next up previous
Next: References

The Evolution Of Telco Fraud Articles In Phrack

Michael Miller

Phrack magazine, published electronically, is the equivalent of a popular trade magazine geared towards computer hackers. The format is such that anyone can submit an article, and an editor decides what makes the magazine. It has been filled with all kinds of information like the security of computer and telephone systems, as well as other sundries during its almost nine year lifetime. However, Phrack is no ordinary trade magazine. First, it is published electronically over the Internet, and second, many of the articles included in it can be used for fraudulent activities. Both of these facts have made Phrack a juicy target for law enforcement activities. In the words of the latest editor of the magazine, ``Erik Bloodaxe,'' (a pseudonym for Chris Goggans),

``During its lifetime, Phrack has always been at the center of controversy. Since the magazine has always been openly available, it presented law enforcement officials with what they perceived to be a direct link into the secret society of computer hackers,'' (from
Up until very recently, Phrack had been openly available to all interested parties. The fact that this has changed will be discussed later in the paper.

The major concern of this paper will be the evolution of telecommunications fraud articles throughout the history of Phrack. First, the history of the magazine and its general trends will be examined. Then we'll look at some specific telco fraud articles taken from a random sampling of issues, ranging from issues one and two through nine, twenty-seven, and the latest, forty-six [see the bibliography for a complete source listing]. From an analysis of these articles, we'll try to draw some conclusions about the hacker culture and about Phrack in general.

In the beginning, Phrack was formed to distribute information including ``articles on telcom (phreaking/hacking), anarchy (guns and death & destruction) or kracking.'' (Phrack Issue 1, 1985). Because the first issues were published in the mid-eighties, there was no Internet to distribute them. Thus, many copies were made and sent to various BBS's around the country for interested hackers to pick up. This has evolved into the streamlined e-mail subscription lists that are now used over the Internet.

In what we'll from here on refer to as the early years of Phrack (from 1985-1987), the articles had the dry tone of technical manuals and PR flyers. It was almost as if the editor was looking for any articles he could get his hands on, and there weren't that many experienced hackers to write for him. Thus we see articles like the one from Phrack Issue 2, November 1985, ``Toward Universal Information Services Via ISDN.'' This is one of the few articles which actually acknowledge that its source was an AT& newsletter. Of course, it is almost obvious when reading the article, with sentences like: ``Lightguide fiber is dramatically expanding the capacity of local networks, helping to lower the costs and increase the demand for high-band width, Information Age services.'' Also unlike many of the other articles in Phrack, this one has several comments from the ``author'' in it: ``The central idea of ISDN . . . is to provide an individual user a link to the local central office of generous band-width - a digital subscriber line that can carry 144,000 bits per second (sure beats 2400 baud!).''

Another article in the same issue has that PR-flyer tone to it, as well. This one is titled ``MCI Overview,'' and is basically something that you would read about while waiting in the front office of your local telephone company. It reads, ``Since its founding in 1968, MCI has grown to more than $1.6 billion in annual sales and serves more that 1.9 million business, residential and government customers through its four major business units . . .'' Unlike the previous example, there were no comments by the author in this one, and no acknowledgements or sources.

Also in Phrack Issue 2, we see the introduction of what will become a regular ``column,'' the Phrack World News. This basically serves as a large rumor mill where reports of hacker feuds, new BBS's, and reports of busts get equal billing. Later in the paper, the impact of reporting these busts in Phrack World News will be examined.

The middle years of Phrack, from 1987-1990, saw the magazine maturing into the type of magazine it is today. Hackers and phreakers were getting more security conscious, as was obvious through many of the articles to be found in Issues 14 through 27. From the beginning of these middle years, the tone began with wariness towards the authorities:

``Most of you know about the nationwide arrest of the phreak/hack world's most knowledgeable members. I may recieve a visit from the authorities as well and because of this and other events, I am going to leave the modem world,''
says the editor of Phrack, in Issue 14. He continues, ``. . . as of now, Phrack, Inc. is disolved.'' However, just one month later, Issue 15 of Phrack was released with much hoopla, owing in part to the transfer of editorship.

In Issue 14, an article entitled ``The Conscience of a Hacker'' was reprinted (from an earlier Phrack), with a dedication to those who were busted in the recent crackdown. The article is a piece of prose written by ``The Mentor'' regarding why he hacked and what he thought of the authorities. One great section goes:

``We make use of a service already existing without paying for what could be dirt-cheap if it wasn't run by profiteering gluttons, and you call us criminals. We explore. . . and you call us criminals. We seek after knowledge. . . and you call us criminals. . . . Yes, I am a criminal. My crime is that of curiosity. . . My crime is that of outsmarting you, something that you will never forgive me for,'' (Phrack Issue 14, July 1987).

