The History of Phone Phreaking Blog

For a long time I’ve thought that the first public mention of the phrase “blue box” was January 9, 1966.  A New York Times article by UPI described FBI raids on organized crime bookmakers in Florida and New York who were using the devices both to avoid long-distance charges as well as to leave no traces of their telephone calls in billing records.  The latter was important because one of the FBI’s main tools against organized crime was obtaining toll-call records on suspected mobsters to see who they called.  Through this process the FBI could build up a network map of the bad guys and know who to investigate or arrest.

(Hmm, come to think of it, the FBI's efforts to collect toll-call records were in some ways a less-disturbing, lower-tech forerunner to the NSA's alleged "Stellar Wind" metadata collection program that was recently described by Newsweek.  And I suppose both of them are forms of traffic analysis.)

But I digress.  Just this week I found a mention of blue boxes in this 1963 talk by F. J. Moses, General Security Coordinator of American Telephone and Telegraph Company, at that year's International Association of Chiefs of Police conference.  I think this is an interesting paper for several reasons.  First, it describes the distributed structure of the Bell System and touches on the challenges of coordinating security across a bunch of fairly independent companies.  Second, it brings out the difference between credit card and third-number fraud vs. electronic toll fraud.  (More on this in another post, but it’s worth noting that credit card and third-number fraud was vastly, vastly larger than electronic toll fraud.)   Finally, it hints at the sometimes close (sometimes too close), sometimes rocky relationship between AT&T and law enforcement.  It’s only a few pages long and worth a read.

VintageTech, the great people who put on the Vintage Computer Festival, need your help this weekend.  They are moving their collection of historical computer equipment and books from Livermore, CA to Stockton, CA, and need help in Livermore packing and palletizing on Saturday and Sunday.  It is a fun opportunity to get up close and personal with a bunch of interesting computers and technology from a bygone era.  Plus, Sellam Ismail, the curator, is an amazing and generous guy.  I spent a fun (really!) three hours there this morning packing boxes and also snapped photos of some of the wonders to behold (thumbnails below).

So please: if you live in the San Francisco Bay Area and can come to Livermore for a few hours to help this weekend, please email sellam@vintagetech.com to coordinate.  They need help Saturday, 6/20; Sunday 6/21; and maybe even Monday 6/22.  Even an hour or two would be a big help.

The following 1973 memo from the Atlanta FBI Field Office to FBI Headquarters is just classic:

Can't you just imagine some poor FBI Special Agent trying to figure out why his FBI office was being charged $276.78 for credit card calls it didn't make... and then connecting the dots to the memo from the Houston field office ... and the flyer from the Students for a Democratic Society (SDS)... and realizing they'd been had?

This scam was possible because AT&T used a system for encoding credit card numbers that was easy to spoof.  In AT&T's defense, it was early days; on-line transaction processing was still years away and they needed a system that operators could verify without a big fancy on-line database query.  The very first issue (May 1971) of YIPL explains it better than I can:

It goes without saying that AT&T no longer encodes credit card numbers that way.  :-)  And for the record, I'm not condoning credit-card or third-number fraud.  But I am amused at the chutzpah of the SDS in getting people to annoy the FBI in this manner back in the day.

You can read the rest of the FBI file here if you're so inclined.

I'm a closet economist.  This means that, like most economists, I love pithy little phrases that neatly encapsulate intellectual concepts. You know: supply and demand. Efficient markets.  Marginal utility.

The original Science article

Here’s one I really like that you may not have heard of: the tragedy of the commons. This was the title of a 1968 Science article describing how individual decisions about use of a shared resource often result in it being ruined for everyone.  The classic example is farmers grazing their animals in the "commons" -- shared pasture land not owned or controlled by any one person.  Because the shared land isn't subject to usage rules, farmers make individual (vs. collective) decisions about how many animals should feed there and how much they should eat. Predictably the commons becomes overgrazed, ruining it for everyone. More modern examples include mining, oil, and gas extraction.  Fishing, too: overfishing has been much in the news of late.

Now say you’re a phone phreak instead of a farmer. You’ve discovered some new vulnerability in the phone network – maybe a new way to make a free phone call or a hitherto undiscovered telephone conferencing bridge you can use to chat with your friends. Naturally, you’ll want to share this with your buddies, both for bragging rights as well as to spread the love so they can use it too. And just as naturally, they'll want to tell their friends all about it as well. Information like this wants to be shared – phone phreaks are social animals and, like enthusiasts in all walks of life, they love telling their friends about the new new thing.

