The History of Phone Phreaking Blog

"Once is happenstance.  Twice is coincidence.  Three times is enemy action.”

One should always pay attention to the sayings of James Bond villains.  So I took notice when three separate phone phreaks I interviewed mentioned Edward Thorp’s 1962 book Beat the Dealer.

For many years Beat the Dealer was the Bible of Blackjack: a perfectly legal system for beating the game of 21 that didn’t even require card counting.  (if you were willing to count cards, also perfectly legal, Thorp described in detail a system in which you could do even better.)  Beat the Dealer was based on calculations of blackjack probabilities that were made using MIT’s IBM 704 computer.

The phone phreaks who mentioned this book said it had a strong influence on them.  Perhaps this should come as no surprise.  Hackers and phone phreaks often can’t help themselves when it comes to figuring out how to beat systems.  It’s in their nature.  Computer systems, telephone systems, gambling systems, they're all the same – just another great big intellectual challenge.  They're after the dopamine hit you get from cracking a code or solving a puzzle; that and bragging rights.

In the late 50s and early 60s when Thorp was an undergrad at UCLA and grad student at MIT he was obsessed with using both brains and technology to hack gambling.  While at MIT he talked Claude Shannon, an MIT professor and the father of information theory, into working with him to build a wearable 12-transistor analog computer to beat Vegas by predicting the outcome of roulette.

Let me say that again in case you missed it, because I find it audacious and stunning to this day: he and Claude Shannon built a 12-transistor wearable analog computer to beat Vegas by predicting the outcome of roulette.  In 1960.  This little gem used toe switches hidden in your shoes to input the timing of the ball and the wheel.  As output it used a tiny ear phone and one of eight tones to communicate its prediction of which one-eighth of the roulette wheel the ball should land in.  Its expected return over the long run was +44%.  You can read Thorp's own brief account of it here, it’s fascinating.

Thorp’s work on roulette became public in 1966.  Other groups built on it.  One at the University of California at Santa Cruz spent years building an 8-bit wearable digital computer for predicting roulette.  Their saga was chronicled in Thomas Bass’s 1985 book The Eudaemonic Pie.  Others applied digital technology to wearable blackjack computers; I had one demonstrated to me by a former phone phreak in my living room a few years ago. You can still buy them, too, or just read about their development history.  You can't use them, though, at least not legally in Nevada: Thorp says that in 1985 the Nevada state legislature passed a law banning the use of wearable computers for gambling.

Just posted over at the History of Phone Phreaking web site is a scanned PDF copy of the 1974 AT&T Long Lines Distance Dialing Reference Guide (DDRG).

The DDRG was an internal AT&T document that provided summary information for every telephone prefix in every area code -- fascinating information like the "V&H coordinates" of the central office, the "operator code" for getting to an inward operator, etc.

In other words, as with the previously posted Traffic Routing Guide, this is likely to be of interest only to hard core phone phreaks from the 1960s and 1970s.  :-)

Happy Thanksgiving, everyone!

Mourly Vold had discovered how to use his telephone as a scientific instrument, a sharp-tipped probe to investigate the organization of the telephone networks.  Once he had directed himself out of the local exchange, he could send himself wherever he wanted to go by speaking to the operators in their own language.  He made contact with the traffic service engineers, the route managers, the local office technicians [...] They answered his questions and explained things to him.  [...]  With benefit of these tutorials, the organization of the telephone system grew clearer in his mind's eye.  They had constructed it with an open path, a paved highway even, for an invader.  He saw himself standing on this highway with nothing in his way.  He could race up and down as much as he liked, and he could bring his friends in to enjoy the freedom, too.  Why had they taken so few precautions against him?  They had assumed that no one would ever be interested.

-- from Loving Little Egypt by Thomas McMahon, 1987

Loving Little Egypt is the second novel by the late Thomas McMahon, a Professor of Applied Mechanics and biology at Harvard University.  It tells the story of Mourly Vold, aka "Little Egypt," a blind phone phreak who wants only to explore the telephone network and get the phone company to fix what's broken about it.  In the process he and his pals discover adventure, love, betrayal, and revenge.  Loving Little Egypt is fantasy: although McMahon says up front that it was inspired by the 1971 Esquire article, the phreaks have been transplanted to the 1920s, where Mourly -- who seems to be a blend of real-life phone phreaks Joybubbles and John Draper -- gets to play with fanciful network equipment ("Z trunks") and pal around with the likes of Alexander Graham Bell, Thomas Edison, and Nikolai Tesla.  It gets the vibe right, though, and (presciently for 1987) nails issues that still plague us today, such as how to deal with security vulnerabilities:

"Why have you been trying so hard to get our attention?  What's your message?" asked Bertram Fairchild, the President of the phone company.

