English version

Домой   Новости   Радио   Карточки   Кодграберы   Мобилки   Телефония   АТС   Пейджинг   Транки   Жучки   Форум


Журнал Phrack Magazine #12

                               ==Phrack Inc.==

                     Volume Two, Issue 12, Phile #1 of 11


         Ok, so we made it through another few delayed weeks of saying a
release was coming soon.  But of course, I finally got motivated and got this
issue moving.  I'd like to thank many of the people who rushed themselves to
get their articles to me when they didn't know that the release was so soon,
and for those that haven't gotten their articles in in time (for two issues,
mind you [no names mentioned, of course, but I felt a denotation would be
sufficient to provide my feelings in the introduction]) a big, "Oh well."
We're glad you've continued your patronage (Ha!) with Phrack Inc. over the
past year and a half or so and a big thanks to all of the writers who have
kept the publication going for all this time.  But after this issue comes a
break.  Not a break in putting Phrack out, but a break in the grind and rush
to get it out as I did with this issue.  Phrack 13 will be EXTREMELY
different, and I guarantee that to you.  Phrack 13 will be released on April
1st (hmm...ring any bells?) so be watching for it!  Later

                                                     Taran King
                                            Sysop of Metal Shop Private


This issue of Phrack Inc. includes the following:

#1  Index of Phrack 12 by Taran King (2.3 k)
#2  Pro-Phile IX on Agrajag The Prolonged by Taran King (6.7 k)
#3  Preview to Phrack 13-The Life & Times of The Executioner (4.9 k)
#4  Understanding the Digital Multiplexing System (DMS) by Control C (18.8 k)
#5  The Total Network Data System by Doom Prophet (13.2 k)
#6  CSDC II - Hardware Requirements by The Executioner (8.1 k)
#7  Hacking : OSL Systems by Evil Jay (8.7 k)
#8  Busy Line Verification Part II by Phantom Phreaker (9.1 k)
#9  Scan Man's Rebuttal to Phrack World News (16.5 k)
#10 Phrack World News XII Part I by Knight Lightning (13.3 k)
#11 Phrack World News XII Part II by Knight Lightning (14.7 k)

                               ==Phrack Inc.==

                     Volume Two, Issue 12, Phile #2 of 11

                           ==Phrack Pro-Phile IX==

                      Written and Created by Taran King


         Welcome to Phrack Pro-Phile V. Phrack Pro-Phile is created to bring
info to you, the users, about old or highly important/controversial people.
This month, I bring to you a name from the past...

                            Agrajag The Prolonged

         Agrajag was popular on many boards and hung out with many of the
stronger names in the phreak/hack community.
             Handle: Agrajag The Prolonged
           Call him: Keith
       Past handles: None
      Handle origin: Fictional character in Hitchhiker Trilogy
      Date of Birth: 6/14/67
Age at current date: 19 years old
             Height: 6'2"
             Weight: 139 lbs.
          Eye color: Brown
         Hair Color: Depends on the day (Orange, Brown, Black, Hot Pink, etc.)
          Computers: TRS Model III, worked his way up to a TVI 950 Dumb

         Agrajag started phreaking and hacking in about 1979 through the help
of some friends of his.  He originally started hacking (programming) on a
Vector 8080 in 4th grade.  His instructor then is now one of the top 5
computer instructors. Phreaking began with, of course, codes but he was very
interested in how the phone system worked.  He had read some books on the
phone company and their evils in their earlier days and he was very interested
in the very idea of becoming an operator.  Members of the elite world which he
has met include Tuc, BIOC Agent 003, Broadway Hacker (negative), and Cheshire
Catalyst, all at a Tap meeting he attended.  On regular BBSes, there were
listings for other BBSes which turned out to eventually be phreak BBSes.  Some
of the memorable phreak boards he was on included WOPR, OSUNY, Plovernet, and
Pirate 80.  His phreaking and hacking knowledge came about with the group of
people including Tuc, BIOC, and Karl Marx.

         Agrajag was a video game programmer for the last American owned video
game manufacturer, Cinematronix, Inc. (of Dragon's Lair, Space Ace, World
Series, and Danger Zone fame, of which he helped with World Series and a big
part of Danger Zone) which went bankrupt a bit over a month ago.

         Agrajag takes interviews for magazines (such as this) which keeps up
his phreak/hack activity.  He (and a bunch of others) were written up in a USA
Today article as well as being interviewed by a local paper when The Cracker
(Bill Landreth) got busted (they took pictures of the back of his head in
front of his computer).

         Agrajag was never in any major phreak groups except for The
Hitchhikers (Bring your towel!) which was just a group of local friends.


        Interests: Telecommunications (modeming, phreaking, hacking,
                   programming), music, concerts, club hopping, and video

Agrajag's Favorite Thing

       Club/Bar hopping: Tijuanna (TJ)

Most Memorable Experiences

Going officing.  Tuc, BIOC, and he were let into a local CO and they used
          their copying machine to make copies of their manuals.  They
          replaced the paper [over 2 reams] later and didn't steal anything
          major besides the paper and a few NY Bell signs.
Called supervisors saying that they had witnessed some trunks red-lighting and
          there would be severe problems if they didn't contact this guy,
          Abbot Went, in San Francisco.  There were about 10 supervisors in
          mass hysteria (on Thanksgiving) wondering what to do.  Later, they
          called up Abbot again saying they were the White House switch and
          said some kids were fooling around.
Breaking into his school's computer in his senior year mid-semester.  He had
          scanned it out on a school prefix and the login and password was the
          name of his school.  It was a TOPS-20 system and he was well enough
          versed in TOPS-20 to know what to do.  The next day, he told the
          vice-principal that he had broken into the computer and that they
          had some major security problems.  They said he was bullshitting and
          he told them to read their mail.  Then, later, he brought in his
          equipment and showed them with the principal there.  He was
          threatened by the principal with police, etc. but he told them to go
          to hell.  He was later offered a job helping the security on the
          system but instead, he told them how they could solve the security
          problem and didn't take the job.
Agrajag's teacher asking him to do a credit check on someone illegally.  He
          eventually did part of it, but the teacher was an asshole so he
          didn't give all the information to him.
Getting flown to the Tap meeting by a friend.

Some People to Mention

BIOC Agent 003
Karl Marx
Automatic Jack

All for being friends and all around good people and phreaks.


         Agrajag is out and out against the idea of the destruction of data.
He hated a person intensely because they posted private lines with
instructions on how to maim a system owned by someone who was already hated.
He deleted the message (he was co-sysop) and it became a bit controversial.
He hated that then and still has no respect for anyone who does this.  Where
have all the good times gone?


I hope you enjoyed this phile, look forward to more Phrack Pro-Philes coming
in the near future.  ...And now for the regularly taken poll from all

Of the general population of phreaks you have met, would you consider most
phreaks, if any, to be computer geeks?  The general populus, yes, but good
phreaks, no.  Thank you for your time, Agrajag.

                                            Taran King
                                   Sysop of Metal Shop Private

                               ==Phrack Inc.==

                     Volume Two, Issue 12, Phile #3 of 11

                %                                           %
                %    The Life & Times of The Executioner    %
                %                                           %
                %              by Oryan QUEST               %
                %                                           %
                %            Written on 3/16/87             %
                %                                           %

This file was not written with the intention of being cute, funny or to tell
fellow phreaks and hacks how lame or stupid they are.  It was written to open
the eyes of these idiots to see what the REAL story is.

The Executioner/Mikey
I'm am sure the majority of you have heard of "Exy."  His claim to fame is
simply telling people how lame they are or how great and sexy he is.  He also
claims to be wealthy and that Phreak Klass 2600 is the best bulletin board on
this side of the galaxy.  Let us examine some key events.

When Metal Shop Private was up, Mr. Sexy Exy (oh and I doubt he really is),
proceeded to rag on everyone on the system with the exception of a few that he
ass-kissed.  He then turns around when Phreak Klass 2600 (and I am in no way
ragging on Phreak Klass) goes up, to ask everyone he has annoyed for over 2
months and badgers them to call.  Now, Mike, I seriously doubt you are as sexy
as you claim for several reasons.  Just by the nature of your attitude, the
way you think you are powerful because you can "tell" people about their lives
and families when you yourself are a Chinese bastard who has an unemployed
father that can barely speak the English language.

                       "Miko ith no heeahh riiitte nao"
                        (Michael is no here right now)

You have ragged on Arthur Dent when you know that you will NEVER receive the
admiration or stature whether it be socially or economically he has attained.
You have ragged on Dr. Doom when he has achieved more than you can ever hope
for.  You only commenced to rag on him when he turned down your offer to join
PhoneLine Phantoms.  This is because he refused to be associated with an
asshole like you.  You continually show signs of immaturity (I am not saying I
am perfect) by poking fun at other people's races (blacks, spics, Iranians)
when you yourself are nothing but a rice dick.

You bad mouth people but, when you need their help you beg for it and ask them
to be cool.  You write stupid poems and rhymes about people when they are a
TOTAL misrepresentation of facts.  You claim Dr. Doom is so ugly he could
never leave his room.  Tell me, have you ever met Dr. Doom?  Isn't it true
that you ragged on him only because he didn't want anything to do with you,
your group, and your image?

Are you going to rag on me now and prove all the points I have brought out?  I
think so.  You ragged on me, telling me my family receives government cheese
handouts and telling me what a loser I am when you yourself have never met me
or bothered to seek the real facts.  You then proceeded to badger me to join
your new "legion of queers," The Network Technicians telling me how cool it
would be and begging me to help you learn.  But don't I receive government
cheese handouts?  Aren't I such a loser?  Mr. Solid State trusted you and
joined PLP.  He thought nothing bad of you at the time.  He just considered
all the rumors about you to be false or misrepresentation. When PLP dissolved,
he saw no purpose to be in any longer and dropped out.  You proceeded to rag
on him, when you know you aren't half the man he is.  You don't even possess
half the knowledge or personality he has.  Tell me, what gives you such
authority to rag on people?  What makes you so supreme?  Why are you so rich,
when you are 18 and don't even have a car, when you go on and on about your

You rag on Atlantis because you were kicked off.  Now you tell people how lame
it is and how stupid The Lineman and Sir William are.  When you know that they
were sick of your, "I am supreme attitude," of your childish antics and your
lack of knowledge of any kind.

Well, Exy, rag on me now, tell me how lame I am, insult me.  Make your poems,
songs, and raps.  Tell me what kind of a loser I am.  Insult Solid State, show
us just how childish you can be.  Until then, go back into your dream world
and leave us alone.

                                 Oryan QUEST

                               ==Phrack Inc.==

                     Volume Two, Issue 12, Phile #4 of 11

  The DMS switching system, is a lot smaller than normal systems. It takes up
less than 16% of the space for the same number of Step-By-Step (SXS) lines and
20% of cross bar.  This is done by taking the hardware out of the CO and
putting them closer to a group of subscribers. Then central office services
can be provided over shorter loops.

  DMS offers remote switching with a bunch of remote modules in a bunch of
sizes and capabilities. Some include SXS replacement or growth, Outside plant
cable relief, and Office feature's.  The use of remote modules give the CO
more floor space that would usually be used by the Line Concentrating Modules
(LCMs), Main Distribution Frame (MDF), and cable equipment.  The advantage of
these modules is that it extends the service radius of the CO, this means
outside plant savings. Remote modules can be located up to 150 miles away
without messing up transmissions.

