___ __ __ / _ \/ / _______ ___ _/ /_____ / ___/ _ \/ __/ -_) _ `/ '_(_-< /_/ /_//_/_/ \__/\_,_/_/\_Y___/ ___ ____ ___/ / / _ `/ _ Y _ / _\_,_/_//_|_,_/ / ___/__ ___ / /_____ / (_ / -_) -_) '_(_-< \___/\__/\__/_/\_Y___/ Implementing good telecommunications security By Captain B Written 2/21/04 Security. It tends to be something many don't truly think about until after It's already too late. And, with something such as security over the airwaves or other various types of telecommunications links, there seems to be even less of a sense of concern. Well, granted, the average person doesn't know the things many of us know when it comes to such stuff, but what you don't know most certainly can hurt you. So, there's no real excuse for not wanting to simply play it safe. Now, let's start off with landline telecom security, and I'll move on afterward. If someone has your line tapped, and is recording off of it, not only do you have to worry about the eavsdropping deal, but, if you're dialing via DTMF (touch tone) as most people do by now, then that person could do one of a number of things with the numbers you puch in when dialing someone. They could either run it through a DTMF decoder to see what number you dialed, or use anohter variation by dialing a pager, and playing the DTMF tones and see what shows up on the pager. If their feeling in a bit of a prank playing mood, they could even play that DTMF into the pager of a total stranger. And, of course, they could always use the touch tones to dial the person you dialed. How do you prevent this? Switch your phone over to pulse (rotary) dialing, at least when dialing a number, then use the phone's * (star) key to switch on the fly back to DTMF mode if you need to, and if your phone supports that feature. If you phone is an cheapo model without the abilty to switch between tone and pulse dialing via the star key after dialing a number, you can sometimes manage to switch the T/P to pulse first when dialing, the switch the switch it tone, do a fast switch hook flash (and DO NOT use the flash button if you have one) and, presto, your back to tone dialing again. If you have a older or perhaps more cheaper model touch tone phone with no switch, simply use the technique I once outlined in my "Switch hook dialing" text file to dial a number by quickly and repeatedly flashing the switch to simulate pulse dialing. It's just a matter of flashing the appropriate number of times to represent the dialed digit (Example 8 rapid switch hook flashes represents dialing the digit "8") then, take a brief pause between each dialed digit until you eventually hammer out the number your dialing.On a side note, there's 2 other ways to simulate switch hook dialing: Either rapidly pulling the line cord in and out of the phone jack (which could also be done at the other end of the line cord where it attaches to the back of your phone) taking a pause between each dialed digt again, of course, or soldering up a small "Normally closed" momentary SPST on/off switch, and rapidly jamming on the switch in the same manner as would be done with the switch hook. And of couse, even if someone is recording you when dialing via pulse dialing, they can't just simply play a recorded DTMF touch tone string back into the phone this way since pulse dialing operates on elecrtical pulses rather than sound principles. Also, to prevent someone from tapping in at your ANI or any other point on your line, padlock your TNI (Telephone Network Interface) box, and to make it more difficult to open easily from the telco side of the TNI box, wrap a twist tie used for closing garbage bags through the little hole on the telco side of the TNI and secure it tightly. You could also use string, or a twist tie from the bag on a loaf of bread, or more than 1 of these things if you so desire. I don't think there's a padlock on the market (that I know of) that properly fits through that hole on the telco side of the TNI. Also, other models of TNI boxes won't have this. And, if you also keep a phone for each line off the hook during the overnight hours, no one can simply tap your line and get a dial tone. But, if you'd rather keep it on hook in case of an emergency call from someone, that's understandable. Next, let's talk about cordless phones, cell phones, and anything else using RF (Radio Frequency). First off, I personally kind of have "wireless phobia". Because, with anything wireless, It's biggest advantage is also It's biggest disadvantage. Becuase, unless a wireless transmission of any type is properly digitally encoded, or some effective type of "voice scrambling" method is used, a person won't necessarily even need to tap your line to listen in. This was especially true for the old analog 49Mhz cordless phones. The only equipment one needs to own to eavsdrop on conversations over those phones is a standard police scanner. But to be fair, that was pretty much before the days of cordless phones using digital transmission and DSS (Digital Spread Spectrum) scrambling technology anyway. Fortunately, newer cordless phones use higher freqency ranges. The 2 best being 2,4Ghz and the new 5.8Ghz cordless phones. But, besides for police scanners, if there exists a piece of electronic equipment of any type to pick up the frequency you're transmitting on, you run the risk of being intercepted. Well, at least with the analog transmission method anyway. Whenever using voice or data communication technology, steer way clear of analog. Besides, digital transmissions are of higher sound quality anyway. And, although I don't think there's too much out there by now in the way of analog cell phone communications, I'll still say it just to cover all bases.. Stay away from analog cell phones. Also, to prevent being "triangulated" (3 cell towers narrowing your position down to within a triangular radius) removed the cell phone battery from the phone when you're not taking/making calls. I've heard some cell phones may still power the phone enough as to allow for triangulation when switched off. Granted, I can't confirm this, but why take chances if you don't have to? Also, this same wireless technology rule applies to "Wi-Fi" (wireless internet connections) via wireless routers and other wireless networking solutions (assuming there's any that may use the analog transmission method just in case). Running a good firewall (if you bought a router without built in firewall protection) and a good proxy couldn't hurt either. But, fortunately, Wi-Fi uses a frequency out of the normal range of a police scanner (2.4Ghz). Just remember though, police scanners and many things in electronic equipment have at least some potentional to be "modded" (modified) to work differently than how it did right out of the box. Also, some people for some reason also seem to assume that when their using their FRS 2 way radio, It's a private communication link between them and their buddy only, with no one able to listen in, or transmit on their same frequency. Hopefully, you're one such person that already knew better than that (assuming you own/use a FRS 2 way radio). Personally though, I prefer wired communication over wireless. Most secure of all is voice/data transmissions over fiber optic cabling. But, umm... I can't exactly say I've heard of a ton of cases where someone had fiber op installed in their home. But just to mention in case you din't already know, what makes communications over fiber so secure is the fact that is communication using laser optics (light) technology rather than transmissions superimposed on electical signals send over a twisted pair of copper wire. Also, fiber optic cabling is completely free from the electical interference that can plague twisted copper pair cabling. And, since all transmissions over fiber optics are always of the digital transmission type, sound clarity is superb. What's more, even if someone tried to tap your line by splicing into fiber optic, much like they can with copper pair wiring, that won't work. After all, It's light, not electricity used to transmit the voice/data connections. Actually, fiber op can even carry digital broadcast or cable TV transmissions. (Just to cover that). I realize full well most of this info should be pretty common knowledge to anyone who's been either phreaking for a bit now, or simply doing the homework. But, it always pays to try to give people a little food for thought from time to time. After all, with many, common sense Isn't quite so "common" these days. -Shouts 2 ic0n, Jennifer with TWPYHR.com, dual, amd the OldSkoolPhreak.com krew, and the BinRev.com forums krew-