ONLINE > RECOLLECTION issue 2 > Phreaking 6510
Phreaking 6510
by Jazzcat

Phreaking. What the phuk is it?

During the 80's wild hair, crazy music and insane dress-sense were the IN thing, but as a curious teenager I found the telephone system far more interesting. Before the internet became a revolution I was a regular pirate on the Bulletin Board Systems (BBS) uploading and downloading "warez" and posting in the subs (these days referred to as forums).

Calling boards all day long and holding 10-20 people conference calls would seem quite expensive to most people, but not for the phreakers.

Back in those days phreakers ruled the underground and had the power to make or break a pirating group.

The first real forms of electronic hacking began with the telephone system. Breaking into phone systems is called "phreaking". The definition of phreaking is:

phreaking /freek'ing/ /n./ [from 'phone phreak']

1. The art and science of cracking the phone network (so as, for example, to make free long-distance calls).

2. By extension, security-cracking in any other context (especially, but not exclusively, on communications networks)

Phreakers learned to wreak havoc not just on the telephone system, but many other things such as ATMs, payphones, cellular networks, electronic locks, magnetic strip cards, credit cards, radio and television broadcasting and many other consumer mediums.

We would use any means necessary to quench our curious obsession with the systems before us. Even to the point of hooking up a lawnmower with jumper-leads to a payphone to phreak it (not me personally :) but a friend who gave me fits of laughter with his crazy yet 'working' techniques).

After around 12 years of phreaking the system it was time to adapt to the internet and more safer means of communication and data transfer, the dawn of a new millennium was approaching and I had just come close to being busted by a Computer Crimes Agency. In this article I'll try give the reader some ideas on what phreakers are, most people are aware of the term hacking but know little or nothing about Phreaking (the guys who gave birth to the hacking scene as we know it today). I also wish to discuss how the phreakers affected the C64 scene, some of the stories, some of the C64 programs used and anything else that connects the phreaking scene to the C64 scene. Try read through it, as once I've covered some of the essentials I will tell you some fun stories from back in the day!

Phreaking was born in the 1950s, but became famous in October 1971 after the adventures of John Draper, aka Captain Crunch, were published in the Esquire Magazine in a story called 'Secrets of the Little Blue Box'. The article attracted interest of other soon to be phreaks, such as Steve Wozniak and Steve Jobs of the not yet formed Apple Computer. But what is a phreak and what do they do?

A phreaker explores the telephone system. Some are just electronic voyeurs who want to understand how telecom structure works. Others exploit vulnerabilities in the system to get free long-distance service, re-route calls, change phone numbers, or eavesdrop on conversations.

Phreaking is a way to circumvent the billing mechanisms of the telephone company. It allows one to call anywhere in the world, quite literally without cost. In many cases it also prevents, or at least inhibits, the possibility of calls being traced to their source thereby helping the deviant to avoid being caught. Phreaking usually involved building devices that could trick telephone systems into believing that the phreaker's instructions were originating from the telephone company's internal systems (f.e. telephone exchange).

To a phreak, the phone system is the most interesting and fascinating thing there is. There is so much to know. Even phreaks have their own areas of knowledge. One phreak could know something fairly important and the next phreak not. The next phreak might know ten things that the first phreak doesn't though. It all depended upon where and how they get their info.

Phreakers often used MANY different mediums of communication to share their information in order to make gain somewhere else (a trade), the BBS being one of the most popular, but also conference calls, VMS (Voice Mail System) and VMB cities ('voice mail box cities' - containing hundreds of phreaks who sent messages to each other via their extension numbers) and even party lines were abused (the 2600, 515, Pilgrim and Defcon lines come to mind).

The world of phreakers boomed in the 1980s and it also became a profitable income. Some people would hack thousands of calling cards at a time, selling each card number for $10 a piece to people who didn't have the skill or weren't in the position to get them for themselves.

One of the main reasons that the scene literally exploded with activity was because of the movie WarGames. WarGames displayed hacking as a glamorous profession. It made hacking sound easy. Some estimations are that hackers in the USA increased by 600% after WarGames. Modem users also increased, but only by a mere 1200%. This made hacking easy, though, because it was also estimated that one third of "WarGames Generation Hackers" had the password 'Joshua'. If you have seen the movie, you know that that name had some significance. Many hackers didn't like WarGames, though. They thought it made hacking sound like a pansy thing to do. To non-hackers, though, WarGames was great.