  Other advantages of the DMS system are that it allows integration between
Transmission facilities and switching systems.  It's hardware & software is
designed to give a full range of switching applications for Private Branch
Exchange (PBX) business systems, local, toll, and local/toll requirements. The
same Central Control Complex (CCC) and switching networks are used throughout
the whole system.  The only difference between each system is the peripheral
units, and software packages. It has a Maintenance and Administration Position
(MAP) which is a integrated multifunction machine interface that switch
maintenance, line and trunk network management, and service order changes can
be carried out.

  The software for the central processor is written in PROTEL, a high level
pascal based language.  Peripheral processors use a XMS-Pascal software

  DMS has a high line and trunk capacity. It has up to 100,000 lines on a
DMS-100 or 60,000 trunks on a DMS-200.  It also gives up to 1.4 million
two-way CCS through the switching network.  The processor can accept up to
350,000 call attempts.

  Here's a list of the DMS systems in use today:

DMS-100 - is a class 5 local office with the ability to handle 1,000 to
100,000 lines.  It can give basic telephone service or expanded to handle IBN
custom calling features.  The DMS-100 MTX gives cellular radio services.  A
local office can also be adapted to Equal Access End Office (EAEO).

Remote Switching Center (RSC) - Ability to handle up to 5,760 lines.

Remote Line Concentrating Module (RLCM) - Ability to handle up to 640 lines.
It uses host Line Concentrator Module (LCM) that can be used by the RSC or
directly by the host DMS-100.

Outside Plant Module (OPM) - Ability to handle up to 640 lines. This also can
be used by the RSC or directly by the host DMS-100.

Subscriber Carrier Module (SCM-100) - There are three basic types of
   1- Subscriber Carrier Module Rural (SCM-100R) - This eliminates the central
      office Central Control Terminal (CCT) by integrating directly into the
      DMS-100 through the DMS-1 span lines.
   2- Subscriber Carrier Module SLC-96 (SCM-100S) - This gives a direct
      interface between DMS-100 and AT&T's SLC-96 digital loop carrier
   3- Subscriber Carrier Module Urban (SCM-100U) - It's used as an interface
      to the DMS-1 Urban.  The DMS-1 urban is a digital subscriber carrier
      system modified for use in Urban areas.  It gives Plan Ordinary
      Telephone Service (POTS) and special services between a central office
      and residential and business communities. It has the ability to handle
      576 lines of POTS and special services.

DMS-200 - Has the ability to handle from a few hundred to 60,000 trunks.  This
switch can also serve a Access Tandem (AT) function. The Traffic Operator
Position System (TOPS) puts operator services into the DMS-200.  Operator
Centralization (OC) allows a single operator location by using the TOPS
positions to transfer operator services from other DMS-200 toll centers.  The
Auxiliary Operator Services System (AOSS) let operator services on calls that
need outside information (Such as Directory assistance).

DMS-100/200 - Allows local and toll features described above but also includes
a Equal Access End Office (EAEO)/Access Tandem (AT) combination.  It has the
ability to handle up to 100,000 lines or 60,000 trunks.

DMS-250 - This is a high capacity toll system for specialized common carriers
needing tandem switching operations.

DMS-300 - This is a toll system designed for international use. To my
knowledge there are only two DMS-300 switches in use at this time.

  DMS switches are divided into four "Functional" areas designed to do certain
operations. These areas are:

  1- Central Control Complex (CCC)
  2- Network (NET)
  3- Peripheral Modules (PM)
  4- Maintenance and Administration (MAP)

Here's a description of those areas.

Central Control Complex

Within the Central Control Complex (CCC), the main program in the switch
controls the processing of calls, maintenance and administrative routines, and
changes the activity for these routines to other areas of the switch. The CCC
sends messages to the network, the maintenance and administrative areas trough
message links and directs the functions to be run in those areas.


The Network Modules (NMs) handle the routing of speech paths between the
Peripheral Modules (PMs) and keep these speech connections for the rest of the
call.  The network handles message and speech links between the PMs and the

Maintenance and Administration

Within the Maintenance and Administration includes Input/Output Controllers
(IOCs) - IOCs interface local or remote input/output devices.  The I/O devices
are used to do testing, maintenance, or administrative functions for the

Peripheral Modules

Peripheral Modules (PMs) are used as interfaces between digital carrier spans
(DS-1), analog trunks, and subscriber lines.  The PMs are used for scanning
lines for changes of circuit state, doing timing functions used for call
processing, creating dial tones, sending, receiving signaling, and controlling
information to and from the CCC, and checking the network.

   Before 1984 only four types of PMs gave trunk interfaces to the DMS system;
these include Trunk Modules (TMs), Digital Carrier Modules (DCMs), Line
Modules (LMs), and Remote Line Modules (RLMs).  Since then ten more have been
added, these include Digital Trunk Controller (DTC), Line Group Controller
(LGC), Line Trunk Controller (LTC), Line Concentrating Module (LCM), Remote
Switching Center (RSC), Remote Line Concentrating Module (RLCM), Outside Plant
Module (OPM), Subscriber Carrier Module Rural (SCM-100R), Subscriber Carrier
Module SLC-96 (SCM-100S), and Subscriber Carrier Module Urban (SCM-100U).

Here's and explanation of those modules:

Trunk Module

The Trunk Module (TM) changes incoming speech into digital format, it has the
ability to handle 30 analog trunks. The Pulse Code Modulation (PCM)
information is combined with the trunks supervisory and control signals then
transmitted at 2.56 Mb/s over speech links to the network.

The TM also uses service circuits such as Multifrequency (MF) receivers,
announcement trunks, and test circuits.  Each TM has the ability to interface
30 analog trunks or service circuits to the network over one 32-channel speech
link.  The TM is not traffic sensitive so each trunk can carry 36 CCS.

Digital Carrier Module

The Digital Carrier Module (DCM) gives a digital interface between the DMS
switch and the DS-1 digital carrier.  The DS-1 signal consists of 24 voice
channels.  The DCM takes out and puts in signaling and control information on
the DS-1 bit streams which then makes them DS-30 32-channel speech links.  The
DCM can interface five DS-1 lines; 5*24=120 voice channels; into four 32-
channel speech links.  The DCM can carry a maximum of 36 CCS of traffic on
each trunk.

Line Module

The Line Module (LM) gives an interface for a maximum of 640 analog lines and
condenses the voice and signaling into two, three, or four DS-30, 32-channel
speech links.  Four speech links have the ability to handle 3,700 Average Busy
Season Busy Hour (ABSBH) CCS per LM.

Remote Line Module

The Remote Line Module (RLM) is a LM operating in a remote location from the
DMS host.  The RLMs can be located up to 150 miles from the host office,
depending on the transmission facilities.

Digital Trunk Controller

The Digital Trunk Controller (DTC) has the ability to interface 20 DS-1 lines.
Then the DS-1 lines are linked to the network by a maximum of 16 DS-30 speech
links; each trunk is able to handle 36 CCS.

Line Group Controller

The Line Group Controller (LGC) dose medium level processing tasks, with the
ability to use host and remote subscriber line interfaces.  The LGC has the
ability to use Line Concentrating Modules (LCMs), Remote Switching Centers
(RSCs), Remote Line Concentrating Modules (RLCMs), and Outside Plant Modules

The LGC can interface up to 20 DS-30 speech links from the LCMs or up to 20
DS-1 links with the ability to serve RSCs, RLCMs, or OPMs.

Line Trunk Controller

The Line Trunk Controller (LTC) combines the DTC and LGC functions and gives a
way to use all the equipment inside the office.  The LTC has the ability to
handle the LCM, RSC, RLCM, OPM, and digital trunk interfaces.

The LTC has the ability to give interfaces to a maximum of 20 outside ports
from DS-30A speech links or DS-1 links to 16 network side DS-30 speech links.

Line Concentrating Module

The Line Concentration Module (LCM) when used with the LGC or LTC is just an
expanded version of the line Module.  It can serve up to 640 subscriber lines
interfaced with two to six DS-30A  speech links.  Using six speech links 5,390
CCS can be handled per LCM.

Remote Switching Center

The Remote Switching Center (RSC) interfaces subscriber lines at a remote
location to a DMS-100 host.  It has the ability to handle interface for 5,760
lines and is used a replacements for dial offices or Private Branch Exchanges
(PBXs).  It can handle 16,200 CCS with the use of 16 DS-1 links.

The RSC consists of the following:

Line Concentrator Module (LCM) - These modules do line interface function.
They are the same as the LCMs that are used in the DMS-100 host.

Remote Cluster Controller (RCC) - This controller gives DS-1/LCM interface,
Local switching inside the remote, and Local intelligence and signaling when
in ESA.

Remote Trunking - Handles the use of RSC originating or terminating traffic
for digital trunking off the RSC.  It can give trunking to a CDO co-located
with the RSC or within the service range of the RSC, Private Automatic Branch
Exchanges (PABXs), or Direct Inward Dialing (DID) trunks.

Remote-off-Remote - Lets the RLCMs and OPMs connect to the RCC through DS-1
interfaces. It lets RLCM and OPM subscribers to use the same lines to the host
as the RSC subscribers.

Emergency Stand-Alone (ESA) - If communication with the DMS-100 is lost this
will allow you to call internal to the RSC.  It will give station-to-station
and station-to-trunk calls for POTS, IBN, and electronic business sets.

Remote Line Concentrating Module

The Remote Line Concentrating Module (RLCM)  is just a LCM used is a remote
location from the DMS-100 host.  The RLCM can handle 640 lines; this can is
sometimes used as a replacement for CDOs or PBXs.

Outside Plant Module

The Outside Plant Module (OPM) is an outside plant remote unit. The OPM can
handle 640 lines over six DS-1 links.

Subscriber Carrier Module

The Subscriber Carrier Module (SCM) gives a direct interface for remote

SCM-100R - It can interface up to five Northern Telecom DMS-1 Rural Remote
Terminals (RTs).  A DMS-1 rural remote terminal can interface up to 256 lines.
Communication between the RT and SCM- 100R is done through one or two span
lines for voice and one protection line.

SCM-100U - It can interface up to three DMS-1 Urban RTs.  A DMS-1 Urban can
interface up to 576 POTS or special service lines.  Communication from the RT
to the SCM-100U us done through a maximum of eight DS-1 links.

SCM-100S - It can interface up to four Mode I (non-concentrated) SLC-96
systems or up to six Mode II (concentrated) systems.  A SLC-96 can give
interface for up to 96 lines.

The SCM-100 takes away the need for central concentrating terminals and analog
line circuits at the host.

Operator Features

With the use of DMS-200 or DMS 100/200 switch, operator features are available
by the following:

Traffic Operator Position System (TOPS)
Operator Centralization (OC)
Auxiliary Operator Service System (AOSS)

Traffic Operator Position System (TOPS) gives many operator function on inward
and outward calls.  The TOPS integrates the operator system with the DMS-200
or DMS-100/200 toll switch.

One voice and one data circuit are needed for each operator position.  The
voice circuit is connected to a port of a three-port conference circuit.  The
other two ports are connected to the calling and called parties.  The data
circuit is used for a digital modem and is used to transmit data punched in by
the operator to the CCC for processing.

