mirror of
https://github.com/fdiskyou/Zines.git
synced 2025-03-16 00:00:03 +01:00
244 lines
14 KiB
Text
244 lines
14 KiB
Text
==Phrack Magazine==
|
|
|
|
Volume Five, Issue Forty-Five, File 18 of 28
|
|
|
|
****************************************************************************
|
|
|
|
[** NOTE: The following file is presented for informational and
|
|
entertainment purposes only. Phrack Magazine takes NO
|
|
responsibility for anyone who attempts the actions
|
|
described within. **]
|
|
|
|
****************************************************************************
|
|
|
|
****************************************************************
|
|
* *
|
|
* FRAUDULENT APPLICATION OF '900' SERVICES *
|
|
* *
|
|
* by CO/der DEC/oder, of Dark Side Research *
|
|
* *
|
|
* Greetings to Minor Threat, The Conflict and Tristan *
|
|
* and dedicated to the English Prankster, Phiber Optik, *
|
|
* Louis Cypher and other hackers who have proved an honor *
|
|
* to themselves and to our community in not cooperating *
|
|
* with "law enforcement." *
|
|
* *
|
|
****************************************************************
|
|
|
|
The information presented forthwith is the result of knowledge gained through
|
|
actual first-hand experience. There is no theoretical aspect to any part of
|
|
this article, except where explicitly noted. Disclaimer: this file is for
|
|
outright illegal use. I sincerely hope publication of this file contributes to
|
|
the delinquency of both minors and adults alike. -- "Codec"
|
|
|
|
Getting Started
|
|
|
|
In setting up your own 900 number, you earn a big percentage of the net revenue
|
|
generated by calls made to that number. You can advertise and promote your
|
|
number in various and sundry ways in an extremely competitive environment,
|
|
or--if you so happen to be a hacker--you can simply dial up some PBXes and call
|
|
the number yourself. Since you'll be earning several dollars per minute, you
|
|
won't be in any hurry to hang up. In fact, you may find yourself letting the
|
|
phone stay off the hook while you chat on IRC or read the latest Phrack.
|
|
Though not a scheme to get rich, this can provide a considerable income or
|
|
simply an occasional bonus, depending on your h/p resourcefulness and effort
|
|
exerted.
|
|
|
|
Before you can start calling your own 900 number and making yourself money, you
|
|
need to buy into the 900 business. On your next outing for the latest copy of
|
|
Hustler, grab a USA Today. In the classifieds, (as well as many other business
|
|
classifieds), under the heading "business opportunities," you'll notice any
|
|
number of 900 ads. You want to find a "service bureau" and not a simple
|
|
"reseller," so shop around and call a number of the companies, asking about
|
|
percentages and whether or not your setup costs (usually ranging from $300 to
|
|
$1500) are comprehensive for the year or whether you'll have to pay a monthly
|
|
fee. Avoid these pesky monthly maintenance fees. All sorts of 900 packages
|
|
exist, but you want an automated service--such as a dateline--that is ready to
|
|
all as soon as you've paid. This means you'll have no equipment to set up, or
|
|
900 trunks terminating at your house, or hookers to hire, etc. The service
|
|
bureau provides you with the number and the service, so all you have to do is
|
|
market the number (should you be legit). You can bargain a little on the setup
|
|
fee. An example of a worthwhile deal would be as follows: an automated
|
|
dateline number (similar to a voice ail system, only you listen to personal ads
|
|
and have the option of leaving a response) for $750/year, a per minute rate of
|
|
$3.99, and a 75% net return (i.e., you make about $3.00/min). AT&T and MCI
|
|
provide 900 services to the service bureaus. AT&T is preferable, as you
|
|
receive payment two months after the end of the calling month, as opposed to
|
|
three months with MCI--so ask about this too. Your continued efforts will reap
|
|
a monthly check thereafter.
|
|
|
|
The service bureau actually sends you the check. You'll want it in a personal
|
|
name to make it easier to cash with your bogus ID. Some bureaus will "factor"
|
|
your account, meaning that if you've accumulated a lot of credits, they will
|
|
pay you in advance of their getting paid by the carrier--for a percentage fee.
|
|
Don't try to scam them on this; your account is scrutinized closely before a
|
|
premature check is approved. If everything is done properly, both you and the
|
|
service bureau will be happy. [That's what's so great about this project:
|
|
everyone wins--you, the service bureau, even AT&T--only the PBX owner loses!]
|
|
|
|
You will be able to check your credits, or "minutes" as called in the 900
|
|
industry, by calling a special number provided by the service bureau. After
|
|
entering your account codes, an automated response will give you statistics
|
|
such as daily call reports and total minutes accumulated for the billing month.