Continuing with the new security awareness, an article called ``Shadows of a Future Past'' appeared in Phrack Issue 21, which chronicled various sting operations used against hackers and phreakers. One of the earliest sting boards mentioned was the Phoenix Phortress BBS, which in July 1986, was used in the arrest of seven computer hackers. It is interesting to note that, of the seven arrested, three were 15 years old, two were 16, one was 17, and one was 19. Preceeding and following the sting reports in this article, the author urges hackers to be more careful in their lives:

``. . . today's security consultants and law enforcement agencies are smarter than ever too and they know where to strike in order to do the most damage. . . This file will attempt to show the extent of this problem within the community and hopefully will lead readers to discover ways of protecting themselves from the many ``venus fly traps'' they are likely to encounter,'' (Phrack Issue 21, November 1988).
The article is closed by saying that the time the author spent putting into the article would be worth it if it helps or saves just one phreak/hacker.

In the years that followed, many phreakers and hackers who did not heed the advice of ``Shadows of a Future Past'' would come to regret it. For, in early 1990, the United States Secret Service carried out a nationwide crackdown on hackers which came to be known as Operation Sundevil. The sweep was highly publicized, in an effort to discourage many of the hackers whom it did not target. Naturally, this crackdown had an adverse effect on Phrack magazine. In late December of 1989, Issue 30 was released; a mere three weeks later, Phrack was shut down by the USSS during Operation Sundevil. Over the course of 1990, several attempts were made to re-establish Phrack, however, since they were not done with the consent of the original editors, they were unfocused and not generally accepted by the hacker community. In the introduction to Issue 33, we find the pre-Sundevil editor complaining about the attempts and then handing off the reins to another editor: ``That issue was not absolutely terr ible, but the tone behind the articles was misplaced. The introduction itself showed a lack of responsibility and maturity at a time when it was needed most [referring to Issue 32],'' (Phrack Issue 33, September 1991). The new editor proclaims that the magazine will be slightly different, yet still cater to the principle of free exchange of information. He also says: ``The new format will be a little more professional. This is because I have no desire to end up in court one day like Knight Lightning,'' who was the previous editor arrested and tried in 1990 after Operation Sundevil.

This new era of Phrack we'll refer to as the current years of the magazine. Many changes have taken place during these last several years, much of them for the better. For instance, in Issue 42, Phrack gets legal. This issue marked the three year anniversary of the Sundevil raids, and how appropriate it was that the magazine finally got an ISSN number from the Library of Congress and had a formal copyright notice included in it. John Perry Barlow points out, in his June 1990 manifesto Crime & Puzzlement, how an electronic publication might not get full legal protection:

``I talked to Emmanuel Goldstein, the editor of 2600, another hacker publication which has been known to publish purloined documents. If they could shut down Phrack, couldn't they as easily shut down 2600? He said, 'I've got one advantage. I come out on paper and the Constitution knows how to deal with paper,'' (Crime & Puzzlement, June 1990).
As the new edit or of Phrack put it, ``This adds a new era of legitimacy to Phrack in that with such a registration, Phrack should never again face any legal challenge that would bypass any paper based magazine.'' (Phrack Issue 42, March 1993).

Also in this issue, we see the addition of a registration agreement for readers in the corporate/government/legal world. Probably, the editor of the magazine added this agreement to form a legal basis for why it should not be in the hands of unauthorized non-hackers. It is interesting to point out that the registration agreement reads like legalease. As if the editor was very serious about getting things straight. It seems very ironic that the entities that once tried to shut down the magazine would now be banned from reading it unless they paid Phrack a yearly registration fee. However, in the issues that followed number 42, the editor notes that there were only a handful of people who registered their copies of Phrack: ``This issue should really piss every security proffessional off. Well, actually, none of them should ever see it because only two people have registered their subscriptions.'' (Phrack Issue 43, July, 1993).

With the next few issues, up to the current one, we don't see too many drastic changes which would have lasting effects. Issue 44 marks the 8th anniversary, and the introduction to the next issue notes that Phrack had been getting a lot of press. They were listed in the hip-cyberpunk-literate magazine Mondo 2000 and in Richard Kadrey's ``Covert Culture'' sourcebook. In Issue 45, there was an anonymous submission of what was thought to be the National Security Agency's security manual for new employees . There was some bruaha over that submission, but since the article was submitted anonymously on photocopied pages, noone is sure if it is authentic. In the latest issue, number 46, the editor unveiled the new World Wide Web pages for Phrack magazine. He says, ``by the time I finally get [the pages] together, the Phrack web site should be the ultimate underground resource on the net,'' (Phrack Issue 46, September 1994).