"I came here to show you that your new in-band signaling system equipment can be manipulated by anybody who can click his tongue," Mourly Vold told him.  "I'm willing to help you fix it, but it will be a big job ... It's badly built."

"I don't agree it's badly built," Fairchild said.

"It's vulnerable."

"Only to you," Fairchild said.  "If you really feel as protective towards it as you say you do, you could agree to be discreet with that information."

"I could," Mourly Vold said, "but that would do no good at all.  The cat is out of the bag.  What I found, another person could.  You don't need to fix me. You need to fix the networks.  I don't know what could be plainer than that."

(My emphasis, by the way; I think that is one of the clearest statements about technology, security, and human nature I've seen.)

It's a good read -- better than I expected, to be honest -- and surprisingly touching in places.  Worth checking out.

P.S., Other than Tandem Rush (which I've not read), Loving Little Egypt is the only phone-phreak themed novel I'm aware of.  Please let me know if you know of others.

Flickr user Marc F. has posted a lovely collection of Bell Labs / Western Electric test equipment (and some other stuff) porn images.  Fun!

For a long time I’ve thought that the first public mention of the phrase “blue box” was January 9, 1966.  A New York Times article by UPI described FBI raids on organized crime bookmakers in Florida and New York who were using the devices both to avoid long-distance charges as well as to leave no traces of their telephone calls in billing records.  The latter was important because one of the FBI’s main tools against organized crime was obtaining toll-call records on suspected mobsters to see who they called.  Through this process the FBI could build up a network map of the bad guys and know who to investigate or arrest.

(Hmm, come to think of it, the FBI's efforts to collect toll-call records were in some ways a less-disturbing, lower-tech forerunner to the NSA's alleged "Stellar Wind" metadata collection program that was recently described by Newsweek.  And I suppose both of them are forms of traffic analysis.)

But I digress.  Just this week I found a mention of blue boxes in this 1963 talk by F. J. Moses, General Security Coordinator of American Telephone and Telegraph Company, at that year's International Association of Chiefs of Police conference.  I think this is an interesting paper for several reasons.  First, it describes the distributed structure of the Bell System and touches on the challenges of coordinating security across a bunch of fairly independent companies.  Second, it brings out the difference between credit card and third-number fraud vs. electronic toll fraud.  (More on this in another post, but it’s worth noting that credit card and third-number fraud was vastly, vastly larger than electronic toll fraud.)   Finally, it hints at the sometimes close (sometimes too close), sometimes rocky relationship between AT&T and law enforcement.  It’s only a few pages long and worth a read.

VintageTech, the great people who put on the Vintage Computer Festival, need your help this weekend.  They are moving their collection of historical computer equipment and books from Livermore, CA to Stockton, CA, and need help in Livermore packing and palletizing on Saturday and Sunday.  It is a fun opportunity to get up close and personal with a bunch of interesting computers and technology from a bygone era.  Plus, Sellam Ismail, the curator, is an amazing and generous guy.  I spent a fun (really!) three hours there this morning packing boxes and also snapped photos of some of the wonders to behold (thumbnails below).

So please: if you live in the San Francisco Bay Area and can come to Livermore for a few hours to help this weekend, please email sellam@vintagetech.com to coordinate.  They need help Saturday, 6/20; Sunday 6/21; and maybe even Monday 6/22.  Even an hour or two would be a big help.

 

The following 1973 memo from the Atlanta FBI Field Office to FBI Headquarters is just classic:

Can't you just imagine some poor FBI Special Agent trying to figure out why his FBI office was being charged $276.78 for credit card calls it didn't make... and then connecting the dots to the memo from the Houston field office ... and the flyer from the Students for a Democratic Society (SDS)... and realizing they'd been had?

This scam was possible because AT&T used a system for encoding credit card numbers that was easy to spoof.  In AT&T's defense, it was early days; on-line transaction processing was still years away and they needed a system that operators could verify without a big fancy on-line database query.  The very first issue (May 1971) of YIPL explains it better than I can:

It goes without saying that AT&T no longer encodes credit card numbers that way.  :-)  And for the record, I'm not condoning credit-card or third-number fraud.  But I am amused at the chutzpah of the SDS in getting people to annoy the FBI in this manner back in the day.

You can read the rest of the FBI file here if you're so inclined.