Operator Centralization

Operator Centralization (OC) lets the operator use the services given by the
DMS-200 or DMS-100/200 with TOPS.  With OC operator traffic from surrounding
DMS sites can be routed to a central host site.

                       Operator Centralization Diagram

          Routing                   - - -
         <-----\     DMS-200       | AMA |
                \   Remote TC     / - - -
                 = = = = = = =   /
                | \  ----- ___|_/
                |  \: DMS :   |
                |   : 200 :   |                    Host TC           -----
                |   :     :   |                = = = = = = = =     /| POS |
                |   :  (OC:___|               |   ---------   |   / |- - -|
                |   :     :   |\              |  : DMS-200 :  |  /  |Oper.|
                |    -----\   | \             |  :  (TOPS) :__|_/    -----
                 = = = = = = =   \____________|__:         :  |
          Trib Ope Traffic->\     ____________|__:OC)      :  |
                             \   /            |  :         :  |
          Non-DMS Remote TC     /             |   ---------   |
          = = = = = = = = = = =                = = = = = = = =
         |   --------   -----  |
         |  :  TDM   : :  (OC: |
         |  : Switch : :     : |      -----
         |  :        : : DMS :_|_____: AMA :
         |  :        : : 200 : |      -----
         |  /--------   -----\ |
          = = = = = = = = = = =
          /Routing             \ <-Trib Opr Traffic
          \------->             \

Auxiliary Operator Services System

The Auxiliary Operator Services System (AOSS) is made to handle directory
assistance, intercept, and that type of operator services, automatic call
distribution, call processing, call detail recording, and operator
administration functions for other operator services that do not need call
completion to a called party.  AOSS position uses the same hardware as the
TOPS links to the switch.

Equal Access

Equal Access (EA) is accessible through DMS switches with the addition of
software packages.  Both Equal Access End Office (EAEO) for the DMS-100 and
Access Tandem (AT) for the DMS-200 provide equal access features.

                Equal Access Network Application

                --------- __________________________________
(Phone)--------| DMS-100 |___________                       |
                ---------            |                      |
           NON-EAEO                  |                      |IC/INC
           --------               --------             /---------\   TO
(Phone)---|        |------------| DMS-200 |------------           ---- IC/INC
           --------              ---------             \---------/   /----->
                                     |                      |
                --------- ___________|                      |
(Phone)--------| DMS-100 |__________________________________|


The DMS-100 EAEO gives direct access to interLATA (Local Access and Transport
Area) carriers Point of Presence (POP) inside the LATA.  The DMS-200 AT gives
a traffic concentration and distribution function for interLATA traffic
originating  or terminating inside a LATA. It allows the following:

10XXX and 950-1XXX dialing
presubscription dialing
equal access and normal network control signaling
Automatic Number Identification (ANI) on all calls
custom calling services

Common Channel Interoffice Signaling

Common Channel Interoffice Signaling (CCIS) uses a separate data link to
transmit signaling messages between offices for many trunks and trunk groups.
There are two types of CCIS available in the DMS-200 or DMS-100/200, Banded
Signaling (CCIS-BS) and Direct Signaling (CCIS-DS).

CCIS-BS is for interoffice trunk signaling to give information on digits
dialed, trunk identity, and other class and routing information.  This kind of
trunk signaling takes less time to setup calls and put's an end to Blue

CCIS-DS is used to transfer call handling information past what is required
for trunk setup.  This type of signaling lets calling card validation,
mechanized calling card services and billed number screening to be used.

Cellular Mobile Radio Service

Cellular Mobile Radio Service is possible with the DMS-100 Mobile Telephone
Exchange (MTX).  The MTX has the ability to serve from a few hundred to over
50,000 people in up to 50 cells.

Thanks to Northern Telecom and my local CO.

   Control C

  March 1987
 End of Part 1

                               ==Phrack Inc.==

                     Volume Two, Issue 12, Phile #5 of 11

                        THE TOTAL NETWORK DATA SYSTEM

                               BY DOOM PROPHET

    The Total Network Data System is a monitoring/analysis network used by
several offices within the Telco to analyze various levels of switching
systems in relation to maintenance, performance, and future network planning
purposes. The systems and the offices that use them will be described in
detail in the following text.

    All switching entities that are in one particular serving area collect
traffic information that is classified in three ways: peg count, overflow, and
usage. Peg count is a count of all calls offered on a trunk group or other
network component during the measurement interval, which is usually one hour.
It includes calls that are blocked, which is classified as overflow traffic.
The other measurement types that the TNDS network analyzes and collects are as

    Maintenance Usage (for 1ESS, 2ESS, 5XB, 1XB, XBT)

    Incoming Usage (for 1E, 2E, 4AETS)

    All trunks busy (SxS)

    Last Trunks Busy (SxS)

    Completions (SxS, 5XB, XBT, 1XB)

    Incoming Peg Count (DMS)

    Maintenance Busy Count (2E, 3E)

    Detector Group Usage (SxS, 5XB, XBT, 1XB)

 In ESS and DMS offices, traffic data is collected by the central processor of
the switch. In electomechanical offices such as crossbar, a Traffic Usage
Recorder is used to scan trunks and other components about every 100 seconds,
counting how many are in use. This data when compiled is sent to the EADAS
system, which is located in the Operating Company's Network Data Collection
Centers and runs on a minicomputer. 4ESS and 4Xbar toll offices do not use
EADAS, but their own system called the Peripheral Bus Computer for traffic
data analysis. After receiving the traffic data from up to 80 switching
offices, EADAS performs two basic functions:  It processes some data in near
real time (shortly after it is received) to provide hourly and half hourly
reports and a short term database for network administrators. It also collects
and summarizes data that it will pass on to the other TNDS systems via data
links or magnetic tape.

    Three other systems receive directly from EADAS. These systems are ICAN,
TDAS, and EADAS/NM. ICAN stands for Individual Circuit Analysis plan and is
used to study individual circuits in central office equipment that have been
specified by network administrators.

    TDAS is the Traffic Data Administration System, which formats traffic data
for use by the remaining downstream systems. ICAN and EADAS/NM are the only
two systems with data links to EADAS that don't have their data formatted by
TDAS before reception. TDAS is run on a mainframe in the NDCC and can be
thought of as a distribution facility for the traffic data. EADAS/NM is used
to watch switching systems and trunk groups designated by network managers,
and reports existing or anticipated congestion on a display board at the
Network Management Centers, where the system is located. Problems can be
analyzed with this system and dealt with within a short period of time after
they occur.

    Central Office Reporting Systems

    There are five TNDS engineering and administrative systems that provide
operating company personnel with reports about CO switching equipment. These
are the LBS, 5XBCOER, SPCSCOER, ICAN, and SONDS. LBS, the Load Balance System,
helps assure that the customer traffic load is uniformly distributed over each
switching system. It minimizes congestion on the concentrators, which allow
subscribers to share the equipment in the switch. The LBS analyzes traffic
data coming to it from TDAS to determine the traffic load on each line group
that the system serves. LBS generates reports used by the NMC to determine
line groups that can have new incoming subscriber lines assigned to them. LBS
also does a load balance indexes for the entire operating company, indicating
how effectively each CO has avoided congestion.

    Crossbar #5 Central Office Equipment Reports (5XBCOER) and Stored Program
Control Systems COER used for 1, 2, and 3 ESS offices, analyze traffic data to
indicate the overall service provided by the switching system and to tell how
much of its capacity is being used. This info helps determine if new equipment
is needed.

    ICAN, which was described briefly above, detects switching system
equipment faults by identifying abnormal load patterns on individual circuits.
A series of reports printed at the Network Administration Center helps network
administrators analyze individual circuit usage and verify circuit grouping.
ICAN is located at the BOC main computer center along with 5XBCOER.

    The fifth CO equipment reporting system is called the Small Office Network
Data System, or SONDS. SONDS performs a full range of data manipulation
functions, and is used to provide economically the full TNDS features for step
by step offices. Step offices send data directly to this system, and it is not
formatted by EADAS or TDAS, as it doesn't go through these systems. Weekly,
monthly, exception and on demand reports are automatically distributed by
SONDS to the NAC personnel.

    Trunk Network Reporting Systems

    These systems are parts of the TNDS used by the Circuit Administration
Center to support trunk servicing and forecasting. The Trunk Servicing System
helps trunk administrators develop short term plans to make the best use of
the trunks that are already in use. It receives and processes data received
from TDAS and computes offered load. Offered load is the amount of traffic a
trunk group would have carried had the number of circuits been large enough to
handle the load without trunk blocking (giving the caller a re-order or all
circuits busy recording). TSS produces weekly reports showing underutilization
of trunks and below grade of service trunk groups which do not have enough
trunks in them. The CAC uses these reports to add or disconnect trunks
according to what traffic requirements exist.

    The Traffic Routing and Forecasting System, replacing the Trunk
Forecasting System, forecasts message trunk requirements for the next five
years. Major conversions and similar network changes are all taken into
consideration when determining the future traffic needs. TRFS receives data
from EADAS, TDAS, and TSS and is located at the Operating Company computer

    Since TDAS and some of the downstream TNDS systems need much of the same
information, that information is maintained in a system called Common Update.
In this manner, some data does not have to be duplicated in each individual
system. Some of the information includes the configuration of switching
equipment and the trunk network and specifications on traffic registers for
central offices. Numbers recorded by each register are treated consistently by
each system that uses the Common Update data base. There is an update base for
trunking, referred to as CU/TK, and an update on equipment known as CU/EQ. The
trunking part of the Operating Company's data base is coordinated by the Trunk
Records Management System.

    Since the TNDS systems are so important to the proper operation of the
network, the CSAR (Centralized System For Analysis and Reporting) is used to
monitor the entire TNDS performance. The NDCC, the NAC, and the CAC are
provided with measurements of the accuracy, timeliness, and completeness of
the data flow through TNDS from beginning to end. It doesn't analyze data from

    BOC Operations Centers

    NAC-Network Administration Center. Responsible for optimum loading, and
utilization of installed COE. Performs daily surveillance of COs and trunk
groups to ensure service objectives are being met. The NAC Reviews profiles of
office load relating to anticipated growth. They work with NSEC to initiate
work orders to increase equipment in use. The systems they use are EADAS,

   NMC-Network Management Centers. The NMC keeps the network operating
efficiently when unusual traffic patterns or equipment failures would
otherwise result in congestion. The NMC analyzes network performance and
prepares contingency plans for peak days, telethons, and major switch
failures. They monitor a near real time network performance data to identify
abnormal situations. The system they use is EADAS/NM.

    CAC-Circuit Administration Center. The CAC ensures that in service trunks
meet current as well as anticipated customer demands at acceptable levels of
service. For planned servicing, the CAC compares current traffic loads with
forecasted loads for the upcoming  busy season. If the loads are consistent,
the CAC issues the orders to provide the forecasted trunks. When
inconsistencies occur, they examine the variation, develop modified forecasts,
and issue orders based on the new forecast. They review weekly traffic data to
identify trunk groups that need additions and issue the necessary trunk
orders. The systems they use are TSS, TRFS, and CSAR.

    NSEC-Network Switching Engineering Center. They plan and design the
network along with the CAC. NSEC develops a forecast of loads for traffic
sensitive switching equipment, sets office capacities, and determines relief
size and timing.

    For long range planning, the following offices are utilized.

