Intro
by Mohawk
This should be considered the first "real" issue. The last issue was a mix
of new articles and articles that were going to be published in OCPP. The articles
in this issues are some of the best we've ever published. I'm really proud of
everyone involved with not just the zine, but the network as a whole. Things have
really progressed since last issue. I will no longer be providing updates to the
network, the page, etc. in the intro section of the zine. That way, years from now,
you don't have to read about pointless news that happened so long ago. News about
the website, additions to the network, etc. will be on the News page only from now
on. However, I will still talk about changes within the zine itself.
Speaking of which, we've got some new writers for this issue. Black Axe,
Bit Error, and MMX all have some great articles in this issue. I'm really happy
with the staff we have now. We also have some more new writers that should debut
next issue. Of course, if you would like to join the staff, feel free to email
me. The network itself will continue to grow with some big things coming up soon
thanks to X-Logik. The next issue should be out in about 3 or 4 months. It looks
like were gonna try to stick to a quarterly release date but that's just an
estimate. We're still getting some loose ends together here and things will only
continue to improve. There are still people out there that don't know were still
alive.
Top
Targeted Long-Distance Dialing on a Siemens 9006 Switch
by Biterror
Disclaimer:
This information is for information purposes only. I am not responsible for
abuse of the info herein.
Intro:
With phone systems becoming more and more advanced and companies relying
on them to perform increasingly advanced tasks, there are often holes in these
systems that can be accessed by the enterprising among us. These holes are often the
result of sloppy or misinformed switch programming and may be utilized without tone
generators or account codes. Specifically, this file deals with an often-overlooked
aspect of programming in the Siemens 9006 office PBX.
The Situation:
Making free calls through a PBX is nothing new. However, the strategy
in the past has been to find a local company with a phreakable PBX, hack it, and
acquire a dial tone to make long distance calls. This is, of course, illegal and
usually results in increased security measures by that company. Why not use 800
numbers to call the city you want to reach and, through a little cleverness on
your part, achieve local (long distance to you) phone access that way?
It's easy, it works, and it's totally legal. I have successfully used
this plan to call friends near a large metro area for over a year. In that
time, no changes have been made to the programming of the switch I am dialing
and no Bell agents have knocked on my door. I know that the company's switch
I am using is a Siemens 9006 with Phonemail SE so the keystrokes that follow
are for that setup. Mileage will vary on other PBXs.
A Note on Tie Trunks:
Geographically dispersed offices of a company have to have a way to
communicate with each other. They could just pick up their phones and dial each other
long distance, but then the long distance charges would be outrageous. There is an
easier, cheaper way to talk to each other: tie trunks.
Tie trunks are usually T-1 lines leased from a local dialtone provider
that connect offices together (say an office in Mobile, AL with company HQ
in New Orleans). These trunks allow someone in Mobile to dial a 4 digit extension
and reach someone in the New Orleans office, instead of having to dial on the
10 digit long distance plan.
Aside from saving money, it's just more convenient to dial long distance
as if you were calling someone in the next cubicle. Keeping this in mind, let's
try to make some calls.
For example's sake, let's say you want to call your girlfriend who
lives in Slidell, LA. The only problem is, you reside in Knob Lick, KY. And since
you man the Knob Lick KFC drive through for a living, you don't exactly have
wads of bills to drop on phone charges. The first thing you need to do is have
your girlfriend whip out a Slidell phone book and find a small to medium-sized
company that has an 800 number. Don't pick some huge company like Sprint or
Fujitsu, because they won't be using a Siemens 9006 PBX. If she can't find a
number in Slidell, check the New Orleans phone book (this example assumes that
Slidell is a local call from New Orleans). The Internet is also a good place to
look for 800 numbers. Also try to find out if this company has branch offices and
where they are located.
Once you find the main toll free number for the company, dial it
(after business hours if possible) and wait for the auto attendant to answer. When
the attendant asks you to press a key if you know your party's extension, press
that key. Or if you prefer, and if the switch menus offer it, you can spell an
employees last name and be transferred to their extension. We just want to reach
an extension, it doesn't matter whose it is.
You must now enter an extension. If you decide to spell an employee
name, go for the obvious Smith and Jones, or you could be there all damn night.
Dialing an extension by number is also trial and error. Look at the company's local
telephone number and use the last four digits of that number as a basis for guesses.
For example, if the local number of the company is 555-8000, try extensions in the
8100's, 8200's, 8300's, etc. Extension numbers may be arbitrary and can have any
DID number.
Once you have a working extension, you will be transferred to someone's
voicemail. You may be connected on the local company PBX, or you may have transferred
to another identical PBX on the corporate tie trunks. You'll know more when you try
your outside call. You can listen to the voicemail message you just dialed or bypass
it with the proper button. When the voicemail beeps for you to begin your message,
hit the * (star) key followed by the # (pound) key. This brings you back to the
attendant, but now you should be one level deeper in the 9006's menu tree. The
attendant should read you a grocery list of options that you may choose from. When
she (or he) tells you the keys to hit to transfer to another extension, do it. Now
you dial your girlfriend's extension, preceded by a 9 (to access outside lines)
and followed by a # (to let the switch know you have finished inputting
the number you want to transfer to.) Hit # again to allow the switch to dial out.
It's that easy! Provided you are still on the local switch, your call should go through.