But there’s the rub. That new little hack you’ve discovered is about to get “overphished.”  When hundreds of phone phreaks start using it, somebody in the telephone company is going to notice.  And when that happens they’ll patch the hole, ruining it for all the other phreaks.

In other words, a tragedy of the informational commons will have occurred. Information like this may want to be free, but it also wants to be secret, because if it’s shared too much it loses its value.

Famous phone phreak Joybubbles frustrated some fellow phone phreaks back in the 1970s because he believed that “knowledge shared is knowledge expanded.” For this and other reasons he usually wouldn't agree to keep secrets. As a result, some phone phreaks avoided telling him things they thought were particularly sensitive for fear that he would tell others, leading to overphishing.

The same problem comes up in another area related to information security: codebreaking. Let’s say your crypto boys and girls have been eating their Wheaties and have broken your enemy’s codes. Now what? What do you do with this bonanza of intelligence? For the information that you glean from reading your adversary’s email to have any value, you need to act on it.  But if you act on it, your enemy may figure out that you’ve broken his codes and will go and change them, leaving you in the dark.  Ooops.

This is one of the reasons that since World War II signals intelligence (“SIGINT”) – that is, information obtained from intercepting enemy radio traffic or other communications – has been heavily compartmented using clearances above top secret. By restricting who knows about it, we hopefully prevent the bad guys from finding out that we’ve broken their codes, either by the news leaking directly to them or by our exploiting the intelligence in some way that makes it obvious that they’re been hosed.

American Cryptology During the Cold War

It’s interesting to see that some of the phone phreaks in the 1970s effectively made their own compartments for phreaking information -- information that Joybubbles wasn’t cleared for!

Neal Stephenson does a wonderful job weaving this theme throughout his magnificent book Cryptonomicon.  This tension is also discussed in Thomas Johnson’s American Cryptology during the Cold War, the NSA’s official internal history that was declassified a year or so ago.  Both are fascinating reading.

I’d love to hear more examples of overphishing. Got any?

A few days ago the Wired Threat Level blog ran a story titled "International Phone Hacking Ring Busted; Stole $55 Million Worth of Calls."  The story notes that the hackers stole and resold 12 million minutes of calls.

Hmm.  55 million dollars / 12 million minutes = $4.58 per minute.

To whoever was paying that kind of money for phone calls: please contact me.  I have some prime Florida real estate and a bridge or two that I'd like to talk to you about.

(Thanks and a tip of the hat to Herr Professor Doktor for bringing this to my attention and to the commenter "JoeBuck" over at Wired Threat Level who is also able to do long division.)

Please excuse the unusual nature of this posting.

Last weekend while at the Maker Faire I received a telephone call from a deep-voiced gentleman named Milo Fonbil.  ("Milo Fonbill."  "My Low Phone Bill."  Get it?  Get it?  Ahem.)

I was excited to get this phone call because Milo was a famous phone phreak back in the 1970s -- so famous, in fact, that he had his own issue of YIPL/TAP in 1978.  But I wasn't quite quick enough to pick up the call before it went to voicemail.  And that in turn made me sad because Milo didn't leave a phone number.

So: Milo or anyone knowing his whereabouts, please call home.  Er, that is, call me.  Or email me.  Carrier pigeon.  Whatrever.  Just get in touch somehow, 'k?  I'd love to chat.

The FBI stunned me today.

It has quietly implemented changes that should significantly increase the chance that people requesting FBI documents under the Freedom of Information Act will actually find something useful.  And it has done so in a way that actually lessens the burden on such requesters.

Regular readers of this blog -- all three or so of you :-) -- will know that I've made heavy use of the Freedom of Information Act (FOIA) in my phone phreak history research.  One of my most frequent pen pals for these requests has been the FBI: at last count I've submitted about 300 FOIA requests to them.

This has caused me to become a reluctant expert in FBI FOIA procedures (for example, see here and here).  And I've learned that the FBI makes you jump through flaming hoops to have any chance of getting the records you're looking for.  For example, you need to know certain magic words (like asking for a search of the "manual indices") or else they only search for your requests in their computerized database... which would be ok if their computerized database went back further than 1973!  And you need to know to send requests not just to FBI Headquarters but also to any or all of the 56 FBI Field Offices that might have had something about the topic you're investigating.  (To its credit, if you jump through the right hoops, the FBI seems to have been pretty good about searching for records, at least in my experience.)