    TNPC-Traffic Network Planning Center. The TNPC determines the most
economic growth and replacement strategies. They handle future network
considerations over a 20 year period for tandem systems, operator services
networks, interconnecting trunks, and switching terminations to accommodate
the trunks.

    WCPC-Wire Center Planning Center. This office does the same as the TNPC,
but their jurisdiction includes local switches, the subscriber network, and
interoffice facilities. They have the numbers, types, and locations of
switches and homing arrangements. They also keep track of alternate routes,
tandem centers, etc. Both the TNPC and WCPC provide the CAC and NSEC with
office and network evolution plans for 20 years.

    District based maintenance and administration operations are handled by
the NAC, RCMAC, and the SCC. These can cover 240 square miles of serving area.

    Network Operations Centers

    The highest level of network operations is the Network Operations Center,
located in the AT&T Long Lines HQ in Bedminster, NJ. The main computers used
by the NOC are in Netcong, about 25 miles away, along with some backups. The
NOC are responsible for interregional coordination between the 12 RNOCs, 27
NMCs, and 2 RNMCs in Canada; for monitoring the top portion of toll switches
(all class 1 Regional Centers, 2 Canadian, about 70 class 2 Sectional Centers,
200 Primary centers, some class 4 Toll centers); for monitoring of the
international gateways, and the CCIS network for these switching systems. The
STP signalling links connect STPs to each other, to switches, and to a
centralized database called an NCP (Network Control Point) of which access is
given to switches directly via CCIS.

The Data Transfer Point, which is a data switch that furnishes the NOC with a
flow of monitoring information for all key toll switches, also gives them
information about CCIS STPs and the IOCCs that they monitor.

    The operating system supporting the NOC is the NOCS (the S being System),
which is configured with the DTP, a wall display processor, graphics
processors, receive only printers, and CRT terminals for the technicians. The
NOC also uses EADAS/NM through the DTP. Both the NOCS and the DTP run Unix
operating systems.

    The second highest level of these operations centers are the RNOCs, or
Regional Network Operations Centers. The 12 RNOCs monitor the CCIS network and
coordinate the 2-3 NMC's activities for its region. The RNOCs use the EADAS/NM
system and something called NORGEN, Network Operations Report Generator, that
prints out reports from EADAS's traffic data.

    The first or lowest level of these centers is the Network Management
Centers. There were 27 EADAS/NM supported NMCs across the United States as of
1983. The NMC was described above, as well as the systems it used.


    Some of this information was taken from Bell System publications and from
trashed materials, and may not be the same for every area. All material is
correct to the best of the author's knowledge. Thanks to The Marauder for
supplying some information. This file was written for educational purposes

-End Of File-

                             Written March, 1987

                               ==Phrack Inc.==

                     Volume Two, Issue 12, Phile #6 of 11

               /\                                            /\
               \/            ^                 ^             \/
               || PLP       [+]The Executioner[+]        PLP ||
               ++         ^                       ^          ++
               ||        [+] PhoneLine Phantoms! [+]         ||
               ++                                            ++
               ||       CSDC - Hardware  Requirements        ||
               ++       -----------------------------        ++
               || PLP   | PHRACK XII  -  PHRACK XII |    PLP ||
               /\       -----------------------------        /\
               \/   Phreak Klass Room 2600 =  806-799-0016   \/
               ||  _______________            Login: Educate ||
               ++  |The only BBS |      Sysop:Egyptian Lover ++
               ||  |that teaches.|    Cosysop:The Executioner||
               /\  --------------- Board lose:Oryan Quest    /\
               \/                                            \/


     This is the second part of my CSDC (Circuit Switched Digital Capability)
series, the first being in PHRACK X. It is suggested that you read the first
part and also the file on PACT in PHRACK XI. If I feel the material was not
covered completely, I will make a third addition to this file.

Hardware Interfaces

     A NCTE or equivalent network interface equipment, located on the customer
premises, is required to provide the CSDC feature for a customer. The NCTE or
an equivalent circuit, located on the customer's premises, is required to
provide TCM (Time-Compression-Multiplexing) transmission on the 2-wire
subscriber loop. The NCTE also has a remote loopback for testing from CSDC
central office.
     Dedicated 2-way CSDC trunk circuits are provided via DCT (Digital Carrier
Trunk) combined alternate data/voice (CADV) units with DCT supervision. MF and
CCIS signalling is allowed on these trunks. They provide signalling, switching
and trunking functions between 1A ESS switch and other CSDC offices. To
provide CSDC, the DCT bank must be equipped with alarm and digroup control
units. A Digital Office Timing Supply (DOTS) is needed to provide network
synchronization for the CSDC feature. A minimum of 3 CSDC maintenance circuits
are needed for the CSDC feature to operate. The circuit provides digital
signals for testing CSDC trunks and loops. They also provide a test
termination for incoming CSDC calls. If an office has superimposed ringing for
4 and 8 party lines, these ringing circuits may be used for loop testing with
the maintenance circuit.

Remote Switching System
The RSS remote frame contains eight special service slot positions that can be
used for D4 type plug in units (basically allows the RSS to have CSDC
abilities). This allows the CSDC TRXS (Time Compression Multiplexing Remote
Subscriber Exchange) channel units to be housed in the RSS frame. The CSDC
feature is provided via the RSS T1 carrier facilities. The T1 carriers for
CSDC service terminate with position 1 and 0 at the RSS. A ringing and tone
plant is required in the RSS office to ring the phones of special service
channel unit subscribers.

Operation of the CSDC

     An off-hook origination initiates the seizure of an originating register.
A line translation is performed and the CSDC indicator is received from the
Line Equipment Number Class (LENCL) and is stored in the register. A touch
tone service receiver is connected to the line and dial tone is applied. Upon
receiving a digit, dial tone is removed. If the first digit is a '#', digit
collection is set up to collect 2 more digits. Upon receipt of the 2 digits
(99), the PACT (Prefix Access Code Translator) is indexed via the dialed
digits to determine what service has been requested. If the line cannot have
CSDC, an error message is sent. The AB digits (carrier selection) are
collected next. Once the AB digits have been determined to be valid, the CCOL
(Chart Column) is received. The CCOL merely is a code to tell the PACT what is
to be done. Once the AB digits and the CSDC CCOL is received, the original
register is overwritten with the CSDC CCOL. The CSDC office then sends a bit
down the line to tell the equipment that a CSDC call is being processed.
     The call is now reinitialized to appear as though no digits have been
collected. Digit collection proceeds until the proper number of digits (7 to
10) has been received. An AMA register is seized at the end of the dialing.
The call is then routed according to the dialed digits on a CSDC outgoing
trunk. Answer guard timing for CSDC calls is 800 ms. Upon answer, the answer
time is recorded in the AMA register.
     An outpulsing trunk is seized and a POB is hunted. If an outgoing trunk
and outpulsing device are needed, one will be hunted. Information on the trunk
is stored and a transfer to the outpulsing routine (MF or CCIS) is done. A
verification insures that both calling and called parties are CSDC allowed. If
they are not, the call is routed to an Automatic Intercept Service (AIS).
     For MF outpulsing, a junior register is seized, the outgoing trunk is put
into the proper states, and start pulsing signal detection is done followed by
digit outpulsing. For CCIS, call processing is the same as a normal call but a
CCIS continuity check is performed while on the on-hook state.
     For an incoming call, the CSDC bit from the Trunk Class Code (TCC) is
stored in the incoming register and a CSDC count is pegged. Digit collection
is performed and a terminating DN translation is performed. Ringing is applied
normally and once it has been answered, the incoming trunk is put in the
off-hook state to pass answer to the next office.
     Standard disconnect and trunk guard timing is performed on CSDC calls
when the called or calling party goes off-hook after a talking path has been

Standard CSDC Dynamics

Call forwarding codes dialed after the CSDC code result in reorder.

The Call waiting option is also suspended when a CSDC call is in progress.
Busy tone is given to POTS call that terminates to a CSDC connection. Busy
tone is also given to a calling CSDC party if it encounters a busy line.

In order to have a 800 CSDC feature, the office must have CCIS INWATS ability
in the OSO (Originating Screening Office).

Dialing 911 after the CSDC code is allowed, but 411/611 calls are routed to
error messages.

NCTE (Network Channel Terminating Equipment)

As covered in Part 1, the NCTE is the equipment that you need to have CSDC.
The NCTE is a piece of hardware that is connected to the CO loop and a
terminal. On the terminal, there are 8 jacks for 8 pins on the NCTE. The
functions of each pin are as followed.

     5 - TIP VOICE
     6 - RING VOICE


This ends PART II of the CSDC series. Since Taran King was in such a hurry, I
will finish the 3rd file with SCCS integrations, loop structure and RSS

If you have any questions about this file or any other file, please leave me a
message on either...

Phreak KlassRoom 2600 = 806-799-0016  LOGIN:EDUCATE

My Voice Mail Box     = 214-733-5283

                               ==Phrack Inc.==

                     Volume Two, Issue 12, Phile #7 of 11

                    \                                   /
                    /       Hacking : OSL Systems       \
                    \                                   /
                    /        Written by Evil Jay        \
                    \                                   /
                    /       (C) 1987/88  Evil Jay       \
                    \                                   /


    This file is for all those people who are running across the OSL system
   and are constantly confused about getting in and what to do once you're in.
   Because of the trouble I had getting a manual on the system from ROLM, I
   was forced to write this file from what I already know, and what I can do
   on the few systems I have gained access to. Since this file is far from
   complete (without a manual, most are), I'll leave it to you, to write up
   future files on the OSL system. Credit goes to Taran King who got me
   interested in writing the file, and who tried to help me get a manual (my
   social engineering leaves something to be desired).

    What is OSL:

     Actually it has been termed as Operating Systems Location, Off Site
    Location and a lot of other names. Which? I'm not sure. What I can tell
    you is that it's an operating system running on an IBM (?) that does
    remote maintenance operations on a ROLM PBX (Referred to as CBX I
    believe). As I said, this file is not too complete, and I was unable to
    get very much information about the system, or the PBX system itself. I
    believe Celtic Phrost wrote a file on ROLM PBX systems, and you might want
    to read that or other ROLM files for more information.

    Getting In:

      If you have trouble logging in, try changing your parity. Also, this
    system will only except uppercase. The first thing you should see when you
    get a carrier is the following:

MARAUDER10292  01/09/85(^G) 1 03/10/87  00:29:47

      MARAUDER10292 is the system identification. Most of the time, this will
    be the name of the company running the OSL system, but occasionally you
    will find a system, you will not be able to identify. CN/A it. It might be
    your only chance of gaining access to that particular system.

      01/09/85. This is a mystery to me. It could be the time that the system
    first went up (but sounds unlikely), the date of the current version of
    the OSL operating system...etc.

      The ^G is a Control-G, and rings a bell at your terminal. I do not know
    why, but it does...

      The rest of the text on that line is the current time and date.

      RELEASE 8003 could be, again, the revision number of the software
    package. I don't know.

      OSL PLEASE means that you can now attempt to login.