If the Siemens switch you dialed is on a tie trunk and the extension you dialed
rings someone at a branch office in say, Mobile, AL, then your call is not likely
to go through. Unless of course the idiot switch programmer did not exclude
long distance transfers in his dial plan. Then you can transfer to any number anywhere
from that extension, but that is not likely. It may not even allow local calls on
a transfer, only four digit extensions. If that's the case, you are SOL and will
have to find another company to try. I never said this would be easy, but it is a
great way to make calls to targeted cities with little expense to either party. The
Siemens switch may possibly be running a third party software program called Telemate.
Telemate's sole purpose is to record incoming and outgoing digits which
it saves to a file or outputs to a printer. It's mostly for accounting purposes,
to see which employees are screwing around and which are actually making legit calls.
Your phone number travels the whole way with your call and can be recorded. Calling
from a payphone is still your best bet.
Top
Countermeasures Revisited
by Seuss
The most prevalent information on telephone counter-surveillance has been
floating around for at least 15 years. Short the pair at the demark and measure
resistance. Open the pair at the demark and measure the resistance. Abnormally high
or low resistances indicate a phone tap. Forrest Ranger wrote about it in text
files, M.L. Shannon and Paul Brookes included it in their books, and an untold
number of phone phreaks have employed this technique. Despite its popularity, this
technique has its shortcomings: it fails to detect devices installed in the outside
plant, split pairs are undetected and transmitters built into the phone are not tested
for.
What you'll need:
- Access to a local DATU.
- A multimeter with high impedance scales (several meters that measure into the
giga-ohm range are available) and a capacitance meter.
- An induction probe.
- A frequency counter or near field detector.
- Something that makes continuous noise, like a tape player.
- Ancillary tools (screwdrivers, a can wrench, etc.)
First, call the Phone Company to ask about your line's readiness for ISDN or
DSL. High-speed services demand a line with no loading coils and a minimum amount
(less than 2500 ft.) of bridged taps. Either will cause inaccurate measurements.
Begin by taking the phone off hook and turning on your tape player
(to turn on voice activated transmitters). Now give your phone a pass with your
near field detector or frequency counter. Transmitters in the phone will hopefully
be picked up at this point. (Note: some speakerphones are prone to normal RF leakage)
Next measure the capacitance of the line, dividing the value by .83
(the average mutual capacitance for a mile of phone line). This is roughly the
length of your line. Write it down, you'll need it later. Remember that .83 is an
average value, which can range from .76 to .90 depending on line conditions. To get
a more accurate measurement you can fine tune your figure by comparing capacitance
measurements on a section of plant cable of a known length, or use a TDR.
Disconnect all the phones from the line you want to test. Go to your demark
and disconnect your pair on the customer access side. Short the pair and measure the
resistance of the line from the farthest jack with the meter set to its lowest scale.
Reverse the polarity of the meter and measure again. If either resistance is more
than a few ohms, it would suggest a series device wired into the line somewhere on
your property. Now return to your demark, open the pair, and cover the ends in
electrical tape. Measure the resistance of the pair with the meter set to its highest
scale. A less than infinite resistance would suggest a device wired in parallel to
your line.
Testing in the outside plant should be conducted from the telco side of
the demark point in order to avoid measurement error from the station protector
circuit. Call that DATU and short the pair, then measure the resistance of the
line. Compare the value you got for your line's length with the figures below:
Wire Gauge | Loaded Pair | Unloaded Pair |
26ga | 84.33 | 83.33 |
24ga | 52.89 | 51.89 |
22ga | 33.72 | 32.39 |
19ga | 17.43 | 16.10 |
2nd Key | 1 | 2 | 3 | 4 | 5 | |
1st key | ||||||
1 | Space | Period | comma | hypen | slash | |
2 | A | B | C | |||
3 | D | E | F | |||
4 | G | H | I | |||
5 | J | K | L | |||
6 | M | N | O | |||
7 | P | R | S | Q | ||
8 | T | U | V | |||
9 | W | X | Y | Z |
Character | DTMF | MF | |||
Set | Low | High | Low | High | |
1 | 697 | 1209 | 700 | 900 | |
2 (ABC) | 697 | 1336 | 700 | 1100 | |
3 (DEF) | 697 | 1477 | 900 | 1100 | |
4 (GHI) | 770 | 1209 | 700 | 1300 | |
5 (JKL) | 770 | 1336 | 900 | 1300 | |
6 (MNO) | 770 | 1477 | 1100 | 1300 | |
7 (PRS) | 852 | 1209 | 700 | 1500 | |
8 (TUV) | 852 | 1336 | 900 | 1500 | |
9 (WXY) | 852 | 1477 | 1100 | 1500 | |
* | 941 | 1209 | |||
0 | 941 | 1336 | 1300 | 1500 | |
# | 941 | 1477 | |||
KP | 1100 | 1700 | |||
ST | 1500 | 1700 |
SASS Test Number Access
by Lineside
lineside@telehack.net
SASS test numbers can be interesting to find and play with. If you've
ever heard of DATU's (Direct Access Test Unit) or have played with one, you'd
find that SASS numbers are very similar to them. (If you want to know more
about DATU's, read MMX's article in this issue.)
For comparison, here are the test functions of a DATU:
-Audio Monitor (busy, idle line, intercept)
-Short ring to ground (tip open)
-Ring Ground
-Short tip to ground (ring open)
-High level tone on tip and ring
-High level tone on ring (tip grounded)
-High level tone on tip (ring grounded)
-Low level tone
-Open line
-Short line
-Permanent signal release
(taken from NPA DATU text)
When calling a SASS number, instead of having to directly enter a security
code it will first of all respond with an ANAC (meaning it gives you the number you
are calling from.) It will do so twice. The time during the second ANAC is when you
enter your 4-digit security code (BellSouth seems to love using 1111 and 1122 for a
lot of their stuff, including their SASS and DATU). After doing so, you get to the menu.
