+=============================================================================+

|    ##  ##  ##  ###### ######  ######   ### ###     ###### ######  ##  ## ## |

|   ##  ### ##  ##     ##  ##  ##  ##   ## ## ##    ##  ##   ##    ##  ## ##  |

|  ##  ## ###  #####  ##  ##  ######   ##     ##   ######   ##    ##  ####    |

| ##  ##  ##  ##     ######  ##   ##  ##      ##  ##  ##   ##    ##  ##  ##   |

+=============================================##==============================+

|                                                                             |

|                   [ The Journal of Priveleged Information ]                 |

|                                                                             |

+-----------------------------------------------------------------------------+

| Volume I, Issue 001                                     By: 'Above the Law' |

+-----------------------------------------------------------------------------+

|                                                                             |

|Informatik--Bringing you all the information you should know...              |

|            and a lot you shouldn't...                                       |

|                                                                             |

+=============================================================================+





/* Introduction */

   By the Informatik staff



      Welcome to the inaugural issue of Informatik, an electronic periodical

devoted to the distribution of information not readily available to the public,

with a particular emphasis on technology and the computing world.  First and 

foremost, this publication is dedicated to the freedom of information.

This journal is made possible by The First Amendment of the U.S. Constitution

which states:



      Congress shall make no law respecting an establishment of religion, 

      or prohibiting the free exercise thereof; OR ABRIDGING THE FREEDOM

      OF SPEECH OR OF THE PRESS; or the right of the people peaceably to

      assemble, and to petition the Government for redress of grievances.



In this and coming issues, we plan to exercise our First Amendment rights to

the best of our ability.  We will print feature articles on hacking, phreaking,

and various other illicit activities.  We also plan on bringing you recent news

and gossip from the underground, anything news of interest to hackers, 

phreakers, grifters, cyber-punks, and the like.  Informatik will also provide a

plethora of information on the inner workings of corporate America and the U.S.

Government.



DO distribute this freely! Remember this is not illegal, this is information.



                                            Enjoy,



                                            Mack Hammer & Sterling

                                                  [Editors]





Please note that the information provided by this newsletter is strictly to

interest and inform.  We can not condone nor recommend the actual application

of this knowledge with malicious intent.  Thank you.













                  ///////////////* CONTENTS: *\\\\\\\\\\\\\\\

                              Volume I, Issue 001

                          Release date October 4, 1991

                  ===========================================





01)  An Ounce of Prevention: Making the Telcos Hacker-Proof

     By: Mack Hammer



02)  Introduction to Radio Telecommunications Interception

     By: Sterling



03)  Loops Explained

     By: Anonymous



04)  T-File Classic #1: A Novice's Guide to Hacking

     By: The Mentor



05)  Summary of FBI Computer Systems

     By: Ralph Harvey



06)  Dictionary of Phreaker's Terms

     By: Various Sources



07)  Tid-Bytes 

     By: Informatik Staff



08)  Hot Flashes--The Underground News Report

     By: Various Sources













          [/]/[/]/[/]/[/]/[/]/[/]/[/]/[/]/[/]/[/]/[/]/[/]/[/]/[/]

          /[/]/[/]                                       [/]/[/]/

          [/]/                                               /[/]

          /[/]     =====  An Ounce of  Prevention  =====     [/]/

          [/]/     == Making the  Telcos Hacker-Proof ==     /[/]

          /[/]                                               [/]/

          [/]/            -------  by:  -------              /[/]

          /[/]            ---  Mack Hammer  ---              [/]/

          [/]/                                               /[/]

          /[/]/[/]                                       [/]/[/]/

          [/]/[/]/[/]/[/]/[/]/[/]/[/]/[/]/[/]/[/]/[/]/[/]/[/]/[/]







     Know thine enemy.



     Good advice for any battle.  For the hacker or phreaker, one's primary

opponents are computer security professionals.  Since the greatest feather

for any cyberpunk's cap is exploitation of a Telco, the behavior of Telco

employees is of particular importance.  Telco's spend a lot of time studying

what hackers do, what information they have, and then trying to apply this

information to thwarting the attempts of would be intruders in their

systems.



     Therefore, it seems like hackers and phreakers should be aware of what

the Telcos are doing to stop them.  Most hackers know about ANI Feature

Group D and the other electronic countermeasures used by the Telcos to track

down hackers, but how are Telco employees trained to detect and thwart

attempts at social engineering, and how do the Telcos respond to break-ins

that are detected?  This article will discuss basic electronic

countermeasures, the training and advice given to employees, and the

response of the Telcos to known threats to their systems.



/* Hardware */



     Before one commits toll fraud (discouraged by this publication), or

before they dial up a known carrier, questions race through their mind.  The

first and foremost is, "Are they tracing this call?"  It makes you wonder,

how many calls are actually traced?



     Unfortunately, which telcos trace and which don't varies from company to

company.  Needless to say, the Big Three long distance carriers (AT&T, U.S.

Sprint, and MCI) record both the originator and reciever of every long

distance phone call made on their system.  For verification of this, call

U.S. Sprint and ask for a billing report several months old.  Rather than

the spiffy little invoice you usually get, you'll recieve a crappy screen

dump from a computer with "best possible quality" or something similar

stamped on it.  It lists, among other things, each call, along with the

numbers of both parties.  As you can see, this renders toll fraud using any

of said systems practically impossible.



     Many local long distance systems, on the other hand, don't have the

facilities necessary for tracing telephone calls.  Use your own best

judgement.  As far as the regional telephone companies are concerned (Bell

South, Pacific Bell, etc.), I have heard that newer ESS systems record ALL

numbers dialed, including mistakes.  I find it hard to believe that this is

true, or if it is, that these records are easily retrieved and sifted

through.



     In any case, tracing is quite possible, and in some cases, is quite

probable.  Use your better judgement, and remember, the bigger the company,

the bigger the risk.



/* Prevention through employee awareness */



     Among telcos today, much attention is given to employee awareness.

Nearly all telco employees are trained to recognize and prevent social

engineering and hacking.  Unfortunately for the telcos employee laziness and

complacence often leads employees to replace caution with sloth.  For

example, much attention has been given to "trashing" or "dumpster diving,"

and employees are encouraged to shred sensitive documents.  In all my

trashing experience, however, I have NEVER found shredded paper.



     The same holds true for social engineering, explicit instructions are

given to telco employees to lessen the threat of information leaks through

clever social engineering.  Employees are encouraged to get the caller's

phone number and call them back, but this does not often occur.



     This advice for beefing up security was given in an article in

"Enterprise," a magazine printed by Southwestern Bell.



  *  Get rid of trivial passwords.

  *  Routinely change passwords.

  *  Review password files.

  *  Restrict access to "read only."

  *  Know to whom you're talking.

  *  Shred as many documents as possible.

  *  Post a warning which will be displayed whenever one logs into a

     computer.

  *  Lock up terminals, personal computers, and floppy disks when they are

     not in use.

  *  Eliminate unnecessary access lines.

  *  Disconnect modems when they are not in use.

  *  Avoid public domain software.

  *  Report suspicious activity.



     As you can see, computer security personnel have gotten smart.  They

are well aware of most hacker tricks, and are doing their best to explain

them to all of the other employees.  Hackers now rely on the forgetfulness

and laziness of normal employees for success, not the ignorance of system

managers.



     Telco security personnel are much more apt to check audit trails than

they once were.  Suspicious activities such as late-night logins, the use of

test and demo accounts, and the like are carefully monitored.  One should

use the telco computers during peak hours so that strange activity won't be

noticed by already busy system managers.



     Security professionals also carefully monitor activities in the hacker

world.  They keep a watchful eye on hacker BBSes and publications.  Each

finding, either a breach in security or increased knowledge amongst hackers

is recorded, prioritized and then published in various security documents.

One should be especially cautious of any "beginner" who asks a lot of strange

questions, because the telcos must have at least some people on the inside.



     One can also assume that if one telco or corporation has a particularly

effective strategy for stopping hackers, or a successful awareness campaign,

it will spread like wildfire to all telcos.  Despite the fact that telcos

are competitors, and are especially secretive since their business depends

on a technological edge, they are happy to share all security information,

since the ruination of the computer underground is one of their primary

goals.  This leads us to the final section of this article. . .



/* Responses to security breaches */



     What do the telcos do when they detect a security breach?  This may be

the most important question the hacker can ask.  Of course, one's goal is

to explore the system in question without being detected, but if the worst

happens and your intrusion is discovered, it's good to know what steps the

telco will take to prevent your future intrusion.



     The first thing to remember when hacking into a telco's computer is, if

you're caught, you will be prosecuted. . .  If there's any way they can get

you in court, you can bet your bottom dollar you'll be there.  Unlike other

businesses, which may ignore the occasional security breach because they

don't feel like it's a major problem, the telcos live in fear of hackers,

and do their utmost to prevent entry into their systems.



     Telcos make it a point to document every security risk, whether it's a

break-in on their system, a bug in an operating system, or some new

information found on a BBS.  These detections are often published in telco

literature in an attempt to educate all of the employees of the telephone

company.



/* Summing it up */



     Overall, the telcos finally seem to have gotten wise to most of the

scams run by today's hacker.  Despite the fact that telcos are often the

victims of hacking and phreaking (thank goodness), they are much less

susceptible to infiltration through hacking, trashing, and social engin-

eering than they once were.  The moral of the story is, today's security

measures are breeding a harder working hacker, one who must constantly

watch his back and look before he leaps.













                         /+++++++++++++++++++++++++++\

                        ++                           ++   

                       +++   Introduction To Radio   +++

                       +++      Telecommunication    +++

                       +++        Interception.      +++

                        ++                           ++

                         \+++++++++++++++++++++++++++/



                                [By *Sterling*]





     The purpose of this article is to explain how to use a scanner and radio

receiver to eavesdrop on private calls from homes, offices, cars, ships, 

aircraft, and trains.  I will discusses the best methods of monitoring, the

equipment needed, and list the necessary frequencies.

     

Why scan?

---------



     It is quite a simple, and in most cases LEGAL, to listen-in on cellular,

cordless, ship/shore, air/ground, pagers, etc.  The benefits of such

monitoring, aside from entertainment, can be quite high to the discerning

listener.  Callers quite often route to their favorite LD carrier to place long

distance calls.  They call their voice mail systems, private company

lines and diverters.  If you are have a specific interest in an individual or

company you may peek in on their "private" conversations, learn who they are

calling and what they are up to.  Apart from radio-telephone communication

scanner hobbyists are entertained by whatever they overhear on their radios.  

Police cars, fire engines, ambulances, armored cars, trains, taxis, airplanes,

and buses are all equipped with radios and you can listen in on them.  You can

monitor the local police and fire departments to hear about events before the

news reporters screw them up.  Hostage dramas, bank robberies, car crashes, 

chemical spills, tornado sightings are all there.You can hear a high speed

police chase, Secret Service agents on a sting operation, and undercover FBI

agents as they stake out a suspect.  How about listening to a presidential 

candidate discuss strategy with his adviser from a 415 MHz radiophone in Air

Force 1, or a team of G-men protect him while transmitting in the 167 MHz

range?  Listen to your neighbors deal drugs over their cordless telephone, or

as their conversations are picked up and transmitted over the airwaves by their

sensitive baby monitor intercom.  It's all there in the 46 and 49 MHz ranges.



What Equipment is needed?

-------------------------



     Scanners are available in two varieties: crystal controlled and

programmable.  The  crystal controlled models are cheaper, but require the user

purchase and install a $5 crystal for EACH frequency of interest.  Programmable

(synthesized) units don't require crystals and usually have a keypad that

permits you to store frequencies into channels.  Programmables are now so cheap

it doesn't make sense to buy a crystal unit as your main scanner unless you get

it for under $45 or so.  You can get a battery operated hand held scanner, a

bigger "base" scanner which is powered from an AC outlet, or a mobile scanner

which connects to your auto's electrical system.



Make sure your first scanner:



  1.  Has a "search" feature, which allows it to search  all the frequencies 

      between two frequency limits of your choosing.  The lowest cost

      programmables can't search.

  2.  covers the 800 MHz band, which is where cellular-telephone is broadcast.

  3.  Has an AC-adaptor available, as scanners eat batteries.

  4.  Has an earphone jack as you may want to record your findings.



     If you're not sure whether you'll like scanning, don't want to spend much

money, a 16 channel radio will do.  In general, the more channels and banks,

the better.  Deluxe scanners can be controlled by a personal computer, although

this feature isn't important to most scanner owners.



     Currently, the more popular scanners include the Uniden/Bearcat 760XLT

(a/k/a 950XLT) and Radio Shack PRO-2022 and PRO-2006 base/mobiles, and the

Uniden/Bearcat 200XLT (a/k/a 205XLT) and Radio Shack PRO-37 portables.



     All scanners come with a built in antenna, permitting reception up to

about 20 miles or so.  Outdoor antennas can extend reliable reception to 100

miles or more.



A breakdown of exactly what there is to listen to out there:







Cordless phones:

----------------

     It seems like everyone has a cordless phone now days.  Cordless phones are

quite easy to monitor.  Cordless phones are duplex, they transmit sound from

the handset to the base, and the base transmits both callers voices back to the

handset.  Obviously this is the frequency you want to listen in on.  Cordless

phones are broken into ten channels.  They are as follows:



Channel   Frequency (in MHz)

----------------------------

   1          46.610 

   2          46.630     

   3          46.670    

   4          46.710    

   5          46.730    

   6          46.770    

   7          46.830     

   8          46.870    

   9          46.930    

  10          46.970



Most cordless phones have the channel number stuck on the back of the handset,

and some have multiple channels.  The easiest thing to do is simply scan the

whole list of ten.  The main problem with cordless phones is the range.  They

are seldom able to broadcast further than a block or so away.  If you want to

monitor a users phone calls, the best method is to hook up a Voice-Actuated

Cassette recorder to a handheld scanner, wrap the whole combo in a ziplock bag

and lay it in their shrubs.  Come back the next day and you have a complete

record of all calls made and received on their cordless.  With the use of a

touch-tone decoder you can even determine who they have been calling!







Cellular Telephone:

-------------------

     Cellular telephones are quite useful sources of information.  Doctors,

lawyers, the phone company and business officials all regularly use celluar

phones.  LD cellular calls can be quite expensive to say the least, so most

users prefer to use Sprint, AT&T, etc. as their long distance carrier.  Thus

you can quite often hear them giving out their calling card number to the 

operator.

    Here is a method of determining which frequencies are used in a cellular

system, and which ones are in what cells.  If the system uses OMNICELLS, as

most do, you can readily find all the channels in a cell if you know just one

of them, using tables constructed with the instructions below.



    Cellular frequencies are assigned by channel number, and for all channel

numbers, in both wireline and non-wireline systems, the formula is:



   Transmit Frequency = (channel number x .030 MHz) + 870 MHz

    Receive Frequency = (channel number x .030 Mhz) + 825 Mhz

 

    "Band A" (one of the two blocks) uses channels 1 - 333.  To construct a

table showing frequency by cells, use channel 333 as the top left corner of a

table.  The next entry to the right of channel 333 is 332, the next is 331,

etc., down to channel 313.  Enter channel 312 underneath 333, 311 under 332,

etc.  Each channel across the top row is the first channel in each CELL of the

system; each channel DOWN from the column from the the first channel is the

next frequency assigned to that cell.  You may have noted that each channel

down is 21 channels lower in number.  Usually the data channel used is the

highest numbered channel in a cell.



    "Band B" uses channels from 334 to 666.  Construct your table in a similar

way, with channel 334 in the upper left corner, 335 the next entry to the

right.  The data channel should be the lowest numbered channel in each cell

this time.



     You want to tune-in on the non-data, RECEIVE channels.  The transmit

channel is a low power signal from the mobile source to the microwave tower,

which rebroadcasts both caller's voices.  The Data channel is used to send such

things as the callers serial number, and connecting cell information, this

information is not audible, though I hope to discuss this in depth with a later

article.



     Scan from around 870 MHz to 894 MHz and note any signals you receive.  

Once you find a frequency listed in the following chart, you know that your

area also uses all other channels in that cell for that particular band. 





Cellular Phone Band A (Channel 1 is Data)