      The ? is your prompt. Remember the uppercase only. Naturally we are
    going to type "OSL" to login. Once this is done, we will receive this


      This is the password prompt, and so far as I can tell, can be anything
    up to, say, 20 characters long. Obviously we are going to try MARAUDERS or
    MARAUDER as a password. Here's the tricky part. Some systems do not tell
    you whether the password was right or not. Sometimes, if it's right, you
    will get a ? prompt again. If not, you will get an ERROR msg. It depends
    on the system. Each system is set up a different way. Also, some systems
    require all alphabetics, while others require alphanumerics and sometimes
    they will require both. Again, you may or may not get an ERROR message.
    You can ABORT anything at any time by sending a BREAK. One good thing
    about the system is that you have, so far as I can tell, unlimited
    attempts at guessing the "KEY". Also, Druidic Death says that "," is a
    default, or is commonly used (I don't remember which). Unfortunately, I
    have never been able to get this to work myself.

    Your IN!:

      Okay, first thing we need to do is type HELP. If you have access, which
    again, differs from system to system, you will get a menu that looks like
    so. (Maybe not, but I am through telling you how strange this system is.)



    LREP: This lists a menu of reports you can view.

    LST : This lists all the commands that have been stored in the buffer.

    ACD : This activates a command.

    DEL : This deletes a command in the buffer.

    MOD : This modifies a command in the buffer.

    SUS : This suspends a command in the buffer.

    ACT : This activates a command in the buffer.

   Commands Explained:

    Okay, so now we'll go through all of these commands and show you what they
   do, and of course, explain each example.


    LREP lists a number of reports which can be ran. Here is an example:

REP# NAME                SYNTAX
---- ----                ------

   Current Status   : Gives you the current status of the PBX system.
   Cumulative Status: Quite obvious.
   Trunk Display Grp: Obvious again.
   Position Prfrmnce: ???
   Abbreviated Agent: ???
   Daily Profile    : Gives you a report of how the PBX ran on date 00/00/00.
   Cumulative Agent : ???


    I purposely skipped all the other commands, since they are pretty obvious.
   They all have to do with adding commands to the buffer, modifying them and
   running them..etc. If you get access to a system, it would be wise to LST
   all of the commands that the operators have been running and then try them
   yourself. No biggy, but oh well. The ACD command activates a command and
   lists the desired report on your terminal. While the whole thing can be
   typed on one line, you can just type ACD   and do it
   step by step (a little easier to get the hang of it). Now we'll go through
   this, and show you an example of building a command to list the Trunk
   Display Report.

?ACD 3
START TIME: (Enter START TIME in army time such as 22:52:00)
INTERVAL: (Not sure, hit return)
# OF INTERVALS: (Not sure, hit return)
CLEAR(Y/N): (Type Y, but this is stored in the last cleared log)
PRINT LAST CLEARED(Y/N): (Here's where the last cleared shows up)

    It then prints out the command and executes it, showing you the desired

   The end result:

    Some other things can be done, such as commands like C and M and a host
   of others, but unfortunately, as I said, these systems are very strange
   and it's hard to find two alike.  The computer is not worthless, and
   lots of things can be done on it, but this file is getting quite lengthy.
   If there is enough demand, I will write a follow-up.  In the meantime, if I
   have made any mistakes, or you have more knowledge that you would like to
   share with me, I can be reached on the following boards:

    ShadowSpawn Private, Hell Phrozen Over, Phantasie Realm and a few others.

                      \                                   /
                      /      An Evil Jay/Phrack, Inc.     \
                      \                                   /
                      /            Presentation           \
                      \                                   /

                               ==Phrack Inc.==

                     Volume Two, Issue 12, Phile #8 of 11

                        BUSY LINE VERIFICATION PART II

                         WRITTEN BY PHANTOM PHREAKER

    This file is meant to be an addition to the first file that was included
in Phrack Inc. Issue XI. It is assumed that the reader has read and understood
the previous file.  Most of this information will be taken from Bell System
Publications so you don't have to worry about it being incorrect.

    First off, I'd like to correct a minor error included in the first file. I
use the format 'KP+0XX+PRE+SUFF+ST' to show the MF routing that is used. This
is not correct AT&T syntax though, the correct format is KP+0XX+NXX+XXXX+ST.
This is minor detail, but some people are very picky.

The Verification Network

    In a TSPS office, a verification circuit is associated with a 4-wire
OutGoing Trunk (OGT) and a 3-way/4-wire bridging repeater arrangement. This is
the circuit that does the speech scrambling. The speech and other tones (like
busy and re-order) are frequency shifted, but are still recognizable by a TSPS

    TSPS verification trunks are connected via dedicated lines to incoming
verification trunks in a toll office. The toll office provides either a link
to an outgoing trunk and dedicated facilities to another toll office, or an
outgoing toll connecting trunk and dedicated facilities to an incoming
verification trunk in a local office. Each toll office has ways to check the
security of verification trunks. In electronic toll offices (ESS offices), two
independent office data translations provide security of the trunk. Electro-
mechanical toll offices (Such as a CrossBar Tandem (XBT)) use an electrical
cross-office check signal or a segregated switching train to control trunk
connections. Verification trunks relay supervisory signals (such as answering
supervision) to TSPS from the line being verified. Also, if verification
trunks are busy, the TSPS operator will receive a re-order.

The functions of the VFY key

    When the operator presses the VFY key, several checks are made upon the
number that has been entered. These are:
    A Check to see if the line is within the verification network accessible
by that particular TSPS. If the line is not, the VFY key will flash.

    A check to see if the owner of the line wishes BLV to be possible or not.
If the line is something like a police emergency line, then the VFY key will
flash, similar to the first check.

Important TSPS keys

    When the VFY lamp lights steady (doesn't flash), indicating the process is
acceptable, the operator puts the calling customer on hold and accesses an
idle loop on the operator position. The ACS (Access) lamp lights steady if a
verification trunk is available at that time. Then, the operator presses the
ST key which sends out the complete number to be verified, in MF. The
verification circuit activates, and the operator listens for scrambled speech
and also watches the CLD (Called) lamp on her console. The CLD lamp is lighted
when the operator loop was accessed, and will remain lit if the line being
verified is on-hook. The operator has two ways of seeing if the line is in
use, by listening, and by watching the CLD lamp. If the CLD lamp light goes
out, then the line is off-hook.

    If a successful BLV/EMER INT is performed, the operator presses the REC
MSG MSG (Record Message) key, which completes the verification. If the EMER
INT lamp is lit, the charges for the interrupt and the verification are
automatically billed. If the VFY key is pressed twice, it indicates the
verification should not be billed. This could be due to a customer error or a
customer disconnect.

Charging capabilities

    A customer can pay for a BLV/EMER INT in several ways. They can have the
charges put on their phone bill, if they are calling from their home, they can
bill the charges to an AT&T Calling Card, or pay directly from a coinphone.
Details of the BLV/EMER INT function are recorded on AMA tape, which is later
processed at the RAO (Revenue Accounting Office).

    The classes of charge are as follows: STATION PAID, which means exactly
what it says, STATION SPECIAL CALLING, in cases where billing is handled by a
Calling Card or third number billing, and NO AMA, in unusual billing cases.

    Also, for BLV/EMER INT calls that originate from a hotel, TSPS can send
charges to HOBIS (Hotel Billing Information System), HOBIC (Hotel Billing
Information Center), or a TTY at the hotel.

    AMA records for BLV/EMER INT are recorded in basically the same format
that normal calls are recorded. The only difference is that a numeric data
group is added. The leftmost digit in the data group is a 1 if only a BLV was
done, but it is a 2 if both a BLV and an EMER INT were done. In case of an
aborted BLV, the billing record is marked 'No charge'.

Inward Operator differences

    When an Inward operator does BLV/EMER INT, the class of charge is always
NO AMA, because billing is handled at the local TSPS site. Inwards also do not
use the REC MSG key when a TSPS would, they use the VFY key in it's place.

The Speech scrambling technique

    The speech scrambling technique that exists to keep the customers privacy
intact is located in the TSPS console, and not in the verification trunks. The
scrambling technique can only be deactivated by an operator pressing the EMER
INT key, or a craftsperson using the console in a special mode. When the
scrambler is deactivated by an operator doing an EMER INT, the customer hears
an alerting tone (as mentioned in the first BLV file) made up of a 440Hz tone.
This tone is initially played for two seconds, and then once every ten seconds
afterwards until the operator presses her Position Release (POS RLS) key.

Operator trouble reporting

    When operators have trouble in handling a call, they can enter trouble
reports that are technically called 'Operator keyed trouble reports'. These
cause messages to be printed on the maintenance TTY and on the trouble report
TTY channel. There are different trouble codes for different things, such as
trouble with the speech scrambler, trouble in the verification network, or
trouble in collecting charges from a customer.

    In my area there are 20 such TSPS trouble codes. These are done in MF.
They are entered with the KP TRBL (Key Pulse Trouble) key followed by a two
digit trouble code followed by an ST. A trouble code for beeper trouble could
be entered as KP TRBL+62+ST, and speech scrambler trouble could be KP
TRBL+89+ST. Some of the other reasons for trouble codes are: Crosstalk, No
ring, Noisy, can't hear, improper supervision toward the called and calling
parties, cutoff, positions crossed, coin collecting trouble, third re-order,
distant operator no answer, echo, data transmission, no answer supervision, ST
key lit for more than 4 seconds, and others for person-to-person and
station-to-station completed collect calls.

Maintenance and traffic measurements

    These reports can be output from a maintenance or engineering and service
data TTY, daily or hourly. Each daily report contains data for the previous
day. Some traffic counts are as follows:
    Total Verification attempts, VFY key depressions, VFY key depressions when
the requested number is out of TSPS range, VFY key depressions in which the
requested number wasn't verifiable, BLV trunk seizures which pass an
operational test, and EMER INT attempts. Other traffic counts include the
measurements for usage of BLV trunks, the amount of time BLV trunks were
unavailable, and the number of times BLV trunks were seized.

    I hope this file has helped people further understand how the BLV system
works. If you haven't read part I, get a copy of Phrack Inc. Issue XI and read
file #10.

    As said earlier, most of this information comes directly from Bell System
Publications and so it should be viewed as correct. However, if you do find
any errors then please try to let me know about them so they can be corrected.

Suggested reading

TSPS Part I: The console-Written by The Marauder, LOD/H Technical Journal
Issue No. 1, file #4

Busy Line Verification-Phrack Issue XI, file #10

Busy Verification Conference Circuit-Written by 414 Wizard

Verification-TAP issue 88, Written by Fred Steinbeck

Bell System Technical Journal, Vol. 59, No 8.
Bell Labs RECORD periodical

And the following people for contributing information in some form:

Mark Tabas, Doom Prophet, The Marauder

                               ==Phrack Inc.==

                     Volume Two, Issue 12, Phile #9 of 11

Rebuttal to Phrack Issue 8 and 11 (File 11)
Written by Scan Man.....

It has been requested of Taran King (Who doesn't agree with KL on this subj)
to put this somewhere in the next issue of Phrack (12) for proper
distribution. Whether he does or not I cannot say.