The menu consists of the following functions and tests which you
select using different DTMF keys:
4- Busy line verification (for deluxe call waiting/ memory call)
5- A DTMF keypad test
6- Number identification
7- Ringback test
8- Transmission measurement tests:
1- Single tone: choose between 03(304Hz) and
32 (3204Hz)
3- Three tone slope (400Hz,1004Hz, 2804Hz)
5- Quiet termination
6- Milliwatt tone
7- Tone sweep: choose start and end tone between
03(304Hz) to 32 (3204Hz). For a full tone
sweep you enter *
8- Number identification sweep: 1200HZ- 2200HZ
(for caller id)
9- Data sweep (900Hz- 2800Hz)
0- 10 tone slope (304Hz- 3204Hz)
*- return to main menu
Instead of forcing a disconnect with ## as you would with a DATU, after using the
SASS you can just hangup.
SASS functions such as the ANAC, ringback and DTMF test (for finding out
those stored #'s in butt-sets???) can be pretty useful. As for finding SASS numbers
in your area, the telco may or may not have a designated or often used prefix.
In my area the DATU and SASS numbers seem to be pretty mixed up and spread out
while regular test numbers such as ANAC usually share their prefix with lots of other
interesting telco numbers. Again, this could be different in your area.
If you have any questions, especially if you are in the south-east area,
please contact me with any questions or comments.
Visit Lineside's Telecom Site: http://www.angelfire.com/ga/Lineside/
Top
An Intro to Paging Networks and POCSAG/FLEX interception
by Black Axe
Pagers are very, very common nowadays. Coverage is widespread and cheap, and the
technology is accepted and understood by most. Ever wonder, though, what happens on these
paging networks? Ever wonder what kind of traffic comes across those pager frequencies?
Ever listen to your scanner on a pager frequency in frustration, hearing the data stream
across that you just can't interpret? Want to tap your radio, get a decoding program, and
see what you've been missing?
Before I begin, let's cover just exactly how those precious few digits make it from
the caller's keypad to the display of the pager in question (or, perhaps, your monitor).
Let's look at this in the perspective of a drug dealer with a pager (Joe), and a confused
old lady paging him (Ethel).
First, Ethel picks up her phone, and dials Joe's pager number (555-1234).
Ethel hears the message "type in your phone # and hit #, so she complies and enters
555-6969#, and then hangs up.
Here's where the fun starts. This is all dependent on the coverage area of the
pager. The paging company receives the page from Ethel, and looks up the capcode of
the pager it is to be sent to. A capcode is somewhat akin to an ESN on a cellphone;
it identifies each specific pager on a given frequency. The paging company will then
send the data up to a satellite (usually), where it is rebroadcasted to all towers
that serve that particular paging network. Remember last year, when everyone's pagers
stopped working for a few days? It was the satellite that we are now discussing that
went out of orbit. The paging towers then transmit the page in all locations that
Joe's pager is serviceable in. In this case, let's say that Joe's pager has a coverage
area that consists of a chunk of the East Coast, going from Boston down to Washington
DC, and out to Philadelphia. The page intended for Joe is transmitted all throughout
that region. Since a pager is a one-way device, the network has no idea as to where the
pager is, what it's doing, etc., so it just transmits each page all over the coverage
area, every time. "So?", you may say, "what's that do for me?" Well, it means two
different things: first, that pagers can be cloned with no fear of detection, because
the network just sends out the pages, and any pager with that code on that frequency
will beep and receive the data. Second, it means that one can monitor pagers that are not
based in their area. Based on the example of Joe's pager, Joe might have bought his
pager in New York City. He also could live there. However, because the data is
transmitted all over the coverage area, monitoring systems in Boston, Washington DC, and
Philadelphia could all intercept Joe's pages in real time. Many paging customers are
unaware of their paging coverage areas, and usually do not denote the NPA (area code)
from which the page is being received. This can cause problems for the monitoring
individual, who must always remember that 7-digit pages shown on the decoder display
are not necessarily for their own NPA.
The Pager Decoding Setup
Paging networks aren't encrypted. They all transmit data in the clear, generally in one
of two formats. The older format is POCSAG; which stands for Post Office Code Standards
Advisory Group. POCSAG is easily identified by two separate tones, and then a burst of data.
POCSAG is fairly easy to decode. FLEX, on the other hand, is a bit more difficult, but not
impossible. FLEX signals have only a single tone preceding the data burst. Here's how to
take those annoying signals out of your scanner and onto your monitor. You will need:
1. A scanner or other receiver with a discriminator output. Info on this mod is available
on the net and it's fairly easy to perform. This will enable you to get a clean audio
signal out of the scanner, as opposed to the amplified crap out of the speaker or
headphone jack.
2. A computer.
3. You will need a Soundblaster compatible soundcard. This will let you snag POCSAG
traffic. Or, you can build a data slicer and decode FLEX traffic too. Or you can be
lazy and buy one from Texas 2-Way for about $80 or so. The Soundblaster method will
obviously tie up your computer decoding pages. Using the slicer will let you run
decoders on an old DOS box and will let you use your better computer for more
important stuff.