Cell # 1

--------------------------------------------------

Channel 1	(333)	Tx 879.990	Rx 834.990

Channel 2	(312)	Tx 879.360	Rx 834.360

Channel 3	(291)	Tx 878.730	Rx 833.730

Channel 4	(270)	Tx 878.100	Rx 833.100

Channel 5	(249)	Tx 877.470	Rx 832.470

Channel 6	(228)	Tx 876.840	Rx 831.840

Channel 7	(207)	Tx 876.210	Rx 831.210

Channel 8	(186)	Tx 875.580	Rx 830.580

Channel 9	(165)	Tx 874.950	Rx 829.950

Channel 10	(144)	Tx 874.320	Rx 829.320

Channel 11	(123)	Tx 873.690	Rx 828.690

Channel 12	(102)	Tx 873.060	Rx 828.060

Channel 13	(81)	Tx 872.430	Rx 827.430

Channel 14	(60)	Tx 871.800	Rx 826.800

Channel 15	(39)	Tx 871.170	Rx 826.170

Channel 16	(18)	Tx 870.540	Rx 825.540



Cell # 2

--------------------------------------------------

Channel 1	(332)	Tx 879.960	Rx 834.960

Channel 2	(311)	Tx 879.330	Rx 834.330

Channel 3	(290)	Tx 878.700	Rx 833.700

Channel 4	(269)	Tx 878.070	Rx 833.070

Channel 5	(248)	Tx 877.440	Rx 832.440

Channel 6	(227)	Tx 876.810	Rx 831.810

Channel 7	(206)	Tx 876.180	Rx 831.180

Channel 8	(185)	Tx 875.550	Rx 830.550

Channel 9	(164)	Tx 874.920	Rx 829.920

Channel 10	(143)	Tx 874.290	Rx 829.290

Channel 11	(122)	Tx 873.660	Rx 828.660

Channel 12	(101)	Tx 873.030	Rx 828.030

Channel 13	(80)	Tx 872.400	Rx 827.400

Channel 14	(59)	Tx 871.770	Rx 826.770

Channel 15	(38)	Tx 871.140	Rx 826.140

Channel 16	(17)	Tx 870.510	Rx 825.510



Cell # 3

--------------------------------------------------

Channel 1	(331)	Tx 879.930	Rx 834.930

Channel 2	(310)	Tx 879.300	Rx 834.300

Channel 3	(289)	Tx 878.670	Rx 833.670

Channel 4	(268)	Tx 878.040	Rx 833.040

Channel 5	(247)	Tx 877.410	Rx 832.410

Channel 6	(226)	Tx 876.780	Rx 831.780

Channel 7	(205)	Tx 876.150	Rx 831.150

Channel 8	(184)	Tx 875.520	Rx 830.520

Channel 9	(163)	Tx 874.890	Rx 829.890

Channel 10	(142)	Tx 874.260	Rx 829.260

Channel 11	(121)	Tx 873.630	Rx 828.630

Channel 12	(100)	Tx 873.000	Rx 828.000

Channel 13	(79)	Tx 872.370	Rx 827.370

Channel 14	(58)	Tx 871.740	Rx 826.740

Channel 15	(37)	Tx 871.110	Rx 826.110

Channel 16	(16)	Tx 870.480	Rx 825.480



Cell # 4

--------------------------------------------------

Channel 1	(330)	Tx 879.900	Rx 834.900

Channel 2	(309)	Tx 879.270	Rx 834.270

Channel 3	(288)	Tx 878.640	Rx 833.640

Channel 4	(267)	Tx 878.010	Rx 833.010

Channel 5	(246)	Tx 877.380	Rx 832.380

Channel 6	(225)	Tx 876.750	Rx 831.750

Channel 7	(204)	Tx 876.120	Rx 831.120

Channel 8	(183)	Tx 875.490	Rx 830.490

Channel 9	(162)	Tx 874.860	Rx 829.860

Channel 10	(141)	Tx 874.230	Rx 829.230

Channel 11	(120)	Tx 873.600	Rx 828.600

Channel 12	(99)	Tx 872.970	Rx 827.970

Channel 13	(78)	Tx 872.340	Rx 827.340

Channel 14	(57)	Tx 871.710	Rx 826.710

Channel 15	(36)	Tx 871.080	Rx 826.080

Channel 16	(15)	Tx 870.450	Rx 825.450



Cell # 5

--------------------------------------------------

Channel 1	(329)	Tx 879.870	Rx 834.870

Channel 2	(308)	Tx 879.240	Rx 834.240

Channel 3	(287)	Tx 878.610	Rx 833.610

Channel 4	(266)	Tx 877.980	Rx 832.980

Channel 5	(245)	Tx 877.350	Rx 832.350

Channel 6	(224)	Tx 876.720	Rx 831.720

Channel 7	(203)	Tx 876.090	Rx 831.090

Channel 8	(182)	Tx 875.460	Rx 830.460

Channel 9	(161)	Tx 874.830	Rx 829.830

Channel 10	(140)	Tx 874.200	Rx 829.200

Channel 11	(119)	Tx 873.570	Rx 828.570

Channel 12	(98)	Tx 872.940	Rx 827.940

Channel 13	(77)	Tx 872.310	Rx 827.310

Channel 14	(56)	Tx 871.680	Rx 826.680

Channel 15	(35)	Tx 871.050	Rx 826.050

Channel 16	(14)	Tx 870.420	Rx 825.420



Cell # 6

--------------------------------------------------

Channel 1	(328)	Tx 879.840	Rx 834.840

Channel 2	(307)	Tx 879.210	Rx 834.210

Channel 3	(286)	Tx 878.580	Rx 833.580

Channel 4	(265)	Tx 877.950	Rx 832.950

Channel 5	(244)	Tx 877.320	Rx 832.320

Channel 6	(223)	Tx 876.690	Rx 831.690

Channel 7	(202)	Tx 876.060	Rx 831.060

Channel 8	(181)	Tx 875.430	Rx 830.430

Channel 9	(160)	Tx 874.800	Rx 829.800

Channel 10	(139)	Tx 874.170	Rx 829.170

Channel 11	(118)	Tx 873.540	Rx 828.540

Channel 12	(97)	Tx 872.910	Rx 827.910

Channel 13	(76)	Tx 872.280	Rx 827.280

Channel 14	(55)	Tx 871.650	Rx 826.650

Channel 15	(34)	Tx 871.020	Rx 826.020

Channel 16	(13)	Tx 870.390	Rx 825.390



Cell # 7

--------------------------------------------------

Channel 1	(327)	Tx 879.810	Rx 834.810

Channel 2	(306)	Tx 879.180	Rx 834.180

Channel 3	(285)	Tx 878.550	Rx 833.550

Channel 4	(264)	Tx 877.920	Rx 832.920

Channel 5	(243)	Tx 877.290	Rx 832.290

Channel 6	(222)	Tx 876.660	Rx 831.660

Channel 7	(201)	Tx 876.030	Rx 831.030

Channel 8	(180)	Tx 875.400	Rx 830.400

Channel 9	(159)	Tx 874.770	Rx 829.770

Channel 10	(138)	Tx 874.140	Rx 829.140

Channel 11	(117)	Tx 873.510	Rx 828.510

Channel 12	(96)	Tx 872.880	Rx 827.880

Channel 13	(75)	Tx 872.250	Rx 827.250

Channel 14	(54)	Tx 871.620	Rx 826.620

Channel 15	(33)	Tx 870.990	Rx 825.990

Channel 16	(12)	Tx 870.360	Rx 825.360



Cell # 8

--------------------------------------------------

Channel 1	(326)	Tx 879.780	Rx 834.780

Channel 2	(305)	Tx 879.150	Rx 834.150

Channel 3	(284)	Tx 878.520	Rx 833.520

Channel 4	(263)	Tx 877.890	Rx 832.890

Channel 5	(242)	Tx 877.260	Rx 832.260

Channel 6	(221)	Tx 876.630	Rx 831.630

Channel 7	(200)	Tx 876.000	Rx 831.000

Channel 8	(179)	Tx 875.370	Rx 830.370

Channel 9	(158)	Tx 874.740	Rx 829.740

Channel 10	(137)	Tx 874.110	Rx 829.110

Channel 11	(116)	Tx 873.480	Rx 828.480

Channel 12	(95)	Tx 872.850	Rx 827.850

Channel 13	(74)	Tx 872.220	Rx 827.220

Channel 14	(53)	Tx 871.590	Rx 826.590

Channel 15	(32)	Tx 870.960	Rx 825.960

Channel 16	(11)	Tx 870.330	Rx 825.330



Cell # 9

--------------------------------------------------

Channel 1	(325)	Tx 879.750	Rx 834.750

Channel 2	(304)	Tx 879.120	Rx 834.120

Channel 3	(283)	Tx 878.490	Rx 833.490

Channel 4	(262)	Tx 877.860	Rx 832.860

Channel 5	(241)	Tx 877.230	Rx 832.230

Channel 6	(220)	Tx 876.600	Rx 831.600

Channel 7	(199)	Tx 875.970	Rx 830.970

Channel 8	(178)	Tx 875.340	Rx 830.340

Channel 9	(157)	Tx 874.710	Rx 829.710

Channel 10	(136)	Tx 874.080	Rx 829.080

Channel 11	(115)	Tx 873.450	Rx 828.450

Channel 12	(94)	Tx 872.820	Rx 827.820

Channel 13	(73)	Tx 872.190	Rx 827.190

Channel 14	(52)	Tx 871.560	Rx 826.560

Channel 15	(31)	Tx 870.930	Rx 825.930

Channel 16	(10)	Tx 870.300	Rx 825.300



Cell # 10

--------------------------------------------------

Channel 1	(324)	Tx 879.720	Rx 834.720

Channel 2	(303)	Tx 879.090	Rx 834.090

Channel 3	(282)	Tx 878.460	Rx 833.460

Channel 4	(261)	Tx 877.830	Rx 832.830

Channel 5	(240)	Tx 877.200	Rx 832.200

Channel 6	(219)	Tx 876.570	Rx 831.570

Channel 7	(198)	Tx 875.940	Rx 830.940

Channel 8	(177)	Tx 875.310	Rx 830.310

Channel 9	(156)	Tx 874.680	Rx 829.680

Channel 10	(135)	Tx 874.050	Rx 829.050

Channel 11	(114)	Tx 873.420	Rx 828.420

Channel 12	(93)	Tx 872.790	Rx 827.790

Channel 13	(72)	Tx 872.160	Rx 827.160

Channel 14	(51)	Tx 871.530	Rx 826.530

Channel 15	(30)	Tx 870.900	Rx 825.900

Channel 16	(9)	Tx 870.270	Rx 825.270



Cell # 11

--------------------------------------------------

Channel 1	(323)	Tx 879.690	Rx 834.690

Channel 2	(302)	Tx 879.060	Rx 834.060

Channel 3	(281)	Tx 878.430	Rx 833.430

Channel 4	(260)	Tx 877.800	Rx 832.800

Channel 5	(239)	Tx 877.170	Rx 832.170

Channel 6	(218)	Tx 876.540	Rx 831.540

Channel 7	(197)	Tx 875.910	Rx 830.910

Channel 8	(176)	Tx 875.280	Rx 830.280

Channel 9	(155)	Tx 874.650	Rx 829.650

Channel 10	(134)	Tx 874.020	Rx 829.020

Channel 11	(113)	Tx 873.390	Rx 828.390

Channel 12	(92)	Tx 872.760	Rx 827.760

Channel 13	(71)	Tx 872.130	Rx 827.130

Channel 14	(50)	Tx 871.500	Rx 826.500

Channel 15	(29)	Tx 870.870	Rx 825.870

Channel 16	(8)	Tx 870.240	Rx 825.240



Cell # 12

--------------------------------------------------

Channel 1	(322)	Tx 879.660	Rx 834.660

Channel 2	(301)	Tx 879.030	Rx 834.030

Channel 3	(280)	Tx 878.400	Rx 833.400

Channel 4	(259)	Tx 877.770	Rx 832.770

Channel 5	(238)	Tx 877.140	Rx 832.140

Channel 6	(217)	Tx 876.510	Rx 831.510

Channel 7	(196)	Tx 875.880	Rx 830.880

Channel 8	(175)	Tx 875.250	Rx 830.250

Channel 9	(154)	Tx 874.620	Rx 829.620

Channel 10	(133)	Tx 873.990	Rx 828.990

Channel 11	(112)	Tx 873.360	Rx 828.360

Channel 12	(91)	Tx 872.730	Rx 827.730

Channel 13	(70)	Tx 872.100	Rx 827.100

Channel 14	(49)	Tx 871.470	Rx 826.470

Channel 15	(28)	Tx 870.840	Rx 825.840

Channel 16	(7)	Tx 870.210	Rx 825.210



Cell # 13

--------------------------------------------------

Channel 1	(321)	Tx 879.630	Rx 834.630

Channel 2	(300)	Tx 879.000	Rx 834.000

Channel 3	(279)	Tx 878.370	Rx 833.370

Channel 4	(258)	Tx 877.740	Rx 832.740

Channel 5	(237)	Tx 877.110	Rx 832.110

Channel 6	(216)	Tx 876.480	Rx 831.480

Channel 7	(195)	Tx 875.850	Rx 830.850

Channel 8	(174)	Tx 875.220	Rx 830.220

Channel 9	(153)	Tx 874.590	Rx 829.590

Channel 10	(132)	Tx 873.960	Rx 828.960

Channel 11	(111)	Tx 873.330	Rx 828.330

Channel 12	(90)	Tx 872.700	Rx 827.700

Channel 13	(69)	Tx 872.070	Rx 827.070

Channel 14	(48)	Tx 871.440	Rx 826.440

Channel 15	(27)	Tx 870.810	Rx 825.810

Channel 16	(6)	Tx 870.180	Rx 825.180



Cell # 14

--------------------------------------------------

Channel 1	(320)	Tx 879.600	Rx 834.600

Channel 2	(299)	Tx 878.970	Rx 833.970

Channel 3	(278)	Tx 878.340	Rx 833.340

Channel 4	(257)	Tx 877.710	Rx 832.710

Channel 5	(236)	Tx 877.080	Rx 832.080

Channel 6	(215)	Tx 876.450	Rx 831.450

Channel 7	(194)	Tx 875.820	Rx 830.820

Channel 8	(173)	Tx 875.190	Rx 830.190

Channel 9	(152)	Tx 874.560	Rx 829.560

Channel 10	(131)	Tx 873.930	Rx 828.930

Channel 11	(110)	Tx 873.300	Rx 828.300

Channel 12	(89)	Tx 872.670	Rx 827.670

Channel 13	(68)	Tx 872.040	Rx 827.040

Channel 14	(47)	Tx 871.410	Rx 826.410

Channel 15	(26)	Tx 870.780	Rx 825.780

Channel 16	(5)	Tx 870.150	Rx 825.150



Cell # 15

--------------------------------------------------

Channel 1	(319)	Tx 879.570	Rx 834.570

Channel 2	(298)	Tx 878.940	Rx 833.940

Channel 3	(277)	Tx 878.310	Rx 833.310

Channel 4	(256)	Tx 877.680	Rx 832.680

Channel 5	(235)	Tx 877.050	Rx 832.050

Channel 6	(214)	Tx 876.420	Rx 831.420

Channel 7	(193)	Tx 875.790	Rx 830.790

Channel 8	(172)	Tx 875.160	Rx 830.160

Channel 9	(151)	Tx 874.530	Rx 829.530

Channel 10	(130)	Tx 873.900	Rx 828.900

Channel 11	(109)	Tx 873.270	Rx 828.270

Channel 12	(88)	Tx 872.640	Rx 827.640

Channel 13	(67)	Tx 872.010	Rx 827.010

Channel 14	(46)	Tx 871.380	Rx 826.380

Channel 15	(25)	Tx 870.750	Rx 825.750

Channel 16	(4)	Tx 870.120	Rx 825.120



Cell # 16

--------------------------------------------------

Channel 1	(318)	Tx 879.540	Rx 834.540

Channel 2	(297)	Tx 878.910	Rx 833.910

Channel 3	(276)	Tx 878.280	Rx 833.280

Channel 4	(255)	Tx 877.650	Rx 832.650

Channel 5	(234)	Tx 877.020	Rx 832.020

Channel 6	(213)	Tx 876.390	Rx 831.390

Channel 7	(192)	Tx 875.760	Rx 830.760

Channel 8	(171)	Tx 875.130	Rx 830.130

Channel 9	(150)	Tx 874.500	Rx 829.500

Channel 10	(129)	Tx 873.870	Rx 828.870

Channel 11	(108)	Tx 873.240	Rx 828.240

Channel 12	(87)	Tx 872.610	Rx 827.610

Channel 13	(66)	Tx 871.980	Rx 826.980

Channel 14	(45)	Tx 871.350	Rx 826.350

Channel 15	(24)	Tx 870.720	Rx 825.720

Channel 16	(3)	Tx 870.090	Rx 825.090



Cell # 17

--------------------------------------------------

Channel 1	(317)	Tx 879.510	Rx 834.510

Channel 2	(296)	Tx 878.880	Rx 833.880

Channel 3	(275)	Tx 878.250	Rx 833.250

Channel 4	(254)	Tx 877.620	Rx 832.620

Channel 5	(233)	Tx 876.990	Rx 831.990

Channel 6	(212)	Tx 876.360	Rx 831.360

Channel 7	(191)	Tx 875.730	Rx 830.730

Channel 8	(170)	Tx 875.100	Rx 830.100

Channel 9	(149)	Tx 874.470	Rx 829.470

Channel 10	(128)	Tx 873.840	Rx 828.840

Channel 11	(107)	Tx 873.210	Rx 828.210

Channel 12	(86)	Tx 872.580	Rx 827.580

Channel 13	(65)	Tx 871.950	Rx 826.950

Channel 14	(44)	Tx 871.320	Rx 826.320

Channel 15	(23)	Tx 870.690	Rx 825.690

Channel 16	(2)	Tx 870.060	Rx 825.060



Cell # 18

--------------------------------------------------

Channel 1	(316)	Tx 879.480	Rx 834.480

Channel 2	(295)	Tx 878.850	Rx 833.850

Channel 3	(274)	Tx 878.220	Rx 833.220

Channel 4	(253)	Tx 877.590	Rx 832.590

Channel 5	(232)	Tx 876.960	Rx 831.960

Channel 6	(211)	Tx 876.330	Rx 831.330

Channel 7	(190)	Tx 875.700	Rx 830.700

Channel 8	(169)	Tx 875.070	Rx 830.070

Channel 9	(148)	Tx 874.440	Rx 829.440

Channel 10	(127)	Tx 873.810	Rx 828.810

Channel 11	(106)	Tx 873.180	Rx 828.180

Channel 12	(85)	Tx 872.550	Rx 827.550

Channel 13	(64)	Tx 871.920	Rx 826.920

Channel 14	(43)	Tx 871.290	Rx 826.290

Channel 15	(22)	Tx 870.660	Rx 825.660

Channel 16	(1)	Tx 870.030	Rx 825.030



Cell # 19

--------------------------------------------------

Channel 1	(315)	Tx 879.450	Rx 834.450

Channel 2	(294)	Tx 878.820	Rx 833.820

Channel 3	(273)	Tx 878.190	Rx 833.190

Channel 4	(252)	Tx 877.560	Rx 832.560

Channel 5	(231)	Tx 876.930	Rx 831.930

Channel 6	(210)	Tx 876.300	Rx 831.300

Channel 7	(189)	Tx 875.670	Rx 830.670

Channel 8	(168)	Tx 875.040	Rx 830.040

Channel 9	(147)	Tx 874.410	Rx 829.410

Channel 10	(126)	Tx 873.780	Rx 828.780

Channel 11	(105)	Tx 873.150	Rx 828.150

Channel 12	(84)	Tx 872.520	Rx 827.520

Channel 13	(63)	Tx 871.890	Rx 826.890

Channel 14	(42)	Tx 871.260	Rx 826.260

Channel 15	(21)	Tx 870.630	Rx 825.630



Cell # 20

--------------------------------------------------

Channel 1	(314)	Tx 879.420	Rx 834.420

Channel 2	(293)	Tx 878.790	Rx 833.790

Channel 3	(272)	Tx 878.160	Rx 833.160

Channel 4	(251)	Tx 877.530	Rx 832.530

Channel 5	(230)	Tx 876.900	Rx 831.900

Channel 6	(209)	Tx 876.270	Rx 831.270

Channel 7	(188)	Tx 875.640	Rx 830.640

Channel 8	(167)	Tx 875.010	Rx 830.010

Channel 9	(146)	Tx 874.380	Rx 829.380

Channel 10	(125)	Tx 873.750	Rx 828.750

Channel 11	(104)	Tx 873.120	Rx 828.120

Channel 12	(83)	Tx 872.490	Rx 827.490

Channel 13	(62)	Tx 871.860	Rx 826.860

Channel 14	(41)	Tx 871.230	Rx 826.230

Channel 15	(20)	Tx 870.600	Rx 825.600



Cell # 21

--------------------------------------------------

Channel 1	(313)	Tx 879.390	Rx 834.390

Channel 2	(292)	Tx 878.760	Rx 833.760

Channel 3	(271)	Tx 878.130	Rx 833.130

Channel 4	(250)	Tx 877.500	Rx 832.500

Channel 5	(229)	Tx 876.870	Rx 831.870

Channel 6	(208)	Tx 876.240	Rx 831.240

Channel 7	(187)	Tx 875.610	Rx 830.610

Channel 8	(166)	Tx 874.980	Rx 829.980

Channel 9	(145)	Tx 874.350	Rx 829.350

Channel 10	(124)	Tx 873.720	Rx 828.720

Channel 11	(103)	Tx 873.090	Rx 828.090

Channel 12	(82)	Tx 872.460	Rx 827.460

Channel 13	(61)	Tx 871.830	Rx 826.830

Channel 14	(40)	Tx 871.200	Rx 826.200

Channel 15	(19)	Tx 870.570	Rx 825.570



**************************************************



Cellular Phone Band B (Channel 1 is Data)