Clearly the security consciousness of the middle years has faded into the legal protection of the present. It seems that the number of technical articles on hacking and phreaking have increased and the information contained in them is of a more illicit nature. However, there are still articles on people and places, as Phrack continues to be a primary news source for the latest rumors and reports on members of the hacking community.

I will now enter the second phase of the paper and take a look at the evolution of articles in Phrack that deal with telco fraud. First, what exactly is telco fraud? In the context of this paper, telco fraud will mean almost any breach of the Federal Wire Fraud Act and the Computer Fraud and Abuse Act. The Wire Fraud Act

``makes it illegal for anyone to use any wire, radio, or television communication in interstate or foreign commerce to further a scheme to defraud people of money or goods. This has been interpreted by the courts to include telephone communications and electronic money transfers,'' (Cavazos and Morin, 1994).
Similar (in a sense) to the Wire Fraud Act is the Computer Fraud and Abuse Act (CFAA). This comprehensive law makes many of the activities commonly referred to as ``hacking'' illegal. ``This law also authorizes the Secret Service . . . to investigate illicit use of computers as defined by the act,'' (Cavazos and Morin, 1994).

In the early years of the magazine (as defined earlier in the paper), most of the activities dealing with phreaking were basically copied from PR flyers and mundane technical newsletters. From the earlier examples, we saw how readers could learn to use an MCI card or find out more about the ISDN. In Issue 9, we find an article about the Loop Maintenance Operating System, which is a database the telco's use when repairing local loops (a customer's telephone line). The article is filled with a lot of technical jargon, and perhaps a phreaker who had a large base of knowledge would find the article useful in phreaking. As a lay reader, however, I found nothing useful in the article to start me on my way to a life of phreaking.

However, there were the two articles in Issues 8 and 9 that dealt with ``Junction Box Modeming'' and ``Plant Measurement.'' In the junction box article, we get clear instructions on how to hack junction boxes, those large green or gray boxes that usually have from 10 to 100 lines distributed in them. From the first lines of the article, we know it will be juicy: ``This file will detail the use of a rural junction box to fraud the phone company and make all the free phone calls you want to . . . ,'' (Phrack Issue 8, June 1986). The plant measurement article is a little more obscure, but it also deals fairly openly with phreaking: ``Have you ever gone trashing and the only thing you found was a large printout that looked like it was written in Chinese?. . . I hope to show you that that large printout with coffee stains isn't all useless,'' (Phrack Issue 9, September, 1986). Be reminded that trashing is the art of searching someone's garbage for credit card numbers, phone bills, or other materi als used to facilitate phreaking and hacking.

In Phrack World News (the column discussed earlier), the early years see many reports of phreakers getting busted, and of sting boards used to bust unweary BBS'ers. In Issue 8, Phrack World News (PWN) reports on the sting board set up by a local TV newscaster to try and find out the state of illegality of hacking and phreaking. The newsman apparently threatened to bring in the police and telephone company security, but an associate of his reported that he was really just fattening his dosiers on the phreakers and would not take any legal action. In Issue 9, there is a report of an MCI ``Fraud Detection Unit'' which would track attempts made on all calling card numbers. Thus the phreakers who would program their computers to continuously call back the long distance carrier to find codes would get busted. It was reported that the unit would count the number of attempts on a card per time period.

Now, obviously the phreakers who are getting Phrack and reading the PWN are being effected by this information. But the question that comes up is, are they heeding these 'warnings'? Most likely, they have the typical young adolescent mentality that if it didn't happen to someone close to them, it wasn't important enough to worry about. This is probably the case, seeing as how PWN has fairly continuously reported on phreaking busts through its 8-year history.

In the middle years of Phrack the number of telco fraud-related articles dropped sharply. This, perhaps, was due to the scare and the new security consciousness brought on by the busts of late 1987. As a matter of fact, in the issues randomly selected by me, there were no articles that clearly advocated the fraud of telephone companies. There were but a few generic telco-related articles, like Issue 14's ``TRW Business Terminology,'' which was a simple list of abbreviations used by TRW in their business transactions. Also in that issue was ``Understanding the Digital Multiplexing System,'' another dry piece of what seemed to be reference material culled from a technical manual. Issue 21's article on ``Non-Published Numbers'' seems like it might be a goldmine of relevant information, but unfortunately it is just a description of the administrative details behind how the phone company keeps non-published numbers.