4. Antennas, cabling, etc. You will need an RCA cable (preferably shielded) to take the
discriminator output either into the soundcard or into the slicer. If using a slicer,
you will also need the cable to connect your slicer to your computer. As far as antennas
go, pager signals are VERY strong, so you won't need much of an antenna, I generally
use a rubber ducky with a right angle adapter, attached right to the back of the radio,
works fine. The signals are so damned strong that you might even be able to get away
with a paper clip shoved into the antenna jack.
Hook all of this stuff together, it should be obvious as to how it is assembled. Tune
yourself a nice, strong (they're all strong, really) paging signal. Where are they? Well, the
vast majority of numeric pagers are crystalled between 929 and 932mHz; try there. Or if you
want to try decoding some alphanumeric pagers, try 158.1mHz. Now, what about software, you
say? That is where things start to get kinda hairy. See, Motorola developed most of this stuff, and holds licenses to it. Any software that decodes POCSAG is some sort of copyright violation or something or other, hell, I don't know. So one day, the morons at Mot decided
that they didn't want that software floating around. So they looked up everyone who had copies
posted on the Web and told em that if they didn't knock it off, it was court time. The
threatened webmasters removed the offending copies, fearing a lawsuit from the well-heeled
Motorola with their gangs of lawyers. Ouch. After this, our good friends from the United
States Secret Service arrested Bill Cheek and Keith Knipschild for messing around with
decoding hardware and software - the SS appeared to want to make data slicers illegal. Of course, these arrests were ridiculous, but nobody wanted to get busted, so the vast majority
of resources on American websites disappeared. Checking around English or German sites may
yield some interesting results.
Now you're ready. Fire up the software. Get that receiver on a nice, hot frequency. Look
at all of the pages streaming across the network. Give it a few hours. Getting bored yet?
Okay, now that you have a functional decoding setup, let's make use of it. Know someone's
pager that you want to monitor? Here's how to snag em. First you need the frequency; it's
usually inscribed on the back of the pager. Also, you can try to determine what paging company
they use and then social engineer the freq out of the company. www.perconcorp.com also has a
search function where you can locate all of the paging transmitters (and freqs) in your area,
listed by who owns em. Not bad. So you have the frequency, now what? Well, wait until you
have to actually talk to this person. Get your setup cranking on the frequency that this
person's pager is using. Now, page him. Pay close attention to the data coming across the
network. See your phone number there? See the capcode that your phone number is addressed to?
That's it. Some better decoding programs have provisions to log every single page to a certain
capcode to a logfile, this is a good thing. Get a data slicer, set everything up on a
dedicated 486, and have fun gathering data.
Top
Satellite Systems: Reception
by Black Axe
Ever look up at the sky, and wonder what's up there? Ever watch someone's
satellite TV and wonder, "gee, maybe if I turned the dial and swung the dish around
a bit, I could see what else is up there.."? Hopefully, this article can help inform
the reader about the most common and easily intercepted forms of satellite communication.
Before we begin, there are a few important concepts, that we must cover. If you know
anything about satellites, this part should bore you. All satellites orbit the earth.
Some of those satellites orbiting the earth are put into such an orbit that they appear
motionless to an earth-based station; in layman's terms, they don't go anywhere. These
types of satellites are referred to as geosynchronous. Other satellites will orbit the
earth. Because they move in perspective to the earth-based observer, that observer must
keep track of where exactly the satellite is at any given time (usually for purposes of
antenna calibration). Keplerian Elements, readily available for most (non-spy) satellites,
can be entered into a variety of different freeware, shareware, and commercial programs to
track the satellites. Some programs can even orient your antennas or dishes for you, to
get the best possible signal as the satellite moves across the horizon.
These topics having been covered, let us delve deeper into what our dishes
and antennas can fish out of the cosmos.
-Amateur Radio Satellites
One of the easiest types of signals to receive from space is from amateur (Ham)
satellites. Most amateur satellites use uplinks and downlinks in the VHF and UHF bands,
making antenna requirements easy to fulfill. Most of the time, a properly oriented
telescoping whip is all that is needed. Operating modes vary; CW (Morse code) is often
used. Other operating modes include SSB (Single Sideband), various digital modes, and FM
voice (specifically, the AO-29 satellite). The interesting part about amateur satellites is
that not only does one have the ability to listen in, but also the ability to use these
satellites for their own communications. Some digital
satellites even house entire BBS systems.
-MIR and SAREX
One can also communicate with the Russian space station, MIR, and
(at certain times) the American Space Shuttle (SAREX). Cosmonauts aboard the space
station MIR operate voice and a packet (digital) system onboard in the 144-mHz
amateur band. The American Space Shuttle's SAREX (Space Amateur Radio Experiment)
is a more clandestine operation, consisting of a handheld radio and a window-mounted
antenna. FM voice is used on a number of different frequencies in the 144mHz band.
Amateur radio operators are EXTREMELY competitive in making a SAREX contact, usually
just for the nice postcard (QSL) that NASA sends.
-Inmarsat
Now we delve into more of a "grey area" of satellite monitoring. The Inmarsat
system consists of four geosynchronous satellites serving the entire surface of the
Earth with satellite telephone service. Ridiculously expensive, Inmarsat service
is generally only used by well-funded people and organizations. Some Inmarsat
traffic is digital. However, there is still an abundance of voice traffic to be
intercepted. Transmission mode is companded FM, meaning that signal strength
varies with the noise level (used to conserve power consumption); set your squelch
accordingly. To intercept Inmarsat traffic, a receiver capable of covering 1500mHz
is required, along with a dish and a directional antenna (Yagi). Orient the Yagi
(tuned for the band) towards the dish, and affix it to the dish's LNB. Find the
satellites in the sky (this will be left as an exercise for the reader); tune the
receiver to 1537mHz to find a constant signal transmitted by the satellites.