Cell # 1

--------------------------------------------------

Channel 1       (334)   Tx 880.020      Rx 835.020

Channel 2	(355)	Tx 880.650	Rx 835.650

Channel 3	(376)	Tx 881.280	Rx 836.280

Channel 4	(397)	Tx 881.910	Rx 836.910

Channel 5	(418)	Tx 882.540	Rx 837.540

Channel 6	(439)	Tx 883.170	Rx 838.170

Channel 7	(460)	Tx 883.800	Rx 838.800

Channel 8	(481)	Tx 884.430	Rx 839.430

Channel 9	(502)	Tx 885.060	Rx 840.060

Channel 10	(523)	Tx 885.690	Rx 840.690

Channel 11	(544)	Tx 886.320	Rx 841.320

Channel 12	(565)	Tx 886.950	Rx 841.950

Channel 13	(586)	Tx 887.580	Rx 842.580

Channel 14	(607)	Tx 888.210	Rx 843.210

Channel 15	(628)	Tx 888.840	Rx 843.840

Channel 16	(649)	Tx 889.470	Rx 844.470



Cell # 2

--------------------------------------------------

Channel 1	(335)	Tx 880.050	Rx 835.050

Channel 2	(356)	Tx 880.680	Rx 835.680

Channel 3	(377)	Tx 881.310	Rx 836.310

Channel 4	(398)	Tx 881.940	Rx 836.940

Channel 5	(419)	Tx 882.570	Rx 837.570

Channel 6	(440)	Tx 883.200	Rx 838.200

Channel 7	(461)	Tx 883.830	Rx 838.830

Channel 8	(482)	Tx 884.460	Rx 839.460

Channel 9	(503)	Tx 885.090	Rx 840.090

Channel 10	(524)	Tx 885.720	Rx 840.720

Channel 11	(545)	Tx 886.350	Rx 841.350

Channel 12	(566)	Tx 886.980	Rx 841.980

Channel 13	(587)	Tx 887.610	Rx 842.610

Channel 14	(608)	Tx 888.240	Rx 843.240

Channel 15	(629)	Tx 888.870	Rx 843.870

Channel 16	(650)	Tx 889.500	Rx 844.500



Cell # 3

--------------------------------------------------

Channel 1	(336)	Tx 880.080	Rx 835.080

Channel 2	(357)	Tx 880.710	Rx 835.710

Channel 3	(378)	Tx 881.340	Rx 836.340

Channel 4	(399)	Tx 881.970	Rx 836.970

Channel 5	(420)	Tx 882.600	Rx 837.600

Channel 6	(441)	Tx 883.230	Rx 838.230

Channel 7	(462)	Tx 883.860	Rx 838.860

Channel 8	(483)	Tx 884.490	Rx 839.490

Channel 9	(504)	Tx 885.120	Rx 840.120

Channel 10	(525)	Tx 885.750	Rx 840.750

Channel 11	(546)	Tx 886.380	Rx 841.380

Channel 12	(567)	Tx 887.010	Rx 842.010

Channel 13	(588)	Tx 887.640	Rx 842.640

Channel 14	(609)	Tx 888.270	Rx 843.270

Channel 15	(630)	Tx 888.900	Rx 843.900

Channel 16	(651)	Tx 889.530	Rx 844.530



Cell # 4

--------------------------------------------------

Channel 1	(337)	Tx 880.110	Rx 835.110

Channel 2	(358)	Tx 880.740	Rx 835.740

Channel 3	(379)	Tx 881.370	Rx 836.370

Channel 4	(400)	Tx 882.000	Rx 837.000

Channel 5	(421)	Tx 882.630	Rx 837.630

Channel 6	(442)	Tx 883.260	Rx 838.260

Channel 7	(463)	Tx 883.890	Rx 838.890

Channel 8	(484)	Tx 884.520	Rx 839.520

Channel 9	(505)	Tx 885.150	Rx 840.150

Channel 10	(526)	Tx 885.780	Rx 840.780

Channel 11	(547)	Tx 886.410	Rx 841.410

Channel 12	(568)	Tx 887.040	Rx 842.040

Channel 13	(589)	Tx 887.670	Rx 842.670

Channel 14	(610)	Tx 888.300	Rx 843.300

Channel 15	(631)	Tx 888.930	Rx 843.930

Channel 16	(652)	Tx 889.560	Rx 844.560



Cell # 5

--------------------------------------------------

Channel 1	(338)	Tx 880.140	Rx 835.140

Channel 2	(359)	Tx 880.770	Rx 835.770

Channel 3	(380)	Tx 881.400	Rx 836.400

Channel 4	(401)	Tx 882.030	Rx 837.030

Channel 5	(422)	Tx 882.660	Rx 837.660

Channel 6	(443)	Tx 883.290	Rx 838.290

Channel 7	(464)	Tx 883.920	Rx 838.920

Channel 8	(485)	Tx 884.550	Rx 839.550

Channel 9	(506)	Tx 885.180	Rx 840.180

Channel 10	(527)	Tx 885.810	Rx 840.810

Channel 11	(548)	Tx 886.440	Rx 841.440

Channel 12	(569)	Tx 887.070	Rx 842.070

Channel 13	(590)	Tx 887.700	Rx 842.700

Channel 14	(611)	Tx 888.330	Rx 843.330

Channel 15	(632)	Tx 888.960	Rx 843.960

Channel 16	(653)	Tx 889.590	Rx 844.590



Cell # 6

--------------------------------------------------

Channel 1	(339)	Tx 880.170	Rx 835.170

Channel 2	(360)	Tx 880.800	Rx 835.800

Channel 3	(381)	Tx 881.430	Rx 836.430

Channel 4	(402)	Tx 882.060	Rx 837.060

Channel 5	(423)	Tx 882.690	Rx 837.690

Channel 6	(444)	Tx 883.320	Rx 838.320

Channel 7	(465)	Tx 883.950	Rx 838.950

Channel 8	(486)	Tx 884.580	Rx 839.580

Channel 9	(507)	Tx 885.210	Rx 840.210

Channel 10	(528)	Tx 885.840	Rx 840.840

Channel 11	(549)	Tx 886.470	Rx 841.470

Channel 12	(570)	Tx 887.100	Rx 842.100

Channel 13	(591)	Tx 887.730	Rx 842.730

Channel 14	(612)	Tx 888.360	Rx 843.360

Channel 15	(633)	Tx 888.990	Rx 843.990

Channel 16	(654)	Tx 889.620	Rx 844.620



Cell # 7

--------------------------------------------------

Channel 1	(340)	Tx 880.200	Rx 835.200

Channel 2	(361)	Tx 880.830	Rx 835.830

Channel 3	(382)	Tx 881.460	Rx 836.460

Channel 4	(403)	Tx 882.090	Rx 837.090

Channel 5	(424)	Tx 882.720	Rx 837.720

Channel 6	(445)	Tx 883.350	Rx 838.350

Channel 7	(466)	Tx 883.980	Rx 838.980

Channel 8	(487)	Tx 884.610	Rx 839.610

Channel 9	(508)	Tx 885.240	Rx 840.240

Channel 10	(529)	Tx 885.870	Rx 840.870

Channel 11	(550)	Tx 886.500	Rx 841.500

Channel 12	(571)	Tx 887.130	Rx 842.130

Channel 13	(592)	Tx 887.760	Rx 842.760

Channel 14	(613)	Tx 888.390	Rx 843.390

Channel 15	(634)	Tx 889.020	Rx 844.020

Channel 16	(655)	Tx 889.650	Rx 844.650



Cell # 8

--------------------------------------------------

Channel 1	(341)	Tx 880.230	Rx 835.230

Channel 2	(362)	Tx 880.860	Rx 835.860

Channel 3	(383)	Tx 881.490	Rx 836.490

Channel 4	(404)	Tx 882.120	Rx 837.120

Channel 5	(425)	Tx 882.750	Rx 837.750

Channel 6	(446)	Tx 883.380	Rx 838.380

Channel 7	(467)	Tx 884.010	Rx 839.010

Channel 8	(488)	Tx 884.640	Rx 839.640

Channel 9	(509)	Tx 885.270	Rx 840.270

Channel 10	(530)	Tx 885.900	Rx 840.900

Channel 11	(551)	Tx 886.530	Rx 841.530

Channel 12	(572)	Tx 887.160	Rx 842.160

Channel 13	(593)	Tx 887.790	Rx 842.790

Channel 14	(614)	Tx 888.420	Rx 843.420

Channel 15	(635)	Tx 889.050	Rx 844.050

Channel 16	(656)	Tx 889.680	Rx 844.680



Cell # 9

--------------------------------------------------

Channel 1	(342)	Tx 880.260	Rx 835.260

Channel 2	(363)	Tx 880.890	Rx 835.890

Channel 3	(384)	Tx 881.520	Rx 836.520

Channel 4	(405)	Tx 882.150	Rx 837.150

Channel 5	(426)	Tx 882.780	Rx 837.780

Channel 6	(447)	Tx 883.410	Rx 838.410

Channel 7	(468)	Tx 884.040	Rx 839.040

Channel 8	(489)	Tx 884.670	Rx 839.670

Channel 9	(510)	Tx 885.300	Rx 840.300

Channel 10	(531)	Tx 885.930	Rx 840.930

Channel 11	(552)	Tx 886.560	Rx 841.560

Channel 12	(573)	Tx 887.190	Rx 842.190

Channel 13	(594)	Tx 887.820	Rx 842.820

Channel 14	(615)	Tx 888.450	Rx 843.450

Channel 15	(636)	Tx 889.080	Rx 844.080

Channel 16	(657)	Tx 889.710	Rx 844.710



Cell # 10

--------------------------------------------------

Channel 1	(343)	Tx 880.290	Rx 835.290

Channel 2	(364)	Tx 880.920	Rx 835.920

Channel 3	(385)	Tx 881.550	Rx 836.550

Channel 4	(406)	Tx 882.180	Rx 837.180

Channel 5	(427)	Tx 882.810	Rx 837.810

Channel 6	(448)	Tx 883.440	Rx 838.440

Channel 7	(469)	Tx 884.070	Rx 839.070

Channel 8	(490)	Tx 884.700	Rx 839.700

Channel 9	(511)	Tx 885.330	Rx 840.330

Channel 10	(532)	Tx 885.960	Rx 840.960

Channel 11	(553)	Tx 886.590	Rx 841.590

Channel 12	(574)	Tx 887.220	Rx 842.220

Channel 13	(595)	Tx 887.850	Rx 842.850

Channel 14	(616)	Tx 888.480	Rx 843.480

Channel 15	(637)	Tx 889.110	Rx 844.110

Channel 16	(658)	Tx 889.740	Rx 844.740



Cell # 11

--------------------------------------------------

Channel 1	(344)	Tx 880.320	Rx 835.320

Channel 2	(365)	Tx 880.950	Rx 835.950

Channel 3	(386)	Tx 881.580	Rx 836.580

Channel 4	(407)	Tx 882.210	Rx 837.210

Channel 5	(428)	Tx 882.840	Rx 837.840

Channel 6	(449)	Tx 883.470	Rx 838.470

Channel 7	(470)	Tx 884.100	Rx 839.100

Channel 8	(491)	Tx 884.730	Rx 839.730

Channel 9	(512)	Tx 885.360	Rx 840.360

Channel 10	(533)	Tx 885.990	Rx 840.990

Channel 11	(554)	Tx 886.620	Rx 841.620

Channel 12	(575)	Tx 887.250	Rx 842.250

Channel 13	(596)	Tx 887.880	Rx 842.880

Channel 14	(617)	Tx 888.510	Rx 843.510

Channel 15	(638)	Tx 889.140	Rx 844.140

Channel 16	(659)	Tx 889.770	Rx 844.770



Cell # 12

--------------------------------------------------

Channel 1	(345)	Tx 880.350	Rx 835.350

Channel 2	(366)	Tx 880.980	Rx 835.980

Channel 3	(387)	Tx 881.610	Rx 836.610

Channel 4	(408)	Tx 882.240	Rx 837.240

Channel 5	(429)	Tx 882.870	Rx 837.870

Channel 6	(450)	Tx 883.500	Rx 838.500

Channel 7	(471)	Tx 884.130	Rx 839.130

Channel 8	(492)	Tx 884.760	Rx 839.760

Channel 9	(513)	Tx 885.390	Rx 840.390

Channel 10	(534)	Tx 886.020	Rx 841.020

Channel 11	(555)	Tx 886.650	Rx 841.650

Channel 12	(576)	Tx 887.280	Rx 842.280

Channel 13	(597)	Tx 887.910	Rx 842.910

Channel 14	(618)	Tx 888.540	Rx 843.540

Channel 15	(639)	Tx 889.170	Rx 844.170

Channel 16	(660)	Tx 889.800	Rx 844.800



Cell # 13

--------------------------------------------------

Channel 1	(346)	Tx 880.380	Rx 835.380

Channel 2	(367)	Tx 881.010	Rx 836.010

Channel 3	(388)	Tx 881.640	Rx 836.640

Channel 4	(409)	Tx 882.270	Rx 837.270

Channel 5	(430)	Tx 882.900	Rx 837.900

Channel 6	(451)	Tx 883.530	Rx 838.530

Channel 7	(472)	Tx 884.160	Rx 839.160

Channel 8	(493)	Tx 884.790	Rx 839.790

Channel 9	(514)	Tx 885.420	Rx 840.420

Channel 10	(535)	Tx 886.050	Rx 841.050

Channel 11	(556)	Tx 886.680	Rx 841.680

Channel 12	(577)	Tx 887.310	Rx 842.310

Channel 13	(598)	Tx 887.940	Rx 842.940

Channel 14	(619)	Tx 888.570	Rx 843.570

Channel 15	(640)	Tx 889.200	Rx 844.200

Channel 16	(661)	Tx 889.830	Rx 844.830



Cell # 14

--------------------------------------------------

Channel 1	(347)	Tx 880.410	Rx 835.410

Channel 2	(368)	Tx 881.040	Rx 836.040

Channel 3	(389)	Tx 881.670	Rx 836.670

Channel 4	(410)	Tx 882.300	Rx 837.300

Channel 5	(431)	Tx 882.930	Rx 837.930

Channel 6	(452)	Tx 883.560	Rx 838.560

Channel 7	(473)	Tx 884.190	Rx 839.190

Channel 8	(494)	Tx 884.820	Rx 839.820

Channel 9	(515)	Tx 885.450	Rx 840.450

Channel 10	(536)	Tx 886.080	Rx 841.080

Channel 11	(557)	Tx 886.710	Rx 841.710

Channel 12	(578)	Tx 887.340	Rx 842.340

Channel 13	(599)	Tx 887.970	Rx 842.970

Channel 14	(620)	Tx 888.600	Rx 843.600

Channel 15	(641)	Tx 889.230	Rx 844.230

Channel 16	(662)	Tx 889.860	Rx 844.860



Cell # 15

--------------------------------------------------

Channel 1	(348)	Tx 880.440	Rx 835.440

Channel 2	(369)	Tx 881.070	Rx 836.070

Channel 3	(390)	Tx 881.700	Rx 836.700

Channel 4	(411)	Tx 882.330	Rx 837.330

Channel 5	(432)	Tx 882.960	Rx 837.960

Channel 6	(453)	Tx 883.590	Rx 838.590

Channel 7	(474)	Tx 884.220	Rx 839.220

Channel 8	(495)	Tx 884.850	Rx 839.850

Channel 9	(516)	Tx 885.480	Rx 840.480

Channel 10	(537)	Tx 886.110	Rx 841.110

Channel 11	(558)	Tx 886.740	Rx 841.740

Channel 12	(579)	Tx 887.370	Rx 842.370

Channel 13	(600)	Tx 888.000	Rx 843.000

Channel 14	(621)	Tx 888.630	Rx 843.630

Channel 15	(642)	Tx 889.260	Rx 844.260

Channel 16	(663)	Tx 889.890	Rx 844.890



Cell # 16

--------------------------------------------------

Channel 1	(349)	Tx 880.470	Rx 835.470

Channel 2	(370)	Tx 881.100	Rx 836.100

Channel 3	(391)	Tx 881.730	Rx 836.730

Channel 4	(412)	Tx 882.360	Rx 837.360

Channel 5	(433)	Tx 882.990	Rx 837.990

Channel 6	(454)	Tx 883.620	Rx 838.620

Channel 7	(475)	Tx 884.250	Rx 839.250

Channel 8	(496)	Tx 884.880	Rx 839.880

Channel 9	(517)	Tx 885.510	Rx 840.510

Channel 10	(538)	Tx 886.140	Rx 841.140

Channel 11	(559)	Tx 886.770	Rx 841.770

Channel 12	(580)	Tx 887.400	Rx 842.400

Channel 13	(601)	Tx 888.030	Rx 843.030

Channel 14	(622)	Tx 888.660	Rx 843.660

Channel 15	(643)	Tx 889.290	Rx 844.290

Channel 16	(664)	Tx 889.920	Rx 844.920



Cell # 17

--------------------------------------------------

Channel 1	(350)	Tx 880.500	Rx 835.500

Channel 2	(371)	Tx 881.130	Rx 836.130

Channel 3	(392)	Tx 881.760	Rx 836.760

Channel 4	(413)	Tx 882.390	Rx 837.390

Channel 5	(434)	Tx 883.020	Rx 838.020

Channel 6	(455)	Tx 883.650	Rx 838.650

Channel 7	(476)	Tx 884.280	Rx 839.280

Channel 8	(497)	Tx 884.910	Rx 839.910

Channel 9	(518)	Tx 885.540	Rx 840.540

Channel 10	(539)	Tx 886.170	Rx 841.170

Channel 11	(560)	Tx 886.800	Rx 841.800

Channel 12	(581)	Tx 887.430	Rx 842.430

Channel 13	(602)	Tx 888.060	Rx 843.060

Channel 14	(623)	Tx 888.690	Rx 843.690

Channel 15	(644)	Tx 889.320	Rx 844.320

Channel 16	(665)	Tx 889.950	Rx 844.950



Cell # 18

--------------------------------------------------

Channel 1	(351)	Tx 880.530	Rx 835.530

Channel 2	(372)	Tx 881.160	Rx 836.160

Channel 3	(393)	Tx 881.790	Rx 836.790

Channel 4	(414)	Tx 882.420	Rx 837.420

Channel 5	(435)	Tx 883.050	Rx 838.050

Channel 6	(456)	Tx 883.680	Rx 838.680

Channel 7	(477)	Tx 884.310	Rx 839.310

Channel 8	(498)	Tx 884.940	Rx 839.940

Channel 9	(519)	Tx 885.570	Rx 840.570

Channel 10	(540)	Tx 886.200	Rx 841.200

Channel 11	(561)	Tx 886.830	Rx 841.830

Channel 12	(582)	Tx 887.460	Rx 842.460

Channel 13	(603)	Tx 888.090	Rx 843.090

Channel 14	(624)	Tx 888.720	Rx 843.720

Channel 15	(645)	Tx 889.350	Rx 844.350

Channel 16	(666)	Tx 889.980	Rx 844.980



Cell # 19

--------------------------------------------------

Channel 1	(352)	Tx 880.560	Rx 835.560

Channel 2	(373)	Tx 881.190	Rx 836.190

Channel 3	(394)	Tx 881.820	Rx 836.820

Channel 4	(415)	Tx 882.450	Rx 837.450

Channel 5	(436)	Tx 883.080	Rx 838.080

Channel 6	(457)	Tx 883.710	Rx 838.710

Channel 7	(478)	Tx 884.340	Rx 839.340

Channel 8	(499)	Tx 884.970	Rx 839.970

Channel 9	(520)	Tx 885.600	Rx 840.600

Channel 10	(541)	Tx 886.230	Rx 841.230

Channel 11	(562)	Tx 886.860	Rx 841.860

Channel 12	(583)	Tx 887.490	Rx 842.490

Channel 13	(604)	Tx 888.120	Rx 843.120

Channel 14	(625)	Tx 888.750	Rx 843.750

Channel 15	(646)	Tx 889.380	Rx 844.380



Cell # 20

--------------------------------------------------

Channel 1	(353)	Tx 880.590	Rx 835.590

Channel 2	(374)	Tx 881.220	Rx 836.220

Channel 3	(395)	Tx 881.850	Rx 836.850

Channel 4	(416)	Tx 882.480	Rx 837.480

Channel 5	(437)	Tx 883.110	Rx 838.110

Channel 6	(458)	Tx 883.740	Rx 838.740

Channel 7	(479)	Tx 884.370	Rx 839.370

Channel 8	(500)	Tx 885.000	Rx 840.000

Channel 9	(521)	Tx 885.630	Rx 840.630

Channel 10	(542)	Tx 886.260	Rx 841.260

Channel 11	(563)	Tx 886.890	Rx 841.890

Channel 12	(584)	Tx 887.520	Rx 842.520

Channel 13	(605)	Tx 888.150	Rx 843.150

Channel 14	(626)	Tx 888.780	Rx 843.780

Channel 15	(647)	Tx 889.410	Rx 844.410



Cell # 21

--------------------------------------------------

Channel 1	(354)	Tx 880.620	Rx 835.620

Channel 2	(375)	Tx 881.250	Rx 836.250

Channel 3	(396)	Tx 881.880	Rx 836.880

Channel 4	(417)	Tx 882.510	Rx 837.510

Channel 5	(438)	Tx 883.140	Rx 838.140

Channel 6	(459)	Tx 883.770	Rx 838.770

Channel 7	(480)	Tx 884.400	Rx 839.400

Channel 8	(501)	Tx 885.030	Rx 840.030

Channel 9	(522)	Tx 885.660	Rx 840.660

Channel 10	(543)	Tx 886.290	Rx 841.290

Channel 11	(564)	Tx 886.920	Rx 841.920

Channel 12	(585)	Tx 887.550	Rx 842.550

Channel 13	(606)	Tx 888.180	Rx 843.180

Channel 14	(627)	Tx 888.810	Rx 843.810

Channel 15	(648)	Tx 889.440	Rx 844.440





Restoring cellular reception.

     Some scanners have been blocked from receiving the cellular band.  This

can be corrected.  It started out with the Realistic PRO-2004 and the PRO-34,

and went to the PRO-2005.  To restore cellular for the 2004, open the radio 

and turn it upside down.  Carefully remove the cover.  Clip one leg of D-513 to

restore cellular frequencies.  For the PRO-2005, the procedure is the same, 

except you clip one leg of D-502 to restore cellular reception.  On the PRO-34

and PRO-37, Cut D11 to add 824-851 and 869-896 MHz bands with 30 kHz spacing



     All these are described in great detail in the "Scanner Modification

Handbook" volumes I. and II. by Bill Cheek, both available from Communications

Electronics Inc. (313) 996-8888. They run about $18 apiece.





Pagers:

-------

     Pocket pagers and the like operate in the area of 150-160 MHz.





Phone-Patches:

--------------

     A phone patch is a way to use a telephone via two-way radio. Basically how

it works is the patch is connected to a repeater and a phone.  The patch will

interpret signals from a transceiver to activate itself and call out to the 

desired party.  This then allows the person with the transceiver to call anyone

from his handheld radio unit.  Phone-Patches are usually located on most bands,

as they are simply an attachment to the repeater.





Police, Fire, Ambulance and the like:

-------------------------------------

     The easiest way to find these frequencies is to go to Radio Shack and buy

their listing, it runs around $8, and is set up for groups of neighboring

states.  Hell, photocopy the pages you want and then return it!  But generally

these are located in 450-460 MHz.    







Typical Band Usage:

-------------------



     The FCC dictates who uses what bands for radio broadcast.  Following is a

breakdown of the general distribution of FCC licensing.  These are by NO means

set in stone, there are always exceptions.



Abbreviations:



BA   Remote Broadcast (Radio & TV)

CA   General Mobile (Radio)

CAP  Civil Air Patrol

IB   Business

IF   Forest Products

IM   Motion Picture Industry

IP   Petroleum Industry

IS   Special Industry (Construction, farming, etc.)

IT   Telephone Maintenance

IW   Power and Water Utilities

IX   Manufacturers

IY   Relay Press (Newspaper Reporters)

LA   Automotive Emergency ( Tow Trucks)

LJ   Motor Carriers, Trucks

LR   Railroad

LU   Motor Carrier, Buses

LX   Taxi

MC   Maritime Limited Coast (private stations)

MG   Maritime Government (Coast Guard)

MP   Maritime Public Coast (marine telephone)

MS   Maritime Shipboard

PF   Fire

PH   Highway Maintenance

PL   Local Government

PM   Medical Services

PO   Forestry Conservation

PP   Police

PS   Special Emergency

RA   Mobile Telephone (aircraft)

RC   Mobile Telephone (radio common carrier)

RT   Mobile Telephone (landline companies)

BIFC Boise Interagency Fire Cache



Govt:

UAF  Air Force

UAR  Army

UBW  Boundary and Water Commission

UCE  Evironmental Research Labs

UCF  Maritime Fisheries Service

UCG  Coast Guard

UCM  Maritime Administration

UCO  Ocean Survey

UCP  National Capitol Police

UCW  National Weather Service

UCX  Department of Commerce

UEP  Environmental Protection Agency

UER  Department of Energy

UFA  Federal Aviation Administration

UFC  Federal Communications Commision

UGC  Soil Conservation Service

UGF  Forest Service

UGS  General Services Administration

UGX  Department of Agriculture

UHW  Dept. of Health and Human Services 

UIB  Bonneville Power Administration

UIF  Bureau of Sport Fisheries and Wildlife

UIG  Geological Survey

UII  Bureau of Indian Affairs

UIL  Bureau of Land Management

UIM  Bureau of Mines

UIP  National Park Service

UIR  Bureau of Rclamation

UIS  Southwestern Power Administration

UIX  Department of the Interior

UNO  United Nations

UNS  Nasa

UPO  Postal Service

USA  Misc. Federal Government

USD  State Department

USN  Navy

UTC  Bureau of Customs

UTM  Bureau of the Mint

UTR  Department of Transportation

UTV  Tennessee Valley Authority

UTX  Treasury Department 

UVA  Veterans Administration

UXX  Classified



Band Usage:



30-50 MHz:



30.00 - 30.55             USA,UAR,USN,UCG,UAF

30.58 - 31.98             IS,IP,IB,LU,PO

32.00 - 32.99             USA,UAR,USN,UCG,UGX,UAF,UIR

33.02 - 33.98             PS,PH,IS,IB,IP,PF

34.01 - 34.99             UCG,UER,USA,UAR,UAF,USN,UGX,UIP,UIF

35.02 - 35.98             IB,IT,RC,RT,IS,PS

36.01 - 36.99             UIX,UER,USA,UAR,USN,UTR,UCO,IP,UHW,UGF,UGX,UAF

37.02 - 37.98             PP,PL,IW,PH,PS

38.27 - 38.99             USA,USN,UGX,UGF,UAR,UAF,UIX,UTV,UVA

39.02 - 39.98             PP,PL

40.01 - 41.99             UIA,UAR,UIP,UAF,USA,UVA,UER,USN,UIF,UIR,UTV,UIM,IP

                          UIX,UEP,UCG,UIL,BIFC,UHW,UTX

42.02 - 42.94             PP

42.96 - 43.68             IB,IS,IT,RC,RT,PS

43.70 - 44.60             LU,LJ

44.62 - 46.58             PP,PO,PL,PH,PF,PS

46.61 - 46.99             USA,UIL,BIFC,UAF,UAR,UGX,UGF

47.02 - 49.58             PH,PS,IS,IW,IF,IP

49.61 - 49.99             UIL,UAR,UGC,UAF,UAR,UGX,UGF,USA



150-173 MHz:



150.775 - 151.985         PM,LA,IF,PH,PO,IS,IB

152.075 - 152.840         PM,RC,LX,IF,IB,RT

152.870 - 153.725         IM,IS,IP,IX,IF,IW

153.740 - 156.240         PL,PF,IS,IB,PP,PM,PH

156.255 - 157.450         IP,MC,MS,MG,MP,PM

157.470 - 158.700         LA,LX,IF,IS,IB,RT,IW,IP,IX,IT,RC

158.730 - 159.480         PP,PL,PH,PO,IP

159.495 - 161.565         LR,LJ

161.580 - 162.000         IP,MC,BA,MP

162.025 - 173.987         MISC GOVT AGENCIES



406-512 MHz:



406.125 - 419.975         MISC GOVT AGENCIES

450.050 - 450.925         BA

451.000 - 451.700         IW,IF,IP,IT,IX

451.725 - 452.175         IS,IF,IP,LX

452.200 - 452.950         LX,LJ,LR,LA

452.975 - 453.975         IY,PL,PH,PF,PO,PP

454.000 - 457.600         IPI,RC,RT,RA,BA,IB

458.025 - 467.925         PM,PP,IB,IX,IF,IP,IT,IW,GM

482.000 - 508.987         MISC PUBLIC SAFETY



800 MHz:



Unlike lower bands, the 800 MHz band is allocated on a first-come first-serve

basis.  There are two categories for licensing: Public Safety and Industrial.

