Phreaking
Phreaking is a slang term coined to describe the activity of a culture of people who study, experiment with, or explore telecommunication systems, such as equipment and systems connected to public telephone networks. The term phreak is a sensational spelling of the word freak with the ph- from phone, and may also refer to the use of various audio frequencies to manipulate a phone system. Phreak, phreaker, or phone phreak are names used for and by individuals who participate in phreaking.
The term first referred to groups who had reverse engineered the system of tones used to route long-distance calls in the 1960s. By re-creating the signaling tones, phreaks could switch calls from the phone handset while avoiding long-distance calling charges which were common then. These fees could be significant, depending on the time, duration and destination of the call. To ease the creation of the routing tones, electronic tone generators known as blue boxes became a staple of the phreaker community. This community included future Apple Inc. co-founders Steve Jobs and Steve Wozniak.
The blue box era came to an end with the ever-increasing use of digital telephone networks which allowed telecommunication companies to discontinue the use of in-band signaling for call routing purposes. Instead, telecom companies began employing common-channel signaling, through which dialing information was sent on a separate channel that was inaccessible to the telecom customer. By the 1980s, most of the public switched telephone network in the US and Western Europe had adopted the SS7 system which uses out-of-band signaling for call control, therefore rendering blue boxes obsolete. Phreaking has since become closely linked with computer hacking.
History
Phreaking began in the 1960s when it was discovered that certain whistles could replicate the 2600 Hz pitch used in phone signalling systems in the United States. Phone phreaks experimented with dialing around the telephone network to understand how the phone system worked, engaging in activities such as listening to the pattern of tones to figure out how calls were routed, reading obscure telephone company technical journals, social engineering, building electronic devices called blue boxes, black boxes, and red boxes to help them explore the network and make free phone calls, hanging out on early conference call circuits and "loop arounds" to communicate with one another and writing their own newsletters to spread information. Phreaking was especially prevalent in universities, where it began spreading much like computer hacking would in the following decades.Before 1984, long-distance telephone calls were a premium item in the United States, with strict regulations. In some locations, calling across the street counted as long distance. To report that a phone call was long-distance meant an elevated importance because the calling party is paying by the minute to speak to the called party.
Some phreaking consists of techniques to evade long-distance charges, which is criminalized as "toll fraud". In 1990, the pager cloning technique arose and was used by law enforcement.
In the UK the situation was rather different due to the difference in technology between the American and British systems, the main difference being the absence of tone dialing and signaling, particularly in the 1950s and 1960s. Still, US and UK phreaking often reflected a shared culture.
The tone system in the United States has been almost entirely replaced, but in some countries, in addition to new systems, the tone system is still available, for example in Italy.
Switch hook and tone dialer
Possibly one of the first phreaking methods was switch-hooking, which allows placing calls from a phone where the rotary dial or keypad has been disabled by a key lock or other means to prevent unauthorized calls from that phone. It is done by rapidly pressing and releasing the switch hook to open and close the subscriber circuit, simulating the pulses generated by the rotary dial. Even most current telephone exchanges support this method, as they need to be backward compatible with old subscriber hardware.By rapidly clicking the hook for a variable number of times at roughly 5 to 10 clicks per second, separated by intervals of roughly one second, the caller can dial numbers as if they were using the rotary dial. The pulse counter in the exchange counts the pulses or clicks and interprets them in two possible ways. Depending on continent and country, one click with a following interval can be either "one" or "zero" and subsequent clicks before the interval are additively counted. This renders ten consecutive clicks being either "zero" or "nine", respectively. Some exchanges allow using additional clicks for special controls, but numbers 0-9 now fall in one of these two standards. One special code, "flash", is a very short single click, possible but hard to simulate. Back in the day of rotary dial, technically identical phone sets were marketed in multiple areas of the world, only with plugs matched by country and the dials being bezeled with the local standard numbers.
Such key-locked telephones, if wired to a modern DTMF capable exchange, can also be exploited by a tone dialer that generates the DTMF tones used by modern keypad units. These signals are now very uniformly standardized worldwide. It is notable that the two methods can be combined: Even if the exchange does not support DTMF, the key lock can be circumvented by switch-hooking, and the tone dialer can be then used to operate automated DTMF controlled services that can not be used with rotary dial.