     Well a number of months have gone by now and I have been written about
accused of and had rebuttals written for me, all of which were about as clear
and factual as mud. And that includes the rebuttal that Telecomputist has in
effect tried to stand with me, and making matters only worse by inaccurate
information. But then all of this started with inaccurate information from
PWN, didn't it. KL has resorted to interfering in other peoples lives in order
to promote his so called news publication. To this I say, if you are going to
call it news then make it facts. I can buy the Enquirer if I want sensational-
istic readership boosting and inflated gossip. You do no justice to yourself
or your publication. I really shouldn't dignify any of this with comment but
shall as the entire matter has been blown so far out of proportion and since I
have been phreaking since these kiddies were still messing their diapers I
feel it a little more than an inconvenience, particularly since these
gentlemen (and I use the term loosely) can't seem to accomplish anything but
guesswork and conjecture and have cost me (and my wife and son) a $50,000 job
so the least I can do is get a few FACTS out.

First, I was (and I stress was) employed by a company called Telecom
Management Corporation. Notice the initials of this company (TMC). Telecom
Mgnt is a management company, and a management company manages other
companies. Among the companies it manages are 6 TMC Long Distance markets
(none of which are in Vegas), two of which are in Charleston where I live and
NY where I worked (up until two snotty nose teenagers (KL & SR) decided to
stick there nose where didn't belong). At any rate I was hired and paid by
Miami, lived in Charleston, and worked in NY. And yes with regard to your "he
must have been quite an asset to them," I was an asset to them. And KL you
seem to think it was surprising that they flew me to NY every week. I don't,
and I'm sure the other 100 businessmen on my flights who I traveled with
regularly would be surprised that they carried the unique distinction of being
somehow in the wrong for having their companies send them to NY every week.
I'll have to tell them this one for a good laff next time I get a 50,000
dollar a yr job that sends me to NY. Moving right along, I will add that I was
employed as a Systems Analyst. When I was originally hired, my interview was
by a fellow from Miami (Telecom Mgnt) and the interview was conducted in the
Chas office (one of the few times I was ever in there). This however doesn't
explain why Pauline Frazier and Ben Graves knew me or didn't care for me. The
reason for this was quite simple: they both knew about me and the bulletin
board and had also been trying to catch me stealing calls from there company
(don't know where they ever got that idea ). At any rate they obviously
were quite unhappy because I got that job.

The next comment in rebut to Telecomputist which was a rebut to PWN Phrack
Issue 8 (what a nightmare), was, and I quote, "I claimed not to have any ties
with Vegas but didn't claim not to have ties with TMC." Boy talk about factual
journalism, really grabbing for straws aren't you. Anything to make me look
bad huh? Wonder why. Wouldn't be for more copies for your next issue would it?
As you could see at the beginning of this rebuttal I clearly stated that
Telecom Management ran 6 TMC markets as well as other companies and that they
were connected but separate from each other. Although none of it is relevant
to any of this, but that doesn't matter when you are out to get copies for
your next issue does it KL. At any rate this also shows where Telecomputist,
although trying to do a good thing, got their facts mixed up too by
misunderstanding the fact that Telecom Managements initials were the same as
TMC and were unrelated companies when actually they are.

In you next comments you say, "The rest of my statements are highly debatable"
(might try looking at a few (no make that all) of your own). You also said
that my statements have no proof (as if yours are so damn factual). First, I
don't have to prove a thing to assholes like you or anyone else for that
matter. You also state your decision (as if you have the right to make any
decisions about me, (shit boy you don't even know me, but you may soon) was to
do nothing because of lack of proof. And you call what you came up with truth?
Based on what, your vast personal knowledge of me, your knowledge of something
some phone phreak told you, because of having worked with me? As for providing
more ammunition to the idea, I'm not what I claim to be. I have claimed to be
nothing, it's you doing all the claiming. And there is no "ammunition" to be
had from the Telecomputist article as it was about as accurate as yours have
been. Shows you what two people who know nothing about nothing can do if they
put their minds to it. I might add that this is the first and last statement I
have personally written that has anything to do with any of this. You also
stated that, "after three months you had proof," yet you have shown only
words, not a speck of proof or truth. You have taken the Telecomputist article
apart and tried every way there was to tear it apart, most of which was
guesswork and innuendo. Examples of this are your quotes of, "Gee isn't that
awful expensive," "Notice how he didn't say he had no ties with TMC,"
"Statements were highly debatable," "Now that he has had a few months to come
up with a story," etc., that's some real facts there KL, you're a real
journalist who deals only with facts. You're not out for gossip or character
assassination. Riiiiiight. I've just been waiting for you to put your foot in
your mouth (in this case both feet). (Don't worry, I'm sure they will fit

I think it's also time to tell the story of how all this got started. It's
really a comedy of errors (only I'm not laffing). As I stated earlier I was
paid by Miami, as that's where the home office was. This meant that on
occasion I also went to Miami as well as NY. In Dec of 85 I learned of a new
organization being formed called the CFCA (Communications Fraud Control
Association) although in addition to communications, they support computer and
credit security as well. Knowing that all the top security people were going
to be there and being a good phone phreak on the eternal quest for inside
knowledge, I wanted in on this conference which was held the 6th, 7th and 8th
of Feb 86 in Miami. Soooooo I convinced Telecom that we should check these
People out for some benefit to our company with regard to my job (Systems
Analyst) as after all it was my job to not only develop and operate the
companies' computers but keep them secure as well. So I had had the perfect
excuse to get me in the conference. They agreed with me and went for it and
paid for my flight down there and the conference fee. Moving right along, it
was the 1st day into the conference when just at lunch I was talking to a guy
from Pac NW Bell named Larry Algard (whose name I had forgotten til Sally Ride
showed up on the BBS saying Larry the Algardian had sent me a couple of weeks
later). At any rate while talking to this guy, a security agent from one of
the other LD companies that was there came up and said, "Aren't you Scan Man,
the guy that runs P-80?" Needless to say I about shit, and had to come up with
a damn good answer in about a 100th of a second. Knowing I was there legally
with the authority of my company, I answered back (in front of Larry Algard),
"Yes, but unbeknownst to my members it's an undercover board for TMC the
company I work for." And since Telecom Management Corporations initials were
TMC and they did manage 6 TMC LD companies I knew I was safe if he decided to
check me out, which I was worried about because earlier this same guy (the one
that said, "Aren't you Scan Man") had made a comment about the security of the
meeting and that he believed hackers had infiltrated the meeting. At any rate,
I was out of the fire with this guy and everyone (about 7 others) standing
around in our circle. It does however get worse. Two weeks later I got a new
user on the board named Sally Ride saying, "Larry The Algardian sent me" and
the msg subj was titled Scott Higginbotham.  I answered the msg asking him
where he got that name (Scott Higginbotham, my real name) but he thought I
meant where did he get the name Larry the Algardian (see msg reprint below).
His reply is as follows (actual copy of msg)

Scan Man, I got the name from an electronic memo from Sec. Mgr. Larry Algard
to his boss, George Reay. Since I've access to these files via PNB's UNIX AOS,
I read about Algard's meeting with Scott at a CFCA Conf. in Miami. It's nice
to be able to know what the other side is up to, but how did you infiltrate
CFCA? I was able to infiltrate PNB Sec. thru their own system. But, to attend
such a meeting of the toll carriers of the nation and learn their plans to
combat us is a real coup!  Understand where I'm coming from?
Sally Ride:::Space Cadet

Now from this msg you can see two things: first that Sally Ride is a two faced
little S.O.B., plus you can also see why he would think I was fed. I can
almost (again I stress almost) understand why he was suspicious. This msg also
points out that at least in his msgs to me he was of the opinion that I had
infiltrated the conference (not that his opinion about anything matters).
Then, on a social ladder climbing binge, he turns it around to me being one of
them (as if he was the only person in the world who could infiltrate
something). To this I say again, I was doing this when you were still in
diapers (SR). Even though I can legitimately understand why he would think I
was a fed as this at least "APPEARS" to be proof that I'm a fed, by that I
mean if I had broken into a telco security computer and found a msg saying
that so and so was running a sting board, I would be prone to believe it
myself. What Sally didn't know was that I had to say that at that conference
to keep from being fried myself when confronted by a security agent who
recognized me. But then what are the odds of someone breaking into the very
computer reading that very msg. If it were me and I was going to take this
information to the phreak community I would have to state the facts, which
were that he found this msg, "then print msg". I would not go into the
guessing that he and KL did in the original Phrack article (or this last one,
since the first obviously wasn't enough). But back to the point of all of
BBS?"  See what I meant about a comedy of errors? Do you also see why
sometimes what is apparently the truth isn't always what it appears as. Do you
also see what I mean about gossip and poor journalism? This is not the first
time that Sally  or KL has tried to distort facts and interfere with people's
lives. I am referring to the past David Lightman incident. Instead of
belaboring this point, I shall, in the fashion of the great journalists (KL &
SR), reprint another msg from Sally regarding this other incident in order to
show what kind of individual we are dealing with (a 19 yr old who if he spent
as much time hacking and phreaking as he does stretching the facts and butting
into peoples lives might be a good phreak/hack).

From: Sally Ride

Well a couple of things..first about Phrack World News..the above mentioned
article about Blade Runner and David Lightman was credited to David Lightman
and Blade Runner and someone else, maybe K.L. I really don't know either David
or Blade that well, but when someone is accused of being a cop, or a phone
cop, or whatever, I see no reason to keep that a secret from the phreak-world.
Everyone is able to make their own conclusions based on the information
provided and considering the sources. Finally, and I hope this ends all
discussion about this on the "Elite" section of this BBS. Is that what is
allowed for discussion here? Really, character assassination should be kept to
the War Room of some other K-Rad luzer BBS. Secondly, thanks to all who kept
me up to date on the status of the BBSes that had suddenly dropped out of
sight all for separate unrelated reasons. I found The Twilight Zone, now the
Septic Tank, it's back at 203-572-0015, old accounts intact. Taran King's
Metal Shop Private should be back up within hours of this message, see PWN 6
for the details. And Stronghold East is still down as far as I know, should be
back around 7/1. Broadway's always been weird but turning informant? Will
wonders never cease? And, TUC has a board again? And, here I thought he was a
"Security Consultant", per W.57th St. Who knows who's side who is on?  Scan
Man, here's news from your neck of the woods. A company named Advanced
Information Management Inc. run by Robert Campbell. The June 23rd issue of
Communications Week says this guy and his 17 consultants are all over the BBS
world. They are based in Woodbridge, VA. Know anything about them? Sound like
some more narcs to worry about.  What is the true story on Ralph Meola? PWN 6
says he's the head of AT&T Security.  Has anyone ever heard of him before?
Sally Ride:::Space Cadet

I believe your words were, "character assassinations should be kept on some
k-rad Luzer war board" (try taking some of your own advice, or is it different
when it's your friend). You also made the statement that everyone should be
able to make their own decisions based on the sources. In my case it's two
guys that don't know me or really anything about me (KL & SR). Did anyone also
notice Sally's tendency toward a persecution complex? Everyone he mentioned in
the msg is thought to be a phone cop. I mean, really, take a good look at that
msg. It's quite obvious this boy is playing God and deciding who is and isn't
on who's side (you're not the only one who saves msgs). He's either attacked
or defended (mostly attacked or insinuated) about 5 people in one msg of being
the bad ole phone cop. Who set you two up as judge and jury? As to how I feel
about it, I'll use an old saying with a new twist, "If you want to hear the
jukebox, you damn well better have a quarter," better known as "pay the
piper". Does it sound like I'm upset? I mean how would you feel if you had
trouble keeping your family fed, heated, and housed because some asshole that
just hit puberty stuck their nose into your life. Tell your son, no he can't
go skating because you don't have the money because........etc.....Also I
might add that a number of us old guards who were phreaking before there were
computers and BBSes such as my old friend, Joe Engressia (Secrets of Little
Blue Box, Esquire 71) (avail P-80) and others have done actual security work
(not busting heads) defeating security systems on new payphones (test before
marketing) etc for yrs. I don't see anyone jumping up and yelling phone cop on
these guys. People who are admitted security people who also claim to be
phreaks are ignored. So why all the stink with me? In closing I would like to
say that I have little doubt that in their usual fashion KL and/or SR will
attempt to go over every word I have typed looking for more SO CALLED FACTS.
Any way you try to reword it will only be more twisting and supposition.  Sooo
be my guest. You will get no more comments from me. The next time either of
you two hear from me, you better have your Quarter for the jukebox cause it
will be time to pay the piper.