Modulation mode is Narrow FM; steps of 25kHz. Have a tape recorder ready; you never
know what you'll hear.
-TVRO
TVRO stands for TeleVision Receive Only. Basically, it is what is known as
satellite TV. Although many pay services are common nowadays, it is still possible
to intercept a great deal of analog video traffic from TVRO satellites. Basically,
what is required is a TV (of course), a satellite receiver, a dish with an LNB
(Low Noise Block converter), and rotors to spin the dish around. What's out there,
you say? Of course, there's regular network TV, and many other less-common broadcast
services. By far, the most interesting part of TVRO is "wild feeds", that is, live
video being transmitted from various locations to broadcast studios. For example,
during the conflict at Waco, there were four live and uncensored feeds coming out of
Waco, 24 hours a day. You'll get to see all the blood and guts that are edited out
of the network broadcast, along with reporters you'll recognize very well bitching
before a broadcast, smoking a quick cigarette, etc. The world of TVRO is vast
and ready for exploration.
Top
The elusive Project Angel
by Mohawk
I first talked about Project Angel in OCPP Issue 3. I was really interested in
this revolutionary technology that planned to totally bypass Bell's switches and offer
better service at a cheaper price. Not only would this make local competition interesting
but this had some very unique implications for the phreaking scene. How would this change
the phreaking scene? I couldn't wait for the consumer rollout to see all the new phreaking
exploits that were spawned from Project Angel. Two years after Issue 3, I'm still waiting
and information about what happened to Project Angel is very scarce. Some of you are
probably hearing about this for the first time. This is probably the most complete
article you'll find on this topic. There so many different stories as to what's going on
it's hard to separate fact from fiction. I had to piece this story together with facts
that are spread out in various mediums over a period of several years. If you have any new
information, I screwed up on something, or left something out, please email me.
I've been researching project angel for about three years now and it first came into
the public eye in early 1997. However, this technology has been in the works for most of
the 90's. In early 1993, McCaw Cellular Communications tested a technology known internally
as "Project Dino". This wireless local loop technology eventually turned into Project Angel.
AT&T bought out McCaw later that year and it becomes part of AT&T's Wireless Services. At
the end of 1994 AT&T bid on 10-MHz wireless licenses in FCC auctions. For about an entire
year things got quiet again. In early 1996 AT&T sought local telephone certification in
all 50 states after the Telecommunications Act of 1996. The ironic thing here is that
AT&T is seeking to break into the local telephone monopoly that's held by the baby bells
who were all once part of AT&T's telecommunications monopoly that was broken up in 1984.
And to do that they have to come up with a new technology.
On February 25th 1997, John Walters reveals Project Angel to the world at the NARUC
gathering (see OCPP 3 for his speech). News releases detail how this new technology will
work. Central Offices will be replaced be Digital Switching Systems that are outfitted
with fiber optic cable. Blocks of 2000 homes are grouped together and share one antenna.
Each house will have a pizzabox sized radio transceiver box on the roof that will connect
it with the DSS by converting voice and data transmission into digital information and
sending it through the air over the 10-MHz radio spectrum to an antenna and then on to the
DSS. Each home will get four phonelines and one 128 kb/s data line. AT&T claims that
this new technology will provide quality and security at a cheap price. Beta testing is
announced for Chicago in the summer of 97 and a full consumer roll out in 1999. The
media has a frenzy with all this information and some people predict the end of CO's if
everything goes right. This sounds really cool huh? Four phone lines, a fast data
connection, a cool new technology to play with, and cheaper then the typical babybell
service. Things looked like they were gonna get very interesting.
Flash forward two years later. What the hell happened? It's almost impossible to
find any news coverage as to the updates on angel. I'm not gonna bore you with corporate
details about who went where but it's important to keep in mind that AT&T juggled around
executives for the past couple years and each time a new person comes and go's the emphasis
of the company shifts. The Chicago beta test didn't begin until December of 1997, months
after it was supposed to take place. This was kept under raps by AT&T for the most
part and for good reason. It turns out that the big beta test that would determine the
public's opinion of Project Angel was only given out to a few customers (between 5 and 10,
an exact number wasn't determined). However, AT&T did say that it was pleased with the
Chicago test and the some of the people working on it wore shirts that said "we deliver"
which was in reference to the boxes on the houses looking like pizza boxes. A lot of
people in the industry saw this as a failure due to the lack of information about the
Chicago trial.
In early 1998 AT&T acquired Teleport Communications and most people thought that
this signaled the end of Project Angel because Teleport was a local telephone company and
this would give AT&T all they needed for local competition. AT&T announced that PA was
alive and that it isn't dead and that Teleport would assist with the project. However,
at the same time Project Angel shifted from a "Babybell monopoly killer" to just one of
the options that AT&T can use to enter the local market. Many people left the project
because they felt that they needed to get out why they could. I talked to several people
who were involved with the project and they said that the cost of a roll out alone was far
higher then originally expected and it was not profitable and therefore had no future.
Cost has been an issue since John Walters speech. It was ordered that the cost must be drastically reduced.
