Path: utzoo!utgpu!news-server.csri.toronto.edu!mailrus!accuvax.nwu.edu!nucsrl!telecom-request From: John Higdon Newsgroups: comp.dcom.telecom Subject: Re: Long Distance Piracy Jolts Phone Bills Message-ID: <10959@accuvax.nwu.edu> Date: 16 Aug 90 18:05:47 GMT Sender: news@accuvax.nwu.edu Reply-To: John Higdon Organization: Green Hills and Cows Lines: 42 Approved: Telecom@eecs.nwu.edu X-Submissions-To: telecom@eecs.nwu.edu X-Administrivia-To: telecom-request@eecs.nwu.edu X-Telecom-Digest: Volume 10, Issue 575, Message 7 of 11 TELECOM Moderator writes: > Ms. Holton discussed three common techniques used by phreaks to obtain > access codes: > 2) Buttering up the company operator: The phreak calls up a company, > and asks to be transferred to the sales department, or somewhere. He > gets the department receptionist and says he made a mistake, could he > please be transferred back to the operator. Now his call is on an > inside line, so who else could the operator be talking to besides an > employee? If the operator is busy, or not paying attention to who she > is talking to, the phreak can talk her into giving him an outside > line. Bingo, a three hour call to his mother somewhere. I would really be interested in knowing what kind of brain-dead PBX could be used to serve a large enough operation where one could hope to get away with this. Every system I have ever dealt with (AT&T, Rolm, ITT, Mitel, Siemens, Toshiba) clearly identifies to the attendant that an outside call being transferred back from a station is just that-- a returning outside call. It does not appear as an "inside" call. Giving that caller an outside line would become a "trunk to trunk" transfer, an option that can be denied in programming. Also, virtually all PBXes, even down to the lowly Panasonics, identify to a station whether the call is from the inside or outside via distinctive ringing. While transferring a call, the destination will have a double ring and when the person doing the transfer hangs up the ring will change to single. In short, it is just about impossible to masquerade as an inside call from the outside. There is one possible exception -- DISA access. This allows a person to dial a special line and then dial within the PBX. DISAs are protected by authorization codes, however, and on most switches still appear as outside calls to inside users, including the operator. John Higdon | P. O. Box 7648 | +1 408 723 1395 john@bovine.ati.com | San Jose, CA 95150 | M o o !