P.S. KL do me a favor and call my board and let me know whether you will be at
this phreak conf in St Louis. If so I recommend old cloths, and clean

(Oh yes and a quarter.)

Scan Man (3-10-87)

                               ==Phrack Inc.==

                    Volume Two, Issue 12, Phile #10 of 11

             PWN                                             PWN
             PWN    >>>>>=-*{ Phrack World News }*-=<<<<<    PWN
             PWN                 Issue XII/1                 PWN
             PWN                                             PWN
             PWN       Created, Compiled, and Written        PWN
             PWN             by Knight Lightning             PWN
             PWN                                             PWN

Local News                                                      March 20, 1987
        This issue of PWN marks the anniversary of Metal Shop Brewery.

Things are looking up.  Metal Shop Private is back and all previous members
are asked to call back.  The same passwords and logons still work and even
better, the old posts have been saved despite the hard drive crash a few
months ago.

       Phrack XIII will be released on April 1, 1987; April Fool's Day!

It features joke files, fiction files, humorous files, and of course, rag
files.  With all the seriousness of the regular issues of Phrack, this is a
chance to release some building flashes of comedy.  Please note that files for
Phrack XIII can only be submitted by members of Metal Shop Private.  This does
not apply to other issues of Phrack.  Don't miss it!

                                SummerCon 1987
For those that don't already know, TeleComputist Newsletter and Phrack Inc.
are sponsoring this year's big phreak gathering in St. Louis, Missouri.  As
many of you may note, St. Louis is the home of Metal Shop Private, Phrack
Inc., and TeleComputist Newsletter.  We all hope that since St. Louis is in
the middle of the country that it will be easy for people to attend.  We
extend an invitation to anyone who wants to come.  We will have a conference
room and two suites in a hotel in St. Louis.

The official date for SummerCon 1987 is June 19,20.  This is far enough into
the summer that everyone of the younger generation should be out of school and
early enough that no one has to worry about facing reality right away.  This
date has also been chosen specifically as to not interfere with the St. Louis
VP Fair (Vale Profit).

If you are going to attend SummerCon, we ask that you contact Knight
Lightning, Taran King, or Forest Ranger for more details.  The TeleComputist
Information Line is (314) 921-7938.  The names of those attending will be kept
confidential so as to not cause anyone discomfort, however we do ask that you
identify yourself at the conference by means of a name tag or some form of
identification.  Security personal is welcome to attend, but we request that
you let us know ahead of time.  If anyone, especially security personnel,
would like to speak at SummerCon please also let us know and we will schedule
you in.

:Knight Lightning

Hackers Caught Using Credit Card To Buy More Equipment       February 20, 1987
By Ben L. Kaufman of The Cincinnati Enquirer

                       "I was uneasy about the pickup."

Two young "hackers" in Milford using an electronic bulletin board to get
stolen credit card numbers and buy hardware to expand their computers.  Now
they're in big trouble because unauthorized use of a credit card is a federal
offense and the Secret Service caught them.  "Computer-aided credit card fraud
is increasingly common, said special agent in charge, James T. Christian on
Tuesday, "but using the filched name and number to enhance computer clout was
a unique touch."

The two youths had a $1,300 order sent to an abandoned house on Ohio 131E,
Christian said, but when they picked it up an agent was waiting with the UPS

John Martin Howard, 21, 5788 Meadowview Drive, Milford was cited before U.S.
magistrate J. Vincent Aug Jr., who accepted his plead to guilty Monday and
released him on his promise to return when summoned.

"I was uneasy about the pickup," Howard recalled in a telephone interview. The
risk of getting caught "was in the back of my mind."  And it was an awful
moment when the Secret Service agent confronted him and his juvenile buddy,
Howard added.  "I think they were surprised," Christian said.  Howard was
charged with attempted use of an unauthorized credit card.  His juvenile
partner -- who refused to comment Tuesday -- was turned over to his parents.

Christian said the youths ordered equipment from Computer-Ability in suburban
Milwaukee paying with the stolen credit card.  A sharp-eyed store employee
noted purchases on that credit card were coming in from all over the country
and called the Secret Service.  Within two weeks the trap in Milford was set.

Howard said his young friend knew the Cincinnatian who led them to the
bulletin board filled with the names and the numbers of stolen credit cards.
"We got it from somebody who got it from somebody who got it from somebody on
the east coast," Howard recalled.  That new acquaintance also boasted of using
stolen card numbers from electronic bulletin boards to buy expensive
accessories and reselling them locally at bargain process.

He and his friend used the stolen credit card to upgrade his Atari 800 system,
Howard said.  "We ordered a bunch of hardware to use with it."  In addition to
the purchase that drew the secret service to them, Howard said they "ordered
other stuff, but before we received anything, we were picked up."  Howard said
he'd had the Atari about two years and was getting bored with it and home
computers in general.

He had taken computer programming for eight months after high school, he said,
but hadn't used it.  He would like to try computer-aided design and
engineering, but right now, he's working in a pizza parlor.  Christian said
Howard's parents had been enthusiastic about his computer interests and
friends who shared them.  "They though it would keep them out of trouble."

Assistant U.S. attorney Kathleen Brinkman and Christian said the Cincinnati
area investigation was continuing and numerous juveniles, some quite young,
may be involved.
                              Thanks to Grey Elf

             Re-typed for PWN into lowercase by Knight Lightning

Hang On...  Phone Rates Are Falling Again!                          March 1987
>From Changing Times Magazine March 1987 Issue

No news that long-distance rates are still headed down, but now local rates
are poised to follow, at least in some areas.

Competing long-distance carriers have already been forced to react to AT&T's
January rate cut, which averaged 11.2%, with cuts of their own.  Now the
Federal Communications Commission [FCC] may propose that an additional $1 or
$2 be added to the subscribers line charge, the $2-a-month access charge that
every residential customer pays.  If that happens it would compensate.

Since AT&T's divestiture in January 1984, the telephone services component of
the consumer price index has risen 17.4%, reflecting a 36.7% increase in local
rates at the same time long-distance charges were falling.  But price
increases for overall service have moderated each year, falling 2.7% in 1986
from 4.7% in 1985 and 9.2% in 1984.  That trend should continue as local rates
stabilize and even fall.  Wisconsin and Vermont, for example, have ordered
local companies to make refunds, and a number of states - New York,
Pennsylvania, Washington - are considering lowering rates to reflect the
improved financial position of local phone companies.  Those companies will
benefit from tax reform, and lower inflation and interest rates have resulted
in lower expenses in several other areas.

Things are not looking good for some of AT&T's competitors in the long
distance business, however.  Forced to follow AT&T's rate cuts, both MCI and
US Sprint are hard-pressed financially, and analysts don't rule out the
possibility that one or both could get out of the long-distance business,
potentially leaving AT&T a monopoly again.  But that would be "politically
unacceptable," says analyst Charles Nichols of E.F. Hutton.  Some
alternatives:  allowing regional phone companies to enter the long-distance
business or allowing AT&T to keep more of the profits it earns from increased
efficiency instead of forcing the company to cut rates.  That would take some
pressure off competitors.

                          Special Thanks to Stingray

Police Arrest Computer "Hacker" Suspect                         March 15, 1987
>From the St. Louis Post-Dispatch

   "MCI told police it was losing $2.7 million a month to such 'hackers.'"

A computer software engineer [Robert Wong] has been arrested at his home in
Maryland Heights, Missouri on suspicion of trying to get into the computer
system of MCI Telecommunications Corporation.

The case is the fourth in this area involving computer "hackers" who have
tried in recent months to get into MCI's computer system, police say.

Detective John Wachter of the Maryland Heights Police Department said the
department would seek a warrant today charging the suspect with "tampering
with computer users," a felony.

The charge is being sought under a state law enacted last year to deal with
hackers - people who try illegally to tap into other computer systems.

The suspect is Robert Wong, 23, of the 2000 block of Maverick Drive, Maryland
Heights, Missouri. Police tracked down Wong by a court-sanctioned "trap" on
his phone after MCI learned that someone was trying to tap into its
long-distance lines.

In a written statement to police, Wong said he "came across" MCI's programs
and access codes.  He said he was "amazed" when he got into the system. "I
know it was illegal, but the urge of experimenting was too great," he told

                         Typed For PWN by Taran King

PWN Quicknotes
In upcoming months P-80 will be moved from her ole TRS Model 1 to an IBM PC
compatible.  In addition to a boost in storage capacity (amount still
undecided), P-80 will be adding a new "user to user" direct file/program
transfer thus allowing the membership the ability to privately send text or
programs directly to another user.  There will also be the ability to forward
a message with text/program attached) to another user after receipt. (2/26/87)

                               Information from
              <S><C><A><N> <M><A><N> & P-80 Information Systems
If you consider yourself a phreaker or a hacker in any way, shape or form,
then read on!  The Telecom Security Group is sponsoring the first on-line
hack/phreak survey.  It consists of about 30 minutes work of answering
questions (or until you want to stop) that pertain to phreaking, hacking, the
security, and the attitudes surrounding it all.

You are allowed to identify yourself during the survey if you wish or you may
remain totally anonymous.  It's really just the general answers that will
count.  Call now:  914-564-6648 (914-LOG-ON-IT) and type SURVEY at the main
prompt to get the survey.  Thanks for your involvement, and do spread the word
to any board that considers itself phreak/hack oriented.

                   Information by Taran King & Tuc (2/6/87)
Telecommunications giant AT&T is lying in its advertisements that claim it has
an exclusive toll-free number for foreign clients to reach U.S. businesses,
its competitor says in a lawsuit.

Worldwide 800 Services Inc. says that it has filed suit against AT&T with the
FCC, charging AT&T with false advertising.  The ads by AT&T claim that it can
provide a global telephone network that would allow clients in foreign
countries to call a toll-free number to reach businesses in the United States.
AT&T claimed that "You won't find this type of service anywhere else."

Worldwide 800 says that their company provides toll-free service from any
foreign city to the U.S., whereas AT&T can only provide toll-free service on a
countrywide basis.  An AT&T spokeswoman denied all of the charges, stating
that the advertisement in question was neither fraudulent or deceptive.  If
Worldwide 800 Services wins the case, they state that they will demand
corrective advertising and seek monetary damages.