For a while, the was just no news on Angel but in May 1999 things were looking up
again for this ill-fated technology. The company announced that it would begin testing in
Dallas Texas and that it has been testing it out with employees for months. The tests
would be free to certain customers and then it will be tested with paying customers this
summer. The company reduced it costs from $1149 per customer to $750 still short of the
under $500 target that most analysts see as the minimum competitive price. At the same
time, AT&T announced that is has started voice over cable service with paying customers in
Fremont, California.
And that brings us to now and is spurs the question, What's the future of Project
Angel? I just don't see Project Angel becoming this huge thing that just shuts down CO's
across the US. AT&T's main emphasis has been on cable and they will most likely use Angel
or a version of it to reach it's customers where cable can't. I've heard some rumors that
a similar technology is being developed by other companies for the US and Asia. Companies
are looking into merging cable, phone, and internet access and becoming your one stop shop
for these services. If Angel becomes part of this convergence or just gets filed under the
spoke to soon pile remains to be seen. Of course, we'll bring you updates when and IF they
come.
Top
Zine Writing Suggestions
by the Phone Punx Staff
Remember a few years ago when having your own group was the k-rad thing to do? How
about when your own domain was a sign that you were 31337? Well the new underground
status symbol appears to be having your own h/p zine. Sit down, shoot your mouth off,
insert some info from a coffee stained printout you found at the CO and you're ready to
rock. Simple, no? After watching a host of start-up zines start up and then fall on their
faces, the staff here at Phone Punx has decided to lay a little of our hard-earned zine
production wisdom out for all of you considering your own publication.
Don't even THINK of releasing your first issue until you have enough material for your
first 3 issues. There are few things more sad than seeing a new zine release one issue
and then cop out.
Don't try and run the whole thing yourself. We have 2 editors and a handful of stupidly
hard working writers who still struggle to meet deadlines.
Proof-read all issues. They call you an 'editor' for a reason.
Spellcheck!!! Nothing looks worse than glaring typos.
Don't include IRC logs. We don't care how cleverly you tormented that poor bastard
on #rock. Same goes for prank call logs.
Ask yourself: do you think your readers REALLY care what you thought of a con or
what you did there? And if you do put some con reviews and the like in an issue,
don't make it the ENTIRE issue.
Keep the fancy graphics to a minimum. Most zine readers aren't astounded by your
command of Photoshop nor do they have cable modems to download your graphics with.
Try and act like an adult. A lot of curse words, 31337 spelling, etc. just make
you look childish and people will take you less seriously.
We've all seen that same damn list of telco acronyms. Don't publish it again.
Are you planning on including a schematic in your zine? Include it as a graphic, not
an ASCII. Circuit diagrams get all kinds of screwed up when they're put up in ASCII
pictures.
Sacrifice release dates for completeness. Having an intro and 2 articles every month
is nothing compared to a quarterly with lots of good info in it.
Set up a mailing list for readers and a separate one for your staff. Keep your readers
informed with releases of new issues and other updates. As for the staff list, keeping
them informed as to what's going on will make them feel more involved and in return you'll
get a better product. Also, you and your staff can kick ideas back and forth and learn a
thing or two from each other.
If you reprint a manual make sure you label it as such. Plagiarizing a manual and passing
it off as yours won't really impress people. You'll look pretty damn stupid and even more
so when somebody asks you to elaborate on something you "wrote" and you have no clue what
you're talking about.
Think long and hard about printing numbers. The fastest way to kill a number is to print
it where anyone with an Internet connection can get the number and abuse the hell out of
it.
If you want to write an editorial don't just bitch about something. Provide reasons for
your opinion and how to fix the problem.
Don't publish an enemies list. Prank calls to random people only amuse the simple
minded.
If you post archives of old textfiles, try not to make a huge list of them. A handful of
GOOD files, along with a few comments on why you selected them is a better idea.
Be prepared to go the distance. Most people quit zines because of a lack of
readership/support and because they can't handle everything else that goes along with
writing a quality zine. There is a lot to deal with when writing a zine. If your zine
does become the new authority of the H/P zine, are you prepared to handle that
responsibility? Also, you shouldn't expect everyone to just worship you from the start.
There are so many zines that come and go within an issue or two that not too many people
really care. You might have to release several issues before anyone notices you. Now I
know your thinking, "what about zine XXXXX that got really huge from issue 1 and they
really sucked". Well you have to look at who is backing them. Some zines are backed by
groups that have a well known reputation and have a loyal fan base. If a higher up from
that group proclaims that some crappy zine is the best thing ever, then so it will be
without a second thought. Of course there are a few zines that are good right from the
start, but they are far and few.
Last and probably most important, ask yourself why you're doing this in the first place.
Most of us with PPM do this because we feel what we are doing is both needed and wanted.
In my opinion, writing a zine for just the hell of it, to be k-rad, or just because it's
the cool thing to do at the moment is just wrong. However, writing for a zine to get
chics is totally acceptable.
Top
Cyberpunk Culture
by Mohawk
I have changed the Cyber Culture section to the Cyberpunk culture section.
This will also take the place of the news section. There are plenty of places these days
to get the latest news on hackers and Net issues. So I am going to cover various issues that
interest and effect those involved in the H/P community. My main focus is going to be on issues that aren't really talked about. Because of this, I'm gonna be playing the Devil's
Advocate with some of these issues so that way it sparks your interest and gets you thinking.