Sytemsusing one to five channels are conventional.  Five channel systems might

use trunking, but all systems with more than five channels must use trunking.



851.0125 - 855.9875       Conventional Systems

856.0125 - 860.9875       Conventional or Trunked

861.0125 - 865.9875       Trunked Systems

866.0000 - 869.9999       Reserved-Satelite

870.0000 - 896.0000       Cellular Telephone









                    _  _  _  _  _  _  _  _  _  _  _  _  _  _

                  -                                           -

                -                                               -

                             =  Loops Explained  =

                -                                               -

                                   anonymous

                -                                               -

                  - _  _  _  _  _  _  _  _  _  _  _  _  _  _  -





      Loops occur in all area codes and consist of two phone numbers.  These

numbers are in the same exchange and the last four digits are usually similar.

a typical loop pair might look like 212-555-9990 and 555-9993.  There are

usually at least twenty loops in an area code and often all of the loops in an

area code will have identical suffix pairs.



      The basic thing about any loop is that the two numbers are connected

together.  If I were to call one number and you were to call the other we'd be

connected.  It's all a bit eerie at first because most loops do not ring; if 

you dial a loop and there is someone on the other end you will be instantly

connected.  What will you hear if you dial a loop number and there's no one on

the other end?  That depends upon which of the numbers you dial.  If you dial

the higher number of the pair you will hear only silence; if you dial the

lower you will hear a 1000 Hz tone.  On most loops you can talk to one caller

after another on the other end, very much like any other phone connection.  You

may be asking so what?  The answer to your question is that loops offer 

anonymity.  People use this anonymity for many reasons.



      We are now to the point of wondering what telco uses loops for.  There

have been a number of theories advanced on this topic over the years but few 

people have bothered to ask telco.  One common theory has been akin to the idea

that the loops are somehow used to "tie up" unused phone lines at the central

office to "keep them out of trouble." (I have always enjoyed the image  of two

lonely phone lines tied together to keep them company.)



      Loops are used to save time and manpower in testing long distance trunks;

we're not talking about the phone line that connects your phone to the 

central office but the trunks that connect central offices and run in length

from a few thousand feet to many miles.  When you talk on the phone, your voice

and the caller's voice go in different directions.  Once the line gets to

telco premises the signal is divided up into two circuits.  One circuit

carries your voice and the other carries your caller's voice. If the signals

were kept on one circuit there would be problems with feedback and echoes. 

Trunks may consist of two pairs of two wire circuits or may be radio 

frequency carriers on a cable.  Trunks have repeaters along the way which 

amplify the signal remove echoes and equalize frequencies. Repeaters occur 

about every two miles on an "old style" wire trunk line and about every 2000 

feet on carrier trunks. Very short trunks may not have a repeater. Repeaters

need to be tested and adjusted occasionally. In the old days a tech would

test a trunk by arranging for someone to be at The other end.  He would then

send a 1000 Hz test tone to the other person who would read the volume on a

meter.  To complete the test the other tech sends a signal back on the other

leg to the first tech as the phone system grew telco decided to cut down on

manpower by tying two lines together.  Thus the loop was born.  Trunks are

tied together via a thing called a "zero loss terminator" which connects lines

so there is no change in volume.  By the mid fifties, the entire phone system

had been equipped with loops, so a tech at one end could test a trunk alone

by dialing a loop. he dials the other half of the loop with a known good

trunk. Then he reverses the signal path to complete the test.



      It wasn't long before some ordinary citizens discovered that loops could

also pass voices, not just tones.  Since the lines be longed to telco they 

weren't billed for the call.  So a few people made free calls to friends but

there was so little of this that its effect on the phone company's income was

negligible.  It wasn't until years later in the early seventies that bell was 

to put billing circuitry on loop numbers.  To avoid giving away their location

most bookies used a cheesebox a device that connects two phone lines together. 

Cheeseboxes were installed in a small business, often a small butcher shop or a

grocery.  The bookie arranged with the proprietor to have two phones installed

in the shop and would pay a small monthly fee.  He then tied the lines together

with his cheesebox and gave one of the numbers to his clientel.  Some bookies

Either couldn't afford a cheesebox or couldn't locate one at any price, so they

hit upon using loops.

 

      It was good while it lasted.  Gradually however, more and more shady

characters started using loops.  The authorities weren't blind to this and 

started approaching the telco to do traces on these loops.  Eventually the

phone company was spending a lot of time and money on criminal traces and 

decided to do something about these loops.



      In the late 50's, the phone company started inserting a bandpass filter

that passed only 1000 Hz in the terminator end of its' loops.  With this change

it successfully blocked voices.



      We're going to see that the solution was only temporary though.  The old

style four wire trunks could only handle one call at a time taking up a lot

of wire and space.  There had to be a way to cram calls into a smaller space.

By the early 1960's bell had started switching to carrier trunks which put

many calls on a cable.  Each signal modulated an AM carrier on a different 

frequency.  Because AM carriers use radio frequency transmitters and recievers,

they could no longer pass a 1000 Hz tone through the bandpass filter.  So a 

switch was added to switch it on and off. Normally the filter would be left on.

When a tech wished to test a trunk he would turn the switch on, bypassing the 

filter.  When he was done he was expected to turn off the switch.  If he 

forgets a loop will continue to pass voice frequencies until it is switched

off.



      Let's look at how loops are used nowadays.  If a tech dials up the lower

number he will immediately ge a 1000 Hz tone coming back to him which is

injected at a specific volume known as "Zero db" level.  Using his meter he

can gauge if there are any problems on the line.  If he needs to do a

complete test at various frequencies he then turns the filter bypass switch

on.  Most of this work is done at night when repair people are free from

normal chores.



      It turns out there are people using loops for more things than I had

imagined.  I have always wondered if spies use loops but i haven't encountered

any yet.  When i started looking into loops I was aware that some radio 

pirates use loops.  Especially in the New York City area you'll often run

into AM and FM pirates on loops late at night.



      Some local loop numbers are pretty well known and are passed around high

schools and colleges.  When students get bored at night or want to find a

party they call a loop and wait there till someone else calls.  It may be

someone they know or a complete stranger, but it's someone to talk to.  Then

there are the loop habituates.  They regulary meet with their circle of friends

and aquaintances on loops and tend to resent strangers on THEIR loops.  



      Representatives are quick to point out that loops belong to the phone

company.  Anyone else using them is a transgressor.  Since Bell is the 

aggrieved party it needn't have any qualms about listening to loops nor about

tracing callers.  Bell wishes to discourage people from using them and 

periodically programs its billing computer to look for loop numbers.  Any 

customer thus found is sent a card pointing out that these numbers belong to

the telco.  With the exception of those stealing services, Bell becomes aware 

that some one is calling a loop using a faked credit card number; or Sprint or

MCI will ask for help tracing someone illegally stealing their services to 

call a loop.  Then it's a matter of waiting for the person to try again and

tracing the call.  In these affairs the phone company is very aggressive and

effective in tracking down offenders.  Bell has some very well trained people

who are most adept at keeping the offender on the line until a trace is

complete.













                        ==========================

   This article is the first of Informatik's T-File classics series,

   a group of text files which deserve special  notice in the annals

   of  the computer underground.   These articles are among the most

   famous text files ever written on hacking, and it is our pleasure

   to reprint them for you now.

                        ==========================







               +++++++++++++++++++++++++++++++++++++++++++++++++

               |              The LOD/H Presents               |

++++++++++++++++                                               ++++++++++++++++

 \                 A Novice's Guide to Hacking- 1989 edition                 /

  \                =========================================                /

   \                                  by                                   /

    \                             The Mentor                              /

     \                  Legion of Doom/Legion of Hackers                 /

      \                                                                 /

       \                        December, 1988                         /

        \                  Merry Christmas Everyone!                  /

         \+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++/



    **********************************************************************

    |  The author hereby grants permission to reproduce, redistribute,   |

    |  or include this file in your g-file section, electronic or print  |

    |  newletter, or any other form of transmission that you choose, as  |

    |  long as it is kept intact and whole, with no ommissions, delet-   |

    |  ions, or changes.  (C) The Mentor- Phoenix Project Productions    |

    |                                     1988,1989  512/441-3088        |

    **********************************************************************



Introduction: The State of the Hack

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

   After surveying a rather large g-file collection, my attention was drawn to

the fact that there hasn't been a good introductory file written for absolute

beginners since back when Mark Tabas was cranking them out (and almost

*everyone* was a beginner!)  The Arts of Hacking and Phreaking have changed

radically since that time, and as the 90's approach, the hack/phreak community

has recovered from the Summer '87 busts (just like it recovered from the Fall

'85 busts, and like it will always recover from attempts to shut it down), and

the progressive media (from Reality Hackers magazine to William Gibson and

Bruce Sterling's cyberpunk fables of hackerdom) is starting to take notice

of us for the first time in recent years in a positive light.

   

   Unfortunately, it has also gotten more dangerous since the early 80's.

Phone cops have more resources, more awareness, and more intelligence that they

exhibited in the past.  It is becoming more and more difficult to survive as

a hacker long enough to become skilled in the art.  To this end this file

is dedicated.  If it can help someone get started, and help them survive

to discover new systems and new information, it will have served it's purpose,

and served as a partial repayment to all the people who helped me out when I

was a beginner.



Contents

~~~~~~~

   This file will be divided into four parts:

       Part 1: What is Hacking, A Hacker's Code of Ethics, Basic Hacking Safety

       Part 2: Packet Switching Networks: Telenet- How it Works, How to Use it,

               Outdials, Network Servers, Private PADs

       Part 3: Identifying a Computer, How to Hack In, Operating System

               Defaults

       Part 4: Conclusion- Final Thoughts, Books to Read, Boards to Call,

               Acknowledgements



Part One: The Basics

~~~~~~~~~~~~~~~~~~~

    As long as there have been computers, there have been hackers.  In the 50's

at the Massachusets Institute of Technology (MIT), students devoted much time

and energy to ingenious exploration of the computers.  Rules and the law were

disregarded in their pursuit for the 'hack'.  Just as they were enthralled with

their pursuit of information, so are we.  The thrill of the hack is not in

breaking the law, it's in the pursuit and capture of knowledge.

    

   To this end, let me contribute my suggestions for guidelines to follow to

ensure that not only you stay out of trouble, but you pursue your craft without

damaging the computers you hack into or the companies who own them.



I.    Do not intentionally damage *any* system.

II.   Do not alter any system files other than ones needed to ensure your

      escape from detection and your future access (Trojan Horses, Altering

      Logs, and the like are all necessary to your survival for as long as

      possible.)

III.  Do not leave your (or anyone else's) real name, real handle, or real

      phone number on any system that you access illegally.  They *can* and

      will track you down from your handle!

IV.   Be careful who you share information with.  Feds are getting trickier.

      Generally, if you don't know their voice phone number, name, and

      occupation or haven't spoken with them voice on non-info trading

      conversations, be wary.

V.    Do not leave your real phone number to anyone you don't know.  This

      includes logging on boards, no matter how k-rad they seem.  If you

      don't know the sysop, leave a note telling some trustworthy people

      that will validate you.

VI.   Do not hack government computers.  Yes, there are government systems

      that are safe to hack, but they are few and far between.  And the

      government has inifitely more time and resources to track you down than

      a company who has to make a profit and justify expenses.

VII.  Don't use codes unless there is *NO* way around it (you don't have a

      local telenet or tymnet outdial and can't connect to anything 800...)

      You use codes long enough, you will get caught.  Period.

VIII. Don't be afraid to be paranoid.  Remember, you *are* breaking the law.

      It doesn't hurt to store everything encrypted on your hard disk, or

      keep your notes buried in the backyard or in the trunk of your car.

      You may feel a little funny, but you'll feel a lot funnier when you

      when you meet Bruno, your transvestite cellmate who axed his family to

      death.

IX.   Watch what you post on boards.  Most of the really great hackers in the

      country post *nothing* about the system they're currently working

      except in the broadest sense (I'm working on a UNIX, or a COSMOS, or

      something generic.  Not "I'm hacking into General Electric's Voice Mail

      System" or something inane and revealing like that.)

X.    Don't be afraid to ask questions.  That's what more experienced hackers

      are for.  Don't expect *everything* you ask to be answered, though.

      There are some things (LMOS, for instance) that a begining hacker

      shouldn't mess with.  You'll either get caught, or screw it up for

      others, or both.

XI.   Finally, you have to actually hack.  You can hang out on boards all you

      want, and you can read all the text files in the world, but until you

      actually start doing it, you'll never know what it's all about.  There's

      no thrill quite the same as getting into your first system (well, ok,

      I can think of a couple of bigger thrills, but you get the picture.)



   One of the safest places to start your hacking career is on a computer

system belonging to a college.  University computers have notoriously lax

security, and are more used to hackers, as every college computer depart-

ment has one or two, so are less likely to press charges if you should

be detected.  But the odds of them detecting you and having the personel to

committ to tracking you down are slim as long as you aren't destructive.



   If you are already a college student, this is ideal, as you can legally

explore your computer system to your heart's desire, then go out and look

for similar systems that you can penetrate with confidence, as you're already

familar with them.



   So if you just want to get your feet wet, call your local college.  Many of

them will provide accounts for local residents at a nominal (under $20) charge.



   Finally, if you get caught, stay quiet until you get a lawyer.  Don't vol-

unteer any information, no matter what kind of 'deals' they offer you.

Nothing is binding unless you make the deal through your lawyer, so you might

as well shut up and wait.



Part Two: Networks

~~~~~~~~~~~~~~~~~

   The best place to begin hacking (other than a college) is on one of the

bigger networks such as Telenet.  Why?  First, there is a wide variety of

computers to choose from, from small Micro-Vaxen to huge Crays.  Second, the

networks are fairly well documented.  It's easier to find someone who can help

you with a problem off of Telenet than it is to find assistance concerning your

local college computer or high school machine.  Third, the networks are safer.

Because of the enormous number of calls that are fielded every day by the big

networks, it is not financially practical to keep track of where every call and

connection are made from.  It is also very easy to disguise your location using

the network, which makes your hobby much more secure.



   Telenet has more computers hooked to it than any other system in the world

once you consider that from Telenet you have access to Tymnet, ItaPAC, JANET,

DATAPAC, SBDN, PandaNet, THEnet, and a whole host of other networks, all of

which you can connect to from your terminal.



   The first step that you need to take is to identify your local dialup port.

This is done by dialing 1-800-424-9494 (1200 7E1) and connecting.  It will

spout some garbage at you and then you'll get a prompt saying 'TERMINAL='.

This is your terminal type.  If you have vt100 emulation, type it in now.  Or

just hit return and it will default to dumb terminal mode.



   You'll now get a prompt that looks like a @.  From here, type @c mail <cr>

and then it will ask for a Username.  Enter 'phones' for the username. When it

asks for a password, enter 'phones' again.  From this point, it is menu

driven.  Use this to locate your local dialup, and call it back locally.  If

you don't have a local dialup, then use whatever means you wish to connect to

one long distance (more on this later.)



   When you call your local dialup, you will once again go through the

TERMINAL= stuff, and once again you'll be presented with a @.  This prompt lets

you know you are connected to a Telenet PAD.  PAD stands for either Packet

Assembler/Disassembler (if you talk to an engineer), or Public Access Device

(if you talk to Telenet's marketing people.)  The first description is more

correct.



   Telenet works by taking the data you enter in on the PAD you dialed into,

bundling it into a 128 byte chunk (normally... this can be changed), and then

transmitting it at speeds ranging from 9600 to 19,200 baud to another PAD, who

then takes the data and hands it down to whatever computer or system it's

connected to.  Basically, the PAD allows two computers that have different baud

rates or communication protocols to communicate with each other over a long

distance.  Sometimes you'll notice a time lag in the remote machines response.

This is called PAD Delay, and is to be expected when you're sending data

through several different links.



   What do you do with this PAD?  You use it to connect to remote computer

systems by typing 'C' for connect and then the Network User Address (NUA) of

the system you want to go to.



   An NUA takes the form of   031103130002520

                              \___/\___/\___/

                                |    |    |

                                |    |    |____ network address

                                |    |_________ area prefix

                                |______________ DNIC





     This is a summary of DNIC's (taken from Blade Runner's file on ItaPAC)

     according to their country and network name.





DNIC   Network Name    Country          DNIC   Network Name    Country

_______________________________________________________________________________

                                     |

02041   Datanet 1       Netherlands  |  03110   Telenet         USA

02062   DCS             Belgium      |  03340   Telepac         Mexico

02080   Transpac        France       |  03400   UDTS-Curacau    Curacau

02284   Telepac         Switzerland  |  04251   Isranet         Israel

02322   Datex-P         Austria      |  04401   DDX-P           Japan

02329   Radaus          Austria      |  04408   Venus-P         Japan

02342   PSS             UK           |  04501   Dacom-Net       South Korea

02382   Datapak         Denmark      |  04542   Intelpak        Singapore

02402   Datapak         Sweden       |  05052   Austpac         Australia

02405   Telepak         Sweden       |  05053   Midas           Australia

02442   Finpak          Finland      |  05252   Telepac         Hong Kong

02624   Datex-P         West Germany |  05301   Pacnet          New Zealand

02704   Luxpac          Luxembourg   |  06550   Saponet         South Africa

02724   Eirpak          Ireland      |  07240   Interdata       Brazil

03020   Datapac         Canada       |  07241   Renpac          Brazil

03028   Infogram        Canada       |  09000   Dialnet         USA

03103   ITT/UDTS        USA          |  07421   Dompac          French Guiana

03106   Tymnet          USA          |



   There are two ways to find interesting addresses to connect to.  The first

and easiest way is to obtain a copy of the LOD/H Telenet Directory from the

LOD/H Technical Journal #4 or 2600 Magazine.  Jester Sluggo also put out a good

list of non-US addresses in Phrack Inc. Newsletter Issue 21.  These files will

tell you the NUA, whether it will accept collect calls or not, what type of

computer system it is (if known) and who it belongs to (also if known.)



   The second method of locating interesting addresses is to scan for them

manually.  On Telenet, you do not have to enter the 03110 DNIC to connect to a

Telenet host.  So if you saw that 031104120006140 had a VAX on it you wanted to

look at, you could type @c 412 614 (0's can be ignored most of the time.)



   If this node allows collect billed connections, it will say 412 614

CONNECTED and then you'll possibly get an identifying header or just a

Username: prompt.  If it doesn't allow collect connections, it will give you a

message such as 412 614 REFUSED COLLECT CONNECTION with some error codes out to

the right, and return you to the @ prompt.



   There are two primary ways to get around the REFUSED COLLECT message.  The

first is to use a Network User Id (NUI) to connect.  An NUI is a username/pw

combination that acts like a charge account on Telenet.  To collect to node

412 614 with NUI junk4248, password 525332, I'd type the following:

@c 412 614,junk4248,525332  <---- the 525332 will *not* be echoed to the

screen.  The problem with NUI's is that they're hard to come by unless you're

a good social engineer with a thorough knowledge of Telenet (in which case

you probably aren't reading this section), or you have someone who can

provide you with them.



   The second way to connect is to use a private PAD, either through an X.25

PAD or through something like Netlink off of a Prime computer (more on these

two below.)



   The prefix in a Telenet NUA oftentimes (not always) refers to the phone Area

Code that the computer is located in (i.e. 713 xxx would be a computer in

Houston, Texas.)  If there's a particular area you're interested in, (say,

New York City 914), you could begin by typing @c 914 001 <cr>.  If it connects,

you make a note of it and go on to 914 002.  You do this until you've found

some interesting systems to play with.



   Not all systems are on a simple xxx yyy address.  Some go out to four or

five digits (914 2354), and some have decimal or numeric extensions

(422 121A = 422 121.01).  You have to play with them, and you never know what

you're going to find.  To fully scan out a prefix would take ten million

attempts per prefix.  For example, if I want to scan 512 completely, I'd have

to start with 512 00000.00 and go through 512 00000.99, then increment the

address by 1 and try 512 00001.00 through 512 00001.99.  A lot of scanning.

There are plenty of neat computers to play with in a 3-digit scan, however,

so don't go berserk with the extensions.

   Sometimes you'll attempt to connect and it will just be sitting there after

one or two minutes.  In this case, you want to abort the connect attempt by

sending a hard break (this varies with different term programs, on Procomm,

it's ALT-B), and then when you get the @ prompt back, type 'D' for disconnect.



   If you connect to a computer and wish to disconnect, you can type <cr> @

<cr> and you it should say TELENET and then give you the @ prompt.  From there,

type D to disconnect or CONT to re-connect and continue your session

uninterrupted.



Outdials, Network Servers, and PADs

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

   In addition to computers, an NUA may connect you to several other things.

One of the most useful is the outdial.  An outdial is nothing more than a modem

you can get to over telenet- similar to the PC Pursuit concept, except that

these don't have passwords on them most of the time.



   When you connect, you will get a message like 'Hayes 1200 baud outdial,

Detroit, MI', or 'VEN-TEL 212 Modem', or possibly 'Session 1234 established

on Modem 5588'.  The best way to figure out the commands on these is to

type ? or H or HELP- this will get you all the information that you need to

use one.



   Safety tip here- when you are hacking *any* system through a phone dialup,

always use an outdial or a diverter, especially if it is a local phone number

to you.  More people get popped hacking on local computers than you can

imagine, Intra-LATA calls are the easiest things in the world to trace inexp-

ensively.



   Another nice trick you can do with an outdial is use the redial or macro

function that many of them have.  First thing you do when you connect is to

invoke the 'Redial Last Number' facility.  This will dial the last number used,

which will be the one the person using it before you typed.  Write down the

number, as no one would be calling a number without a computer on it.  This

is a good way to find new systems to hack.  Also, on a VENTEL modem, type 'D'

for Display and it will display the five numbers stored as macros in the

modem's memory.



   There are also different types of servers for remote Local Area Networks

(LAN) that have many machine all over the office or the nation connected to

them.  I'll discuss identifying these later in the computer ID section.



   And finally, you may connect to something that says 'X.25 Communication

PAD' and then some more stuff, followed by a new @ prompt.  This is a PAD

just like the one you are on, except that all attempted connections are billed

to the PAD, allowing you to connect to those nodes who earlier refused collect

connections.



   This also has the added bonus of confusing where you are connecting from.

When a packet is transmitted from PAD to PAD, it contains a header that has

the location you're calling from.  For instance, when you first connected

to Telenet, it might have said 212 44A CONNECTED if you called from the 212

area code.  This means you were calling PAD number 44A in the 212 area.

That 21244A will be sent out in the header of all packets leaving the PAD.

   Once you connect to a private PAD, however, all the packets going out

from *it* will have it's address on them, not yours.  This can be a valuable

buffer between yourself and detection.



Phone Scanning

~~~~~~~~~~~~~

   Finally, there's the time-honored method of computer hunting that was made

famous among the non-hacker crowd by that Oh-So-Technically-Accurate movie

Wargames.  You pick a three digit phone prefix in your area and dial every

number from 0000 --> 9999 in that prefix, making a note of all the carriers

you find.  There is software available to do this for nearly every computer

in the world, so you don't have to do it by hand.