In Issue 33, even though the editor claimed that the issues after the Sundevil raids would be ``more professional,'' it seems that there was a resugence in articles related to telco fraud. Maybe this was some type of backlash against authority? Possibly the submitters felt that with the legal protection of Issue 42, anything was fair game. These new hardcore articles include the likes of Issue 33's ``Phreaking in Germany,'' which details how to use various boxes by giving numbers to dial and what frequency tones to use. It also gives clear instructions on how to hack cordless phones in Germany. This is attributed to the German reunification:

``Phreaking in Germany at this moment is at an all time high. The main reason is because of the German reunification. . . There are two main ways of phreaking in Germany at the moment. One is Boxing and the other is through Cordless Phones, both of which I will describe,'' (Phrack Issue 33, September 1991).
Also in that issue one can find ``A REAL Functioning RED BOX Schematic,'' which you can use to make unlimited free calls from a pay phone. This is one of the real in-your-face telco fraud articles, as it gives easy instructions to construct and test a red box. This box will emit certain tones which a pay phone should recognize as coins entering its slots.

Issue 43 continues the tradition with an article entitled ``Physical Access and Theft of PBX Systems.'' This article documents the illegal theft of boards from private PBX systems. A PBX is a public branch exchange, which most large companies have, to manage upwards of hundreds of phone lines. A very incriminating quote from the article follows:

``Although you may wish to physically access PBXs for reasons other than theft, it will be assumed here that monetary gain is your motive. In either case, this introductory file makes it clear that access can be achieved with varying levels of ease. A PBX theft should be thought of in terms of two phases: reconnaissance and extraction. Recon involves finding and selecting prime targets. Extraction is the actual theft of the system. Both phases can be completed through 'office building hacking,' a wide variety of deception, breaking and entering, social engineering, and technical skills,'' (Phrack Issue 43, July, 1993).

The article ``Fraudulent Applications of 900 Numbers'' can be found in Issue 45. This article basically describes how to obtain your own 900 number, and then earn the income that the phone company legally is bound to pay you. The article also suggests that you dial up a PBX and then call your 900 number so that you make more money, yet the bills are charged to the company with the PBX Another blatant telco fraud related article can be found in the latest issue of Phrack, number 46. This article is titled ``Guide to Porno Boxes,'' and gives a very good description of ways to defeat cable TV scrambling.

``There are many methods that cable companies use to insure that you get what you pay for - and only what you pay for. Of course, there are always methods to get 'more than you pay for'. This file will discuss the most important aspects of these methods, with pointers to more detailed information, including schematics and resellers of equipment,'' (Phrack Issue 46, September 19 94).

Clearly telco fraud seems to be undergoing a resurgence in Phrack magazine. Is this resurgence because there are just more opportunities to phreak? Has technology increased so much that there are loopholes everywhere just waiting to be discovered? Maybe since so many more people see Phrack (it is available over the Internet through anonymous ftp and WWW browsers), there is less of a fraction of readers who are familiar with previous busts like Operation Sundevil. Possibly these readers and contributors don't realize what they could be in for, even with the new registration requirements. On the other hand, it could be that Chris Goggans (the current editor) knows that he now has more protections under the First Amendment. Thus he is more excited about publishing materials of a more sensitive nature, since he now has a definite legal defence for his actions. This is supported by the fact that we see articles like the submission of the NSA security manual and the article on physical theft of P BX systems. Another interesting question to look at is will Phrack go in cycles? Will there be another highly publicized bust that forces many hackers to go into hiding and let the magazine decend into the depths of mundane PR-flyer material? I think there might just be something like an Operation Sundevil II to show all the newbies on the Internet that the USSS is out there.

Has the new security that telco's are using really hampered fraudulent activities? If we take the number of articles in Phrack as an indication of the frequency of those activities, then definitely not. On this basis, Phrack could definitely be used as a ``societal phreak/hack indicator''. It certainly seems that the number of truly knowledgeable members of the underground who benefit from what Phrack has to offer has increased since its inception. From where, in the first several issues, almost half the articles were submitted by repeat authors, in the last five issues of Phrack there were fifty-four articles with only six repeat authors. Whether or not Phrack can serve as this indicator, it still exists, and appears ready to continue publishing controversial articles through the millenium.

next up previous
Next: References

Tue Dec 6 15:15:28 EST 1994