-Cyber Speak Candy
It was bound to happen, Computer-related candy. Made by Necco (http://www.necco.com),
they are floppy disk shaped candy that have computer sayings like "Let's Chat", "Email Me",
and my reason for writing this article, "Cyber Punk". Cool huh? They're similar to candy
hearts that they sell for Valentines day. Candy for nerds and hackers. Kick ass. Actually
no. You know those candy wafers that no one ever eats and they just sit in the store for
years on end? Well that's what there made out of. They taste pretty bad. They should of
at least made them taste like Valentine's Day hearts, they taste a little better. But you
should get them though. You could tile your wall with crazy computer sayings. The box is
kinda cool looking too. Let's hope the next kind of computer-related candy that comes out
actually tastes good.
-Review of "Pirates of Silicon Valley"
The made for TV movie "Pirates of Silicon Valley" recently debuted on TNT to some
great reviews. The movie which is based on a true story follows the story of Bill Gates, founder of Microsoft and Steve Jobs, founder of Apple Computer and how they started out.
Their lives parallel and they eventually cross paths. This is one of the first movies
about computers that doesn't involve dramatic plots about hackers or the government. And
the surprising fact is that it is a very good movie. Who ever though that a movie about
a couple nerds starting computer companies and screwing people over would make a good
movie without any crazy plot twists? I love the movie, just can't watch it enough.
However, not everyone in the H/P community shares my opinion. I saw a lot of negative
comments about the movies, saying that the movie wasn't true and that they don't like
Gates to begin with, etc. First of all, this was "based on a true story", it's not a documentary. The producers took dramatic license on various points in the story. This
is where they take a story and change things to make it more dramatic. The general public
is gonna get bored out of their mind watching a documentary about Apple and Microsoft.
These people should win an award for making the movie interesting. You should also try to
put aside your opinions about Jobs and Gates and just enjoy the movie. If it bothers
you that much, pretend like it's a complete fiction and just try to enjoy it. Hopefully
we'll see more movies about computer-related stories.
- 7-11: the 24-hour hacker target
Next month the roll out for 7-11's technological make over will be finished. They
are just one of the latest stores joining the move to get computerized. 7-11 is the
largest convenience-store chain but each store only makes a little over a million a year.
Because of this information technology has never been a major concern but computer costs
are down and the move will increase sales in the long run.
The new system will improve inventory management, sales data, and it position with
suppliers. The system includes new software and hardware for each stores checkout counter
and back office. At the checkout counter they'll have a scanner and touch screen driver
system running DOS on NCR Corps. 7450 and 7453 PC cash registers. Clerk will use wireless
handhelds to receive guidance about what product belongs where and it will also aid in
ordering products. In the back office, applications for data reporting and analysis,
pricing, accounting, and other store functions on Windows NT. The servers which are
connected via ISDN are 233-MHz Intel Pentium II machines also from NCR.
At the corporate headquarters, they run a massive Oracle Corp. data warehouse on
Hewlett-Packard Unix Servers. I don't know what kind of security they run but it's probably
something like disabling certain functions. That's usually the norm in small stores running
NT. All of this technology present a huge target for hackers. Many hackers work at convenience stores some time in their hacking lives and employees are often left alone in
the store. The store managers are usually clueless about computers and they probably won't
consider hacker employees. Add that in with the fact that a majority of computer attacks
come from disgruntled employees and convenience stores are full of them. Also, the newly
released Back Orifice 2000 adds one more security issue in the mix. All together, this
presents a prime opportunity for hackers to really screw up 7-11. With over 95,000 stores
I expect we'll be hearing about some interesting 7-11 computer hacks.
-Review of ZDTV's Defcon Coverage
ZDTV, the 24-hour computer channel advertised extensive coverage of DefCon for more
then a week before the start of the con. I didn't go to DefCon so I though I'd get to see
what was goin on. They local news and CNN usually has poor coverage where the bash hackers
for thirty seconds. My Internet connection sucks so I couldn't watch it over the net. Well
I watched ZDTV all weekend, waiting for that Defcon coverage they advertised so much. I told
a lot of people about it and they too were waiting. They barely even mentioned DefCon until
late Sunday. Then they had a five part story about Defcon throughout the week and Silicon
Spin also talked about it. However, most of their coverage was focused on just BO2K. They
should of showed more of the con and everything that went on. They did show a small part
of spot the fed and they interviewed a couple people such as Dildog, Wels Pond, Count Zero,
and Gail Thackery. The way they did it though, it seemed that BO2K was the whole thing.
They should of had a best of DefCon show or something similar to demystify the con to the
general public. I was kinda pissed that they advertised coverage all weekend starting on
Friday and they barely said anything until Sunday. I try to be a nice guy and not judge
people by their looks but I saw a couple nasty people at DefCon from the coverage they do
show. Ok, so not everyone is the coolest looking person in the world, I understand but I
wonder if some of you people even own a friggin mirror. I'm talking about straight out of
"Revenge of the Nerds". Stop having your mother dress you. Anyway, sorry about that.
Someone has to do it.
Despite all of this, ZDTV is still a great channel. Hell, there the only computer
channel, that I get anyway, and I hope they learn how to handle things better in the future.
One thing I like is that they let both sides talk, they let the hackers give their side,
and they let the people against it give theirs. However, I have to take issue with hackers
and the media. The message needs to get out more that not all hackers are evil and that
were as diverse as any other culture. If anyone reading this ever gets on camera, try to
slip that in there somewhere. In my opinion, getting this message out should be top
priority and not a program but maybe that's just me.
-Free Internet Access & it's problems
It seems that everything will eventually wind up being free as long as you sit
through advertisements to get at it. The latest free service is Internet Access.
However, this brings about a range of issues.
