy recording). TSS produces weekly reports showing underutilization of trunks and below grade of service trunk groups which do not have enough trunks in them. The CAC uses these reports to add or disconnect trunks according to what traffic requirements exist. The Traffic Routing and Forecasting System, replacing the Trunk Forecasting System, forecasts message trunk requirements for the next five years. Major conversions and similar network changes are all taken into consideration when determining the future traffic needs. TRFS receives data from EADAS, TDAS, and TSS and is located at the Operating Company computer center. Since TDAS and some of the downstream TNDS systems need much of the same information, that information is maintained in a system called Common Update. In this manner, some data does not have to be duplicated in each individual system. Some of the information includes the configuration of switching equipment and the trunk network and specifications on traffic registers for central offices. Numbers recorded by each register are treated consistently by each system that uses the Common Update data base. There is an update base for trunking, referred to as CU/TK, and an update on equipment known as CU/EQ. The trunking part of the Operating Company's data base is coordinated by the Trunk Records Management System. Since the TNDS systems are so important to the proper operation of the network, the CSAR (Centralized System For Analysis and Reporting) is used to monitor the entire TNDS performance. The NDCC, the NAC, and the CAC are provided with measurements of the accuracy, timeliness, and completeness of the data flow through TNDS from beginning to end. It doesn't analyze data from EADAS/NM, SONDS, or TRFS. BOC Operations Centers ---------------------- NAC-Network Administration Center. Responsible for optimum loading, and utilization of installed COE. Performs daily surveillance of COs and trunk groups to ensure service objectives are being met. The NAC Reviews profiles of office load relating to anticipated growth. They work with NSEC to initiate work orders to increase equipment in use. The systems they use are EADAS, SPCSCOER, CSAR, and SONDS. NMC-Network Management Centers. The NMC keeps the network operating efficiently when unusual traffic patterns or equipment failures would otherwise result in congestion. The NMC analyzes network performance and prepares contingency plans for peak days, telethons, and major switch failures. They monitor a near real time network performance data to identify abnormal situations. The system they use is EADAS/NM. CAC-Circuit Administration Center. The CAC ensures that in service trunks meet current as well as anticipated customer demands at acceptable levels of service. For planned servicing, the CAC compares current traffic loads with forecasted loads for the upcoming busy season. If the loads are consistent, the CAC issues the orders to provide the forecasted trunks. When inconsistencies occur, they examine the variation, develop modified forecasts, and issue orders based on the new forecast. They review weekly traffic data to identify trunk groups that need additions and issue the necessary trunk orders. The systems they use are TSS, TRFS, and CSAR. NSEC-Network Switching Engineering Center. They plan and design the network along with the CAC. NSEC develops a forecast of loads for traffic sensitive switching equipment, sets office capacities, and determines relief size and timing. For long range planning, the following offices are utilized. TNPC-Traffic Network Planning Center. The TNPC determines the most economic growth and replacement strategies. They handle future network considerations over a 20 year period for tandem systems, operator services networks, interconnecting trunks, and switching terminations to accommodate the trunks. WCPC-Wire Center Planning Center. This office does the same as the TNPC, but their jurisdiction includes local switches, the subscriber network, and interoffice facilities. They have the numbers, types, and locations of switches and homing arrangements. They also keep track of alternate routes, tandem centers, etc. Both the TNPC and WCPC provide the CAC and NSEC with office and network evolution plans for 20 years. District based maintenance and administration operations are handled by the NAC, RCMAC, and the SCC. These can cover 240 square miles of serving area. Network Operations Centers -------------------------- The highest level of network operations is the Network Operations Center, located in the AT&T Long Lines HQ in Bedminster, NJ. The main computers used by the NOC are in Netcong, about 25 miles away, along with some backups. The NOC are responsible for interregional coordination between the 12 RNOCs, 27 NMCs, and 2 RNMCs in Canada; for monitoring the top portion of toll switches (all class 1 Regional Centers, 2 Canadian, about 70 class 2 Sectional Centers, 200 Primary centers, some class 4 Toll centers); for monitoring of the international gateways, and the CCIS network for these switching systems. The STP signalling links connect STPs to each other, to switches, and to a centralized database called an NCP (Network Control Point) of which access is given to switches directly via CCIS. The Data Transfer Point, which is a data switch that furnishes the NOC with a flow of monitoring information for all key toll switches, also gives them information about CCIS STPs and the IOCCs that they monitor. The operating system supporting the NOC is the NOCS (the S being System), which is configured with the DTP, a wall display processor, graphics processors, receive only printers, and CRT terminals for the technicians. The NOC also uses EADAS/NM through the DTP. Both the NOCS and the DTP run Unix operating systems. The second highest level of these operations centers are the RNOCs, or Regional Network Operations Centers. The 12 RNOCs monitor the CCIS network and coordinate the 2-3 NMC's activities for its region. The RNOCs use the EADAS/NM system and something called NORGEN, Network Operations Report Generator, that prints out reports from EADAS's traffic data. The first or lowest level of these centers is the Network Management Centers. There were 27 EADAS/NM supported NMCs across the United States as of 1983. The NMC was described above, as well as the systems it used. ============================================================================== Some of this information was taken from Bell System publications and from trashed materials, and may not be the same for every area. All material is correct to the best of the author's knowledge. Thanks to The Marauder for supplying some information. This file was written for educational purposes only. -End Of File- Written March, 1987 ==Phrack Inc.== Volume Two, Issue 12, Phile #6 of 11 /\ /\ <[]>==========================================<[]> \/ ^ ^ \/ || PLP [+]The Executioner[+] PLP || ++ ^ ^ ++ || [+] PhoneLine Phantoms! [+] || ++ ++ || CSDC - Hardware Requirements || ++ ----------------------------- ++ || PLP | PHRACK XII - PHRACK XII | PLP || /\ ----------------------------- /\ <[]>==========================================<[]> \/ Phreak Klass Room 2600 = 806-799-0016 \/ || _______________ Login: Educate || ++ |The only BBS | Sysop:Egyptian Lover ++ || |that teaches.| Cosysop:The Executioner|| /\ --------------- Board lose:Oryan Quest /\ <[]>==========================================<[]> \/ \/ Preface: ======== This is the second part of my CSDC (Circuit Switched Digital Capability) series, the first being in PHRACK X. It is suggested that you read the first part and also the file on PACT in PHRACK XI. If I feel the material was not covered completely, I will make a third addition to this file. Hardware Interfaces =================== A NCTE or equivalent network interface equipment, located on the customer premises, is required to provide the CSDC feature for a customer. The NCTE or an equivalent circuit, located on the customer's premises, is required to provide TCM (Time-Compression-Multiplexing) transmission on the 2-wire subscriber loop. The NCTE also has a remote loopback for testing from CSDC central office. Dedicated 2-way CSDC trunk circuits are provided via DCT (Digital Carrier Trunk) combined alternate data/voice (CADV) units with DCT supervision. MF and CCIS signalling is allowed on these trunks. They provide signalling, switching and trunking functions between 1A ESS switch and other CSDC offices. To provide CSDC, the DCT bank must be equipped with alarm and digroup control units. A Digital Office Timing Supply (DOTS) is needed to provide network synchronization for the CSDC feature. A minimum of 3 CSDC maintenance circuits are needed for the CSDC feature to operate. The circuit provides digital signals for testing CSDC trunks and loops. They also provide a test termination for