The revolution of the personal computer created an influx of tech-savvy users, and also the popularity of computer bulletin board systems (BBS) that computer users dialed into with a modem. These BBSes became popular for computer hackers, and others who liked to tinker with technology. They also became popular for previously scattered independent phone phreaks to share their discoveries and experiments. This not only led to collaboration between phone phreaks, but also spread the notion of phreaking to others who took it upon themselves to study, experiment with, or exploit the telephone system.

Groups were formed around the BBS hacker/phreaking (H/P) community such as the famous Masters of Deception (Phiber Optik) and Legion of Doom (Erik Bloodaxe) groups. In 1985 an underground e-zine called Phrack (a combination of the words Phreak and Hack) started circulation among BBSes, which focused on hacking, phreaking, and other related technology subjects. It was during this boom-time that phreaking and the Commodore computer collided head on. The C64 was ahead of its time and provided the ideal platform to seek adventure inside the telephone network.

It was an interesting period of time, as some C64 sceners discovered phreaking whilst some phreakers discovered the C64 scene. For me it was the latter. I really started to enjoy the scene when my interests in phreaking and the C64 merged into one, this was thanks to the boards, long distance calls and conferences. In the early days many people relied on phreakers to supply "codes" or help distribute releases. Groups wanted their wares spread over the boards, in particular the USA, so this is where the minority helped the majority.

Phreaking and the C64 bonded as early as the first crack groups. It all started with the C64 crack groups competing locally and then moving to regional competition. There were two areas of competition, the North American/Canadian scene and the European scene. Inside each of these two areas groups competed to have the most releases on the bulletin boards, a successful group had to have successful phreakers or connections to the H/P scene.

The C64 modem and calling codes worked together, back in the early eighties phone calls were very expensive, as were computer games and just like games the phone system got cracked also, to the benefit of the scener and in a lot of cases the scene. The modem was a way that an individual could get games, tools, demos, information, wars and socialize with new people from distant lands. With the scene quickly maturing in the mid-eighties the competition became much more intense that its humble beginning. It became more about group promotion rather than people trying to be first with new cracks. Some sceners weren't playing the games they were downloading and a lot of sceners would use their codes to download games for the primary purpose of viewing the cracking intro!

Back to phreaking - how were these codes obtained? WHAT are these codes?

There are many forms of phreaking, I will try give you some details on the most common forms of phreaking, at least used by the C64 scene in general and also some explanations to some of the jargon or terminology used by phreakers.

CALLING CARDS - ever heard of AT&T, Sprint, Global One or MCI? Well, these are telephone companies that have their own customer calling cards. This means that if you had a calling card, you could call a toll free number in your country and use the card through an automated system to call anywhere in the world. Cards or "cookies" as they were sometimes known, were one of the most common forms of phreaking in the late eighties and early nineties. They were quite safe for anyone outside of the USA due to the complexity of international boundaries as far as the law was concerned.

Dial toll free number:

"AT&T. USA Direct. Please enter your calling card number and pin."


"Thank you. Please enter the number you wished to call."


"Thank you for using AT&T." (ring ring ring ring, click, squeeeel/screeech, Connect 1200 baud)

SOCIAL ENGINEERING by telephone or "the art and science of getting people to comply to your wishes".

The most prevalent type of social engineering attack is conducted by phone and involved little technical savvy. A phreak will call up and imitate someone in a position of authority or relevance and gradually pull information out of the user. The most common forms of social engineering in the C64 scene were for "Calling Cards" and "Credit Cards". The phreak would first obtain people's phone numbers from the telephone directory, which usually included their name and locality. Keep in mind this was for American citizens and if you were outside of the USA you had to get someone to send you a phonebook or tear some pages out and mail you.

With some numbers handy, it was then just merely a matter of manipulating an unsuspecting victim. Usually in an hour or two you would obtain enough codes to last you for some weeks. Something to consider also is that social engineering information on a conference call or a three-way with another phreaker was best, as it allowed more options, for example if the victim wanted to speak to a supervisor, you had another phreak online who could become the requested person.