Alta Vista will start offering free net access starting in September. All they ask
in return is that you view ads and enter information about yourself. They can then sell
that information to direct marketers. When something like this happens with the Internet,
more companies will come out with their own free access. Banks and department stores will
be the one of the first companies to join the bandwagon. Of course their ads will be
geared towards them. They'll be handing out free CD based login software at the stores
when you buy something. They will also be able to track what websites you visit and for
how long.
While this may seem like a good idea to some, there are just so many issues that this
raises. Cost is a major factor. How are they going to handle the insane amount of people?
It turns out that they still don't really know. Remember when AOL switched to $20 a month
for unlimited use? It was crazy. You were lucky if you could even get a busy signal. All
the calls practically shut down a switch by me. A Bell tech I talked to said He never saw
anything like it in his life. If it's even halfway decent access, a lot of people will want
to use it even if it's just for screwing around.
Some people will also be concerned with privacy. I've heard this concern about other
free services. If you're that freaked out about it, then don't do anything "sensitive" when
your on it.
Another major concern is hackers. This is take anywhere, anonymous access. We've
all free had access through one way or another, whether it be the library or hacking into
someone's account. However, the difference with this is it "could" be completely untraceable.
How will they know if you enter in the wrong information? Having someone enter in a credit
card would cut down on this but you that would be strange since it's free. Besides,
this would cut out a lot of people. I haven't heard a thing about security with free net
access. Since it hasn't been raised yet, it's probably not a big concern to Alta Vista.
Therefore, they probably have no security measures. Spammers would also have a field day
with this. They'll have to come up with a way to verify your information.
Another issue is how will a flood of new people effect the net. Other ISPs will have
to lower their prices and improve service to stay competitive. Could certain websites handle
so much extra traffic? We've seen plenty of examples in the past of websites shutting down
because they couldn't handle everyone.
There are other issues that could be raised but the main concern with you should be
security issues. There going to have a hard time keeping up with the cost of all the
people that want the service so I doubt that they spent more then 5 cents on security. Besides, I doubt anyone would use this service for anything bad anyway.
Top
Letters
We will print your letters. If you would like to make a comment, ask a question,
or whatever, send them in and we will publish them. If you don't want your letter
published, just let us know. All email address will not be published unless you
tell us otherwise.
From JD
Hey ,
I was just on your interesting and eye opening web site and I was wondering
if you have any information on spanish phone lines or could put me in
touch with someone who would know about them,
thanx in advance
JD
>Try to get in touch with phreaks in the UK and Germany, they might have
info on the rest of Europe.
From: Mark
hi there.what is the best newsgroup to find out about phreaks,cards, emulators
etc, etc???
many thanks
>Well the best NG for phreaking is alt.phreaking of course. However, keep
cards, emulators, etc. out of there. You'll have to find that info elsewhere.
From: Spcbytch
HEY I NEEN INFO ABOUT MAKING BOXES U KNOW LIKE BLACK ONES AND I CAN
FIND IT ANYWHERE IF U COULD HELP OUT I WOULD APPRECIATE IT. PEACE SPCBYTCH
>Hooked on Phonics, get it, please. If you want boxes try a search engine.
There is so much more to phreaking then just boxes, I suggest you forget about
them. At least explore the other areas of phreaking. There is so much out
there but everyone is concerned with boxes that stopped working years
ago.
From: hevnsnit
Hey, I am holding a Who's got the worlds best beige contest going, and I
was wondering if I could get a link to it, or any kind of other help with it..
Basically I just want to spread the word..
Thanks,
-hevnsnit
http://listen.to/att
>Done, mentioned in the newsletter and right here. If anyone has anything
else like this that they'd like to promote, feel free to send it over.
From: Port Error
ocpp,
Hey whatz up, im a local NJ phreaker/hacker, i'm from south jersey, cherry hill
area, thats all ill say, i'm pretty happy to see...someone has taken charge of
the NJ h/p peeps...I was just wondering if yah would exept any articals i have
written about certain systems i have worked w/ and certain hardware like cisco
routers. I can just say one thing from experience, if yah ever go beige boxin,
were gloves, and never ever ever, put your finger on the metal part of the
aligator clips when yah hook it up to a TNI or can....hehe.....you get
zaped...haha....but that was when i was learnin, but anywayz, i gtg, email me
back w/ some information, thanxs
>You could send us your articles, but please word them better
then you did your letter. We haven't taken charge of any "peeps".
I use to get them around Easter time but I would just chuck em. I'm
not much of a marshmallow person. We don't have much to do with NJ
anymore really. Most of us don't even live there. Touching metal
while hooking it up to another piece of metal that is hooked up to
electricity is never a good idea.
From: Mercury Gear
A few questions for the OCPP:
A: Do u need anyone to write? Seems like a pretty cool mag.
B: Different parts of Jersey, eh? Got any members located in the
Woodbury (Glassboro Township) area? We need phreaks here! There are
aprroximately 1.5 (besides myself) that I know of.Mmm, that's it.later
>We could always use more writers. We have a great staff now but the more writers
we have, the more faster we could crank out issues. We're not really NJ based
anymore, that was the OCPP. We're spread out all over the US.
Top
Copyright 1999 Phone Punx Network. Feel free to distribute this issue however,
do not modify this file in any way. All issues are free and are not allowed to
be sold in any form. If you are selling issues you can only charge what it cost
to reproduce them. Keep the information free. All works are owned by the PPN
and/or the authors of the article. If you feel that you own the copyright to a
work printed in this issue and have not given the permission of the author to
republish it, please email us.