=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= _ _ _ _ ((___)) ((___)) [ x x ] cDc communications [ x x ] \ / presents... \ / (` ') (` ') (U) (U) Frankie's Fireside Phreak Primer ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ A few words of advice that apply to phreaks every- where. Whether a telecom veteran, or a K0dez Kid, the following guidelines may keep you out of trouble and make life in the Computer Underground a little more pleasant. Brought to you by the CULT, o'course. >> A CULT Publication by High Priest and Scribe, Franken Gibe << -cDc- Cult of the Dead Cow Dissemination Council -cDc- =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= I think we could all use a little refresher on Phreak Safety and Hygiene. It seems that phreaks are getting more and more careless...and it's when you think you can't get caught that...yeah: You do. Most of you know these, or think about them occasionally, but try to put the following stuff into practice. A Safe Phreak is an Informed Phreak; A Safe Phreak is a Phreak who Respects the Telecom Medium. Those are trite epigrams, but very true. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= 1) Due to the proliferation of Traffic Pattern Monitoring software among independent carriers, it is DEADLY to scan. If you must scan, NEVER use big name IC's (notably MCI [Real Time Toll Fraud Detection System], U.S. Sprint [those 950's are NOT fun-and-games], etc). If you MUST scan, remember these few commandments: A) Thou shalt never scan sequencially. B) Thou shalt never scan in predictable or detectable patterns. C) Thou shalt never scan a single access port all night, in closely-spaced increments. Best not to scan. Best to have some little kid who doesn't know you scan. 2) Alternate codes as MUCH as you can. Using a code-a-call isn't a bad idea if you have those kinds of resources. Coupled with the no-scanning doctrine, though, notebooks full of codes will not be so common. 3) This is the important corollary to number 2...NEVER EVER EVER overuse codes, nor use codes that you've abused earlier in a given month later on in the same month (generally, after the 20th, when d'bills start to roll out). 4) Do as MUCH remote phreaking as is humanly possible. If you can roll your computer out to some fortress fone, and hook up an acoustic coupler, AND not attract attention...Go for it. (Heck, I'd do it!) 5) Local access ports and AT&T WATS access ports are generally safer than 950's. WATS #'s owned by Ind. Carriers are DEADLY. Here's a little list of advantages and disadvantages of all the above... A) Local Access Ports: Depending on the size of the LDS, these ports can be more or less safe. Almost NEVER have any sort of ANI hooked up, but if abuse becomes notable, they CAN install an incoming trap, discover a phreak's Central Office Code, and then put an outgoing trap in his CO. After that, it's only a matter of time. Traffic Pattern software can give an LDS a good idea of what action it needs to take. B) AT&T WATS numbers: Not a free ride by ANY means, but generally pretty safe. According to No Severance, AT&T WATS lines receive no ANI information. Like the local ports, the area from which a phreak is calling can be determined, but abuse would have to be pretty dramatic. Between local and AT&T WATS, I'd take WATS ("But what about the 800 Excessive Calling List?" Well, if it exists, then it's best not to use WATS too much...i.e. Do NOT Scan). C) Most 950's are safe, contrary to popular belief. There are a number of Feature Groups into which these numbers fall. I don't really remember what they are, and it doesn't really matter. I just wouldn't be too anxious to use these 'cause they're sorta bizarre, and they're VERY abused (never a good thing). But if you must, it's better than... D) Independent Carrier-Owned WATS numbers: God, DO NOT use these. When an IC owns its own carrier, it receives KP + II + 10Dig (YOUR phone number) + ST. In other words, these guys are generally ANI equipped. How can you tell? Well, if you've got an 800 access port, and the exchange is NXX (i.e., you've got a number :1-800-NXX-XXXX), then FIRST dial 1-800-NXX-0000. If you get the "You have reached the AT&T Long Distance Network" recording, the # is AT&T. If you get a "Your call cannot be completed " recording, DO NOT use that WATS number. Simple. 6) [or whatever number...sigh] PLEASE...for your own good, and that of Phreakdom, DO NOT advertise what you do. Yeah, some kids at school might think it's pretty k-radical. Those same kids are the ones to nark, or to mention stuff to the friendly administrators should they ask around. The less non-phreaks know the better. Keep your MOUTH SHUT. That reminds me of poor Disk Demon [of 915]. The kid really wasn't expecting trouble, but he made the fatal mistake of talking: probably to someone he trusted, and probably he didn't say much. All he mentioned was bringing a disk to school the next day to a school chum and that was all the cops needed to search his house, and bam...they have him with telecom fraud evidence. But that was all it took. The cops don't need much to get a warrant to monitor your telfo. It's a scary reality in a nation that takes less and less seriously the Bill of Rights. 8) NEVER phreak voice calls. Sigh. I know, I'm sure there are a thousand screams of "Oh, COME ON, that's going too far". Okay, let me qualify that, then. Voice-phreak only if you're 1) sure you're not monitored (and who is ever sure?) and 2) know that the recipient can handle possible threats and unpleasantness from the friendly operator who may give him a buzz. Feds and investigators ain't stupid...or at least, not THAT stupid. As long as no one admits anything, it's okay. But the minute you start voice-phreaking, you open a lot of loose ends. Some suggestions, then, for voice phreaking: A) Try to remain anonymous. Not too hard. B) IF you're talking to strangers, don't mention where you're calling from, much less leave a number. Yeah, just common sense. C) Don't talk about phreaking over the line if you don't think the line is secure. Duh! D) If you trust the kid you're calling, tell him you've phreaked a call to him. Ask him if it's "cool". Make sure he can handle possible (and usually improbable) inquiries. Make sure his 'rents know NOTHING. 9) That's another thing. This doesn't have to do with safe phreaking, but with keeping phreaks safe. Know what you'll say if you ever get called by an operator or investigator type. If you have a bbs or data line, great. If not, have a story ready and rehearsed. When you think about it, it IS kinda hard for these people to believe that you don't know WHO called you for 5 hours last Sunday night...be prepared. (Ee! Boy scouts rule.) Okay, that's it for for now. If you have any more suggestions, leave me mail on