Some techniques used:

Phreak: "Have you been calling India for the last six hours?"

Victim: "No."

Phreak: "well, we have a call that's actually active right now, it's on your calling card and it's to India and as a matter of fact, you've got about $800 worth of charges from somebody using your card. You're responsible for the $800, you have to pay that... I'm putting my job on the line by getting rid of this $800 charge for you. But you need to read off that AT&T card number and PIN for security purposes along with your name and date of birth, then I'll get rid of the charge for you and we'll send a statement in the next billing cycle."

The most common technique possibly was:

(take a deep breath and relax, sound uninterested just like an operator would!)

Phreak: "Hello, this is an AT&T operator calling."

- wait for response

Victim: "Yes?"

Phreak: "I have a collect call from a Mrs. Phreaker, will you pay for the call?"

- at this point they will either say no and you call the next person or say yes and you proceed:

Victim: "Well... Yes... I accept the call."

- at this point they will start asking questions, like the callers first name and where they are calling from, just say: "Iím sorry I don't have that on my screen at this time." Phreak: "Okay, one minute and I'll connect your call."

- at this point just move the phone away from your mouth quietly for about 20 seconds and then go back to the victim:

Phreak: "I'm sorry sir/mam, we're having trouble billing the call collect, is there another way you'd like to pay for the call?"

- at this point the victim may proactively offer options but often they will be confused and ask "Why can't you bill this call collect?" or "What is this?"

Phreak: "Well, you may have a toll block installed on your line or a third-party billing block that my system doesn't show."

- the victim may then start asking further questions about callers name or about the block, just say you cannot reveal further information due to "company policy".

Victim: "Well, how else can I pay for the call?"


Phreak: "You can pay either via an AT&T calling card or major credit card."

Victim: "Okay, let me go get it from my purse/wallet... okay, here it is."

Phreak: "The number please?"

Victim: "71355512126666"

Phreak: "Thank you, one moment while I connect your call."

- at this point you have some options. If your on conference/three-way with another phreak, then they come on the line. If your alone, change your voice and go back to the victim:

Phreak: "Hello Harold!??"

Victim: "No, this is Martha Phreaker!"

Phreak: "Is there a Harold Phreaker?!"

Victim: "No! This is Martha Phreaker and no one by the name of Harold lives here!"

Phreak: "Hmm. I must have the wrong number, are you sure there is no Harold Phreaker living there?"

Victim: "Yes I'm sure. Listen buster, you cost me a collect call!"

Phreak: "I'm sorry, I must have given the operator the wrong number, sorry to trouble you, goodbye."

As you may notice the last part of the call is a technique used to make the victim feel at ease and not get suspicious and call their phone company to have the card suspended. In turn this makes the card last a lot longer, at least until they get their next billing statement!

These are just two scripts of social engineering that C64 phreakers used. Calling card and credit cards were either obtained via social engineering or by system hacking, which requires further knowledge on hacking into a system and obtaining files with customer details. Next, I would like to give a briefing on Europe's most popular form of phreaking (in the C64 scene)... BLUE BOXING - Blue boxes use a 2600hz tone to seize control of telephone switches that use in-band signaling. The caller may then access special switch functions, with the usual purpose of making free long distance phone calls, using the tones provided by the Blue Box. To begin with there was physical blue boxes, real devices used on the phone line, but for the C64 scene programs were used (making it much more discreet). Almost anyone could blue box and it was perhaps the most noble form of phreaking. As opposed to such things as social engineering.

Blue boxing is simply communicating with trunks. Trunks must not be confused with subscriber lines (or "customer loops") which are standard telephone lines. Trunks are those lines that connect central offices.

A typical situation (without going into the technical-side):

1. Dial toll free number
2. Wait for a call-progress indication (such as ring, busy, recording, etc...)
3. Send 2600Hz for about 1 second.
4. Wait for about ll-progress indication (such as ring, busy, recording, etc...)
5. Send KP+0011+1+718+760+5711+ST (number you wished to dial)

For a long, long time all those American phone companies like Sprint, MCI or AT&T really had no idea what was going on. Eventually American phreakers couldn't use blue boxing (early eighties) but in Europe it lasted for many many years (mid-nineties) and was the main form of phreaking. The companies would wonder why so many people called their operators and hung up (the hang up is when they would start the blue box process). Something terrible happened, the German phreaker "Kimble" showed how to blue box on German television, he also informed upon many in the H/P scene. But that's a story for another day.