Part Three: I've Found a Computer, Now What?

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

   This next section is applicable universally.  It doesn't matter how you

found this computer, it could be through a network, or it could be from

carrier scanning your High School's phone prefix, you've got this prompt

this prompt, what the hell is it?



   I'm *NOT* going to attempt to tell you what to do once you're inside of

any of these operating systems.  Each one is worth several G-files in its

own right.  I'm going to tell you how to identify and recognize certain

OpSystems, how to approach hacking into them, and how to deal with something

that you've never seen before and have know idea what it is.





VMS-       The VAX computer is made by Digital Equipment Corporation (DEC),

           and runs the VMS (Virtual Memory System) operating system.

           VMS is characterized by the 'Username:' prompt.  It will not tell

           you if you've entered a valid username or not, and will disconnect

           you after three bad login attempts.  It also keeps track of all

           failed login attempts and informs the owner of the account next time

           s/he logs in how many bad login attempts were made on the account.

           It is one of the most secure operating systems around from the

           outside, but once you're in there are many things that you can do

           to circumvent system security.  The VAX also has the best set of

           help files in the world.  Just type HELP and read to your heart's

           content.

           Common Accounts/Defaults:  [username: password [[,password]] ]

           SYSTEM:     OPERATOR or MANAGER or SYSTEM or SYSLIB

           OPERATOR:   OPERATOR

           SYSTEST:    UETP

           SYSMAINT:   SYSMAINT or SERVICE or DIGITAL

           FIELD:      FIELD or SERVICE

           GUEST:      GUEST or unpassworded

           DEMO:       DEMO  or unpassworded

           DECNET:     DECNET





DEC-10-    An earlier line of DEC computer equipment, running the TOPS-10

           operating system.  These machines are recognized by their

           '.' prompt.  The DEC-10/20 series are remarkably hacker-friendly,

           allowing you to enter several important commands without ever

           logging into the system.  Accounts are in the format [xxx,yyy] where

           xxx and yyy are integers.  You can get a listing of the accounts and

           the process names of everyone on the system before logging in with

           the command .systat (for SYstem STATus).  If you seen an account

           that reads [234,1001]   BOB JONES, it might be wise to try BOB or

           JONES or both for a password on this account.  To login, you type

           .login xxx,yyy  and then type the password when prompted for it.

           The system will allow you unlimited tries at an account, and does

           not keep records of bad login attempts.  It will also inform you

           if the UIC you're trying (UIC = User Identification Code, 1,2 for

           example) is bad.

           Common Accounts/Defaults:

           1,2:        SYSLIB or OPERATOR or MANAGER

           2,7:        MAINTAIN

           5,30:       GAMES



UNIX-      There are dozens of different machines out there that run UNIX.

           While some might argue it isn't the best operating system in the

           world, it is certainly the most widely used.  A UNIX system will

           usually have a prompt like 'login:' in lower case.  UNIX also

           will give you unlimited shots at logging in (in most cases), and

           there is usually no log kept of bad attempts.

           Common Accounts/Defaults: (note that some systems are case

           sensitive, so use lower case as a general rule.  Also, many times

           the accounts will be unpassworded, you'll just drop right in!)

           root:       root

           admin:      admin

           sysadmin:   sysadmin or admin

           unix:       unix

           uucp:       uucp

           rje:        rje

           guest:      guest

           demo:       demo

           daemon:     daemon

           sysbin:     sysbin



Prime-     Prime computer company's mainframe running the Primos operating

           system.  The are easy to spot, as the greet you with

           'Primecon 18.23.05' or the like, depending on the version of the

           operating system you run into.  There will usually be no prompt

           offered, it will just look like it's sitting there.  At this point,

           type 'login <username>'.  If it is a pre-18.00.00 version of Primos,

           you can hit a bunch of ^C's for the password and you'll drop in.

           Unfortunately, most people are running versions 19+.  Primos also

           comes with a good set of help files.  One of the most useful

           features of a Prime on Telenet is a facility called NETLINK.  Once

           you're inside, type NETLINK and follow the help files.  This allows

           you to connect to NUA's all over the world using the 'nc' command.

           For example, to connect to NUA 026245890040004, you would type

           @nc :26245890040004 at the netlink prompt.

           Common Accounts/Defaults:

           PRIME       PRIME or PRIMOS

           PRIMOS_CS   PRIME or PRIMOS

           PRIMENET    PRIMENET

           SYSTEM      SYSTEM or PRIME

           NETLINK     NETLINK

           TEST        TEST

           GUEST       GUEST

           GUEST1      GUEST



HP-x000-   This system is made by Hewlett-Packard.  It is characterized by the

           ':' prompt.  The HP has one of the more complicated login sequences

           around- you type 'HELLO SESSION NAME,USERNAME,ACCOUNTNAME,GROUP'.

           Fortunately, some of these fields can be left blank in many cases.

           Since any and all of these fields can be passworded, this is not

           the easiest system to get into, except for the fact that there are

           usually some unpassworded accounts around.  In general, if the

           defaults don't work, you'll have to brute force it using the

           common password list (see below.)  The HP-x000 runs the MPE operat-

           ing system, the prompt for it will be a ':', just like the logon

           prompt.

           Common Accounts/Defaults:

           MGR.TELESUP,PUB                      User: MGR Acct: HPONLY Grp: PUB

           MGR.HPOFFICE,PUB                     unpassworded

           MANAGER.ITF3000,PUB                  unpassworded

           FIELD.SUPPORT,PUB                    user: FLD,  others unpassworded

           MAIL.TELESUP,PUB                     user: MAIL, others unpassworded

           MGR.RJE                              unpassworded

           FIELD.HPPl89 ,HPPl87,HPPl89,HPPl96   unpassworded

           MGR.TELESUP,PUB,HPONLY,HP3           unpassworded





IRIS-      IRIS stands for Interactive Real Time Information System.  It orig-

           inally ran on PDP-11's, but now runs on many other minis.  You can

           spot an IRIS by the 'Welcome to "IRIS" R9.1.4 Timesharing' banner,

           and the ACCOUNT ID? prompt.  IRIS allows unlimited tries at hacking

           in, and keeps no logs of bad attempts.  I don't know any default

           passwords, so just try the common ones from the password database

           below.

           Common Accounts:

           MANAGER

           BOSS

           SOFTWARE

           DEMO

           PDP8

           PDP11

           ACCOUNTING



VM/CMS-    The VM/CMS operating system runs in International Business Machines

           (IBM) mainframes.  When you connect to one of these, you will get

           message similar to 'VM/370 ONLINE', and then give you a '.' prompt,

           just like TOPS-10 does.  To login, you type 'LOGON <username>'.

           Common Accounts/Defaults are:

           AUTOLOG1:            AUTOLOG or AUTOLOG1

           CMS:                 CMS

           CMSBATCH:            CMS or CMSBATCH

           EREP:                EREP

           MAINT:               MAINT or MAINTAIN

           OPERATNS:            OPERATNS or OPERATOR

           OPERATOR:            OPERATOR

           RSCS:                RSCS

           SMART:               SMART

           SNA:                 SNA

           VMTEST:              VMTEST

           VMUTIL:              VMUTIL

           VTAM:                VTAM



NOS-       NOS stands for Networking Operating System, and runs on the Cyber

           computer made by Control Data Corporation.  NOS identifies itself

           quite readily, with a banner of 'WELCOME TO THE NOS SOFTWARE

           SYSTEM.  COPYRIGHT CONTROL DATA 1978,1987'.  The first prompt you

           will get will be FAMILY:.  Just hit return here.  Then you'll get

           a USER NAME: prompt.  Usernames are typically 7 alpha-numerics

           characters long, and are *extremely* site dependent. Operator

           accounts begin with a digit, such as 7ETPDOC.

           Common Accounts/Defaults:

           $SYSTEM              unknown

           SYSTEMV              unknown



Decserver- This is not truly a computer system, but is a network server that

           has many different machines available from it.  A Decserver will

           say 'Enter Username>' when you first connect.  This can be anything,

           it doesn't matter, it's just an identifier.  Type 'c', as this is

           the least conspicuous thing to enter.  It will then present you

           with a 'Local>' prompt.  From here, you type 'c <systemname>' to

           connect to a system.  To get a list of system names, type

           'sh services' or 'sh nodes'.  If you have any problems, online

           help is available with the 'help' command.  Be sure and look for

           services named 'MODEM' or 'DIAL' or something similar, these are

           often outdial modems and can be useful!



GS/1-      Another type of network server.  Unlike a Decserver, you can't

           predict what prompt a GS/1 gateway is going to give you.  The

           default prompt it 'GS/1>', but this is redifinable by the

           system administrator.  To test for a GS/1, do a 'sh d'.  If that

           prints out a large list of defaults (terminal speed, prompt,

           parity, etc...), you are on a GS/1.  You connect in the same manner

           as a Decserver, typing 'c <systemname>'.  To find out what systems

           are available, do a 'sh n' or a 'sh c'.  Another trick is to do a

           'sh m', which will sometimes show you a list of macros for logging

           onto a system.  If there is a macro named VAX, for instance, type

           'do VAX'.



           The above are the main system types in use today.  There are

           hundreds of minor variants on the above, but this should be

           enough to get you started.



Unresponsive Systems

~~~~~~~~~~~~~~~~~~~

   Occasionally you will connect to a system that will do nothing but sit

there.  This is a frustrating feeling, but a methodical approach to the system

will yield a response if you take your time.  The following list will usually

make *something* happen.



1)  Change your parity, data length, and stop bits.  A system that won't re-

    spond at 8N1 may react at 7E1 or 8E2 or 7S2.  If you don't have a term

    program that will let you set parity to EVEN, ODD, SPACE, MARK, and NONE,

    with data length of 7 or 8, and 1 or 2 stop bits, go out and buy one.

    While having a good term program isn't absolutely necessary, it sure is

    helpful.

2)  Change baud rates.  Again, if your term program will let you choose odd

    baud rates such as 600 or 1100, you will occasionally be able to penetrate

    some very interesting systems, as most systems that depend on a strange

    baud rate seem to think that this is all the security they need...

3)  Send a series of <cr>'s.

4)  Send a hard break followed by a <cr>.

5)  Type a series of .'s (periods).  The Canadian network Datapac responds

    to this.

6)  If you're getting garbage, hit an 'i'.  Tymnet responds to this, as does

    a MultiLink II.

7)  Begin sending control characters, starting with ^A --> ^Z.

8)  Change terminal emulations.  What your vt100 emulation thinks is garbage

    may all of a sudden become crystal clear using ADM-5 emulation.  This also

    relates to how good your term program is.

9)  Type LOGIN, HELLO, LOG, ATTACH, CONNECT, START, RUN, BEGIN, LOGON, GO,

    JOIN, HELP, and anything else you can think of.

10) If it's a dialin, call the numbers around it and see if a company

    answers.  If they do, try some social engineering.



Brute Force Hacking

~~~~~~~~~~~~~~~~~~

   There will also be many occasions when the default passwords will not work

on an account.  At this point, you can either go onto the next system on your

list, or you can try to 'brute-force' your way in by trying a large database

of passwords on that one account.  Be careful, though!  This works fine on

systems that don't keep track of invalid logins, but on a system like a VMS,

someone is going to have a heart attack if they come back and see '600 Bad

Login Attempts Since Last Session' on their account.  There are also some

operating systems that disconnect after 'x' number of invalid login attempts

and refuse to allow any more attempts for one hour, or ten minutes, or some-

times until the next day.



   The following list is taken from my own password database plus the data-

base of passwords that was used in the Internet UNIX Worm that was running

around in November of 1988.  For a shorter group, try first names, computer

terms, and obvious things like 'secret', 'password', 'open', and the name

of the account.  Also try the name of the company that owns the computer

system (if known), the company initials, and things relating to the products

the company makes or deals with.



                              Password List

                              =============



      aaa                daniel             jester             rascal

      academia           danny              johnny             really

      ada                dave               joseph             rebecca

      adrian             deb                joshua             remote

      aerobics           debbie             judith             rick

      airplane           deborah            juggle             reagan

      albany             december           julia              robot

      albatross          desperate          kathleen           robotics

      albert             develop            kermit             rolex

      alex               diet               kernel             ronald

      alexander          digital            knight             rosebud

      algebra            discovery          lambda             rosemary

      alias              disney             larry              roses

      alpha              dog                lazarus            ruben

      alphabet           drought            lee                rules

      ama                duncan             leroy              ruth

      amy                easy               lewis              sal

      analog             eatme              light              saxon

      anchor             edges              lisa               scheme

      andy               edwin              louis              scott

      andrea             egghead            lynne              scotty

      animal             eileen             mac                secret

      answer             einstein           macintosh          sensor

      anything           elephant           mack               serenity

      arrow              elizabeth          maggot             sex

      arthur             ellen              magic              shark

      asshole            emerald            malcolm            sharon

      athena             engine             mark               shit

      atmosphere         engineer           markus             shiva

      bacchus            enterprise         marty              shuttle

      badass             enzyme             marvin             simon

      bailey             euclid             master             simple

      banana             evelyn             maurice            singer

      bandit             extension          merlin             single

      banks              fairway            mets               smile

      bass               felicia            michael            smiles

      batman             fender             michelle           smooch

      beauty             fermat             mike               smother

      beaver             finite             minimum            snatch

      beethoven          flower             minsky             snoopy

      beloved            foolproof          mogul              soap

      benz               football           moose              socrates

      beowulf            format             mozart             spit

      berkeley           forsythe           nancy              spring

      berlin             fourier            napoleon           subway

      beta               fred               network            success

      beverly            friend             newton             summer

      bob                frighten           next               super

      brenda             fun                olivia             support

      brian              gabriel            oracle             surfer

      bridget            garfield           orca               suzanne

      broadway           gauss              orwell             tangerine

      bumbling           george             osiris             tape

      cardinal           gertrude           outlaw             target

      carmen             gibson             oxford             taylor

      carolina           ginger             pacific            telephone

      caroline           gnu                painless           temptation

      castle             golf               pam                tiger

      cat                golfer             paper              toggle

      celtics            gorgeous           password           tomato

      change             graham             pat                toyota

      charles            gryphon            patricia           trivial

      charming           guest              penguin            unhappy

      charon             guitar             pete               unicorn

      chester            hacker             peter              unknown

      cigar              harmony            philip             urchin

      classic            harold             phoenix            utility

      coffee             harvey             pierre             vicky

      coke               heinlein           pizza              virginia

      collins            hello              plover             warren

      comrade            help               polynomial         water

      computer           herbert            praise             weenie

      condo              honey              prelude            whatnot

      condom             horse              prince             whitney

      cookie             imperial           protect            will

      cooper             include            pumpkin            william

      create             ingres             puppet             willie

      creation           innocuous          rabbit             winston

      creator            irishman           rachmaninoff       wizard

      cretin             isis               rainbow            wombat

      daemon             japan              raindrop           yosemite

      dancer             jessica            random             zap











                     ///////////////////////////////////////

                    /                                     /

                   / * Summary of FBI Computer Systems * /

                  /             By Ralph Harvey         /

                 /                                     /

                ///////////////////////////////////////





    This article is reprinted from Full Disclosure. Capitol Information 

Association.  All rights reserved. Permission is hereby granted to reprint

this article providing this message is included in its entirety.  Full 

Disclosure, Box 8275, Ann Arbor, Michigan 48107. $15/yr.



 The FBI maintains several computer systems.  The most common of which is

call NCIC (National Crime Information Computer). NCIC maintains a database of

information about such things as stolen cars, stolen boats, missing persons,

wanted persons, arrest records. It provides quick access to these records by

State, Local and Federal law enforcement agencies.  NCIC is directly linked

with the Treasury Department's TECS computer and many State computer systems.

According to William H. Webster, Director of the FBI:



When a police officer stops a car and is uncertain about who he's going to

meet when he gets out, he can plug into this system [NCIC] and in a matter of

a few seconds he can find out whether that person is a fugitive or the

automobile is stolen. Incidentally, we receive almost 400,000 inquires of

this nature each day in the NCIC system.



 When an agency determines that a subject is a fugitive, it supplies the FBI

computer with as much of the following information as possible: 1) Name and

case number; 2) Alias; 3) Race; 4) Sex; 5) Height; 6) Weight; 7) Color of

hair; 8) Color of eyes; 9) Description of any identifying scars, marks and

tattoos; 10) Date of birth; 11) Place of birth; 12) Social Security Number;

13) Passport Number; 14) Last known address; 15) Nationality; 16) If a

naturalized U.S. Citizen, date, place, and certificate number; 17)

Occupation; 18) The criminal violation with which subject is charged; 19)

Date of warrant; 21) Type of warrant -- Bench, Magistrate, etc.; 22) Agency

holding warrant; 23) Any information as to whether the subject is considered

dangerous, is known to own or currently possess firearms, has suicidal

tendencies, or has previously escaped custody; 24) Driver's license number,

year of expiration and State issued; 25) License number of vehicle, aircraft

or vessel subject owns or is known to use, include the year and State; 26)

Description of vehicle, aircraft or vessel subject owns or is known to use;

27) Associates of the subject*1; 28) FBI number; 29) Name and telephone of

the person to contact when subject is apprehended.



 One of the major problems with the system is that the agency that submits an

entry is responsible for keeping it up to date. Once an entry has been made,

there is little motivation for the originating agency to "waste" its time

keeping it up to date, so many entries become incorrect with the passage of

time.



 Another FBI computer system is their Investigative Support Information

System (ISIS). This system is only used to provide support for major

investigations that require the handling of a large volume of complex

information.  It is limited to handling a maximum of 20 cases at a time.



 The ISIS system was used during the investigation of the murder of Federal

Judge John Wood in San Antonio, Texas. In this case, the FBI entered 300,000

pieces of information, including 6,000 interviews, hotel registration

information from every hotel in the area, etc.  The accused, while on trial,

claimed he was several hundred miles away.  The FBI cross referenced his name

& known alias with the hotel registration database and got a match. Contact

with the hotel employees resulted in a positive identification and conviction

of the subject.



 The FBI has a system called the Organized Crime Information Systems (OCIS)

of which director William Webster is "particularly proud."  The system was

started in 1980 in Detroit, Michigan and is one of their most sophisticated

computers. The system is now functions in over 40 locations.



 The OCIS system allows agents in different field offices to share and

analyze information collected in each other's areas.  This system was used to

identify some of the United States citizens who were released from Cuban

prisons in 1984 that had criminal histories in the United States. An OCIS

link was recently opened in Rome, where it's used to support drug

investigations.











          :$:$:$:$:$:$:$:$:$:$:$:$:$:$:$:$:$:$:$:$:$:$:$:$:$:$:$:$:$:

          :$:/ /                                               \ \:$:

          :$:/           Dictionary of Phreaker's Terms          \:$:

          :$:            ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~           :$:

          :$:                                                     :$:

          :$:              Taken from Various Sources             :$:

          :$:\         with Special Thanks to Phortune 500       /:$:

          :$:\ \                                               / /:$:

          :$:$:$:$:$:$:$:$:$:$:$:$:$:$:$:$:$:$:$:$:$:$:$:$:$:$:$:$:$:









      1XB - No.1 Crossbar system. See XBAR for more information.

 

      2600   -  A  hack/phreak  oriented  newsletter  that  periodically  was 

 released  and still is being released. See Phile 1.6 for more information on 

 the magazine and ordering.

 

      4XB - No.4 Crossbar system. See XBAR for more information.

 

      5XB  -  No.5  Crossbar  system.  The  primary end office switch of Bell 

 since the 60's and still in limited use. See XBAR for more detail.

 

      700  Services  -  These services are reserved as an advanced forwarding 

 system,  where the forwarding is advanced to a user-programed location which 

 could be changed by the user.

 

      800  Exceptional  Calling  Report  - System set up by ESS that will log 

 any  caller  that excessively dials 800 numbers or directory assistance. See 

 ESS for more information.

 

      800  Services  -  Also known as WATS. These services often contain WATS 

 extenders  which,  when  used  with  a code, may be used to call LD. Many LD 

 companies  use  these services because they are toll-free to customers. Most 

 800  extenders  are  considered  dangerous  because most have the ability to 

 trace.

 

      900  Services  -  Numbers  in  the  900 SAC usually are used as special 

 services,  such  as  TV polls and such. These usually are $.50 for the first 

 minute  and  $.35 for each additional minute. Dial (900)555-1212 to find out 

 what the 900 services currently have to offer.

 

      950  -  A  nationwide  access exchange in most areas. Many LD companies 

 have  extenders located somewhere on this exchange; however, all services on 

 this  exchange  are  considered dangerous due to the fact that they ALL have 

 the ability to trace. Most 950 services have crystal clear connections.

 

      ACCS  -  Automated  Calling  Card  Service.  The typical 0+NPA+Nxx+xxxx 

 method  of  inputting  calling cards and then you input the calling card via 

 touch tones. This would not be possible without ACTS.

 

      ACD - Automatic Call Distributor.

 

      ACD  Testing Mode - Automatic Call Distributor Test Mode. This level of 

 phreaking  can  be  obtained  by pressing the "D" key down after calling DA. 

 This  can  only  be done in areas that have the ACD. The ACD Testing Mode is 

 characterized  by  a pulsing dial tone. From here, you can get one side of a 

 loop  by  dialing  6,  the  other side is 7. You may also be able to REMOB a 

 line.  All  possibilities  of  the ACD Test have not been experimented with. 

 See silver box for more details.