incoming CSDC calls. If an office has superimposed ringing for 4 and 8 party lines, these ringing circuits may be used for loop testing with the maintenance circuit. Remote Switching System ======================= The RSS remote frame contains eight special service slot positions that can be used for D4 type plug in units (basically allows the RSS to have CSDC abilities). This allows the CSDC TRXS (Time Compression Multiplexing Remote Subscriber Exchange) channel units to be housed in the RSS frame. The CSDC feature is provided via the RSS T1 carrier facilities. The T1 carriers for CSDC service terminate with position 1 and 0 at the RSS. A ringing and tone plant is required in the RSS office to ring the phones of special service channel unit subscribers. Operation of the CSDC ===================== An off-hook origination initiates the seizure of an originating register. A line translation is performed and the CSDC indicator is received from the Line Equipment Number Class (LENCL) and is stored in the register. A touch tone service receiver is connected to the line and dial tone is applied. Upon receiving a digit, dial tone is removed. If the first digit is a '#', digit collection is set up to collect 2 more digits. Upon receipt of the 2 digits (99), the PACT (Prefix Access Code Translator) is indexed via the dialed digits to determine what service has been requested. If the line cannot have CSDC, an error message is sent. The AB digits (carrier selection) are collected next. Once the AB digits have been determined to be valid, the CCOL (Chart Column) is received. The CCOL merely is a code to tell the PACT what is to be done. Once the AB digits and the CSDC CCOL is received, the original register is overwritten with the CSDC CCOL. The CSDC office then sends a bit down the line to tell the equipment that a CSDC call is being processed. The call is now reinitialized to appear as though no digits have been collected. Digit collection proceeds until the proper number of digits (7 to 10) has been received. An AMA register is seized at the end of the dialing. The call is then routed according to the dialed digits on a CSDC outgoing trunk. Answer guard timing for CSDC calls is 800 ms. Upon answer, the answer time is recorded in the AMA register. An outpulsing trunk is seized and a POB is hunted. If an outgoing trunk and outpulsing device are needed, one will be hunted. Information on the trunk is stored and a transfer to the outpulsing routine (MF or CCIS) is done. A verification insures that both calling and called parties are CSDC allowed. If they are not, the call is routed to an Automatic Intercept Service (AIS). For MF outpulsing, a junior register is seized, the outgoing trunk is put into the proper states, and start pulsing signal detection is done followed by digit outpulsing. For CCIS, call processing is the same as a normal call but a CCIS continuity check is performed while on the on-hook state. For an incoming call, the CSDC bit from the Trunk Class Code (TCC) is stored in the incoming register and a CSDC count is pegged. Digit collection is performed and a terminating DN translation is performed. Ringing is applied normally and once it has been answered, the incoming trunk is put in the off-hook state to pass answer to the next office. Standard disconnect and trunk guard timing is performed on CSDC calls when the called or calling party goes off-hook after a talking path has been established. Standard CSDC Dynamics ====================== Call forwarding codes dialed after the CSDC code result in reorder. The Call waiting option is also suspended when a CSDC call is in progress. Busy tone is given to POTS call that terminates to a CSDC connection. Busy tone is also given to a calling CSDC party if it encounters a busy line. In order to have a 800 CSDC feature, the office must have CCIS INWATS ability in the OSO (Originating Screening Office). Dialing 911 after the CSDC code is allowed, but 411/611 calls are routed to error messages. NCTE (Network Channel Terminating Equipment) ============================================ As covered in Part 1, the NCTE is the equipment that you need to have CSDC. The NCTE is a piece of hardware that is connected to the CO loop and a terminal. On the terminal, there are 8 jacks for 8 pins on the NCTE. The functions of each pin are as followed. 1 - TRANSMISSION DATA 2 - TRANSMISSION DATA 3 - MODE CONTROL 4 - MODE CONTROL 5 - TIP VOICE 6 - RING VOICE 7 - RECEIVED DATA 8 - RECEIVED DATA ============================================================================== This ends PART II of the CSDC series. Since Taran King was in such a hurry, I will finish the 3rd file with SCCS integrations, loop structure and RSS structures. If you have any questions about this file or any other file, please leave me a message on either... Phreak KlassRoom 2600 = 806-799-0016 LOGIN:EDUCATE My Voice Mail Box = 214-733-5283 ==Phrack Inc.== Volume Two, Issue 12, Phile #7 of 11 -/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\- \ / / Hacking : OSL Systems \ \ / / Written by Evil Jay \ \ / / (C) 1987/88 Evil Jay \ \ / -/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\- Prologue: This file is for all those people who are running across the OSL system and are constantly confused about getting in and what to do once you're in. Because of the trouble I had getting a manual on the system from ROLM, I was forced to write this file from what I already know, and what I can do on the few systems I have gained access to. Since this file is far from complete (without a manual, most are), I'll leave it to you, to write up future files on the OSL system. Credit goes to Taran King who got me interested in writing the file, and who tried to help me get a manual (my social engineering leaves something to be desired). What is OSL: Actually it has been termed as Operating Systems Location, Off Site Location and a lot of other names. Which? I'm not sure. What I can tell you is that it's an operating system running on an IBM (?) that does remote maintenance operations on a ROLM PBX (Referred to as CBX I believe). As I said, this file is not too complete, and I was unable to get very much information about the system, or the PBX system itself. I believe Celtic Phrost wrote a file on ROLM PBX systems, and you might want to read that or other ROLM files for more information. Getting In: If you have trouble logging in, try changing your parity. Also, this system will only except uppercase. The first thing you should see when you get a carrier is the following: MARAUDER10292 01/09/85(^G) 1 03/10/87 00:29:47 RELEASE 8003 OSL, PLEASE. ? MARAUDER10292 is the system identification. Most of the time, this will be the name of the company running the OSL system, but occasionally you will find a system, you will not be able to identify. CN/A it. It might be your only chance of gaining access to that particular system. 01/09/85. This is a mystery to me. It could be the time that the system first went up (but sounds unlikely), the date of the current version of the OSL operating system...etc. The ^G is a Control-G, and rings a bell at your terminal. I do not know why, but it does... The rest of the text on that line is the current time and date. RELEASE 8003 could be, again, the revision number of the software package. I don't know. OSL PLEASE means that you can now attempt to login. The ? is your prompt. Remember the uppercase only. Naturally we are going to type "OSL" to login. Once this is done, we will receive this prompt: KEY: This is the password prompt, and so far as I can tell, can be anything up to, say, 20 characters long. Obviously we are going to try MARAUDERS or MARAUDER as a password. Here's the tricky part. Some systems do not tell you whether the password was right or not. Sometimes, if it's right, you will get a ? prompt again. If not, you will get an ERROR msg. It depends on the system. Each system is set up a different way. Also, some systems require all alphabetics, while others require alphanumerics and sometimes they will require both. Again, you may or may not get an ERROR message. You can ABORT anything at any time by sending a BREAK. One good thing about the system is that you have, so far as I can tell, unlimited attempts at guessing the "KEY". Also, Druidic Death says that "," is a default, or is commonly used (I don't remember which). Unfortunately, I have never been able to get this to work myself. Your IN!: Okay, first thing we need to do is type HELP. If you have access, which again, differs from system to system, you will get a menu that looks like so. (Maybe not, but I am through telling you how strange this system is.) PLEASE ENTER ONE OF THE FOLLOWING COMMANDS LREP - DISPLAY REPORT MENU LST - LIST REPORT COMMANDS CURRENTLY STORED ACD - ADD AN ACD COMMAND DEL - DELETE AN ACD COMMAND MOD - MODIFY AN ACD