BLACKLISTING - when a number is "blacklisted" it means that the number has had a high number of fraudulent calls placed to it. If a number was blacklisted it would sometimes "kill" your calling card number if you call it, normally only if the same company the card belongs to had the number your calling on their blacklist. Often Bulletin Board numbers were blacklisted or certain sceners phone numbers.

CONFERENCES - Teleconferencing is a telephone call between more than two participants. These were simply the best - an experience I just can't forget. The most simple form of teleconferencing is using three-way calling to setup your own teleconference between yourself and two other participants. There are quite a few ways to set up a conference. The most common one was to call a major phone company and organize a conference billing to a credit card. The conference operator who controlled the conference could call in more and more people (up to the limit the conference was billed for) and could also disconnect people from the conference too. Conferences went for hours and hours and were used for many purposes, often just for pure fun. The traditional scene conference could be used for group discussion or to have an entire group online and call in the leader of an enemy group to rag him down hard! If you called in a person that was blacklisted through the same company the conference was hosted by then the entire conference would die and everyone would get disconnected, including the conference controller. Conferencing has been used from the very early eighties right through to the late nineties in the C64 scene and like all phreaking on C64, was exclusive to cracking groups only.

MERIDIAN MAIL - This VMS (Voice Mail System) is a type of PBX and was often used for many things, not just a message system for your group but also for conferences and outgoing calls (depending on what version of Meridian was hacked). I remember in the early nineties the Dutch guys from TRC and Success were using it a lot and exploiting it a lot! (Hi guys, thanks for those great conference memories!)

Stumbling across meridian mail when scanning toll-free systems was quite easy, it would either prompt you with 'Meridian Mail' which was a login prompt, or during a "greeting" for some business or whatever, you dialed *81 and you would be to the 'Meridian Mail' prompt! I remember mailboxes with 4 to 6 digit extensions. So for example, you would call 1800888888 then enter extension 8888, which was preferably a vacant mailbox, at this point you would then enter the pin number. One of the default pass codes I remember was quite simple. It was just 1+plus the box number. With the previous example, to get into extension 8888 you would use the pin 18888. Quite simple! Meridian mail was usually quite safe in the early days before ANI (Automatic Number Identification) was introduced to most countries.

VMB (Voice Mail Box) - was used by MANY sceners and often it was a primary communication device and ideal for people who didn't want to give out their real phone number. A Voice Mail Box is a virtual answering machine. It is a computer that acts as an answering machine for hundreds or thousands of users. Each user will have their own Voice Mail Box on the system. Each mail box will have a box number and a pin code. Without a pin code, you will usually be able to leave messages to users on the VMB system. With a pin code, you can read messages and administer a mailbox. Often, mailboxes will exist that were created by default or are no longer used. These mailboxes may be taken over by guessing their pass code. Often the pin code will be the mailbox number or a common number such as 1234. Voice Mail Boxes were extremely easy to hack into and were extremely beneficial. Often entire scene groups would be in one system and could leave each other messages without even dialing the number, just sending the message from within their own mail box. Some voice mail boxes also allow for further connections, which means that it's possible to call long-distance from such a box (like a direct-dial-VMB (meaning no extension) American 1800 I had which was called "Magic Box", maybe it was some corporate system as it had outdial and conference call ability).

LOOP - Loops are a pair of phone numbers, usually consecutive, like 713-836-9998 and 713-836-9999. They are used by the phone company for testing. What good do loops do scene? Well, they are cool in a few ways. Here is a simple use of loops. Each loop has two ends, a 'high' end, and a 'low' end. One end gives a (usually) constant, loud tone when it is called. The other end is silent. Loops don't usually ring either. When BOTH ends are called, the people that called each end can talk through the loop. Some loops are voice filtered and won't pass anything but a constant tone; these aren't much use to you. Here's what you can use working loops for: billing phone calls! First, call the end that gives the loud tone. Then if the operator or someone calls the other end, the tone will go quiet. Act like the phone just rang and you answered it. The operator thinks that they've just called you and that's it! Now the phone bill will go to the loop. Use this technique in moderation, or the loop may go down. Loops are probably most useful when you want to talk to someone to whom you don't want to give your phone number as you can just give out the high end and then arrange a time to chat. Some loops had several low ends, so you could have mini-conferences of three to four people.