                    Information from Lucifer 666 (3/1/87)

                               ==Phrack Inc.==

                    Volume Two, Issue 12, Phile #11 of 11

             PWN                                             PWN
             PWN    >>>>>=-*{ Phrack World News }*-=<<<<<    PWN
             PWN                 Issue XII/2                 PWN
             PWN                                             PWN
             PWN       Created, Compiled, and Written        PWN
             PWN             by Knight Lightning             PWN
             PWN                                             PWN

Toll-Free Woes                                                January 26, 1987
>From Time Magazine; reprinted in the February 1987 Issue of CO Magazine

While Oral Roberts struggles with budgets, fundamentalist preacher Jerry
Falwell faces a different kind of money pinch.  The Lynchburg, VA,
televangelist has long used toll-free phone numbers to assist viewers seeking
spiritual help.

For many months Falwell foes, aware that each phone-in cost $1, have purposely
clogged his lines.  An Atlantan programmed his computer to dial Falwell every
30 seconds.  Before Southern Bell stepped in, the stunt cost Falwell $750,000.

Late last year, the Daily Cardinal student newspaper at the University of
Wisconsin -- Madison ran a column advocating "telephone terrorism" and listed
several targets, including Falwell.

The TV preacher estimates that annoyance calls cost him more than $1 million
last year, not counting lost donations.  Falwell, who is considering legal
action, regards the calls as "unlawful activities" that do "injury to the
cause of Christ."

[Well now...isn't that special?  And just where did all these people get the
idea to do "injury to the cause of Christ?"  From me, Knight Lightning?  No, I
don't think so.  From oh maybe Phantom Phreaker?  No, I don't think so.
Possibly Lucifer 666, but the big question is...     Could it be... SATAN!!!?]

                      Typed For PWN by Knight Lightning

Voice numbers:  Are They Really Necessary?                      March 5, 1987
A recent series of events on ShadowSpawn BBS has attracted much attention in
the hack/phreak community.  It seems that the sysop, The Psychic Warlord,
denied access to Lex Luthor, Kerrang Khan, and Silver Spy because of their
failure to leave valid voice phone numbers.  The following messages have been
taken from ShadowSpawn BBS.  [Some posts have been re-formatted].
 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
32/50: This board...
Name: The Psychic Warlord #1
Date: 6:36 pm  Thu Feb 26, 1987

    Alright goddamn it, I'm so fucking pissed off that I'm just about ready to
say Fuck It and take down the board for good.  Why?  Seems that few people are
happy with the way I run this board.  No, not really with the way I run it,
but more like the way I choose to validate my users.  Ok, fine...  You don't
like it then get the fuck out and quit complaining.

    I set certain rules that people have to abide by to get access to this
board.  Very simple fucking rules.  And now I'm finding out that people don't
want to abide by these rules, and basically tell me I'm fucked in the head for
having and going by them.  What rules?  For one thing, and this is the major
bitch-point here, new users (no matter WHO THE FUCK they are) are *REQUIRED*
to leave a valid voice number where I or Ctrl can reach them at for
validation.  No big fucking deal...  Just a goddamn phone number.

    "Oh, but I can't give you my voice number.  I'm a hacker, and I do untold
amounts of illegal things and I can't risk my number getting out."  Riiight.
Like I'm really some fucking Fed who's gonna bust yer ass, or some geek who
gives out peoples phone numbers to any-fucking-body who asks.  BULLSHIT!

    I'm the Sysop of a (hopefully) respected BBS, and along with that goes a
certain responsibility.  I'm not about to go passing out peoples numbers.  *I*
have respect for other hackers privacy, unlike some people who choose to
invade mine just for the fucking hell of it.  I require that new users leave
their voice numbers for a number of GOOD reasons:

1) Trust -- If they can trust me with their voice numbers, then I can trust
            them with access to my board.  I need that kind of trust between
            me and my users.  If they feel that they can't trust me enough to
            give me a lousy phone number, then how in God's name am I supposed
            to be expected to trust them at all??  My ass is on the line just
            as much (if not more) than any user of this board!

2) Security -- Ok...  So how do I know if someone is really a Fed or not?  I
               don't!  I go by instinct.  Having a person's voice number let's
               me call them for validation and get to know them a helluva lot
               better than I could through e-mail.  Plus, if suspicion ever
               arose about a user of my board being a Fed or not, how could I
               check this out?  If I don't have their voice number, I have no
               leads as to where to find or who the fuck this person really
               is. Now I don't go checking everyone on the board via the
               numbers they give me.  I have NEVER had to do that for ANY
               user, but the possibility is there.  And rather than throw a
               possibly innocent person off the board merely on a hunch, we
               might be able to prove whether or not it's true.  This is
               extremely hypothetical, but like I said...  the possibility is

   Ok, so why the hell should I have to require that established people, like
Lex Luthor and Silver Spy, leave valid voice numbers?  Is it fair to the other
users?  Hell no.  If I required only certain people to give me their numbers,
then what does that do to their trust in me??  It's like me saying, "Well, I
don't trust you...  I don't know you that well.  You have to sacrifice more
than these guys to get access."  That's BULLSHIT, and I'm not about to do it.
If one person is required to give a valid voice number, then every damn user
is required to!

   I've been getting a lot of shit the past couple days because I've denied
access to some very well known and respected people in the hack/phreak world.
Namely Lex Luthor, Silver Spy, and Kerrang Khan.  I denied all of them access
because they all refused to leave a voice number.  Fine.  Then they don't get
access.  Ctrl [Ctrl-C is a cosysop on ShadowSpawn] said I was crazy.  Taran
said pretty much the same.  Taran also tried to get me to change my mind...
to condescend, or go against what I believe in and how I believe this board
should be run.  He (Taran) said that by my denying Lex and the others access
that I would be hurting this board more than helping it.  ***I DON'T GIVE A

   I'm not impressed in the least with any of those peoples reputations.  I
never have been a "groupie" and I'm not about to start now.  Whether or not
they are good or not isn't the issue here, and some people don't seem to
realize that.  Yes, Lex is good.  He's well known.  He's even a nice guy...
I've talked to him before and personally I like him.  But I don't play
favorites for anyone.  Not Lex, not Silver Spy, and not Kerrang Khan.  Nobody.

   What really pissed me off, and I should have told Taran that I resented it
at the time, is that TK said that apparently this board is "elite".  That I
consider this board to be too good.  Personally I think this fucking board is
overrated, and yes Taran...  I resented that remark.  I can't remember exactly
what he said, but it was something like, "In your logon message you have
'We're not ELITE, we're just cool as hell,' but apparently you ARE elite."

   This board isn't "elite" and if I come off seeing that way sometimes, it's
only because people are getting half the picture of what I'm doing.

    Ok, so I deny Lex Luthor access to this board.  That's all you people seem
to think about.  The actual denying of access.  You think, "How can he do
that?!  What gall!  He must be a real egotistic bastard to think that Lex
Luthor isn't good enough to be on this board!"  If you think that, and most of
you have thought only that, then you're fucked in the head.

   Yes, I realize who these people are!  Yes I know their reputations and how
they are renowned for their skills as hackers and phreakers...  But like I
said before, that's not the issue.  It never was.  I *KNOW* how good these
people are.  I *KNOW* about their reputations and I respect them for it, but I
don't care.  That's not why they've been denied access!

   When I deny someone access to this board it's usually for one of two

1) They left a false voice number  or
2) They either blew off or left really crappy answers to the filter.

    Personally I'd be thrilled to have Lex or Silver Spy on the board... and
any of a number of people.  But these people can't find it in themselves to
trust me. If they can't trust me, then I can't trust them.  It's as simple as

   I'm not about to let anyone on this board that I can't trust.  It's not
fair to the other users, and it's damn stupid of me.  I run this board the
best way I know how.  I do what I do in respect to new user validations
because it's the best way, through trial and error, that I have found to
handle it.  If people can't respect the way in which I choose to run my board
then I'd appreciate it if they never called.  And when regular users of my
board start questioning the way I do thing, and telling me that I'm WRONG for
doing things the way I believe they should be done, then I really start to
wonder what the fuck I'm doing it for at all.  I'm not a quitter, and I don't
like the idea of giving up and taking down the board.  I'm going to run this
board the way I think is best, and I'm not about to conform to what other
people think I should do.

   I've probably stepped on some toes and offended some people with this, but
that's just too damn bad.  I hate fighting the topic but I'll fight it if I
have to.

                          --==The Psychic Warlord==--

37/50: Take a fucking valium
Name: Taran King #45
Date: 9:02 am  Sat Feb 28, 1987

You're known for an explosive temper, PW as well as sometimes being extremely
irrational.  My policy is to let people on the my board with voice numbers
only.  Through the history, I've made maybe 5 exceptions.  Some of 'em include
Lex, Spy (at first), Tabas, Videosmith, and Phucked Agent 04.  Now, I never
got anything out of PA04 because he got a "call" soon after he got on the
board, but the rest of the members have contributed extremely well to the
board.  I just made sure I knew it was really them by referencing and cross

If your morals are that unbendable, PW, then you need to relook at the purpose
of this board.  If it's to spread phreak/hack knowledge as you said on the
phone, then to have those people on with the experience that they have would
hardly hinder the board.  I seriously doubt anyone would feel offended if any
of the forementioned people got on here without leaving a valid voice number,
being that they're not on any other board with a voice number.

I know that Lex is not giving out his number to even the best of his
friends.  Spy is really careful about it these days.  Not so sure about
Kerrang but he's travelling about now so he's not in one place for too long
nowadays.  It's your board and I was trying to give you some constructive
criticism, but you took it the wrong way.  You don't have to claim you're
ELITE to be elite.  Elite merely means that you've got the respected members
of the community on board.  Well, you've got 'em.  If you don't like it, I
suggest you go through and purge the log like a big dog.  Actually, fuck it.
I'm tired of getting into arguments for trying to help someone.  Feel free to
delete my account if you feel that I've not contributed enough information to
the board, or if you've rethought the purpose and decide that it's not for
what I've contributed, dump me.  Fuck dis

44/50: Well...
Name: The Psychic Warlord #1
Date: 4:57 pm  Sun Mar 01, 1987

   I'm glad that some people agree with me on this.  I can understand Lex's
point of view, too.  I can also remember a time when I myself refrained from
giving my number to any sysops.  But...  I've changed my point of view
considerably after living the Sysop life for well over 1.5 years.  Now if I
ever wanted access to a board, and the Sysop of that board asked for my voice
number, I'd give it to him.

   I've given Lex access to this message base for a short period of time so
that he can check out the discussion.  He called me voice the other day and we
talked for a while about this whole biz.  I'd like him, and Spy, on the board,
and possibly they'll change their minds.  If not, that's cool.  I'm just going
to let the whole thing kind of slide from here on out.  If they change their
minds, great...  Well, Adios.

                          --==The Psychic Warlord==--

 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Kerrang Khan, when notified that he must leave a voice number, said "there is
no reason Psychic Warlord would need any user's phone number."  He also stated
that the fact that PW insisted on voice numbers was very "suspicious."

Silver Spy, when notified that he must leave a voice number, never bothered
calling again.

Lex understood the whole situation and remained cool.  He said he could see
why a sysop would need voice numbers of his users.  Lex was worried about the
board he left it on getting busted and the authorities getting his number.  So
PW, in response to this deleted all users phone numbers from the board and
encrypted them in a hidden sub-directory.  Now the numbers are there only and
are totally hidden.
                           Information Provided By

            Lucifer 666/Psychic Warlord/ShadowSpawn BBS/Taran King