 

      ACTS  -  Automated  Coin  Toll  Service. This is a computer system that 

 automates  phortress  fone  service by listening for red box tones and takes 

 appropriate  action.  It is this service that is commonly heard saying, "Two 

 dollars  please.  Please  deposit  two  dollars for the next three minutes." 

 Also,  if  you  talk for more than three minutes and then hang up, ACTS will 

 call back and demand your money. ACTS is also responsible for ACCS.

 

      Alliance  -  A  teleconferencing  system  that is apart from AT&T which 

 allows  the general public to access and use its conferencing equipment. The 

 equipment   allows  group  conversations  with  members  participating  from 

 throughout  the United States. The fone number to Alliance generally follows 

 the  format  of 0-700-456-x00x depending on the location the call originates 

 from and is not accessible direct by all cities/states.

 

      AMA  -  Automated  Message  Accounting. Similar to the CAMA system; see 

 CAMA for more info.

 

      analog  -  As  used  for  a  word  or data transmission, a continuously 

 varying electrical signal in the shape of a wave.

 

      ANI  -  Automatic  Number  Identification  - This is the system you can 

 call,  usually  a  three digit number or one in the 99xx's of your exchange, 

 and  have  the  originating  number  you  are  calling from read to you by a 

 computer.  This is useful if you don't know the number you are calling from, 

 for  finding  diverters,  and  when  you  are playing around with other fone 

 equipment  like  cans  or  beige boxes. The ANI system is often incorporated 

 into  other  fone  companies  such as Sprint and MCI in order to trace those 

 big bad phreaks that abuze codez.

 

      ANIF  - Automatic Number Identification Failure. When the ANI system of 

 a particular office fails. 

 

      APF  -  All  PINs Fail. This is a security measure which is designed to 

 frustrate attempts at discovering valid PINs by a hacking method.

 

      aqua  box  -  A  box  designed to drain the voltage of the FBI lock-in-

 trace/trap-trace  so  you  can  hang  up  your  fone  in  an  emergency  and 

 phrustrate  the  Pheds  some more. The apparatus is simple, just connect the 

 two  middle wires of a phone wire and plug, which would be the red and green 

 wires  if  in  the jack, to the cord of some electrical appliance; ie, light 

 bulb  or  radio.  KEEP  THE  APPLIANCE  OFF.  Then,  get  one  of those line 

 splitters  that  will  let  you hook two phone plugs into one jack. Plug the 

 end  of  the  modified  cord into one jack and your fone into the other. THE 

 APPLIANCE  MUST  BE  OFF! Then, when the Pheds turn their lame tracer on and 

 you  find  that  you  can't hang up, remove your fone from the jack and turn 

 the  appliance ON and keep it ON until you feel safe; it may be awhile. Then 

 turn  it  off,  plug  your fone back in, and start phreaking again. Invented 

 by: Captain Xerox and The Traveler.

 

      BAUDOT - 45.5 baud. Also known as the Apple Cat Can.

 

      BEF  - Band Elimination Filter. A muting system that will mute the 2600 

 Hz tone which signals hang-up when you hang up.

 

      beige  box  - An apparatus that is a home-made lineman's handset. It is 

 a  regular  fone  that  has  clips  where  the  red and green wires normally 

 connect  to  in  a  fone jack. These clips will attach to the rings and tips 

 found  in  many  of  MA's output devices. These are highly portable and VERY 

 useful  when  messing  around  with  cans  and other output devices the fone 

 company has around. Invented by: The Exterminator and The Terminal Man.

 

      BITNET  -  Nationwide  system for colleges and schools which accesses a 

 large  base  of  education-oriented information. Access ports are always via 

 mainframe.

 

      bit  stream  -  Refers  to  a continuous series of bits, binary digits, 

 being transmitted on a transmission line.

 

      black  box  -  The infamous box that allows the calling party to not be 

 billed  for  the call placed. We won't go in depth right now, most plans can 

 be  found on many phreak oriented BBS's. The telco can detect black boxes if 

 they suspect one on the line. Also, these will not work under ESS.

 

      bleeper  boxes  -  The  United  Kingdom's  own version of the blue box, 

 modified  to  work  with the UK's fone system. Based on the same principles. 

 However, they use two sets of frequencies, foreword and backwards.

 

      Blotto  box  -  This  box  supposedly  shorts  every  fone  out  in the 

 immediate  area,  and  I  don't  doubt  it. It should kill every fone in the 

 immediate  area,  until  the  voltage reaches the fone company, and the fone 

 company  filters  it.  I  won't  cover  this  one  in  this issue, cuz it is 

 dangerous,  and  phreaks shouldn't destroy MA's equipment, just phuck it up. 

 Look  for  this  on your phavorite BBS or ask your phavorite phreak for info 

 if you really are serious about seriously phucking some fones in some area.

 

      blue  box  -  An  old  piece of equipment that emulated a true operator 

 placing  calls,  and  operators  get  calls for free. The blue box seizes an 

 open  trunk  by  blasting  a  2600  Hz tone through the line after dialing a 

 party  that  is  local  or in the 800 NPA so calls will be local or free for 

 the  blue boxer. Then, when the blue boxer has seized a trunk, the boxer may 

 then,  within the next 10-15 seconds, dial another fone number via MF tones. 

 These  MF  tones  must be preceded by a KP tone and followed with a ST tone. 

 All of these tones are standardized by Bell. The tones as well as the inter-

 digit  intervals  are around 75ms. It may vary with the equipment used since 

 ESS  can  handle higher speeds and doesn't need inter-digit intervals. There 

 are  many  uses to a blue box, and we will not cover any more here. See your 

 local  phreak or phreak oriented BBS for in depth info concerning blue boxes 

 and  blue  boxing.  Incidentally, blue boxes are not considered safe anymore 

 because  ESS  detects  "foreign"  tones,  such as the 2600 Hz tone, but this 

 detection  may  be  delayed  by  mixing pink noise of above 3000 Hz with the 

 2600  Hz  tone. To hang up, the 2600 Hz tone is played again. Also, all blue 

 boxes  are  green  boxes because MF "2" corresponds to the Coin Collect tone 

 on  the  green box, and the "KP" tone corresponds to the Coin Return tone on 

 the  green  box.  See  green  box  for  more  information.  Blue  boxing  is 

 IMPOSSIBLE  under  the new CCIS system slowly being integrated into the Bell 

 system.

 

      blue  box  tones  -  The MF tones generated by the blue box in order to 

 place  calls,  emulating  a  true operator. These dual tones must be entered 

 during  the  10-15 second period after you have seized a trunk with the 2600 

 Hz tone.                                                                   

                         700:  1 :  2 :  4 :  7 : 11 :    KP= Key Pulse     

  Parallel Frequencies   900: ** :  3 :  5 :  8 : 12 :    ST= STop          

    2= Coin Collect     1100: ** : ** :  6 :  9 : KP :   KP2= Key Pulse 2   

   KP= Coin Return      1300: ** : ** : ** : 10 :KP2 :    **= None          

   (green box tones)    1500: ** : ** : ** : ** : ST :                      

                            : 900:1100:1300:1500:1700:   75ms pulse/pause   

 

      BLV  -  Busy  Line  Verification.  Allows  a TSPS operator to process a 

 customer's  request  for  a  confirmation  of  a  repeatedly busy line. This 

 service is used in conjunction with emergency break-ins.

 

      BNS - Billed Number Screening.

 

      break  period  -  Time  when  the  circuit during pulse dialing is left 

 open.  In  the  US,  this period is 40ms; foreign nations may use 33ms break 

 periods.

 

      break  ratio  -  The  interval  pulse dialing breaks and makes the loop 

 when  dialing.  The US standard is 10 pulses per second. When the circuit is 

 opened,  it  is called the break interval. When the circuit is closed, it is 

 called  the make interval. In the US, there is a 60ms make period and a 40ms 

 break  period.  This  is  often  referred  to  as  a 60% make interval. Many 

 foreign nations have a 67% make interval.

 

      bridge - I don't really understand  this  one, but  these  are important

phreak toys. I'll cover them more in the next issue of TPH.



      British Post Office - The United Kingdom's equivalent to Ma Bell.

 

      busy  box  - Box that will cause the fone to be busy, without taking it 

 OFF-HOOK.  Just  get a piece of fone wire with a plug on the end, cut it off 

 so  there  is a plug and about two inches of fone line. Then, strip the wire 

 so  the  two middle wires, the tip and the ring, are exposed. Then, wrap the 

 ring  and  the  tip  together,  tape with electrical tape, and plug into the 

 fone jack. The fone will be busy until the box is removed.

 

      cans  -  Cans  are  those  big  silver  boxes  on  top of or around the 

 telephone  poles. When opened, the lines can be manipulated with a beige box 

 or whatever phun you have in mind.

 

      calling  card  -  Another  form of the LD service used by many major LD 

 companies  that  composes of the customers fone number and a PIN number. The 

 most  important  thing  to  know when questioned about calling cards are the 

 area code and the city where the calling card customer originated from.

 

      CAMA  -  Centralized  Automatic Message Accounting. System that records 

 the  numbers called by fones and other LD systems. The recording can be used 

 as evidence in court.

 

      CC - Calling Card.

 

      CC - Credit Card.

 

      CCIS   -  Common  Channel  Inter-office  Signaling.  New  method  being 

 incorporated  under  Bell  that will send all the signaling information over 

 separate data lines. Blue boxing is IMPOSSIBLE under this system.

 

      CCITT  -  The  initials  of  the  name  in  French of the International 

 Telegraph  and Telephone Consultative Committee. At CCITT representatives of 

 telecommunications  authorities,  operators  of  public  networks  and other 

 interested  bodies  meet  to  agree  on  standards  needed for international 

 intermarrying of telecommunications services.

 

      CCS - Calling Card Service.

 

      CCSS   -  Common  Channel  Signalling  System.  A  system  whereby  all 

 signalling  for a number of voice paths are carried over one common channel, 

 instead of within each individual channel.

 

      CDA - Coin Detection and Announcement.

 

      CF  -  Coin First. A type of fortress fone that wants your money before 

 you receive a dial tone.

 

      Channel  - A means of one-way transmission or a UCA path for electrical 

 transmission  between  two  or  more points without common carrier, provided 

 terminal equipment. Also called a circuit, line, link, path, or facility.

 

      cheese  box  -  Another  type  of  box  which,  when  coupled with call 

 forwarding  services, will allow one to place free fone calls. The safety of 

 this  box  is unknown. See references for information concerning text philes 

 on this box.

 

      clear  box  - Piece of equipment that compromises of a telephone pickup 

 coil  and  a  small  amp. This works on the principal that all receivers are 

 also  weak  transmitters.  So,  you amplify your signal on PP fortress fones 

 and spare yourself some change.

 

      CN/A  -  Customer  Name  And  Address.  Systems  where  authorized Bell 

 employees  can  find  out  the  name and address of any customer in the Bell 

 System.  All  fone  numbers  are listed on file, including unlisted numbers. 

 Some  CN/A  services ask for ID#'s when you make a request. To use, call the 

 CN/A  office  during  normal  business hours, and say that you are so and so 

 from  a  certain  business or office, related to customers or something like 

 that,  and  you  need the customer's name and address at (NPA)Nxx-xxxx. That 

 should  work.  The  operators  to  these  services usually know more than DA 

 operators  do  and  are  also  susceptible  to  "social  engineering." It is 

 possible  to  bullshit  a CN/A operator for the NON PUB DA number and policy 

 changes in the CN/A system.

 

      CO  Code  - Central Office code which is also the Nxx code. See Nxx for 

 more details. Sometimes known as the local end office.

 

      conference  calls  - To have multiple lines inter-connected in order to 

 have  many  people talking in the same conversation on the fone at once. See 

 Alliance and switch crashing for more information.

 

      credit  operator - Same as TSPS operator. The operator you get when you 

 dial "0" on your fone and phortress fones. See TSPS for more information.

 

      CSDC  -  Circuit Switched Digital Capability. Another USDN service that 

 has no ISDN counterpart.

 

      DA - Directory Assistance. See directory assistance.

 

      DAO - Directory Assistance Operator. See directory assistance.

 

      data   communications   -   In   telefone   company  terminology,  data 

 communications   refers  to  an  end-to-end  transmission  of  any  kind  of 

 information  other  than  sound, including voice, or video. Data sources may 

 be either digital or analog.

 

      data  rate - The rate at which a channel carries data, measured in bits 

 per second, bit/s, also known as "data signalling rate."

 

      data signalling rate - Same as "data rate." See data rate.

 

      DCO-CS - Digital Central Office-Carrier Switch.

 

      DDD - Direct Distance Dialed.

 

      Dial-It Services - See 900 Services.

 

      digital  -  A  method  to  represent  information  to  be  discrete  or 

 individually  distinct  signals,  such as bits, as opposed to a continuously 

 variable analog signal.

 

      digital  transmission - A mode of transmission in which all information 

 to  be  transmitted  is first converted to digital form and then transmitted 

 as  a  serial  stream of pulses. Any signal, voice, data, television, can be 

 converted to digital form.

 

      Dimension 2000 - Another LD service located at (800)848-9000.

 

      directory  assistance  -  Operator  that  you get when you call 411 or   

 NPA-555-1212.  This call will cost $.50 per call. These won't know where you 

 are  calling from, unless you annoy them, and do not have access to unlisted 

 numbers.  There  are  also  directory assistance operators for the deaf that 

 transfer  BAUDOT. You can call these and have interesting conversations. The 

 fone  number is 800-855-1155, are free, and use standard Telex abbreviations 

 such  as  GA  for  Go  Ahead. These are nicer than normal operators, and are 

 often   subject   to   "social  engineering"  skills  (bullshitting).  Other 

 operators   also   have   access   to  their  own  directory  assistance  at 

 KP+NPA+131+ST.

 

      diverter  - This is a nice phreak tool. What a diverter is is a type of 

 call  forwarding  system done externally, apart from the fone company, which 

 is  a piece of hardware that will foreword the call to somewhere else. These 

 can  be  found  on  many  24 hour plumbers, doctors, etc. When you call, you 

 will  often  hear  a  click  and then ringing, or a ring, then a click, then 

 another  ring,  the second ring often sounds different from the first. Then, 

 the  other  side  picks  the  fone  up  and  you  ask about their company or 

 something  stupid, but DO NOT ANNOY them. Then eventually, let them hang up, 

 DO  NOT  HANG  UP  YOURSELF.  Wait  for the dial tone, then dial ANI. If the 

 number  ANI  reads  is different from the one you are calling from, then you 

 have  a  diverter.  Call  anywhere you want, for all calls will be billed to 

 the  diverter.  Also,  if  someone uses a tracer on you, then they trace the 

 diverter  and  you  are safe. Diverters can, however, hang up on you after a 

 period  of  time; some companies make diverters that can be set to clear the 

 line  after  a  set period of time, or click every once in a while, which is 

 super  annoying, but it will still work. Diverters are usually safer than LD 

 extenders,  but  there are no guarantees. Diverters can also be accessed via 

 phortress  fones.  Dial  the  credit  operator  and  ask for the AT&T CREDIT 

 OPERATOR.  They  will  put on some lame recording that is pretty long. Don't 

 say  anything  and  the  recording will hang up. LET IT HANG UP, DO NOT HANG 

 UP.  Then  the  line will clear and you will get a dial tone. Place any call 

 you  want  with  the following format: 9+1+NPA+Nxx+xxxx, or for local calls, 

 just  9+Nxx+xxxx. I'd advise that you call ANI first as a local call to make 

 sure you have a diverter.

 

      DLS - Dial Line Service.

 

      DNR - Also known as pen register. See pen register.

 

      DOV - Data-Over-Voice.

 

      DSI  -  Data  Subscriber  Interface.  Unit in the LADT system that will 

 concentrate  data  from  123  subscribers  to a 56k or a 9.6k bit-per-second 

 trunk to a packet network.

 

      DT - Dial tone.

 

      DTF  -  Dial Tone First. This is a type of fortress fone that gives you 

 a dial tone first.

 

      DTI - Digital Trunk Interface.

 

      DTMF  - Dual-Tone-Multi-Frequency, the generic term for the touch tone. 

 These  include  0,1,2,3,4,5,6,7,8,9  as  well as A,B,C,D. See silver box for 

 more details.

 

      DVM  -  Data  Voice  Multiplexor.  A system that squeezes more out of a 

 transmission  medium  and  allows  a  customer  to  transmit  voice and data 

 simultaneously to more than one receiver over the existing telefone line.

 

      emergency  break-in  -  Name given to the art of "breaking" into a busy 

 number  which  will  usually  result  in  becoming a third party in the call 

 taking place.

 

      end office - Any class 5 switching office in North America.

 

      end-to-end  signalling  -  A  mode  of  network  operation in which the 

 originating   central  office,  or  station,  retains  control  and  signals 

 directly  to  each successive central office, or PBX, as trunks are added to 

 the connection.

 

      ESS  - Electronic Switching System. "The phreak's nightmare come true." 

 With  ESS,  EVERY  SINGLE  digit  you  dial  is recorded, even mistakes. The 

 system  records  who  you  call, when you call, how long you talked, and, in 

 some  cases,  what  you  talked  about.  ESS  is programed to make a list of 

 people  who make excessive 800 calls or directory assistance. This is called 

 the  "800  Exceptional  Calling  Report."  ESS can be programed to print out 

 logs  of  who called certain numbers, such as a bookie, a known communist, a 

 BBS,  etc.  ESS is a series of programs working together; these programs can 

 be  very  easily  changed  to  do whatever the fone company wants ESS to do. 

 With  ESS,  tracing  is  done in MILLISECONDS and will pick up any "foreign" 

 tones  on the line, such as 2600 Hz. Bell predicts the whole country will be 

 on  ESS  by  1990!  You can identify an ESS office by the functions, such as 

 dialing  911  for  help, fortress fones with DT first, special services such 

 as  call forwarding, speed dialing, call waiting, etc., and ANI on LD calls. 

 Also, black boxes and Infinity transmitters will NOT work under ESS.

 

      extender  -  A  fone  line  that serves as a middleman for a fone call, 

 such  as  the  800  or 950 extenders. These systems usually require a multi-

 digit code and have some sort of ANI to trace suspicious calls with.

 

      facsimile  -  A  system  for  the  transmission of images. The image is 

 scanned  at  the  transmitter,  reconstructed  at the receiving station, and 

 duplicated on some form of paper. Also known as a FAX.

 

      FAX - See facsimile for details.

 

      FiRM - A large cracking group who is slowly taking the place of PTL and

the endangered cracking groups at the time of this writing.



      fortress  phone  - Today's modern, armor plated, pay fone. These may be 

 the  older,  3  coin/coin  first  fones or the newer, 1 coin/DT first fones. 

 There  are  also  others, see CF, DTF, and PP. Most phortresses can be found 

 in the 9xxx or 98xx series of your local Nxx.

 

      gateway city - See ISC.

 

      Gestapo  - The telefone company's security force. These nasties are the 

 ones  that  stake  out  misused  phortresses  as  well as go after those bad 

 phreaks that might be phucking with the fone system.

 

      green  base - A type of output device used by the fone company. Usually 

 light  green  in  color  and stick up a few feet from the ground. See output 

 device for more information.

 

      green  box - Equipment that will emulate the Coin Collect, Coin Return, 

 and  Ringback  tones.  This  means  that if you call someone with a fortress 

 fone  and  they  have  a  green  box,  by  activating it, your money will be 

 returned.   The   tones   are,   in   hertz,   Coin  Collect=700+1100,  Coin 

 Return=1100+1700,  and  Ringback=700+1700.  However,  before these tones are 

 sent,  the  MF  detectors  at  the  CO  must be alerted, this can be done by 

 sending  a  900+1500  Hz  or  single 2600 Hz wink of 90ms followed by a 60ms 

 gap, and then the appropriate signal for at least 900ms.

 

      gold  box  -  This  box  will  trace  calls,  tell if the call is being 

 traced, and can change a trace. 

 

      grey box - Also known as a silver box. See silver box.

 

      group  chief  -  The  name  of the highest ranking official in any fone 

 office. Ask to speak to these if an operator is giving you trouble.

 

      high-speed  data  -  A rate of data transfer ranging upward from 10,000 

 bits per second.

 

      H/M - Hotel/Motel.

 

      ICH - International Call Handling. Used for overseas calls.

 

      ICVT - InComing Verification Trunk.

 

      IDA  -  Integrated  Digital  Access. The United Kingdom's equivalent of 

 ISDN.

 

      IDDD  -  International  Direct  Distance Dialing - The ability to place 

 international  calls  direct  without processing through a station. Usually, 

 one  would  have to place the call through a 011, station, or a 01, operator 

 assisted, type of setup.

 

      IDN  -  Integrated  Digital  Networks.  Networks  which provide digital 

 access and transmission, in both circuit switched and packet modes.

 

      in-band  -  The  method of sending signaling information along with the 

 conversion using tones to represent digits.

 

      INS - Information Network System. Japan's equivalent of ISDN.

 

      Intercept  -  The  intercept  operator  is the one you get connected to 

 when  there  are not enough recordings available to tell you that the number 

 has  been  disconnected  or  changed.  These usually ask what number you are 

 calling and are the lowest form of the operator.

 

      intermediate  point  -  Any class 4X switching office in North America. 

 Also known as an RSU.

 

      international  dialing  -  In order to call across country borders, one 

 must  use  the  format PREFIX + COUNTRY CODE + NATION #. The prefix in North 

 America  is  usually  011  for  station-to-station calls or 01 for operator-

 assisted calls. If you have IDDD, you don't need to place this prefix in.

 

      INTT - Incoming No Test Trunks.

 

      INWARD  -  An  operator  that  assists  your local TSPS '0' operator in 

 connecting  calls.  These  won't  question you as long as the call is within 

 their  service  area. The operator can ONLY be reached by other operators or 

 a  blue  box.  The  blue box number is KP+NPA+121+ST for the INWARD operator 

 that will help you connect to any calls in that area ONLY. 

 

      INWATS  -  Inward  Wide  Area Telecommunications Service. These are the 

 800  numbers  we  are all familiar with. These are set up in bands; 6 total. 

 Band  6  is the largest, and you can call band 6 INWATS from anywhere in the 

 US  except  the  state  where  the call is terminated. This is also why some 

 companies  have  a  separate 800 number for their state. Band 5 includes the 

 48  contiguous  states.  All the way down to band 1, which only includes the 

 states  contiguous to that one. Understand? That means more people can reach 

 a band 6 INWATS as compared to the people that can access a band 1 INWATS.