PBX (Private Branch eXchange) - is usually a corporations internal switchboard. Using a PBX involves dialing a toll free number (usually) and you hear a continuous tone, after hearing this tone you press in the correct pin number, after this you get another tone, that's when you dial the phone number you wish to call. The call then be billed to the company that owns (or employs) the switchboard. In the beginning, PIN codes were not even used; it was simply a matter of calling the correct toll free number and then dialing the desired phone number. It was believed that keeping the toll free number secret would offer enough protection. Since phreakers are known to systematically dial extensive series of toll free numbers to check what each one does (scanning), they soon discovered that it was possible to dial other locations from some of these numbers, and before long the phone companies introduced PINs. Some of the pins were only three digits and some were much more complex (f.e. fourteen digits or more even).

How do you know you enter the right pin code? If you entered a wrong pin you would hear a siren type of tone which was tell you that the wrong code was entered. In some cases this didn't happen and you just got the second dial tone and wouldn't find out you had entered the wrong pin number until after you have dialed the phone number you wished to dial (either by a RVA (recorded voice announcement) or a siren type of sound.

How to hack them? Well, simple default numbers such as trying common pins like 111, 222, 1234 - or for more complex pins you would you a "Scanner".

DIVERTER - an interesting code that was stumbled across by phreaks. Basically you would call the toll free number of the business (usually during after hours). The phone number would ring and then there is silence, during the silence you distinctly hear a series of clicking sounds and after some seconds the number starts ringing again and you then hear the recorded announcement such as "Welcome to Smogís Business. Our hours of operation are 9AM to 5PM" etc. The clicking sound was in fact the sound of the switch between one number and diversion to another, so you called a toll free number after hours and it switched you to another number which has the recording.

Now, what phreaks would do is use their memory keys on their telephone in a smart way. They would store the number they wished to call (BBS, phreak etc) in their memory key. They would then dial the toll free number, during the period where they heard the clicking sounds they would then press the memory key of the number they wished to dial. By doing this it would send the tones of the number rapidly down the line. The diversion process would then assume that the tones it was given is the number to divert to and connects the call through to that number instead of the one programmed originally by the company. Generally "diverters" would only work after hours. I remember arguing with this guy I work with who didn't believe this is possible (he has a sound knowledge in communication networks and is skeptical to say the least). Ignorance is bliss!

SCANNER - also known simply as a PBX-hacker, it was a program you could run on your C64 and it would prompt you for the PBX or number you wished to hack. It would then ask for the amount of digits in the pin code. At the point, with your trusty modem plugged in, the Scanner would then commence systematically hacking the pin code. For sake of argument let's say that the pin number had four digits, the scanner would dial the PBX and input pin attempts from 0000 to 9999 and detect the working pin number. Often a phreak would let these programs operate for hours and hours (in some cases waking up in the morning to find the screen cursor flashing with a correct pin number as the result of a lot of hard work).

WAR DIALLER - a program similar to that of a scanner except all it allows you to do is to input the enemy's phone number, how many times it should be dialed and the duration of call before hang up. Then you let your modem do the rest, ideal for annoying the hell out of the competition or making a BBS busy so that your own group has time to work on their first release crack (the BBS being busy would stop any other group except your own uploading the crack).

SCANNING - is a practice by the phreaker of checking what toll free numbers did what. This was by no means illegal and during these treks across the phone networks, phreakers often run into all kinds of intriguing things, such as the phone companies' private service lines and voice mail boxes.

Now you know the general stuff, the following stories will make a lot more sense!

I wanted to publish many more stories relating to phreaking on the C64 but unfortunately many people were reluctant to discuss this part of their past. Some of the sceners I've approached are now lawyers, politicians or even police officers or have been busted by the law and don't want to make things worse.