|
|
Be sure to find out about the virtual end-of-month date. The end of each
|
|
billing period is not necessarily the last day of the month. Accordingly, you
|
|
will need to plan your attacks with this in mind, as we will discuss next.
|
|
|
|
Getting A Date
|
|
|
|
Now that you've set up your dateline, you'll be anxious to start earning the
|
|
three bucks a minute. The dateline makes it kind of fun, since you get to hear
|
|
all kinds of ridiculous messages and the typical horny soliloquy. Get a
|
|
speakerphone if you lack one now.
|
|
|
|
You don't necessarily need PBXes--any outdials you find that complete a 900 call
|
|
will suffice. However, the lines targeted must be those of a business, one
|
|
that is large enough to own a PBX. Calling on residential lines, cell phones,
|
|
or from small businesses will not work--the owners will get their bill, and
|
|
simply call the phone company and complain that they didn't make the call.
|
|
This will attract undesired attention to your line by the LEC and your
|
|
service bureau, and it will also cost you in that the carrier connect fees,
|
|
about .25 and .30 per minute, will be deducted from your account. The LD
|
|
carriers get theirs, whether the party pays or not. This is why the calling
|
|
method encouraged here is the PBX. If you can manipulate central office
|
|
switches, do so by these same principles.
|
|
|
|
PBX owners tend to pay their phone bills--including 900 calls that aren't
|
|
outrageous. They'll assume that one of their own employees made the call, if
|
|
they even notice. Instead of attempting to exploit a PBX to some astronomical
|
|
degree, you're better off running up a mere fifty to sixty dollar charge. Do
|
|
this every month as part of a schedule. Not only may it go unnoticed, but you
|
|
are assured that it will go uncontested even if detected. Running up an
|
|
excessive number of minutes risks unneeded attention and assures either a total
|
|
"killing" of the PBX, or at minimum, 900 restrictions added by the PBX
|
|
administrator. Even with a remote admin access, your luck will run out.
|
|
Remember: YOU WILL ONLY GET PAID IF THE PBX OWNER PAYS THE PHONE BILL!
|
|
|
|
With this in mind, the most limiting factor is the number of PBXes you can
|
|
accumulate. The widespread raping of AT&T's System 75/85/Definity in 1992 (as
|
|
a result of discoveries in 1991) made that year extremely ripe for this 900
|
|
scheme. Many of us managed to accumulate large collections of System 75s,
|
|
including the elusive Super Nigger, who allegedly compiled over 300. (Where
|
|
the hell were you hiding?) AT&T security memorandums have since killed
|
|
hundreds of these, but the defaults still work well in some cities.
|
|
Regardless, PBXes abound, and the more you find, the more minutes you can
|
|
generate.
|
|
|
|
Let's look at a sample attack schedule:
|
|
|
|
PBX # M T W Th F S Su
|
|
01 15m
|
|
02 10m
|
|
03 8m
|
|
04 14m
|
|
05 16m
|
|
06 24m
|
|
07 12m
|
|
08 13m
|
|
09 16m
|
|
10 2m,10m
|
|
11 13m
|
|
12 4m,4m
|
|
|
|
Twelve PBXes are to be attacked in the sample week, so there are probably fifty
|
|
PBXes totally to be attacked for the month. Each PBX is to be used only once per
|
|
billing period. You will get many months of use out of each PBX with this
|
|
conservative approach, so long as every hacker west of Poland doesn't have
|
|
access as well. Notice how the number of connection minutes varies, and the
|
|
calling pattern is quite random looking. The schedule is maintained not only
|
|
to keep track of PBXes in your harem you've fucked for the month, but to assist
|
|
you in generating minutes in a pseudo-random pattern. It is acceptable to have
|
|
your minutes generated in a pattern, albeit a loose one. For instance, if all
|
|
minutes are generated only on the weekend, a discerning eye will not attribute
|
|
this to the type of marketing you are using. The sample schedule is only the
|
|
ideal model. Having to rigid a pattern, however, such as having an exact
|
|
number of calls each day, is potentially suspicious to your service bureau.
|
|
Simultaneous calls to your 900 number through different outgoing trunks on the
|
|
same PBX is also strongly discouraged.