 

      IOCC  -  International  Overseas Completion Centre. A system which must 

 be  dialed  in  order  to  re-route fone calls to countries inaccessible via 

 dialing  direct.  To  route a call via IOCC with a blue box, pad the country 

 code  to  the RIGHT with zeroes until it is 3 digits. Then KP+160 is dialed, 

 plus the padded country code, plus ST.

 

      IPM  -  Interruptions  Per  Minute.  The number of times a certain tone 

 sounds during a minute.

 

      ISC  -  Inter-Nation  Switching  Centers.  Most  outgoing  calls from a 

 certain  numbering  system  will be routed through these "gateway cities" in 

 order to reach a foreign country. 

 

      ISDN   -  Integrated  Services  Digital  Network.  ISDN  is  a  planned 

 hierarchy  of  digital  switching  and transmission systems. Synchronized so 

 that  all  digital elements speak the same "language" at the same speed, the 

 ISDN would provide voice, data, and video in a unified manner.

 

      ITT  -  This  is  another large LD service. The extenders owned by this 

 company    are    usually    considered    dangerous.    The    format    is

 ACC-ESS#,(NPA)Nxx-xxxx,1234567.

 

      KP  -  Key  Pulse.  Tone that must be generated before inputting a fone 

 number using a blue box. This tone is, in hertz, 1100+1700.

 

      KP2  - Key Pulse 2. Tone that is used by the CCITT SYSTEM 5 for special 

 international calling. This tone is, in hertz, 1300+1700.

 

      LADT  -  Local Area Data Transport. LADT is a method by which customers 

 will send and receive digital data over existing customer loop wiring. Dial-

 Up  LADT  will  let  customers use their lines for occasional data services; 

 direct  access LADT will transmit simultaneous voice and data traffic on the 

 same line.

 

      LAN - Local Area Network.

 

      LAPB - Link Access Protocol Balanced. 

 

      LD - Long Distance

 

      Leave Word And Call Back - Another new type of operator.

 

      local  loop  -  When  a loop is connected between you and your CO. This 

 occurs when you pick the fone up or have a fone OFF-HOOK.

 

      loop  -  A  pair  or group of fone lines. When people call these lines, 

 they  can  talk  to  each  other. Loops consist of two or more numbers, they 

 usually  are  grouped  close  together somewhere in the Nxx-99xx portions of 

 your  exchange.  The lower number in a loop is the tone side of the loop, or 

 the  singing switch. The higher number is always silent. The tone disappears 

 on  the  lower  #  when someone dials the other side of the loop. If you are 

 the  higher  #,  you  will  have  to  listen to the clicks to see if someone 

 dialed  into  the  loop. There also are such things as Non-Supervised loops, 

 where  the call is toll-free to the caller. Most loops will be muted or have 

 annoying  clicks  at  connection, but otherwise, you might find these useful 

 goodies  scanning  the  99xx's in your exchange. Some loops allow multi-user 

 capability;  thus,  many  people  can talk to each other at the same time, a 

 conference  of  sorts.  Since loops are genuine test functions for the telco 

 during the day, most phreaks scan and use them at night. 

 

      MA  -  Ma  Bell,  the Bell Telesys Company. Telco, etc. See Ma Bell for 

 more information.

 

      Ma  Bell  -  The telephone company. The Bell Telesys Phone Company. The 

 company  you  phreak  and  hack  with. The company that doesn't like you too 

 much.  The company you often phuck with, and sometimes phuck up. The company 

 that can phuck u up if u aren't careful.

 

      make  period  -  The  time  when,  during pulse dialing, the circuit is 

 closed.  In  the US, this period is 60ms; however, foreign nations may use a 

 67ms  make  period.  Make  periods are also referred to in percentages, so a 

 60ms make period would be 60%, a 67ms as 67%.

 

      marine verify - Another type of operator.

 

      MCI  -  Yet  another  LD service that owns many dial-ups in most areas. 

 However,  the  codes from various areas may not be interchangeable. Not much 

 is  known  about  MCI;  however,  MCI  probably has some sophisticated anti-

 phreak equipment. The format is ACC-ESS#,12345,(NPA)Nxx-xxxx.

 

      MCI  Execunet  -  The  calling  card  equivalent  of the regular MCI LD 

 service,  but the codes are longer and interchangeable. For the local access 

 port  near  you,  call  (800)555-1212.  The  format  for  the  port  will be

 ACC-ESS#,1234567,(NPA)Nxx-xxxx.

 

      Metrofone  -  Owned  by Western Union. A very popular system among fone 

 phreaks.  Call  Metrofone's  operator and ask for the local access number at 

 (800)325-1403.  The  format  is  ACC-ESS#,CODE,(NPA)Nxx-xxxx.  Metrofone  is 

 alleged to place trap codes on phreak BBS's. 

 

      MF  - Multi-Frequency. These are the operator and blue box tones. An MF 

 tone  consists  of  two  tones  from  a  set  of  six master tones which are 

 combined  to  produce  12  separate  tones.  These are NOT the same as touch 

 tones. See blue box tones for frequencies.

 

      mobile - A type of operator.

 

      NAP/PA - North American Pirate/Phreak Association. A large group of bbs

boards which include a lot of pirates/phreakers. I'm not quite sure where the

group will go from here.



      NON  PUB  DA  - A reverse type of CN/A bureau. You tell the service the 

 name  and the locality, they will supply the fone number. However, they will 

 ask  for  you  name,  supervisor's  name,  etc.  Use your social engineering 

 skills  here  (aka,  bullshitting skills). You also can get detailed billing 

 information from these bureaus.

 

      NPA  -  Numbering Plan Area. The area code of a certain city/state. For 

 example,  on  the  number  (111)222-3333,  the  NPA would be 111. Area codes 

 never  cross state boundaries sans the 800, 700, 900, and special exchanges. 

 

      Nxx  -  The exchange or prefix of the area to be dialed. For example of 

 the number (111)222-3333, the Nxx would be 222.

 

      OGVT - OutGoing Verification Trunk.

 

      OFF-HOOK  -  To  be  on-line,  to  have  the switchhook down. To have a 

 closed connection. At this point, you also have a local loop.

 

      ON-HOOK  -  To  be off-line, to have the switchhook up. To have an open 

 connection.

 

      ONI  -  Operator Number Identification. Identifies calling numbers when 

 an   office   is   not  equipped  with  CAMA,  the  calling  number  is  not 

 automatically recorded by CAMA, or has equipment failures, such as ANIF.

 

      OPCR  -  Operator  Actions  Program.  Standard  TBOC  or equivalent "0" 

 operator.

 

      OPEN  -  Northern  Telecom's  Open  Protocol  Enhanced  Networks  World 

 Program.

 

      OSI   -   Open   System   Interconnection.  Form  of  telecommunication 

 architechture which will probobly fail to SNA.

 

      OST - Originating Station Treatment.

 

      OTC - Operating Telefone Company.

 

      out-of-band  -  Type  of signaling which sends all of the signaling and 

 supervisory  informations,  such  as  ON  and  OFF  HOOK, over separate data 

 links.

 

      output  device  -  Any  type  of interface such as cans, terminal sets, 

 remote  switching centers, bridging heads, etc., where the fone lines of the 

 immediate  area are relayed to before going to the fone company. These often 

 are  those  cases  painted light green and stand up from the ground. Most of 

 these  can  be  opened  with a 7/16 hex driver, turning the security bolt(s) 

 1/8  of  an  inch  counter-clockwise,  and  opening. Terminals on the inside 

 might  be  labeled "T" for tip and "R" for ring. Otherwise, the ring side is 

 usually on the right and the tip side is on the left.

 

      OUTWATS  - Outward Wide Area Telecommunications Service. These are WATS 

 that are used to make outgoing calls ONLY. 

 

      Paper  Clip  Method  -  This method of phreaking was illustrated in the 

 movie  War Games. What a phortress fone does to make sure money is in a fone 

 is  send  an  electrical  pulse  to  notify  the  fone  that a coin has been 

 deposited,  for  the  first  coin  only.  However,  by  simply grounding the 

 positive  end  of  the microphone, enough current and voltage is deferred to 

 the  ground  to  simulate  the first quarter in the coin box. An easy way to 

 accomplish  this is to connect the center of the mouthpiece to the coin box, 

 touch  tone  pad,  or anything that looks like metal with a piece of wire. A 

 most  convenient  piece  of wire is a bend out of a paper clip. Then you can 

 send  red  box  tones  through the line and get free fone calls! Also, telco 

 modified  fones  may  require  you  to  push  the  clip  harder  against the 

 mouthpiece,  or  connect  the mouthpiece to the earpiece. If pressing harder 

 against the mouthpiece becomes a problem, pins may be an easier solution.

 

      PBX  -  Private Branch eXchange. A private switchboard used by some big 

 companies  that  allow  access  to  the  OUTWATS line by dialing  a 8 or a 9 

 after inputting a code.

 

      PCM - Pulse Code-Modulated trunks. 

 

      PC  Pursuit  -  A  computer  oriented LD system, comparable to Telenet, 

 which  offers low access rates to 2400 baud users. Hacking on this system is 

 virtually impossible due to the new password format.

 

      pen  register  -  A  device  that the fone company puts on your line if 

 they  suspect  you  are fraudulently using your fone. This will record EVERY 

 SINGLE  digit/rotary  pulse  you  enter  into  the  fone  as  well  as other 

 pertinent  information,  which  may  include a bit of tapping. Also known as 

 DNR.

 

      Phortune 500 - An elite  group  of  users  currently paving the way for

 better quality in their trade.



      PHRACK   -  Another  phreak/hack  oriented  newsletter.  See  reference 

 section, phile 1.6 for more information.

 

      PHUN  -  Phreakers and Hackers Underground Network. They also release a 

 newsletter  that  is up to #4 at the time of this writing. See phile 1.6 for 

 more information on finding this phile.

 

      PIN  -  Personal  Identification  Number  -  The  last four digits on a 

 calling card that adds to the security of calling cards.

 

      plant  tests  -  test  numbers  which include ANI, ringback, touch tone 

 tests, and other tests the telco uses.

 

      Post Office Engineers - The United Kingdom's fone workers.

 

      PP  -  Dial  Post-Pay  Service. On phortress fones, you are prompted to 

 pay  for the call after the called party answers. You can use a clear box to 

 get around this.

 

      PPS - Pulses Per Second.

 

      printmeter  -  The  United  Kingdom's equivalent of a pen register. See 

 pen register for more info.

 

      PTE - Packet Transport Equipment.

 

      PTL - One of the bigger cracking groups  of all time. However, the group

has been dying off and only has a few nodes as of this writing.



      PTS - Position and Trunk Scanner.

 

      PTT - Postal Telephone Telegraph.

 

      pulse - See rotary phones.

 

      purple  box  -  This one would be nice. Free calls to anywhere via blue 

 boxing,  become  an  operator  via  blue box, conference calling, disconnect 

 fone  line(s),  tap  fones,  detect  traces,  intercept directory assistance 

 calls. Has all red box tones. This one may not be available under ESS.

 

      rainbow  box  -  An  ultimate  box. You can become an operator. You get 

 free  calls,  blue  box. You can set up conference calls. You can forcefully 

 disconnect  lines.  You can tap lines. You can detect traces, change traces, 

 and  trace as well. All incoming calls are free. You can intercept directory 

 assistance.  You have a generator for all MF tones. You can mute and redial. 

 You  have  all  the  red-box tones. This is an awesome box. However, it does 

 not exist under ESS.

 

      RAO  -  Revenue  Accounting Office. The three digit code that sometimes 

 replaces the NPA of some calling cards.

 

      RBOC - Regional Bell Operating Company.

 

      red  box  -  Equipment that will emulate the red box tone generated for 

 coin recognition in all phortress fones.

 

      red  box  tones - Tones that tell the phortress fone how much money was 

 inserted  in  the  fone  to make the required call. In one slot fones, these 

 are  beeps in pulses; the pulse is a 2200+1700 Hz tone. For quarters, 5 beep 

 tones  at 12-17 PPS, for dimes it is 2 beep tones at 5-8.5 PPS, and a nickel 

 causes  1  beep  tone  at  5-8.5  PPS.  For  three slot fones, the tones are 

 different.  Instead of beeps, they are straight dual tones. For a nickel, it 

 is  one  bell  at 1050-1100 Hz, two bells for a dime, and one gong at 800 Hz 

 for  a  quarter.  When  using  red  box  tones, you must insert at least one 

 nickel  before playing the tones, cuz a ground test takes place to make sure 

 some  money  has  been  inserted. The ground test may be fooled by the Paper 

 Clip  Method.  Also,  it has been known that TSPS can detect certain red box 

 tones, and will record all data on AMA or CAMA of fraudulent activity.

 

      regional center - Any class 1 switching office in North America.

 

      REMOB  -  Method  of  tapping  into  lines by entering a code and the 7 

 digit  number you want to monitor, from ACD Test Mode. A possibility of this 

 may be mass conferencing.

 

      ring  -  The  red wire found in fone jacks and most fone equipment. The 

 ring  also is less positive than the tip. When looking at a fone plug on the 

 end  of typical 4 wire fone line from the top, let's say the top is the side 

 with  the  hook,  the ring will be the middle-right wire. Remember, the ring 

 is red, and to the right. The three "R's" revived!

 

      ring-around-the-rosy  -  9  connections  in tandem which would cause an 

 endless loop connection and has never occurred in fone history.

 

      ringback  -  A  testing  number that the fone company uses to have your 

 fone  ring  back  after  you  hang  up.  You  usually  input the three digit 

 ringback  number  and  then  the last four digits to the fone number you are 

 calling from. 

 

      ring  trip  -  The  CO  process  involved  with stopping the AC ringing 

 signal when a fone goes OFF-HOOK.

 

      rotary  phone  -  The dial or pulse phone that works by hooking and un-

 hooking  the  fone  rapidly  in  secession  that  is directly related to the 

 number  you  dialed.  These  will  not  work  if another phone with the same 

 number is off-hook at the time of dialing.

 

      Rout  & Rate - Yet another type of operator; assists your TSPS operator 

 with rates and routings. This once can be reached at KP+800+141+1212+ST.

 

      RPE - Remote Peripheral Equipment.

 

      RQS  -  The  Rate  Quote System. This is the TSPS operator's rate/quote 

 system.  This  is  a  method your '0' operator gets info without dialing the 

 rate and route operator. The number is KP+009+ST.

 

      RSU  -  Remote  Switching  Unit.  The  class 4X office that can have an 

 unattended exchange attached to it.

 

      RTA - Remote Trunk Arrangement.

 

      SAC  -  Special  Area Code. Separate listing of area codes, usually for 

 special services such as TWX's, WATS, or DIAL-IT services.

 

      SCC  -  Specialized  Common  Carriers.  Common  Nxx  numbers  that  are 

 specialized for a certain purpose. An example is the 950 exchange.

 

      sectional center - Any class 2 switching office in North America.

 

      service monitoring - This is the technical name of phone tapping.

 

      SF  -  Supervision Control Frequency. The 2600 Hz tone which seizes any 

 open trunk, which can be blue boxed off of.

 

      short-haul - Also known as a local call.

 

      signalling  -  The  process  by  which  a  caller  or  equipment on the 

 transmitting  end of a line in: forms a particular party or equipment at the 

 receiving  end  that a message is to be communicated. Signalling is also the 

 supervisory  information  which  lets  the  caller  know the called know the 

 called  party  is  ready  to talk, the line is busy, or the called party has 

 hung up.

 

      silver  box  -  Equipment that will allow you to emulate the DTMF tones 

 A,B,C,D.  The  MF  tones  are, in hertz, A=697+1633, B=770+1633, C=852+1633, 

 D=941+1633.  These  allow  special functions from regular fones, such as ACD 

 Testing Mode.

 

      Skyline  -  Service  owned  by  IBM,  Comsat, and AEtna. It has a local 

 access  number in the 950 exchange. The fone number is 950-1088. The code is 

 either a 6 or 8 digit number. This company is alleged to be VERY dangerous.

 

      SNA  - System Network Architechture, by IBM. A possible future standard 

 of architechture only competed by OSI.

 

      SOST  -  Special  Operator Service Treatment. These include calls which 

 must  be  transferred  to  a  SOST switchboard before they can be processed; 

 services such as conferences, appointments, mobile, etc.

 

      SPC  -  Stored  Program  Control.  Form of switching the US has heavily 

 invested in.

 

      Sprint  -  One of the first LD services, also known as SPC. Sprint owns 

 many  extender  services  and is not considered safe. It is common knowledge 

 that Sprint has declared war on fone phreakers.

 

      SSAS  -  Station  Signaling  and  Announcement  System.  System on most 

 fortress  fones  that will prompt caller for money after the number, usually 

 LD  numbers,  has  been  dialed,  or the balance due before the call will be 

 allowed to connect.

 

      stacking  tandems  -  The  art  of  busying  out all trunks between two 

 points. This one is very amusing.

 

      STart  -  Pulse  that  is transmitted after the KP+NPA+Nxx+xxxx through 

 operator or blue boxed calls. This pulse is, in hertz, 1500+1700.

 

      station # - The last four digits in any seven digit fone number.

 

      STD  -  Subscriber Trunk Dialing. Mechanism in the United Kingdom which 

 takes  a  call from the local lines and legimately elevates it to a trunk or 

 international level.

 

      step  crashing  -  Method  of  using a rotary fone to break into a busy 

 line.  Example,  you  use  a rotary fone to dial Nxx-xxx8 and you get a busy 

 signal.  Hang  up  and  dial  Nxx-xxx7 and in between the last pulse of your 

 rotary  dial  and  before  the  fone would begin to ring, you can flash your 

 switchhook  extremely  fast.  If  you do it right, you will hear an enormous 

 "CLICK" and all of a sudden, you will cut into your party's conversation.

 

      STPS  -  Signal  Transfer  PointS.  Associated  with  various switching 

 machines and the new CCIS system.

 

      switchhook  -  The  button on your fone that, when depressed, hangs the 

 fone up. These can be used to emulate rotary dial fones if used correctly.

 

      SxS  -  Step-By-Step.  Also  known  as  the Strowger Switch or the two-

 motion  switch.  This  is  the switching equipment Bell began using in 1918. 

 However,  because  of  its  limitations,  such  as no direct use of DTMF and 

 maintenance  problems,  the  fone  company has been upgrading since. You can 

 identify  SxS  switching  offices  by  lack  of DTMF or pulsing digits after 

 dialing  DTMF, if you go near the CO it will sound like a typewriter testing 

 factory,  lack  of  speed  calling,  lack  of  special  services  like  call 

 forwarding  and  call  waiting,  and  fortress  fones want your money first, 

 before the dial tone.

 

      TAP - The "official" phone phreak's newsletter. Previously YIPL.

 

      T&C - Time and Charge.

 

      tapping  -  To listen in to a phone call taking place. The fone company 

 calls this "service monitoring." 

 

      TASI  - Time Assignment Speech Interpolation. This is used on satellite 

 trunks,  and basically allows more than one person to use a trunk by putting 

 them on while the other person isn't talking.

 

      Telenet  -  A  computer-oriented  system  of relay stations which relay 

 computer  calls  to  LD  numbers.  Telenet  has a vast array of access ports 

 accessible at certain baud rates.

 

      Tel-Tec  -  Another LD company that usually give out a weak connection. 

 The format is (800)323-3026,123456,(NPA)Nxx-xxxx.

 

      Tel-Tex  -  A  subsidiary  of  Tel-Tec,  but is only used in Texas. The 

 number is *800)432-2071 and the format is the same as above.

 

      terminal   -   A   point   where  information  may  enter  or  leave  a 

 communication  network.  Also,  any device that is capable of sending and/or 

 receiving data over a communication channel.

 

      tip  -  The green wire found in fone jacks and most fone equipment. The 

 tip  is  the more positive wire compared to the ring. When looking at a fone 

 plug  from  the  top, lets say the hook side is the top, the tip will be the 

 middle wire on the left.

 

      toll center - Any class 4 switching office located in North America.

 

      toll point - Any class 4P switching office in North America.

 

      Toll LIB - Reverse CN/A bureau. See NON PUB DA for more info.

 

      touch tone phone - A phone that uses the DTMF system to place calls.

 

      touch  tone  test  - This is another test number the fone company uses. 

 You  dial  the  ringback  number and have the fone ring back. Then, when you 

 pick  it up, you will hear a tone. Press your touch-tone digits 1-0. If they 

 are correct, the fone will beep twice.

 

      trace  -  Something  you don't want any fone company to do to you. This 

 is  when the fone company you are phucking with flips a switch and they find 

 the  number you are calling from. Sometimes the fone company will use ANI or 

 trap  and  trace  methods  to locate you. Then the local Gestapo home in and 

 terminate the caller if discovered.

 

      trap  and  trace  - A method used by the FBI and some step offices that 

 forces  a  voltage  through  the  line and traces simultaneously, which mean 

 that  you  can't  hang  up  unless the Pheds do, and pray you aren't calling 

 from your own house. Trap and trace is also known as the lock-in-trace.

 

      trap  codes  -  Working  codes owned by the LD company, not a customer, 

 that,  when  used,  will  send  a  "trouble card" to Ma Bell, no matter what 

 company  the  card  is coming from, and ESS will immediately trace the call. 

 Trap  codes  have  been in use for some time now, and it is considered safer 

 to  self-hack  codes  opposed  to  leeching them off of BBS's, since some LD 

 companies post these codes on phreak oriented BBS's.

 

      Travelnet  - Service owned by GM that uses WATS as well as local access 

 numbers. Travelnet also accepts voice validation for its LD codes.

 

      TSPS  -  Traffic  Service Position System. Operator that usually is the 

 one  that  obtains billing information for Calling Card or 3rd number calls, 

 identifies  called customer on person-to-person calls, obtains acceptance of 

 charges  on  collect  calls,  or identifies calling numbers. These operators 

 have an ANI board and are the most dangerous type of operator.

 

      TWX  -  Telex  II  consisting of 5 teletypewriter area codes. These are 

 owned  by  Western  Union.  These  may  be  reached  via another TWX machine 

 running at 110 baud. You can send TWX messages via Easylink (800)325-4122.

 

      USDN  -  United  States  Digital  Network. The US's version of the ISDN 

 network.