Anyway, might as well start off with one of my own memories, a story that I've told before but can't seem to forget!

Party lines were a good thing for those who didn't have a conference set up and wanted to trade information, rag on people or just talk nonsense. I remember calling them and speaking with some guys like Bod/Talent, Solar/F4CG, Rebel/Legend, EVS/20CC, Skinhead/Alpha Flight 1970 and Powerplant/Legend. For some reason a lot of C64 guys used to call the same lines (in particular a line in Iowa, think the number was +1/515-945-6500, but this was over 15 years ago now!), which made it even more fun, along with some phreakers from the USA scene and the regular maniacs who just called for sex talk and arguments. Anyway, using the Iowa party line as an example, when you called the number you listened to a recording that explains the rules and gives you your own "private code number". After this you are in the "main menu", from here you can enter the rooms or the private room. Entering the "public" rooms allows you to choose any of six different chat rooms, each room holds around 8 people and is the main area that people dwell in. The "private" room" allows two people to speak totally in private and is often used for phone-sex, something Bod, Solar and HOK know about all to well!

One day I was in a room and I was chatting with some guys from the UK, one of them turned out to be Jade/Dominators (later known as NME/Illusion). I asked Matthew if he knew of any games that were unfinished. He said "of course, my very own untitled game which is mostly done except for some presentation stuff". I asked him if I could call him and grab it from him, he said "bugger that, let's try something". So we then discussed if it would be possible if we could connect modem signals "across the party line". The line needed to be silent and clear, so the first thing we did was exchange "private code numbers" and went to the "private room". Meeting in private, we loaded up our terminal programs for our modems and I sent "ata", he sent "atd" on both our modems. Now, what we were expected was what is called "line noise", which means random characters would be printed across your screen and no data could be transferred. Instead we got a perfectly clear line. We started typing to each other:

Jazzcat: "OH MAN!!! No fucking l/n!"

Jade: "Yep, this is amazing!!"

Jazzcat: "Try sending the file?"

Jade: "Yup, sending...."

Okay, so to summarize: I called from Australia to USA, Jade called from the UK to the USA. We meet across a party line, connect C64 modems and transfer a C64 program. Most people wouldn't think it was that amazing but it was kind of special and very unusual and it worked! The game was then completed and released under the name of "Shatterlands". Try downloading this game sometime and remember it was transferred across a dirty sex line in the states! :>

The conferences were perhaps the most memorable aspect of those days. I remember being online with over 10 other c64 phreaks. All laughing and having fun. The conference would only die when the last person left, so people normally kept leaving and joining over a long period of time (sometimes you would go to sleep and come back to the conference and it was still going!). Chatting in those conferences (billed to credit card normally) was like sitting around with a group of friends, having some drinks and a good discussion. Sometimes we would use the conference as a weapon to attack a single scener. Get a group of guys on a conference, everyone remains silent, call in the victim and start speaking to him normally. Ask him some questions that might be controversial regarding his group or a release, put him in an awkward position, then everyone else starts taking over, in the end he is confused not knowing who he is speaking to. Tyree/Arcade was someone who used to be a victim a fair bit. :) You had to be careful who you called in to a conference as some people were 'blacklisted'. Calling them in would simply kill the conference within seconds of them being on the line (a big *hi* to Derbyshire Ram regarding this).

Out of every single thing that I could bring back to our scene it would be the conferences, they were the "fun" part, the rest was more of tools to get us somewhere (like free calls to the boards etc). There were some times that were not so good, like the time Vengeance, Shades and I were all really stressed over some code we had been using. It was a local dialup, which meant there were increased risks in using it as opposed to a code that was from some company based in another country. A heap of guys around Australia were busted and we thought we were next. People from a computer crimes agency were actually watching our homes (parked in new cars outside our houses for hours and hours) and I'm sure they were also monitoring our phone conversations (or at least my paranoia at the time lead me to believe this). The three of us decided to have a meeting in the city; the meeting was more a conversation whilst briskly walking down the street. What we discussed is what we would say if we got caught, so that we all had the same story to lighten the impact. In the end Vengeance and I got some phone calls and that was it. Nothing happened. But man, what a rush, you really do become aware of what freedom means when this is happening to you! Can you imagine in a court room: "Your honour, the C64 told me to do it!". Probably wouldn't stand up too well would it? :)

Cho*****: (ex-Onslaught, ex-Alpha Flight 1970)

As you might know, I lived in both Chile and Kuwait for a few months. And I took my C64 along for a good reason: to explore foreign telephone networks and it was well worth trying. While being in Chile, I did it only for fun and to get rid of boredom. I hacked 12 global carriers for international calls using CCITT5. That was the first time I had a real peak on the early stages of the internet and when I really started calling boards like crazy. Before that time, I hung around on party lines with fellow phreaks.

