Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!rutgers!netsys!vector!telecom-gateway From: pdg@chinet.chi.il.us (Paul Guthrie) Newsgroups: comp.dcom.telecom Subject: Re: Bypassing an AOS Message-ID: Date: 20 Jun 89 07:37:45 GMT Sender: news@vector.Dallas.TX.US Reply-To: Paul Guthrie Organization: The League of Crafty Hackers Lines: 81 Approved: telecom-request@vector.dallas.tx.us X-Submissions-To: telecom@eecs.nwu.edu X-Administrivia-To: telecom-request@vector.dallas.tx.us X-TELECOM-Digest: volume 9, issue 205, message 4 of 6 In article DREUBEN@eagle.wesleyan.edu (DOUGLAS SCOTT REUBEN) writes: > From what I understand, all the LD services (AT&T, MCI, Sprint, etc.) >and the AOS firms (ITI, NTS, etc.) are charged for accessing the >national calling card database (or whatever the system is called) >for verifying a calling card. AT&T is supposedly charged $.07 per >call, while the AOS firms are charged something like $.40. This is >one of the reasons they cite when they defend their higher rates. Not true. AT&T has their own database. The actual charges for AOSs and other such companies is closer to 15c. It may range as high as 30 depending upon the charges imposed by the BOC, LEC or independant. The overhead charges imposed by the database providers (such as NDC) are generally constant. As I stated in an earlier message, some cards (generally corporate cards) are not in any databases. Also, the mechanisms to get the data used by AOSs (most often dedicated slow-speed modem lines) are slower than those used by AT&T. >In any event, many AOS firms don't really check. ITI (International >Telecharge) just checks to make sure the card "looks" valid, ie, >a real area code, a real exchange in that area code, and a somewhat >valid looking calling card PIN number. During busy hours, they are >less careful, as I've entered "wrong" PINs and totally wrong numbers >at times and it went through fine. Late at night they check more >often, and frequently a false PIN that was accepted at 5PM won't >work at 11PM the same evening. Knowing their software, I don't think that this is true. They simply do a LERG checkup on the NPA+COC (actually another database similar to the LERG that include pseudo NPAs for corporate cards), and run an algorithm on certain numbers to check that the PIN is possible, but not necessarily valid. They may have added some sort of after the fact PIN verification on often used numbers recently that could explain the above behaviour. AOSs are not as concerned about fraud (so far) as they are about unbillable billing numbers that may constitute as much as 20% of attempted calls, depending on whether they have individual billing arangements, or through a reseller such as OAN. >NTS, on the other hand, seems to be doing something that I, as an >AT&T customer, find *very* disturbing [Description of method deleted]. >It seems what NTS is doing is using AT&T's calling card system to verify >calls for them, and then place the call over NTS after they use AT&T >to check! You are quite observant. I did explain this in an earlier TELECOM message, but your description hits on the nose what they do. Simply they use voice detection, timing and AT&Ts network to verify calling cards for free. My belief is that this is only done from payphones now, as they got into trouble from doing this from their switches.... payphones are harder to detect. Using this and a valid/invalid cache and they could get reasonable response from repeat customers. There is a device being sold that specifically does this for COCOT type payphones. It is line powered,stores up to a hundred or so CC numbers, and then dials into a special station to deliver call records via DTMF. At less than $200 per payphone, it lets COCOT owners bypass AOS rates and capture the best 80% of their traffic themselves. It also uses this slimy verification tecnique, all the while providing ringback to pretend that the call is going through. The receiver station uses Dialogic boards (they are on the net somewhere) to handle DTMF reception. Anyway, this misuse of the network will most likely become more and more prevelant until some leglislation is passed against it, but even then, it would be hard to prove on a case as small as a payphone. On another note, a discussion in sci.electronics has been going on about payphone phreaking. It might be worth looking at, as I imagine most people on this list are interested. It misses most of the anti-COCOT techniques like chain dialing, and all of the sophisticated methods, but does mention (but not explain - the author had no technical info) a case where a NY airport phone was giving free international calls. Here's how this one worked (and I do mean workED - otherwise I wouldn't post). One specific payphone type, when dialing in a 0, would put itself into infinate time/no money mode (natural for operator calls), whereupon it "cut through" to the switch. The switch had slower timing, so if you dialed in 11 immediately, followed by your international number, you got a free call. It didn't take long for this to be found! -- Paul Guthrie chinet!nsacray!paul