I'm a closet economist.  This means that, like most economists, I love pithy little phrases that neatly encapsulate intellectual concepts. You know: supply and demand. Efficient markets.  Marginal utility.

Here’s one I really like that you may not have heard of: the tragedy of the commons. This was the title of a 1968 Science article describing how individual decisions about use of a shared resource often result in it being ruined for everyone.  The classic example is farmers grazing their animals in the "commons" -- shared pasture land not owned or controlled by any one person.  Because the shared land isn't subject to usage rules, farmers make individual (vs. collective) decisions about how many animals should feed there and how much they should eat. Predictably the commons becomes overgrazed, ruining it for everyone. More modern examples include mining, oil, and gas extraction.  Fishing, too: overfishing has been much in the news of late.

Now say you’re a phone phreak instead of a farmer. You’ve discovered some new vulnerability in the phone network – maybe a new way to make a free phone call or a hitherto undiscovered telephone conferencing bridge you can use to chat with your friends. Naturally, you’ll want to share this with your buddies, both for bragging rights as well as to spread the love so they can use it too. And just as naturally, they'll want to tell their friends all about it as well. Information like this wants to be shared – phone phreaks are social animals and, like enthusiasts in all walks of life, they love telling their friends about the new new thing.

But there’s the rub. That new little hack you’ve discovered is about to get “overphished.”  When hundreds of phone phreaks start using it, somebody in the telephone company is going to notice.  And when that happens they’ll patch the hole, ruining it for all the other phreaks.

In other words, a tragedy of the informational commons will have occurred. Information like this may want to be free, but it also wants to be secret, because if it’s shared too much it loses its value.

Famous phone phreak Joybubbles frustrated some fellow phone phreaks back in the 1970s because he believed that “knowledge shared is knowledge expanded.” For this and other reasons he usually wouldn't agree to keep secrets. As a result, some phone phreaks avoided telling him things they thought were particularly sensitive for fear that he would tell others, leading to overphishing.

The same problem comes up in another area related to information security: codebreaking. Let’s say your crypto boys and girls have been eating their Wheaties and have broken your enemy’s codes. Now what? What do you do with this bonanza of intelligence? For the information that you glean from reading your adversary’s email to have any value, you need to act on it.  But if you act on it, your enemy may figure out that you’ve broken his codes and will go and change them, leaving you in the dark.  Ooops.

This is one of the reasons that since World War II signals intelligence (“SIGINT”) – that is, information obtained from intercepting enemy radio traffic or other communications – has been heavily compartmented using clearances above top secret. By restricting who knows about it, we hopefully prevent the bad guys from finding out that we’ve broken their codes, either by the news leaking directly to them or by our exploiting the intelligence in some way that makes it obvious that they’re been hosed.

It’s interesting to see that some of the phone phreaks in the 1970s effectively made their own compartments for phreaking information -- information that Joybubbles wasn’t cleared for!

Neal Stephenson does a wonderful job weaving this theme throughout his magnificent book Cryptonomicon.  This tension is also discussed in Thomas Johnson’s American Cryptology during the Cold War, the NSA’s official internal history that was declassified a year or so ago.  Both are fascinating reading.

I’d love to hear more examples of overphishing. Got any?

A few days ago the Wired Threat Level blog ran a story titled "International Phone Hacking Ring Busted; Stole $55 Million Worth of Calls."  The story notes that the hackers stole and resold 12 million minutes of calls.

Hmm.  55 million dollars / 12 million minutes = $4.58 per minute.

To whoever was paying that kind of money for phone calls: please contact me.  I have some prime Florida real estate and a bridge or two that I'd like to talk to you about.

(Thanks and a tip of the hat to Herr Professor Doktor for bringing this to my attention and to the commenter "JoeBuck" over at Wired Threat Level who is also able to do long division.)

Please excuse the unusual nature of this posting.

Last weekend while at the Maker Faire I received a telephone call from a deep-voiced gentleman named Milo Fonbil.  ("Milo Fonbill."  "My Low Phone Bill."  Get it?  Get it?  Ahem.)

I was excited to get this phone call because Milo was a famous phone phreak back in the 1970s -- so famous, in fact, that he had his own issue of YIPL/TAP in 1978.  But I wasn't quite quick enough to pick up the call before it went to voicemail.  And that in turn made me sad because Milo didn't leave a phone number.

So: Milo or anyone knowing his whereabouts, please call home.  Er, that is, call me.  Or email me.  Carrier pigeon.  Whatrever.  Just get in touch somehow, 'k?  I'd love to chat.