COMMAND SUS - SUSPEND AN ACD COMMAND ACT - ACTIVATE AN ACD COMMAND LREP: This lists a menu of reports you can view. LST : This lists all the commands that have been stored in the buffer. ACD : This activates a command. DEL : This deletes a command in the buffer. MOD : This modifies a command in the buffer. SUS : This suspends a command in the buffer. ACT : This activates a command in the buffer. Commands Explained: Okay, so now we'll go through all of these commands and show you what they do, and of course, explain each example. LREP: LREP lists a number of reports which can be ran. Here is an example: REP# NAME SYNTAX ---- ---- ------ 1 - CURRENT STATUS ACD 1,(FIRST),(LAST),(START),(INT),(#INT),(CLR),(REP) 2 - CUMULATIVE STATUS ACD 2,(FIRST),(LAST),(START),(INT),(#INT),(CLR),(REP) 3 - TRUNK DISPLAY GROUP ACD 3,(FIRST),(LAST),(START),(INT),(#INT),(CLR),(REP) 4 - POSITON PERFORMANCE ACD 4,(FIRST),(LAST),(START),(INT),(#INT),(CLR),(REP) 5 - ABBREVIATED AGENT ACD 5,(FIRST),(LAST),(START),(INT),(#INT),(CLR),(REP) 6 - DAILY PROFILE ACD 6,(FIRST),(LAST),(START),(INT),(#INT),(CLR),(REP) 7 - CUMULATIVE AGENT ACD 7,(FIRST),(LAST),(START),(INT),(#INT),(CLR),(REP) Current Status : Gives you the current status of the PBX system. Cumulative Status: Quite obvious. Trunk Display Grp: Obvious again. Position Prfrmnce: ??? Abbreviated Agent: ??? Daily Profile : Gives you a report of how the PBX ran on date 00/00/00. Cumulative Agent : ??? ACD: I purposely skipped all the other commands, since they are pretty obvious. They all have to do with adding commands to the buffer, modifying them and running them..etc. If you get access to a system, it would be wise to LST all of the commands that the operators have been running and then try them yourself. No biggy, but oh well. The ACD command activates a command and lists the desired report on your terminal. While the whole thing can be typed on one line, you can just type ACD and do it step by step (a little easier to get the hang of it). Now we'll go through this, and show you an example of building a command to list the Trunk Display Report. ?ACD 3 FIRST GP OR AGENT ID: (Try 1) LAST GP OR AGENT ID: (Try 2) START TIME: (Enter START TIME in army time such as 22:52:00) INTERVAL: (Not sure, hit return) # OF INTERVALS: (Not sure, hit return) CLEAR(Y/N): (Type Y, but this is stored in the last cleared log) REPEAT DAILY?: (No!) PRINT LAST CLEARED(Y/N): (Here's where the last cleared shows up) It then prints out the command and executes it, showing you the desired report. The end result: Some other things can be done, such as commands like C and M and a host of others, but unfortunately, as I said, these systems are very strange and it's hard to find two alike. The computer is not worthless, and lots of things can be done on it, but this file is getting quite lengthy. If there is enough demand, I will write a follow-up. In the meantime, if I have made any mistakes, or you have more knowledge that you would like to share with me, I can be reached on the following boards: ShadowSpawn Private, Hell Phrozen Over, Phantasie Realm and a few others. -/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\- \ / / An Evil Jay/Phrack, Inc. \ \ / / Presentation \ \ / -/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\-/\- ==Phrack Inc.== Volume Two, Issue 12, Phile #8 of 11 BUSY LINE VERIFICATION PART II WRITTEN BY PHANTOM PHREAKER This file is meant to be an addition to the first file that was included in Phrack Inc. Issue XI. It is assumed that the reader has read and understood the previous file. Most of this information will be taken from Bell System Publications so you don't have to worry about it being incorrect. First off, I'd like to correct a minor error included in the first file. I use the format 'KP+0XX+PRE+SUFF+ST' to show the MF routing that is used. This is not correct AT&T syntax though, the correct format is KP+0XX+NXX+XXXX+ST. This is minor detail, but some people are very picky. The Verification Network ------------------------ In a TSPS office, a verification circuit is associated with a 4-wire OutGoing Trunk (OGT) and a 3-way/4-wire bridging repeater arrangement. This is the circuit that does the speech scrambling. The speech and other tones (like busy and re-order) are frequency shifted, but are still recognizable by a TSPS operator. TSPS verification trunks are connected via dedicated lines to incoming verification trunks in a toll office. The toll office provides either a link to an outgoing trunk and dedicated facilities to another toll office, or an outgoing toll connecting trunk and dedicated facilities to an incoming verification trunk in a local office. Each toll office has ways to check the security of verification trunks. In electronic toll offices (ESS offices), two independent office data translations provide security of the trunk. Electro- mechanical toll offices (Such as a CrossBar Tandem (XBT)) use an electrical cross-office check signal or a segregated switching train to control trunk connections. Verification trunks relay supervisory signals (such as answering supervision) to TSPS from the line being verified. Also, if verification trunks are busy, the TSPS operator will receive a re-order. The functions of the VFY key ---------------------------- When the operator presses the VFY key, several checks are made upon the number that has been entered. These are: A Check to see if the line is within the verification network accessible by that particular TSPS. If the line is not, the VFY key will flash. A check to see if the owner of the line wishes BLV to be possible or not. If the line is something like a police emergency line, then the VFY key will flash, similar to the first check. Important TSPS keys ------------------- When the VFY lamp lights steady (doesn't flash), indicating the process is acceptable, the operator puts the calling customer on hold and accesses an idle loop on the operator position. The ACS (Access) lamp lights steady if a verification trunk is available at that time. Then, the operator presses the ST key which sends out the complete number to be verified, in MF. The verification circuit activates, and the operator listens for scrambled speech and also watches the CLD (Called) lamp on her console. The CLD lamp is lighted when the operator loop was accessed, and will remain lit if the line being verified is on-hook. The operator has two ways of seeing if the line is in use, by listening, and by watching the CLD lamp. If the CLD lamp light goes out, then the line is off-hook. If a successful BLV/EMER INT is performed, the operator presses the REC MSG MSG (Record Message) key, which completes the verification. If the EMER INT lamp is lit, the charges for the interrupt and the verification are automatically billed. If the VFY key is pressed twice, it indicates the verification should not be billed. This could be due to a customer error or a customer disconnect. Charging capabilities --------------------- A customer can pay for a BLV/EMER INT in several ways. They can have the charges put on their phone bill, if they are calling from their home, they can bill the charges to an AT&T Calling Card, or pay directly from a coinphone. Details of the BLV/EMER INT function are recorded on AMA tape, which is later processed at the RAO (Revenue Accounting Office). The classes of charge are as follows: STATION PAID, which means exactly what it says, STATION SPECIAL CALLING, in cases where billing is handled by a Calling Card or third number billing, and NO AMA, in unusual billing cases. Also, for BLV/EMER INT calls that originate from a hotel, TSPS can send charges to HOBIS (Hotel Billing Information System), HOBIC (Hotel Billing Information Center), or a TTY at the hotel. AMA records for BLV/EMER INT are recorded in basically the same format that normal calls are recorded. The only difference is that a numeric data group is added. The leftmost digit in the data group is a 1 if only a BLV was done, but it is a 2 if both a BLV and an EMER INT were done. In case of an aborted BLV, the billing record is marked 'No charge'. Inward Operator differences --------------------------- When an Inward operator does BLV/EMER INT, the class of charge is always NO AMA, because billing is handled at the local TSPS site. Inwards also do not use the REC MSG key when a TSPS would, they use the VFY key in it's place. The Speech scrambling technique ------------------------------- The speech scrambling technique that exists to keep the customers privacy intact is located in the TSPS console, and not in the verification trunks. The scrambling technique can only be deactivated by an operator pressing the EMER INT key, or a craftsperson using the console in a special mode. When the scrambler is deactivated by an operator doing an EMER INT, the customer hears an alerting tone (as mentioned in the