Well, today I got back a FBI FOIA request acknowledgment letter that mentioned the FBI conducted a search of "our central records system at FBI Headquarters and all FBI field offices."  Huh?!  I didn't even ask for a search of all field offices.  So I called David P. Sobonya, the FBI FOIA Public Information Officer, to ask if something had changed.

Mr. Sobonya said that as a result of Attorney General Holder's FOIA memorandum the FBI has improved its FOIA search procedures.  The FBI will now automatically search the records of both Headquarters and all FBI Field Offices with one simple request to Headquarters.  This should dramatically increase the chances of finding goodies while simplifying life for the FOIA requester.  In addition he said that they will now automatically search both the automated and manual indices, whether or not a requester asks for it.  Finally, he said they are now accepting emailed and faxed Privacy Act requests (whereas before they only accepted them via snail mail).

This is excellent news and should be a big improvement for FBI FOIA accuracy and ease of use.  Kudos to the Department of Justice and FBI for taking this important step.

Here is a somebody who really knows how to combine two potentially boring, geeky topics -- phreaking and etymology -- and make it interesting:

If only I had such natural, um, talents.

While I quibble with her statement that the phrase "phone phreaking" is redundant, she does an admirable job getting her facts right.  It does appear that the term "phreak" showed up in 1971, apparently introduced by Ron Rosenbaum in his Esquire article.  Prior to that phone phreaks called themselves "phone freaks."  Indeed, there was a half-joking organization of phone phreaks called "Phone Freaks of America" (PFA), later expanded to "Phone Freaks International" (PFI).  And she correctly avoids the common mistake of attributing discovery of the 2600 Hz Captain Crunch whistle to John Draper, since it was around long before he appropriated it as his nom de phreak. Nice work, Marina!

The Senate is considering a bill that would outlaw caller ID spoofing:

I'm glad they added the "intent to defraud" part.

(Thanks, RIchard!)

Several former phone phreaks have asked me how they can request their own FBI files.

It's really easy: Just go to GetMyFBIFile.Com and follow the instructions.  That web site creates the letters you need to mail to the FBI to get your files.  Just print the letters and mail them off.  You'll get an acknowledgment letter back from the FBI in about 10 days.  If they don't have any records you'll get a letter saying so about two weeks later.  If they do have records on you it will take anywhere from three to nine months for them to arrive depending on how long the records are and whether they were classified.

The cost?  $0.42 for a postage stamp and $0.10 per page if your file is more than 100 pages long.  Most files aren't very long, so most requests are free.

If you're turned off by typing your personal information into a random web site run by anonymous people, just leave your personal information blank.  The web site will generate letters with blanks in it that you can then fill out by hand.  You can also use the FBI's own request form if you're really paranoid.  But I think GetMyFBIFile is easier to use.  It also supports sending requests to FBI field offices.  This is really important: the FBI filing system is decentralized and many times FBI field offices have records that FBI HQ doesn't.  So if you spent most of your phone phreak career in Los Angeles but you now live in New York, you should send a request letter to both FBI HQ and the FBI LA field office.  Heck, while you're at it, send one to the NY field office too.  You can do this just by checking a box at GetMyFBIFile.Com.

Yes, you in the back with your hand up, do you have a question?  Ah.  Yes, that question comes up a lot.  Virtually every person I talk to about FBI files asks, "Isn't it true that if you don't have an FBI file and you request your file, the FBI will start a file on you?"

The FBI says that's not true.  I have no evidence to suggest otherwise; it seems like a lot of work and would clog up their filing system with a bunch of useless data.  (More than 17,000 people filed FBI FOIA requests last year.)

But let me turn the question around.  What evidence would you need to convince you that the FBI doesn't start files on FOIA requesters?  Say that the Director of the FBI himself stood in front of you and the nation and swore on the Bible, the Koran, the Bell System Technical Journal, and the Kernighan and Ritchie C programming language book that the FBI doesn't start files on people who request their FBI files under FOIA.  Would you believe him?

Your answer says a lot about how paranoid you are.  It also illustrates the difficulty of proving a negative.  :-)