However I had something of a completely different reason in Kuwait. Some Kuwaiti heard of my name and got in touch over IRC. I was invited to Kuwait to check their phone network security, as the Ministry of Communications was suspicious that hackers could bring down or simply overload their international connectivity, leaving them with no free nodes in a case of emergency. It was just a few years after the Gulf war. The Iraqis had destroyed all the landlines, so their only way to call other countries was over Intelsat using their impressive Kuwait Telco Tower. Even when making a stupid call to a damn village in Saudi Arabia, only 20km away, it was going over CCITT5.

Their security was hilarious... they gave me 3 weeks to hack the shit out of it, I was finished after 2 hours. I suppose they were working together with the Americans.. I was said to aim at US companies like Sprint, AT&T, and MCI etc. The first time I "hacked" AT&T, it was quite easy, with only a strange set of frequencies. The second time they flew me into Kuwait, they had changed settings a lot. It was a fucking hassle... it was more a melody than a simple 26**/24** followed by another 24**... I needed days and I felt more like a musician than a blueboxer. But I fucked them again and the result has caused strong activity by AT&T. Next time I was invited, they had completely new filtering devices installed and after a few days of trying, I gave up. Being in Europe or the US, you would have the choice to search for alternative HCD's or whatever international toll free numbers that may give different opportunities but in Kuwait, there were like only 4 toll free numbers leading to the United States, which was a big limitation. If they had given me a few months, maybe I would have found a way, but well I didn't. They offered me a job in Kuwait, but I refused because I wanted to do something slightly else. They were scared to give me the license for the type of business that I wanted to start so I went back to Germany and started my business here, which still exists today.

During my time in Kuwait, some strange story spread on IRC. I had a girlfriend who was in the US for a year. Needless to say, I called her a lot. I gave her a few cards for emergency, should she really need to speak to me. I told her never to use them from home, ANI was already a common thing in the US back at that time. However, one day she didn't listen and she gave me a call from home. Bad luck, she got busted by the FBI while I was in Kuwait, although she only did a call worth $50. And her host father wasn't happy either. Being the manager of a US telco, he found his house raided. That was a damn fucked up story and it had a great impact on me, to never ever give people stuff again.

It might be interesting to know.. These days, after so many years, I have developed my own party line system with features so great, it will give a fast heartbeat to all former phreaks. Not only does my party line run on a local number (with 100 nodes), it offers conference dialouts, callback for people without a flat rate, remote party line pool merges, a kick-ass voicemail system, optional scene radio within your current conference pool (you can alter the play list over the web), and many fascinating administrative functions, all available by DTMF. I have never forgotten the past, and I still put much effort into today's technology as a sign of respect for a glorious history. Never forget!

After Jazzcat told me about his article, I had a peak on a paragraph telling about "famous" Cap'n Crunch. He's like a legend to people often sold as being the first blueboxer, but in fact this is not close to being true. It's been only a few weeks ago that I got in touch with Cap'n Crunch. I expected some sort of a phreak willing to talk about the glorious days and being fanatic about what we did back then. However, the guy who I met was not even close of being a nerd. He rather looks and acted like some strange wannabe-business man who didn't really have much luck in his life, always looking for opportunities to share with other retards around the corner, without having the slightest knowledge about what he is actually talking about. Crunch was very unsophisticated in what made him so famous, there was not a single minute where I had the feeling I talked to someone who knows what he's talking about. Crunch actually had interest in the party line system that I was developing, but he never even really cared about the technology being used, he didn't even lift his eyebrows when I told him that even the CCITT5 standard was embedded into the system just for the fucking fun of it. All he wanted to know: If it would be possible to earn a buck or two selling it to local Californian companies.