first BLV file) made up of a 440Hz tone. This tone is initially played for two seconds, and then once every ten seconds afterwards until the operator presses her Position Release (POS RLS) key. Operator trouble reporting -------------------------- When operators have trouble in handling a call, they can enter trouble reports that are technically called 'Operator keyed trouble reports'. These cause messages to be printed on the maintenance TTY and on the trouble report TTY channel. There are different trouble codes for different things, such as trouble with the speech scrambler, trouble in the verification network, or trouble in collecting charges from a customer. In my area there are 20 such TSPS trouble codes. These are done in MF. They are entered with the KP TRBL (Key Pulse Trouble) key followed by a two digit trouble code followed by an ST. A trouble code for beeper trouble could be entered as KP TRBL+62+ST, and speech scrambler trouble could be KP TRBL+89+ST. Some of the other reasons for trouble codes are: Crosstalk, No ring, Noisy, can't hear, improper supervision toward the called and calling parties, cutoff, positions crossed, coin collecting trouble, third re-order, distant operator no answer, echo, data transmission, no answer supervision, ST key lit for more than 4 seconds, and others for person-to-person and station-to-station completed collect calls. Maintenance and traffic measurements ------------------------------------ These reports can be output from a maintenance or engineering and service data TTY, daily or hourly. Each daily report contains data for the previous day. Some traffic counts are as follows: Total Verification attempts, VFY key depressions, VFY key depressions when the requested number is out of TSPS range, VFY key depressions in which the requested number wasn't verifiable, BLV trunk seizures which pass an operational test, and EMER INT attempts. Other traffic counts include the measurements for usage of BLV trunks, the amount of time BLV trunks were unavailable, and the number of times BLV trunks were seized. I hope this file has helped people further understand how the BLV system works. If you haven't read part I, get a copy of Phrack Inc. Issue XI and read file #10. As said earlier, most of this information comes directly from Bell System Publications and so it should be viewed as correct. However, if you do find any errors then please try to let me know about them so they can be corrected. Suggested reading ----------------- TSPS Part I: The console-Written by The Marauder, LOD/H Technical Journal Issue No. 1, file #4 Busy Line Verification-Phrack Issue XI, file #10 Busy Verification Conference Circuit-Written by 414 Wizard Verification-TAP issue 88, Written by Fred Steinbeck Acknowledgements ---------------- Bell System Technical Journal, Vol. 59, No 8. Bell Labs RECORD periodical And the following people for contributing information in some form: Mark Tabas, Doom Prophet, The Marauder ==Phrack Inc.== Volume Two, Issue 12, Phile #9 of 11 Rebuttal to Phrack Issue 8 and 11 (File 11) Written by Scan Man..... It has been requested of Taran King (Who doesn't agree with KL on this subj) to put this somewhere in the next issue of Phrack (12) for proper distribution. Whether he does or not I cannot say. Well a number of months have gone by now and I have been written about accused of and had rebuttals written for me, all of which were about as clear and factual as mud. And that includes the rebuttal that Telecomputist has in effect tried to stand with me, and making matters only worse by inaccurate information. But then all of this started with inaccurate information from PWN, didn't it. KL has resorted to interfering in other peoples lives in order to promote his so called news publication. To this I say, if you are going to call it news then make it facts. I can buy the Enquirer if I want sensational- istic readership boosting and inflated gossip. You do no justice to yourself or your publication. I really shouldn't dignify any of this with comment but shall as the entire matter has been blown so far out of proportion and since I have been phreaking since these kiddies were still messing their diapers I feel it a little more than an inconvenience, particularly since these gentlemen (and I use the term loosely) can't seem to accomplish anything but guesswork and conjecture and have cost me (and my wife and son) a $50,000 job so the least I can do is get a few FACTS out. First, I was (and I stress was) employed by a company called Telecom Management Corporation. Notice the initials of this company (TMC). Telecom Mgnt is a management company, and a management company manages other companies. Among the companies it manages are 6 TMC Long Distance markets (none of which are in Vegas), two of which are in Charleston where I live and NY where I worked (up until two snotty nose teenagers (KL & SR) decided to stick there nose where didn't belong). At any rate I was hired and paid by Miami, lived in Charleston, and worked in NY. And yes with regard to your "he must have been quite an asset to them," I was an asset to them. And KL you seem to think it was surprising that they flew me to NY every week. I don't, and I'm sure the other 100 businessmen on my flights who I traveled with regularly would be surprised that they carried the unique distinction of being somehow in the wrong for having their companies send them to NY every week. I'll have to tell them this one for a good laff next time I get a 50,000 dollar a yr job that sends me to NY. Moving right along, I will add that I was employed as a Systems Analyst. When I was originally hired, my interview was by a fellow from Miami (Telecom Mgnt) and the interview was conducted in the Chas office (one of the few times I was ever in there). This however doesn't explain why Pauline Frazier and Ben Graves knew me or didn't care for me. The reason for this was quite simple: they both knew about me and the bulletin board and had also been trying to catch me stealing calls from there company (don't know where they ever got that idea ). At any rate they obviously were quite unhappy because I got that job. The next comment in rebut to Telecomputist which was a rebut to PWN Phrack Issue 8 (what a nightmare), was, and I quote, "I claimed not to have any ties with Vegas but didn't claim not to have ties with TMC." Boy talk about factual journalism, really grabbing for straws aren't you. Anything to make me look bad huh? Wonder why. Wouldn't be for more copies for your next issue would it? As you could see at the beginning of this rebuttal I clearly stated that Telecom Management ran 6 TMC markets as well as other companies and that they were connected but separate from each other. Although none of it is relevant to any of this, but that doesn't matter when you are out to get copies for your next issue does it KL. At any rate this also shows where Telecomputist, although trying to do a good thing, got their facts mixed up too by misunderstanding the fact that Telecom Managements initials were the same as TMC and were unrelated companies when actually they are. In you next comments you say, "The rest of my statements are highly debatable" (might try looking at a few (no make that all) of your own). You also said that my statements have no proof (as if yours are so damn factual). First, I don't have to prove a thing to assholes like you or anyone else for that matter. You also state your decision (as if you have the right to make any decisions about me, (shit boy you don't even know me, but you may soon) was to do nothing because of lack of proof. And you call what you came up with truth? Based on what, your vast personal knowledge of me, your knowledge of something some phone phreak told you, because of having worked with me? As for providing more ammunition to the idea, I'm not what I claim to be. I have claimed to be nothing, it's you doing all the claiming. And there is no "ammunition" to be had from the Telecomputist article as it was about as accurate as yours have been. Shows you what two people who know nothing about nothing can do if they put their minds to it. I might add that this is the first and last statement I have personally written that has anything to do with any of this. You also stated that, "after three months you had proof," yet you have shown only words, not a speck of proof or truth. You have taken the Telecomputist article apart and tried every way there was to tear it apart, most of which was guesswork and innuendo. Examples of this are your quotes of, "Gee isn't that awful expensive," "Notice how he didn't say he had no ties with TMC," "Statements were highly debatable," "Now that he has had a few months to come up with a story," etc., that's some real facts there KL, you're a real journalist who deals only with facts. You're not out for