 

      videotext  -  Generic  term  for  a  class of two-way, interactive data 

 distribution  systems  with  output typically handled as in teletext systems 

 and input typically accepted through the telephone or public data network.

 

      WATS  -  Wide  Area Telecommunications Service. These can be IN or OUT, 

 see the appropriate sections.

 

      WATS  Extender  - These are the LD companies everyone hacks and phreaks 

 off of in the 800 NPA. Remember, INWATS + OUTWATS = WATS Extender.

 

      white box - This is a portable DTMF keypad.

 

      XBAR  -  Crossbar.  Crossbar is another type of switching equipment the 

 fone  company  uses  in  some areas. There are three major types of Crossbar 

 systems  called  No.1 Crossbar (1XB), No.4 Crossbar (4XB), and No.5 Crossbar 

 (5XB).  5XB  has been the primary end office switch of MA since the 60's and 

 is  still  in  wide  use. There is also Crossbar Tandem (XBT) used for toll-

 switching.

 

      XBT - Crossbar Tandem. Used for toll-switching. See XBAR.

 

      YIPL - The classic "official" phreak's magazine. Now TAP.











                   /-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/

                   -/-                                 -/-

                   /-/         *> TID-BYTES <*         /-/

                   -/-                                 -/-

                   /-/     by the Informatik Staff     /-/

                   -/-                                 -/-

                   /-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/







/* Unix Fake Mail */



Most good Unix hackers should already know this, but to the up and coming,

we feel it important to include this simple, but powerful trick.



Telnet to port 25 of the receiving site by 'telnet host.com 25'



Once connected, it may or may not require you to type 'helo' [sic]

If it doesn't don't.



type 'mail from: ' and then your imaginary sender:

ex.  'mail from: satan@hell.org' or 'mail from: root@white.house.gob', or some

sort, depending of course on your purpose.



after you get a sender OK, specify the user to receive the mail:

type 'rcpt to: ' and then the appropriate username.



next, type 'data' and hit enter.  This will start entering the data field of

your letter.  Enter as follows:



From: satan@hell.org (Lord of the Underworld)

To: schmuck@anywhere.edu

Subject: Your sinning

Status: R



Your terrible sinning has sparked my interests, we are currently accepting 

applications for head daemon, 5th level of hell. Please include a photo.



Thanks...

Satan

..



The '.' on a line by itself ends the input.  Note, that the From, To, Subject,

and Status lines should be included for the mail headers to make sense of it.

Of course there is the obvious message of:



From: root

To: loser

Subject: your account

Status: R



Your password is too old, please change it to 'hackme1'.  Thanks







/* Walgreen's Store Pricing Code */



Ever curious how much stores mark up their goods on you?  Well it is quite easy

to tell at Walgreen's.  On each price tag, you will see a group of letters, in

this example say, "ARB".  These letters are the key to the stores purchase

price.  The letters correspond to the positions in the code "BRUSH CLEAN".

Here is how it works:   BRUSH CLEAN

                        12345 67890

Simply replace the letters with their appropriate digit, in our example (ARB) 

it would be 9-2-1, in other words, $9.21  Now if they want you to pay $60.00 

for the item, you know you are getting ripped!







/* Bar Swindles */



Here are a of fast-one that you can pull in a bar environment:



Challenge someone to "Do as I do" wager.

Each of you takes a drink.

You make a gesture with the glass, as "toasting."

Your opponent toasts also.

You drink your drink.  Your opponent drinks his drink.

You salute with the glass again.  Your opponent does likewise.

You spit a mouthful back in your drink.  Chances are your opponent has already

    swallowed.  Take the money and run!





      

/* Interesting Catalogs */



Send for these way-cool publications:



Paladin Press

PO Box 1307 

Boulder, CO 80306



"Publishers of the Action Library."  Books on lockpicking, wiretapping,

smuggling, assassintaion, guerrilla warfare, and related subjects. Send $2.00





Loompanics

PO Box 1197

Port Townsend, WA 98368



"The Greatest Book Catalog In the World"-outlaw publishers who also sell outlaw

books... including some by our military.  "No more secrets, no more excuses, no

more limits."  A few of their catagories:  Underground economy.  Tax avoidance.

Fake IDs.  Police science.  Con games.  Self defense.  Revenge.  Guns.  Bombs.

Guerrilla warfare.  Self-sufficiency.  Alternate Energy.  Life extension.

Drugs.  Heresey.  Forbidden philosophis.  Human pleasure.  Send $2 for a HUGE

catalog that is a reading experience unto itself!!













               (%)%(%)%(%)%(%)%(%)%(%)%(%)%(%)%(%)%(%)%(%)%(%)

               )%(                                         )%(

               (%)             > Hot Flashes <             (%)

               )%(                                         )%(

               (%)       The Underground News Report       (%)

               )%(                                         )%(

               (%)     Edited by:  the Informatik Staff    (%)

               )%(                                         )%(

               (%)              October  1991              (%)

               )%(                                         )%(

               (%)%(%)%(%)%(%)%(%)%(%)%(%)%(%)%(%)%(%)%(%)%(%)







Teenage Hacker Emulates Hess

---------------------------- 

[Summary from Computer Weekly, 8th August 1991.]



A 16 year old schoolboy named Jamie Moulding has been cautioned by plainclothed

police after hacking into a military computer and trying to sell secrets to the

USSR.  He claims to have read the Ministry of Defense personnel and payroll

files.  One computer he entered held details of a British Army tank control

system.  Moulding first incorporated details of the system into his own 

simulation package, and then phoned the Soviet Union's London embassy to try to

sell the information.  Next day two policemen turned up at his home and spoke 

to his parents.  Moulding's telephone bills were unwittingly paid by his 

school.  He wrote an autodialer program and an automatic hack program which 

"planted a command which led to a display of passwords".  DEC denied that its

systems had been hacked. The police officers were unavailable for comment. 







Phone Card Scam Cheats Beaumont Residents

-----------------------------------------

[Houston Chronicle, Sept. 28, 1991]



     Several residents have been cheated out of hundreds of dollars by con

artists who call, posing as police or phone company employees, and ask for the

residents' telephone credit card numbers.  Most of the victims are elderly and

are eager to cooperate, since they are promised that they will be reimbursed 

for any long-distance calls.

     About eight Beaumont residents received extremely high phone bills last

month, including one that totaled $1,395, after giving their calling card

numbers to the California based con artists, Southwestern Bell spokesman Frank

Merriman said.  Merriman said the caller identifies himself as a law 

enforcement officer or a telephone company employee who needs the resident's

calling card number to catch a credit card theif or an employee suspected of 

misconduct.

     A Beaumont physician, who was not identified, told authorities he gave his

number to a man who posed as an FBI agent.  The physician later received

long-distance bills totaling $1,395 that included calls to Iran, Puerto Rico,

Hong Kong, Belgium, and China.

     The doctor said the man who called him said they had arrested a man in

Atlanta who had 19 cards, including his.  "He said he has to really arrest this

guy, because he's ripping off the public, and that he needs my help." the 

doctor said.

     The calls have been traced to a pay phone in Los Angeles, he said.

Customers should never give their calling card numbers to anyone over the

phone, Merriman said.  Southwestern Bell will adjust the charges if the company

can prove the customer did not make the calls, he said, but such scams end up

costing customers.  "It's like shoplifting," he said.  "It's a cost, and 

sombody has to incur it."







Security Comes To The Free Software Foundation

----------------------------------------------

[Summary from an article in the Boston Globe, Aug 6, 1991.]



     The Free Software Foundation (FSF) has been forced to institute security

(password) control because "vandals who were able to enter the foundation's

system anonymously were not only deleting and trashing files there, but were

also entering Internet ... and doing damage in other systems as well."...  

Michael Bushnell, a programmer at the Free Software Foundation, said the 

changes are making systems more inconvenient to use and creating an

international network that cannot be used without an operator putting himself 

under surveillance.

     "There's not a big sharp impact because, over time, so many networks 

already created security barriers," Bushnell said.  Extension of these 

restrictions..." is kind of like when the last critical-of-the-government 

newspaper is shut down.  After it's gone a while, people notice a difference.

An estimated 1,000 to 2,00 persons gained access ... and staff members say they

will try to preserve this somehow."  "I feel ashamed not having an open 

system," says [Richard] Stallman, "I feel ashamed having a system that treats 

everyone as vandals when in fact very few were... Every time I think about this

I want to cry."







Miser Held in Record Social Security Fraud

------------------------------------------ 

[Extracted from the article in from the ClariNet news service.]



     Robert L. Chesney is facing trial in the single biggest Social Security

fraud case in U.S. history.  He is accused of receiving retirement and

disability checks under at least 29 names.  Federal agents found 15 boxes and

three steamer trunks full of birth certificates, bank statements, Social

Security cards and over 200 CA DMV id cards, each with Chesney's picture and a

different name.  Chesney allegedly gleaned biographical date about public

personalities from the library.  Pretending to be those people, Chesney would

write to their home counties, give their birth dates and other information and

ask for copies of their birth certificates.  He then took the documents to the

DMV and obtained the ID cards with which he applied for the Social Security

benefits.







SWBT's Responds to the Supreme Court's White Pages Ruling 

---------------------------------------------------------

[By SWBT Media Relations staff]

 

      The following article discusses Southwestern Bell's response to the 

recent Supreme Court ruling that White Pages Directory Listings generally are

not protected by Federal copyright law.  



Media Relations Report

----------------------

Subject: White Pages Listings Generally Not Protected By Copyright Law, Supreme

         Court Rules

Contact: George Stenitzer 



      White pages directory listings generally are not protected by federal

copyright law, the Supreme Court ruled today.  The court said that white pages

listings are facts that lack the originality required to have copyright

protection, although directories as compilations may be copyrighted.

      The Supreme Court ruled in the case of Feist Publications Inc. versus

Rural Telephone Service Co.  Feist publishes wide area directories in parts of

Kansas, Oklahoma and Texas.  When Rural, a small Kansas telephone cooperative

refused to license its white pages directory to Feist, Feist extracted listings

from Rural's directory without permission.  The Supreme Court held that Rural's

listings were not entitled to copyright protection, and that Feist did not

violate copyright laws by using the listings.  This ruling reversed earlier

decisions by the District Court and Court of Appeals, and expressly rejected

earlier cases holding that directory listings could be copyrighted.

      Today's ruling means that other firms may use published white pages

listings without violating copyright laws.  Southwestern Bell Telephone has

licensed the use of its white pages listings to directory publishers in both

paper and magnetic formats.  SWBT's policy is not to license listings to direct

marketing firms but today's ruling suggests that direct marketing companies may

use published listings without a license.  Southwestern Bell Yellow Pages does

not license its yellow pages listings.

      SWBT's licensing of published white pages listings in a paper format

represents about $250,000 in annual revenues; these revenues may be affected by

the ruling.  However, today's ruling does not give other firms free access to

SWBT's yet-to-be-published listings, to listings in magnetic form, or to the

white pages database itself.

      If queried, Southwestern Bell will respond as follows:



"Of course, we don't think it's fair that other firms can copy our published

listings without paying for them."



"Most of our white pages listing customers, however, are seeking updated

listings in magnetic tape form, not the right to copy listings from directories

that have already been published.  Our white pages databases are updated

continuously, and the Supreme Court did not deal with the unpublished data

contained in telephone company databases"



Queries will be handled by SWBT's Sherry Smith.







Returns for Senders: (US Postal Service handling of forwardings)

----------------------------------------------------------------

[From the July/August issue of the Common Cause Magazine]



     The U.S. Postal Service - the butt of so many complaints about inefficient

service -- is on its toes in one way the average mail recipient might not

appreciate.  The same system that enables the Postal Service to forward your

mail to a new address also alerts scads of direct marketers -- from the folks

at your favorite mail-order company to those pesky tricksters who say they have

a special gift waiting if only you'll call to your new whereabouts.  The system

seems to work for better and for worse.  For better: You get the mail you want

and the Postal Service saves time and money by not delivering mail to the wrong

address.  For worse: Junk mailers you never wanted to hear from discover your

new address and waste no time making use of it.

     Postal officials insist that they share change-of-address information only

with those who already have your old address.  Thanks to the large-scale 

selling and renting of customer lists among direct mail marketers, some 

companies that never knew you existed will have your particulars.  The Postal

Service forwards about 2.3 billion pieces of mail a year for the 40 million 

Americans who move annually, at a cost of some $1 billion, says Bob Krause,

director of the Postal Service's National Change of Address (NCOA) system.

     Meanwhile 19 companies, including some of the largest direct-marketing

list management firms, pay the Postal Service an annual fee of roughly $48,000

to receive computerized NCOA updates every two weeks.  These "licensees" then 

provide the updated information to their customers, who pay for address changes

for consumers already on their mailing lists.

     The Post Office places great importance on keeping address-correction 

information secure, Krause says, and the licensees must follow strict 

guidelines on what they can do with it.  They may not use the information to

develop mailing lists.  But direct marketers who properly obtain the 

information from the Post Office or its licensees can make it available to 

others with impunity.  Ann Zeller, vice president for information and special

projects of the Direct Marketing Association, concedes that firms can buy

names from a direct mailer who has a consumer's new address.

     Evan Hendricks, editor of the Washington-based Privacy Times newsletter,

is "very suspicious" of the system.  Without realizing it, individuals who 

complete change-of-address cards are permanently giving away their addresses to

anyone who asks for them," he says, and that should be clearly explained on the

card.

     Of course a change-of-address card is only one of many methods direct

mailers have for learning a person's new address.  Those who would sell you

their wares also mine motor vehicle records, voter rolls, magazine subscription

bases, home purchase records and other sources.

     There is a way out.  Individuals who want their names removed from various

mailing lists can contact the New York-based Direct Marketing Association, 

which runs a name and address "suppression" service.  But, Krause notes, "If 

you buy something at your new address from any direct marketer, your name will

be on a number of lists within weeks."







Inmate, working for TWA, steals credit card numbers

---------------------------------------------------

[From September 8, 1991 `Los Angeles Times']



     Carl Simmons, a 20-year-old California Youth Authority inmate, working as

a TWA telephone reservation agent, stole dozens of customer credit card numbers

and used them for thousands of dollars of personal charges.  He is now serving

two years in state prison for the thefts.

     TWA has used CYA inmates in a special program since 1986.  The story says

the program "has been touted as a way to help young criminals learn a trade and

repay their debt to society.  It has raised more than $500,000 for victims' 

restitution and the cost of incarceration.  And the program's 213 graduates,

many of whom now work at airlines and travel agencies, are one-tenth as likely

to commit new crimes as nongraduates, CYA officials said."

     CYA has tightened security, including more frequent searching of rooms and

occasional strip-searches.  Inmates have always been forbidden from taking pen

and paper into the computer room, and now not even instruction manuals can be 

taken out.  But Simmons and another inmate said that won't stop inmates from 

stealing card numbers or illegally charging airline tickets.

     Fred Mills of the CYA says, "There's always going to be an exception, but

99.9 times out of a hundred in a program you're not going to get that.  For 

every person we can keep out of the institution for a year, that's saving the

state about $31,000.  That's the thing we have to look at and balance."

     One victim, New Hampshire businessman Phillip Parker, said, "I don't want

to begrudge someone a chance to make it back into a productive life, but giving

them a chance where there's a significant amount of potential for financial 

fraud or risk -- maybe there's other things that would make more sense."

     TWA says it will now re-evaluate the program.







Network Security Lacking at Major Stock Exchanges

------------------------------------------------- 

[From Network World, Sep. 16, 1991]



     "The General Accounting Office (GAO) found a total of 68 computer and

network security and control problems at five of the nation's six major 

exchanges during reviews it conducted this past year for the Securities and

Exchange Commissions.  The lack of adequate controls at the five stock markets

could impair their ability to maintain continuous service, protect critical

computer equipment and operations, and process correct information."  The worst

three in terms of numbers of problems were the Midwest (24), Pacific (18), and 

Philadelphia (18) exchanges, which were all faulted for their inadequate risk 

analysis.  The biggest problems were in the areas of contingency planning and 

disaster recovery.  The NY and American stock exchanges came off relatively 

well.  







Computer Security Breach at Rocky Flats Nuclear Weapons Plant

------------------------------------------------------------- 

[Associated Press, 9/16/91]



     Security lapses at the Rocky Flats nuclear weapons plant included the

storage of top-secret bomb designs for a week on a VAX accessible from the

public phone network. In other instances, workers transferred classified 

working materials from secure computers to lower security ones, including PCs,

because they were tired of constant changes in the secure systems and wanted to

work on familiar systems.

     Head of DOE operations at Rocky Flats Bob Nelson said that the agency 

started last year a $37M program to correct security problems, following the

recommendations of outside security experts.

     Nelson also said that the unclassified VAX was used by employees working

from home, but that if someone tries to break in "bells and whistles go off"  

According to other documents obtained by the AP, other DOE computers had been 

found to be vulnerable to break-ins.







Virus Halted Government Computers in South China

 ------------------------------------------------



     HONG KONG, Sept 16 (AFP) - A spate of computer virus attacks put computers

in more than 90 Chinese governmental departments out of order, prompting the

authorities to have all software checked by police, a official Chinese news

agency reported here Monday.  More than 20 kinds of the rogue disruptive 

programs hit more than 75 percent of the offices' computers in southern China's

Guangdong province, the Hong Kong China News Service said.  The provincial 

public security bureau had ordered all government units not to use software 

from unknown origin or software which had not been inspected by the bureau.  In

addition, units or individuals were banned from engaging in the study of

computer viruses, or to hold training courses on them.  The new regulations 

forbid the sale of software capable of neutralizing the viruses.  The report

said the public security bureau had set up a testing department for all 

software against the computer viruses.







AT&T Phone Failure Downs Three New York Airports For Four Hours

--------------------------------------------------------------- 

[N.Y. Times, Sep 18, 1991.]



     Operations at all three New York airports ground to a standstill from 5pm

until 9pm yesterday [Sep 17, 1991] when an AT&T internal power failure at a

Manhattan 4-ESS switching center knocked out long distance calls in and out of

the city. Neighboring commercial power was unaffected.  The 4-ESS system is 

used to route calls between AT&T's long-distance network and the local 

companies.  The air traffic control centers use a network of radio towers 

linked by phone lines.

     Although the precise origin of Tuesday's problems remained unclear, the

extent of the difficulties provided yet another example of how dependent 

today's telephone networks are on a few pieces of equipment.  In recent years,

AT&T and other companies have gone to great lengths to emphasize the back-up 

capacity and redundancy of their systems.  Yet the long-distance carrier was

unable to reroute all traffic to other gateways for several hours after the 

problems first became apparent.  Calls were redirected to the two remaining

gateways, but those could not handle that much increased traffic.  







Midwest Stock Exchange Reaps Millions Due to Accounting Glitch

-------------------------------------------------------------- 

[Summary from Chicago Tribune Business Section, 9-20-91]



     The Chicago Tribune reports that leaders of the Midwest Stock Exchange had

discovered a 13-year-old accounting glitch which enabled a subsidiary to 

wrongfully reap millions of dollars in interest payments which should have gone

to broker-dealers.  While the exact amount of money received by the subsidiary

due to the error was not disclosed, the chairman of the exchange said that he

estimated that over the last twelve months, the firm received around 1.8

million dollars.

     The accounting error, due partly to human error and partly the fault of 

computers, apparently dates back to about 1978. At that time, the exchange and

two of its subsidiaries, Midwest Clearing Corp. and Midwest Securities Trust

Co., altered the way certain broker-dealer transactions were handled.  Clearing

Corp. instituted a change, largely computerized, ordering broker-dealers to

wire money to it for the sale of securities before the securities were received

by Securities Trust Company.

     By depositing these funds in short-term, government-backed securities, 

sometimes overnight but also for longer periods, Clearing Corp. generated for

itself interest payments which should have gone to the broker-dealers. This is

referred to as "playing the float."  When the clearing system is working 

properly, the securities and proceeds are transmitted through the system

simultaneously, thus eliminating such a float.

     The Midwest Stock Exchange insists that they are taking the situation very

seriously, and plan to pay the money back. Some exchange members are concerned

that the money used for the refund will come in the form of higher exchange 

rates, putting the exchange at a serious competitive disadvantage.







SWBT sends off first 'cross-country' ISDN call

----------------------------------------------

[This Week, by Southwestern Bell Telephone]



     The nation's first "cross-country" public network ISDN was placed last

week, courtesy of SWBT.  The historic first call was the result of a two-year

joint effort among SWBT, BellSouth Corp., US Sprint and Bellcore.  SWBT's 

Advanced Technology Lab originated the call, which used US Sprint's digital

facilities in Burlingame, Calif.  The call terminated at a BellSouth switch in

Atlanta, Ga.

     Using an ISDN video application, SWBT's trial director Ken Goodgold

was able to see and talk to BellSouth's David Collins.  "With this test,

the geographic limits of ISDN-based services were stretched from a few

miles to cross-country," Goodgold says.  "We began with protocol testing

and service verification, two key parts of the process,"  Goodgold says.

"That required an extremely complex series of technical tests.  The

Advanced Technology Lab staff worked for months performing the tests

leading up to the first successful call."

     Last week's test call was significant from a marketing perspective as

well as a technical one.  That's because it demonstrated the economic

benifits of using ISDN for video information.  "The cost of a long distance

call is approximately the same, whether it's a voice transmission using a

regular phone line or a video transmission using ISDN," Goodgold says.

"That means a big reduction in cost to arrange a videoconference."

     US Sprint joined the test because ISDN has evolved beyond the local

stage, says Terry Kero, the carrier's director of InfoCom Systems

Development Labs.  "After today, it will be technically possible to make an

ISDN call across the country just as it is possible today to make a regular

long distance call," Kero says.







Computer Hacker Cited 

---------------------

[Houston Chronicle Sept. 25, 1991]



WASHINGTON--A Colorado computer hacker has been charged with breaking into

the National Aeronautics and Space Administration's computer system seven times

last year, the Justice Department said.

     Richard Wittman, 24, of Aurora, Colo., allegedly "altered, damaged and

destroyed information" in the space agency's computer system twice, the

department said.

     He was charged with illegally gaining access to the NASA computer system

and to its computers at the Marshall Space Flight Center in Huntsville, Ala.,

and the Goddard Space Flight Center in Greenbelt, Md.  If convicted on all

charges, he faces a maximum penalty of 15 years in prison and a $1 million 

fine.







/* End; Volume I, Issue 001 */



.