I would like to enlighten you guys with the true story about Cap'n Crunch. The often told story, that he was like the first blueboxer, is entirely not true. Before Cap'n Crunch, there were a lot of other local SF area guys who found a way to use the force of CCITT5, most notably some blind kids who used their organ to generate the necessary tones for both seizing the trunk and dialing. Eventually, Crunch visited them at home and they willingly shared their knowledge, looking for someone to build electronic devices that could to the job instead of a quite immobile organ (or keyboard). Crunch received all the information he wanted and thanks to his stupid way to give away information to just every fucker around, the myth about Crunch started. Nobody really wondered that he got busted, because he was just as much of a talker like Kimble was a decade or two later. Most notably giving all the information to Jobs and Woznyak who then illegally sold hardware blueboxes to students all around the corner, leading to the first phreaking related busts in history. So please people, do not kneel in front of Crunch, just the way you would never kneel in front of Kimble. It's not worth it. Hail the blind kids who had so much creativity that they found something incredible back in those days and blame them for meeting the wrong person.


I phreaked to Coolhand from University one morning after an all night study session, 5AM, in winter, freezing my nads off. Then the sprinklers came on and I fucking froze, could barely speak to him through chattering teeth. All the while he was in the fucking hot tub :)


He had found a company in Belgium that picks up cars that have broken down along the road (some tow service). They had some switch at night when you called them the phone central at their place forwards your call to the mobile of the boss, but .. when you hit 9 while making the switch you could direct the call to wherever you wanted, hahaha... so Kid had a go at it... They sort of found out and the boss started waiting for his calls at night, one night Kid tried it again and got the boss at the other side, hahaha ... Kid hung up ... couple days later he tried it again and same thing happened. Instead of saying he dialed a wrong number he just hung up .. the idiot and so he got busted by the phone company, hahaha, a nasty fine is what he got!

Scorpie & Kid/F4cg:

One night we had gotten AT&T cards from some US guy, can't remember who, probably some Demonix guy. So Kid and I went to a phone booth at 3AM, Hahahah ... we just had contact with the AT&T service when the cops showed up, hahahaha ... we nearly got arrested.

'what are you doing in a phone booth so late' 'who are you calling' ...when we explained we had to call a friend in the US they got suspicious and tore Kid's car almost apart looking for drugs or whatever .. all they found was a C64 and tons of illegal software, hahaha. In the end they let us go with a warning .. we didn't do anything wrong. :)


I think it was sometime in early 1993 when Motley got in touch with this guy in finland called Dr.Acid. He had discovered something funny about a new Finnish calling card system with a toll free number available from sweden. It was the normal type of system at the time, very similar to AT&T only in Finnish. But it seemed like their lines were not properly isolated and sound was leaking in-between so if you called there and just listened, you could hear other conversations and dial tones at low volume in the background. Okay, so the USRobotics HST modems at the time had a AT-command which read dial tones from the line and would display them on the screen. We tried monitoring during business hours but there were too many on and it was too noisy for the modem to make out anything, but during nights few would be on and it was possible to actually monitor dial tone key presses from one customer at a time. Like magic the numbers would pop up on the screen as they were being entered and we would be all excited about it. For a year or so we were monitoring cards this way, and needless to say we were swimming in them. But at the time Motley and Iwere determined to make sure our group could call anywhere at all times, so we always had to be a couple of systems ahead of what was being abused. Being a totally modem based group, our existence totally depended on if we could call out or not.

If you wish to learn more general information about the H/P, I recommend:

Approaching Zero: The Extraordinary Underworld of Hackers, Phreakers, Virus Writers, and Keyboard Criminals by Clough, Bryan; Mungo, Paul

Hack Attacks Encyclopedia: A Complete History of Hacks, Cracks, Phreaks, and Spies Over Time by John Chirillo (960 pages!)

Cyberpunk: Outlaws and Hackers on the Computer Frontier by Katie Hafner and John Markoff

Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage by Clifford Stoll

*** Disclaimer: All material in this article is simply for reference only. The authors advise to not try this yourself to see if it still works. Making illegal phone calls is a prosecutable criminal offense so please don't attempt this!