gossip or character assassination. Riiiiiight. I've just been waiting for you to put your foot in your mouth (in this case both feet). (Don't worry, I'm sure they will fit nicely) I think it's also time to tell the story of how all this got started. It's really a comedy of errors (only I'm not laffing). As I stated earlier I was paid by Miami, as that's where the home office was. This meant that on occasion I also went to Miami as well as NY. In Dec of 85 I learned of a new organization being formed called the CFCA (Communications Fraud Control Association) although in addition to communications, they support computer and credit security as well. Knowing that all the top security people were going to be there and being a good phone phreak on the eternal quest for inside knowledge, I wanted in on this conference which was held the 6th, 7th and 8th of Feb 86 in Miami. Soooooo I convinced Telecom that we should check these People out for some benefit to our company with regard to my job (Systems Analyst) as after all it was my job to not only develop and operate the companies' computers but keep them secure as well. So I had had the perfect excuse to get me in the conference. They agreed with me and went for it and paid for my flight down there and the conference fee. Moving right along, it was the 1st day into the conference when just at lunch I was talking to a guy from Pac NW Bell named Larry Algard (whose name I had forgotten til Sally Ride showed up on the BBS saying Larry the Algardian had sent me a couple of weeks later). At any rate while talking to this guy, a security agent from one of the other LD companies that was there came up and said, "Aren't you Scan Man, the guy that runs P-80?" Needless to say I about shit, and had to come up with a damn good answer in about a 100th of a second. Knowing I was there legally with the authority of my company, I answered back (in front of Larry Algard), "Yes, but unbeknownst to my members it's an undercover board for TMC the company I work for." And since Telecom Management Corporations initials were TMC and they did manage 6 TMC LD companies I knew I was safe if he decided to check me out, which I was worried about because earlier this same guy (the one that said, "Aren't you Scan Man") had made a comment about the security of the meeting and that he believed hackers had infiltrated the meeting. At any rate, I was out of the fire with this guy and everyone (about 7 others) standing around in our circle. It does however get worse. Two weeks later I got a new user on the board named Sally Ride saying, "Larry The Algardian sent me" and the msg subj was titled Scott Higginbotham. I answered the msg asking him where he got that name (Scott Higginbotham, my real name) but he thought I meant where did he get the name Larry the Algardian (see msg reprint below). His reply is as follows (actual copy of msg) Scan Man, I got the name from an electronic memo from Sec. Mgr. Larry Algard to his boss, George Reay. Since I've access to these files via PNB's UNIX AOS, I read about Algard's meeting with Scott at a CFCA Conf. in Miami. It's nice to be able to know what the other side is up to, but how did you infiltrate CFCA? I was able to infiltrate PNB Sec. thru their own system. But, to attend such a meeting of the toll carriers of the nation and learn their plans to combat us is a real coup! Understand where I'm coming from? Sally Ride:::Space Cadet Now from this msg you can see two things: first that Sally Ride is a two faced little S.O.B., plus you can also see why he would think I was fed. I can almost (again I stress almost) understand why he was suspicious. This msg also points out that at least in his msgs to me he was of the opinion that I had infiltrated the conference (not that his opinion about anything matters). Then, on a social ladder climbing binge, he turns it around to me being one of them (as if he was the only person in the world who could infiltrate something). To this I say again, I was doing this when you were still in diapers (SR). Even though I can legitimately understand why he would think I was a fed as this at least "APPEARS" to be proof that I'm a fed, by that I mean if I had broken into a telco security computer and found a msg saying that so and so was running a sting board, I would be prone to believe it myself. What Sally didn't know was that I had to say that at that conference to keep from being fried myself when confronted by a security agent who recognized me. But then what are the odds of someone breaking into the very computer reading that very msg. If it were me and I was going to take this information to the phreak community I would have to state the facts, which were that he found this msg, "then print msg". I would not go into the guessing that he and KL did in the original Phrack article (or this last one, since the first obviously wasn't enough). But back to the point of all of this, "WHAT WOULD YOU SAY STANDING IN THE MIDDLE OF 500 TOP TELCO SECURITY PEOPLE AND ONE WALKS UP AND SAYS, "AREN'T YOU SO AND SO THAT RUNS SO AND SO BBS?" See what I meant about a comedy of errors? Do you also see why sometimes what is apparently the truth isn't always what it appears as. Do you also see what I mean about gossip and poor journalism? This is not the first time that Sally or KL has tried to distort facts and interfere with people's lives. I am referring to the past David Lightman incident. Instead of belaboring this point, I shall, in the fashion of the great journalists (KL & SR), reprint another msg from Sally regarding this other incident in order to show what kind of individual we are dealing with (a 19 yr old who if he spent as much time hacking and phreaking as he does stretching the facts and butting into peoples lives might be a good phreak/hack). From: Sally Ride Well a couple of things..first about Phrack World News..the above mentioned article about Blade Runner and David Lightman was credited to David Lightman and Blade Runner and someone else, maybe K.L. I really don't know either David or Blade that well, but when someone is accused of being a cop, or a phone cop, or whatever, I see no reason to keep that a secret from the phreak-world. Everyone is able to make their own conclusions based on the information provided and considering the sources. Finally, and I hope this ends all discussion about this on the "Elite" section of this BBS. Is that what is allowed for discussion here? Really, character assassination should be kept to the War Room of some other K-Rad luzer BBS. Secondly, thanks to all who kept me up to date on the status of the BBSes that had suddenly dropped out of sight all for separate unrelated reasons. I found The Twilight Zone, now the Septic Tank, it's back at 203-572-0015, old accounts intact. Taran King's Metal Shop Private should be back up within hours of this message, see PWN 6 for the details. And Stronghold East is still down as far as I know, should be back around 7/1. Broadway's always been weird but turning informant? Will wonders never cease? And, TUC has a board again? And, here I thought he was a "Security Consultant", per W.57th St. Who knows who's side who is on? Scan Man, here's news from your neck of the woods. A company named Advanced Information Management Inc. run by Robert Campbell. The June 23rd issue of Communications Week says this guy and his 17 consultants are all over the BBS world. They are based in Woodbridge, VA. Know anything about them? Sound like some more narcs to worry about. What is the true story on Ralph Meola? PWN 6 says he's the head of AT&T Security. Has anyone ever heard of him before? Sally Ride:::Space Cadet I believe your words were, "character assassinations should be kept on some k-rad Luzer war board" (try taking some of your own advice, or is it different when it's your friend). You also made the statement that everyone should be able to make their own decisions based on the sources. In my case it's two guys that don't know me or really anything about me (KL & SR). Did anyone also notice Sally's tendency toward a persecution complex? Everyone he mentioned in the msg is thought to be a phone cop. I mean, really, take a good look at that msg. It's quite obvious this boy is playing God and deciding who is and isn't on who's side (you're not the only one who saves msgs). He's either attacked or defended (mostly attacked or insinuated) about 5 people in one msg of being the bad ole phone cop. Who set you two up as judge and jury? As to how I feel about it, I'll use an old saying with a new twist, "If you want to hear the jukebox, you damn well better have a quarter," better known as "pay the piper". Does it sound like I'm upset? I mean how would you feel if you had trouble keeping your family fed, heated, and housed because some asshole that just hit puberty stuck their nose into your life. Tell your son, no he can't go skating because you don't have the money because........etc.....Also I might add that a number of us old guards who were phreaking before there were computers and BBSes such as my old friend, Joe Engressia (Secrets of Little Blue Box, Esquire 71) (avail P-80) and others have done actual security work (not busting heads) defeating security systems on new payphones (test before marketing) etc for yrs. I don't see anyone jumping up and yelling phone cop on these guys. People who are admitted security people who also claim to be phreaks are ignored. So why all the stink with me? In closing I would like to say that I have little doubt that in their usual fashion KL and/or SR will attempt to go over every word I have typed looking for more SO CALLED FACTS. Any way you try to reword it will only be more twisting and supposition. Sooo be my guest. You will get no more comments from me. The next time either of you two hear from me, you better have your Quarter for the jukebox cause it will be time to pay the piper. P.S. KL do me a favor and call my board and let me know whether you will be at this phreak conf in St Louis. If so I recommend old cloths, and clean underwear. (Oh yes and a quarter.) Scan Man (3-10-87) ==Phrack Inc.