2600 hertz
The origins of phone phreaking trace back at least to AT&T's implementation of fully automatic switches. These switches used tone dialing, a form of in-band signaling, and included some tones which were for internal telephone company use. One internal-use tone is a tone of 2600 Hz which causes a telephone switch to think the call had ended, leaving an open carrier line, which can be exploited to provide free long-distance, and international calls. At that time, long-distance calls were more expensive than local calls.The tone was discovered in approximately 1957, by Joe Engressia, a blind seven-year-old boy. Engressia had perfect pitch, and discovered that whistling the fourth E above middle C would stop a dialed phone recording. Unaware of what he had done, Engressia called the phone company and asked why the recordings had stopped. Joe Engressia is considered to be the father of phreaking.
Other early phreaks, such as "Bill from New York", began to develop a rudimentary understanding of how phone networks worked. Bill discovered that a recorder he owned could also play the tone at 2600 Hz with the same effect. John Draper discovered through his friendship with Engressia that the free whistles given out in Cap'n Crunch cereal boxes also produced a 2600 Hz tone when blown. This allows control of phone systems that work on single frequency controls. One can sound a long whistle to reset the line, followed by groups of whistles to dial numbers.
Multi frequency
While single-frequency worked on certain phone routes, the most common signaling on the then long-distance network was multi-frequency controls. The slang term for these tones and their use was "Marty Freeman". The specific frequencies required were unknown to the general public until 1954, when the Bell System published the information in the Bell System Technical Journal in an article describing the methods and frequencies used for inter-office signalling. The journal was intended for the company's engineers; however, it found its way to various college campuses across the United States. With this one article, the Bell System accidentally gave away the "keys to the kingdom", and the intricacies of the phone system were at the disposal of people with a knowledge of electronics.The second generation of phreaks arose at this time, including New Yorkers "Evan Doorbell", "Ben Decibel" and Neil R. Bell and Californians Mark Bernay, Chris Bernay, and "Alan from Canada". Each conducted their own independent exploration and experimentation of the telephone network, initially on an individual basis, and later within groups as they discovered each other in their travels. "Evan Doorbell", "Ben" and "Neil" formed a group of phreaks, known as "Group Bell". Bernay initiated a similar group named the "Mark Bernay Society". Both Bernay and Evan received fame amongst today's phone phreakers for internet publications of their collection of telephone exploration recordings. These recordings, conducted in the 1960s, 1970s, and early 1980s are available at Mark's website Phone Trips.
Blue boxes
In October 1971, phreaking was introduced to the masses when Esquire magazine published a story called "Secrets of the Little Blue Box" by Ron Rosenbaum. This article featured Engressia and John Draper prominently, synonymising their names with phreaking. The article also attracted the interest of other soon-to-be phreaks, such as Steve Wozniak and Steve Jobs, who went on to found Apple Computer.1971 also saw the beginnings of YIPL, a publication started by Abbie Hoffman and Al Bell to provide information to Yippies on how to "beat the man", mostly involving telephones. In the first issue of YIPL, writers included a "shout-out" to all of the phreakers who provided technological information for the newsletter: "We at YIPL would like to offer thanks to all you phreaks out there." In the last issue, YIPL stated:
YIPL believes that education alone cannot affect the System, but education can be an invaluable tool for those willing to use it. Specifically, YIPL will show you why something must be done immediately in regard, of course, to the improper control of the communication in this country by none other than bell telephone company.
In 1973, Al Bell would move YIPL over and start TAP.
Al Bell was denied opening a bank account under the name of Technological American Party, since he was not a political party, so he changed the name to Technological Assistance Program to get a bank account.
TAP developed into a major source for subversive technical information among phreaks and hackers all over the world. Members such as Cheshire Catalyst met with journalists at the 1982 West Coast Computer Faire, where the group provided an address to subscribe to its newsletter. TAP ran from 1973 to 1984, with Al Bell handing over the magazine to "Tom Edison" in the late 1970s. TAP ended publication in 1984 due mostly to a break-in and arson at Tom Edison's residence in 1983. Cheshire Catalyst then took over running the magazine for its final year.
A controversially suppressed article "Regulating the Phone Company In Your Home" in Ramparts magazine increased interest in phreaking. This article published simple schematic plans of a "black box" used to make free long-distance phone calls, and included a very short parts list that could be used to construct one. AT&T forced Ramparts to pull all copies from shelves, but not before numerous copies were sold and many regular subscribers received them.