|
|
|
|
Listening Software
|
|
|
|
Calling your 900 dateline number is fun, but when you've got over a hundred
|
|
PBXes to hit each month for an average of fifteen minutes a pop, the novelty
|
|
tends to wear off. Of course you can have a speakerphone and a time and go
|
|
about other tasks between calls, but why not write a program that will enable
|
|
your modem to do all this for you? All the program must do is have the modem
|
|
call a PBX from a list, pause, and call your 900 (or another PBX and then your
|
|
900, for LD PBX attacks). Once connected to your 900, it must stay "listening"
|
|
until a random timer (10-20 minutes) hangs it up. Depending upon your dateline
|
|
service, the modem may have to emit a DTMF every once in a while to keep the
|
|
service convinced you're still there. This is a very worthwhile program to
|
|
write--it can drastically reduce your total time spent with this operation,
|
|
leaving you with only the PBX list to maintain (additions and deletions), and
|
|
the spending of your hard-earned cash (the novelty of this WON'T wear off).
|
|
|
|
Large Charge-Rate Option
|
|
|
|
A 900 number can be set up to charge as much as $50 per call. Whether the call
|
|
lasts less then a minute, or for over ten, the cost for the caller is the same
|
|
$50. In order to set up such an account, you must qualify as an "Information
|
|
Provider," or IP. Regulations on 900 numbers state that you must be a provider
|
|
of information, not tangible goods. With a dateline, the information is
|
|
included in your deal with the service bureau, so you are considered an IP.
|
|
The bureau can provide you with your own number that terminates in a voice
|
|
processing or audio-text system, but now you must provide the actual
|
|
information. Your idea must be approved by the LD carrier, and they tend to
|
|
scrutinize your plans the higher your desired rate. Your bureau may even
|
|
subject your service to a test to make sure it's not a fake.
|
|
|
|
One idea is to ask for a $25 per-call rate. Make like a writer of shareware
|
|
programs, and have your 900's announcement ask the caller to leave name and
|
|
address to be legally registered to use the software, and to receive updated
|
|
versions. A confirmation notice will be sent to acknowledge the registration.
|
|
Many bureaus will accept this as qualification for IP status, if properly
|
|
presented. A sample arrangement like this should not cost more than a grand to
|
|
set up. Stats on minutes are checked just as with the dateline, only you'll
|
|
receive any messages left by callers, and you'll receive any messages left by
|
|
callers, and you'll be able to change the announcements--just like voice mail.
|
|
[IT's always a thrill to call a 900 number and hear yourself thanking the
|
|
caller, heh heh.] On a $25 line, you should net about $19 per call.
|
|
|
|
All the same rules apply using this large charge-rate setup. You can't abuse a
|
|
PBX any more with this option then with a dateline. It does give you the added
|
|
flexibility for methods used other than PBXes, such as outdials that will only
|
|
connect briefly. For instance, message notification on voicemail will not
|
|
connect to a number for prolonged durations, but long enough to activate a $25
|
|
charge. And a typical modem outdial on a mainframe will soon hang up with the
|
|
absence of an answering carrier, but the linger is long enough for a $25 call.
|
|
And with CO switching, the arrangements you make are ideally temporary--turned
|
|
quickly on and off--making a fast $25 hit optimal. Lastly, if you are skilled
|
|
in accessing corporate phone closets (see "Physical Access and Theft," Phrack
|
|
43) or the corresponding outside plant, you can use your test set to call your
|
|
900. Obviously a large charge-rate would be better here too, rather than
|
|
standing for endless periods of time in compromising positions connected to a
|
|
squawking dateline.
|
|
|
|
No matter how you access business lines, be sure they belong to a large
|
|
company. Definitely experiment, but do so in moderation--make any necessary
|
|
notes (like time and date of call) and wait for your 900 billing statement to
|
|
see if the call was paid for. [Your billing statement, essentially a call
|
|
accounting summary, is created for each billing month by the LD carrier and
|
|
sent to you via the service bureau with your check. It includes the calling
|
|
phone numbers, time, date, duration, etc. of all calls made to your number.]
|
|
|
|
A Final Word
|
|
|
|
It would be hard to get "busted" doing anything mentioned in this article.
|
|
Even if you're nabbed for misdemeanor PBX abuse, no one will ever imagine--let
|
|
alone try to prove--that the 900 number you were calling is your own. [Hey,
|
|
you're just a desperately lonely guy!] However, be wary of pen registers
|
|
(DNRs) if you've been up to other dark deeds, and set up your calling
|
|
operations at a safer place. Don't check your minutes using any of the same
|
|
means that you use to generate them (a record of your calling into your 900
|
|
backdoor is probably the most incriminating track you can make). Keep your 900
|
|
account anonymous, as with your address, voice mail, and ID/SSN.
|
|
|
|
Welcome to the dark side--and best of luck.
|
|
|
|
Sincerely,
|
|
|
|
CO/der DEC/oder
|
|
DSR
|
|
|
|
[ The Author can be reached, when the system is up, at:
|
|
codec@crimelab.com ]
|