== Volume Two, Issue 12, Phile #10 of 11 PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN >>>>>=-*{ Phrack World News }*-=<<<<< PWN PWN Issue XII/1 PWN PWN PWN PWN Created, Compiled, and Written PWN PWN by Knight Lightning PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN Local News March 20, 1987 ~~~~~~~~~~ This issue of PWN marks the anniversary of Metal Shop Brewery. Things are looking up. Metal Shop Private is back and all previous members are asked to call back. The same passwords and logons still work and even better, the old posts have been saved despite the hard drive crash a few months ago. Phrack XIII will be released on April 1, 1987; April Fool's Day! It features joke files, fiction files, humorous files, and of course, rag files. With all the seriousness of the regular issues of Phrack, this is a chance to release some building flashes of comedy. Please note that files for Phrack XIII can only be submitted by members of Metal Shop Private. This does not apply to other issues of Phrack. Don't miss it! SummerCon 1987 ~~~~~~~~~~~~~~ For those that don't already know, TeleComputist Newsletter and Phrack Inc. are sponsoring this year's big phreak gathering in St. Louis, Missouri. As many of you may note, St. Louis is the home of Metal Shop Private, Phrack Inc., and TeleComputist Newsletter. We all hope that since St. Louis is in the middle of the country that it will be easy for people to attend. We extend an invitation to anyone who wants to come. We will have a conference room and two suites in a hotel in St. Louis. The official date for SummerCon 1987 is June 19,20. This is far enough into the summer that everyone of the younger generation should be out of school and early enough that no one has to worry about facing reality right away. This date has also been chosen specifically as to not interfere with the St. Louis VP Fair (Vale Profit). If you are going to attend SummerCon, we ask that you contact Knight Lightning, Taran King, or Forest Ranger for more details. The TeleComputist Information Line is (314) 921-7938. The names of those attending will be kept confidential so as to not cause anyone discomfort, however we do ask that you identify yourself at the conference by means of a name tag or some form of identification. Security personal is welcome to attend, but we request that you let us know ahead of time. If anyone, especially security personnel, would like to speak at SummerCon please also let us know and we will schedule you in. :Knight Lightning ______________________________________________________________________________ Hackers Caught Using Credit Card To Buy More Equipment February 20, 1987 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ By Ben L. Kaufman of The Cincinnati Enquirer "I was uneasy about the pickup." Two young "hackers" in Milford using an electronic bulletin board to get stolen credit card numbers and buy hardware to expand their computers. Now they're in big trouble because unauthorized use of a credit card is a federal offense and the Secret Service caught them. "Computer-aided credit card fraud is increasingly common, said special agent in charge, James T. Christian on Tuesday, "but using the filched name and number to enhance computer clout was a unique touch." The two youths had a $1,300 order sent to an abandoned house on Ohio 131E, Christian said, but when they picked it up an agent was waiting with the UPS deliveryman. John Martin Howard, 21, 5788 Meadowview Drive, Milford was cited before U.S. magistrate J. Vincent Aug Jr., who accepted his plead to guilty Monday and released him on his promise to return when summoned. "I was uneasy about the pickup," Howard recalled in a telephone interview. The risk of getting caught "was in the back of my mind." And it was an awful moment when the Secret Service agent confronted him and his juvenile buddy, Howard added. "I think they were surprised," Christian said. Howard was charged with attempted use of an unauthorized credit card. His juvenile partner -- who refused to comment Tuesday -- was turned over to his parents. Christian said the youths ordered equipment from Computer-Ability in suburban Milwaukee paying with the stolen credit card. A sharp-eyed store employee noted purchases on that credit card were coming in from all over the country and called the Secret Service. Within two weeks the trap in Milford was set. Howard said his young friend knew the Cincinnatian who led them to the bulletin board filled with the names and the numbers of stolen credit cards. "We got it from somebody who got it from somebody who got it from somebody on the east coast," Howard recalled. That new acquaintance also boasted of using stolen card numbers from electronic bulletin boards to buy expensive accessories and reselling them locally at bargain process. He and his friend used the stolen credit card to upgrade his Atari 800 system, Howard said. "We ordered a bunch of hardware to use with it." In addition to the purchase that drew the secret service to them, Howard said they "ordered other stuff, but before we received anything, we were picked up." Howard said he'd had the Atari about two years and was getting bored with it and home computers in general. He had taken computer programming for eight months after high school, he said, but hadn't used it. He would like to try computer-aided design and engineering, but right now, he's working in a pizza parlor. Christian said Howard's parents had been enthusiastic about his computer interests and friends who shared them. "They though it would keep them out of trouble." Assistant U.S. attorney Kathleen Brinkman and Christian said the Cincinnati area investigation was continuing and numerous juveniles, some quite young, may be involved. Thanks to Grey Elf Re-typed for PWN into lowercase by Knight Lightning ______________________________________________________________________________ Hang On... Phone Rates Are Falling Again! March 1987 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >From Changing Times Magazine March 1987 Issue No news that long-distance rates are still headed down, but now local rates are poised to follow, at least in some areas. Competing long-distance carriers have already been forced to react to AT&T's January rate cut, which averaged 11.2%, with cuts of their own. Now the Federal Communications Commission [FCC] may propose that an additional $1 or $2 be added to the subscribers line charge, the $2-a-month access charge that every residential customer pays. If that happens it would compensate. Since AT&T's divestiture in January 1984, the telephone services component of the consumer price index has risen 17.4%, reflecting a 36.7% increase in local rates at the same time long-distance charges were falling. But price increases for overall service have moderated each year, falling 2.7% in 1986 from 4.7% in 1985 and 9.2% in 1984. That trend should continue as local rates stabilize and even fall. Wisconsin and Vermont, for example, have ordered local companies to make refunds, and a number of states - New York, Pennsylvania, Washington - are considering lowering rates to reflect the improved financial position of local phone companies. Those companies will benefit from tax reform, and lower inflation and interest rates have resulted in lower expenses in several other areas. Things are not looking good for some of AT&T's competitors in the long distance business, however. Forced to follow AT&T's rate cuts, both MCI and US Sprint are hard-pressed financially, and analysts don't rule out the possibility that one or both could get out of the long-distance business, potentially leaving AT&T a monopoly again. But that would be "politically unacceptable," says analyst Charles Nichols of E.F. Hutton. Some alternatives: allowing regional phone companies to enter the long-distance business or allowing AT&T to keep more of the profits it earns from increased efficiency instead of forcing the company to cut rates. That would take some pressure off competitors. Special Thanks to Stingray ______________________________________________________________________________ Police Arrest Computer "Hacker" Suspect March 15, 1987 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >From the St. Louis Post-Dispatch "MCI told police it was losing $2.7 million a month to such 'hackers.'" A computer software engineer [Robert Wong] has been arrested at his home in Maryland Heights, Missouri on suspicion of trying to get into the computer system of MCI Telecommunications Corporation. The case is the fourth in this area involving computer "hackers" who have tried in recent months to get into MCI's computer system, police say. Detective John Wachter of the Maryland Heights Police Department said the department would seek a warrant today charging the suspect with "tampering with computer users," a felony. The charge is being sought under a state law enacted last year to deal with hackers - people who try illegally to tap into other computer systems. The suspect is Robert Wong, 23, of the 2000 block of Maverick Drive, Maryland Heights, Missouri. Police tracked down Wong by a court-sanctioned "trap" on his phone after MCI learned that someone was trying to tap into its long-distance lines. In a written statement to police, Wong said he "came across" MCI's programs and access codes. He said he was "amazed" when he got into the system. "I know it was illegal, but the urge of experimenting was too great," he told police. Typed For PWN by Taran King ______________________________________________________________________________ PWN Quicknotes ~~~~~~~~~~~~~~ In upcoming months P-80 will be moved from her ole TRS Model 1 to an IBM PC compatible. In addition to a boost in storage capacity (amount still undecided), P-80 will be adding a new "user to user" direct file/program transfer thus allowing the membership the ability to privately send text or programs directly to another user. There will also be the ability to forward a message with text/program attached) to another user after receipt. (2/26/87) Information from & P-80 Information Systems ------------------------------------------------------------------------------ If you consider yourself a phreaker or a hacker in any way, shape or form, then read on! The Telecom Security Group is sponsoring the first on-line hack/phreak survey. It consists of about 30 minutes work of answering questions (or until you want to stop) that pertain to phreaking, hacking, the security, and the attitudes surrounding it all. You are allowed to identify yourself during the survey if you wish or you may remain totally anonymous. It's really just the general answers that will count. Call now: 914-564-6648 (914-LOG-ON-IT) and type SURVEY at the main prompt to get the survey. Thanks for your involvement, and do spread the word to any board that considers itself phreak/hack oriented. Information by Taran King & Tuc (2/6/87) ------------------------------------------------------------------------------ Telecommunications giant AT&T is lying in its advertisements that claim it has an exclusive toll-free number for foreign clients to reach U.S. businesses, its competitor says in a lawsuit. Worldwide 800 Services Inc. says that it has filed suit against AT&T with the FCC, charging AT&T with false advertising. The ads by AT&T claim that it can provide a global telephone network that would allow clients in foreign countries to call a toll-free number to reach businesses in the United States. AT&T claimed that "You won't find this type of service anywhere else." Worldwide 800 says that their company provides toll-free service from any foreign city to the U.S., whereas AT&T can only provide toll-free service on a countrywide basis. An AT&T spokeswoman denied all of the charges, stating that the advertisement in question was neither fraudulent or deceptive. If Worldwide 800 Services wins the case, they state that they will demand corrective advertising and seek monetary damages. Information from Lucifer 666 (3/1/87) ______________________________________________________________________________ ==Phrack Inc.== Volume Two, Issue 12, Phile #11 of 11 PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN >>>>>=-*{ Phrack World News }*-=<<<<< PWN PWN Issue XII/2 PWN PWN PWN PWN Created, Compiled, and Written PWN PWN by Knight Lightning PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN Toll-Free Woes January 26, 1987 ~~~~~~~~~~~~~~ >From Time Magazine; reprinted in the February 1987 Issue of CO Magazine While Oral Roberts struggles with budgets, fundamentalist preacher Jerry Falwell faces a different kind of money pinch. The Lynchburg, VA, televangelist has long used toll-free phone numbers to assist viewers seeking spiritual help. For many months Falwell foes, aware that each phone-in cost $1, have purposely clogged his lines. An Atlantan programmed his computer to dial Falwell every 30 seconds. Before Southern Bell stepped in, the stunt cost Falwell $750,000. Late last year, the Daily Cardinal student newspaper at the University of Wisconsin -- Madison ran a column advocating "telephone terrorism" and listed several targets, including Falwell. The TV preacher estimates that annoyance calls cost him more than $1 million last year, not counting lost donations. Falwell, who is considering legal action, regards the calls as "unlawful activities" that do "injury to the cause of Christ." [Well now...isn't that special? And just where did all these people get the idea to do "injury to the cause of Christ?" From me, Knight Lightning? No, I don't think so. From oh maybe Phantom Phreaker? No, I don't think so. Possibly Lucifer 666, but the big question is... Could it be... SATAN!!!?] Typed For PWN by Knight Lightning ______________________________________________________________________________ Voice numbers: Are They Really Necessary? March 5, 1987 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ A recent series of events on ShadowSpawn BBS has attracted much attention in the hack/phreak community. It seems that the sysop, The Psychic Warlord, denied access to Lex Luthor, Kerrang Khan, and Silver Spy because of their failure to leave valid voice phone numbers. The following messages have been taken from ShadowSpawn BBS. [Some posts have been re-formatted]. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 32/50: This board... Name: The Psychic Warlord #1 Date: 6:36 pm Thu Feb 26, 1987 Alright goddamn it, I'm so fucking pissed off that I'm just about ready to say Fuck It and take down the board for good. Why? Seems that few people are happy with the way I run this board. No, not really with the way I run it, but more like the way I choose to validate my users. Ok, fine... You don't like it then get the fuck out and quit complaining. I set certain rules that people have to abide by to get access to this board. Very simple fucking rules. And now I'm finding out that people don't want to abide by these rules, and basically tell me I'm fucked in the head for having and going by them. What rules? For one thing, and this is the major bitch-point here, new users (no matter WHO THE FUCK they are) are *REQUIRED* to leave a valid voice number where I or Ctrl can reach them at for validation. No big fucking deal... Just a goddamn phone number. "Oh, but I can't give you my voice number. I'm a hacker, and I do untold amounts of illegal things and I can't risk my number getting out." Riiight. Like I'm really some fucking Fed who's gonna bust yer ass, or some geek who gives out peoples phone numbers to any-fucking-body who asks. BULLSHIT! I'm the Sysop of a (hopefully) respected BBS, and along with that goes a certain responsibility. I'm not about to go passing out peoples numbers. *I* have respect for other hackers privacy, unlike some people who choose to invade mine just for the fucking hell of it. I require that new users leave their voice numbers for a number of GOOD reasons: 1) Trust -- If they can trust me with their voice numbers, then I can trust them with access to my board. I need that kind of trust between me and my users. If they feel that they can't trust me enough to give me a lousy phone number, then how in God's name am I supposed to be expected to trust them at all?? My ass is on the line just as much (if not more) than any user of this board! 2) Security -- Ok... So how do I know if someone is really a Fed or not? I don't! I go by instinct. Having a person's voice number let's me call them for validation and get to know them a helluva lot better than I could through e-mail. Plus, if suspicion ever arose about a user of my board being a Fed or not, how could I check this out? If I don't have their voice number, I have no leads as to where to find or who the fuck this person really is. Now I don't go checking everyone on the board via the numbers they give me. I have NEVER had to do that for ANY user, but the possibility is there. And rather than throw a possibly innocent person off the board merely on a hunch, we might be able to prove whether or not it's true. This is extremely hypothetical, but like I said... the possibility is there. Ok, so why the hell should I have to require that established people, like Lex Luthor and Silver Spy, leave valid voice numbers? Is it fair to the other users? Hell no. If I required only certain people to give me their numbers, then what does that do to their trust in me?? It's like me saying, "Well, I don't trust you... I don't know you that well. You have to sacrifice more than these guys to get access." That's BULLSHIT, and I'm not about to do it. If one person is required to give a valid voice number, then every damn user is required to! I've been getting a lot of shit the past couple days because I've denied access to some very well known and respected people in the hack/phreak world. Namely Lex Luthor, Silver Spy, and Kerrang Khan. I denied all of them access because they all refused to leave a voice number. Fine. Then they don't get access. Ctrl [Ctrl-C is a cosysop on ShadowSpawn] said I was crazy. Taran said pretty much the same. Taran also tried to get me to change my mind... to condescend, or go against what I believe in and how I believe this board should be run. He (Taran) said that by my denying Lex and the others access that I would be hurting this board more than helping it. ***I DON'T GIVE A DAMN*** I'm not impressed in the least with any of those peoples reputations. I never have been a "groupie" and I'm not about to start now. Whether or not they are good or not isn't the issue here, and some people don't seem to realize that. Yes, Lex is good. He's well known. He's even a nice guy... I've talked to him before and personally I like him. But I don't play favorites for anyone. Not Lex, not Silver Spy, and not Kerrang Khan. Nobody. What really pissed me off, and I should have told Taran that I resented it at the time, is that TK said that apparently this board is "elite". That I consider this board to be too good. Personally I think this fucking board is overrated, and yes Taran... I resented that remark. I can't remember exactly what he said, but it was something like, "In your logon message you have 'We're not ELITE, we're just cool as hell,' but apparently you ARE elite." This board isn't "elite" and if I come off seeing that way sometimes, it's only because people are getting half the picture of what I'm doing. Ok, so I deny Lex Luthor access to this board. That's all you people seem to think about. The actual denying of access. You think, "How can he do that?! What gall! He must be a real egotistic bastard to think that Lex Luthor isn't good enough to be on this board!" If you think that, and most of you have thought only that, then you're fucked in the head. Yes, I realize who these people are! Yes I know their reputations and how they are renowned for their skills as hackers and phreakers... But like I said before, that's not the issue. It never was. I *KNOW* how good these people are. I *KNOW* about their reputations and I respect them for it, but I don't care. That's not why they've been denied access! When I deny someone access to this board it's usually for one of two reasons; 1) They left a false voice number or 2) They either blew off or left really crappy answers to the filter. Personally I'd be thrilled to have Lex or Silver Spy on the board... and any of a number of people. But these people can't find it in themselves to trust me. If they can't trust me, then I can't trust them. It's as simple as that. I'm not about to let anyone on this board that I can't trust. It's not fair to the other users, and it's damn stupid of me. I run this board the best way I know how. I do what I do in respect to new user validations because it's the best way, through trial and error, that I have found to handle it. If people can't respect the way in which I choose to run my board then I'd appreciate it if they never called. And when regular users of my board start questioning the way I do thing, and telling me that I'm WRONG for doing things the way I believe they should be done, then I really start to wonder what the fuck I'm doing it for at all. I'm not a quitter, and I don't like the idea of giving up and taking down the board. I'm going to run this board the way I think is best, and I'm not about to conform to what other people think I should do. I've probably stepped on some toes and offended some people with this, but that's just too damn bad. I hate fighting the topic but I'll fight it if I have to. --==The Psychic Warlord==-- 37/50: Take a fucking valium Name: Taran King #45 Date: 9:02 am Sat Feb 28, 1987 You're known for an explosive temper, PW as well as sometimes being extremely irrational. My policy is to let people on the my board with voice numbers only. Through the history, I've made maybe 5 exceptions. Some of 'em include Lex, Spy (at first), Tabas, Videosmith, and Phucked Agent 04. Now, I never got anything out of PA04 because he got a "call" soon after he got on the board, but the rest of the members have contributed extremely well to the board. I just made sure I knew it was really them by referencing and cross referencing. If your morals are that unbendable, PW, then you need to relook at the purpose of this board. If it's to spread phreak/hack knowledge as you said on the phone, then to have those people on with the experience that they have would hardly hinder the board. I seriously doubt anyone would feel offended if any of the forementioned people got on here without leaving a valid voice number, being that they're not on any other board with a voice number. I know that Lex is not giving out his number to even the best of his friends. Spy is really careful about it these days. Not so sure about Kerrang but he's travelling about now so he's not in one place for too long nowadays. It's your board and I was trying to give you some constructive criticism, but you took it the wrong way. You don't have to claim you're ELITE to be elite. Elite merely means that you've got the respected members of the community on board. Well, you've got 'em. If you don't like it, I suggest you go through and purge the log like a big dog. Actually, fuck it. I'm tired of getting into arguments for trying to help someone. Feel free to delete my account if you feel that I've not contributed enough information to the board, or if you've rethought the purpose and decide that it's not for what I've contributed, dump me. Fuck dis -TK 44/50: Well... Name: The Psychic Warlord #1 Date: 4:57 pm Sun Mar 01, 1987 I'm glad that some people agree with me on this. I can understand Lex's point of view, too. I can also remember a time when I myself refrained from giving my number to any sysops. But... I've changed my point of view considerably after living the Sysop life for well over 1.5 years. Now if I ever wanted access to a board, and the Sysop of that board asked for my voice number, I'd give it to him. I've given Lex access to this message base for a short period of time so that he can check out the discussion. He called me voice the other day and we talked for a while about this whole biz. I'd like him, and Spy, on the board, and possibly they'll change their minds. If not, that's cool. I'm just going to let the whole thing kind of slide from here on out. If they change their minds, great... Well, Adios. --==The Psychic Warlord==-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Kerrang Khan, when notified that he must leave a voice number, said "there is no reason Psychic Warlord would need any user's phone number." He also stated that the fact that PW insisted on voice numbers was very "suspicious." Silver Spy, when notified that he must leave a voice number, never bothered calling again. Lex understood the whole situation and remained cool. He said he could see why a sysop would need voice numbers of his users. Lex was worried about the board he left it on getting busted and the authorities getting his number. So PW, in response to this deleted all users phone numbers from the board and encrypted them in a hidden sub-directory. Now the numbers are there only and are totally hidden. Information Provided By Lucifer 666/Psychic Warlord/ShadowSpawn BBS/Taran King ______________________________________________________________________________