This story first published in 1974 was discovered by Robert Brand
Phreaking = Hacking when it comes to making calls via the backdoor. Either cheaper or free – both qualify. Manipulating the phone network. The author of the story below appears to be British but contains some pretty accurate details on 2VF.
I find the Australian telephone system much more interesting than American. There are two independent trunk networks Down Under—the (multi-frequency compelled), and the 2VF (two voice frequency), handling STD and operator-originated traffic respectively.
As far as I know, nobody outside of Australia has managed to simulate the MFC signalling, the difficulty being that the control signals are ‘outband’ (sent outside the normal 3000Hz voice frequency band). But provided that one is incoming into Australia with operator status one can gain access to the 2VF network at centres such as Melbourne or Brisbane. This assumes that one knows the appropriate access codes. The 2VF network employs the AC1 signalling system, which uses two signalling frequencies: 600Hz and 750Hz. Digits are sent in a similar to AC9 signals but use the 600Hz frequency. The supervisory signals are different, the forward clear for example, consistency of the 750Hz tone applied for 2 seconds followed by 0.7 seconds of the 600Hz tone. This signalling system preceded AC9 in this country and is still used to some extent. One can sometimes hear its very characteristic ‘forward clear’ tone over UK trunk routes when crosstalk occurs between channels using AC1.
Australia has one Gateway exchange, located in Sydney, and a second coming into operation shortly. Modern Crossbar switching is employed at the Gateway, and this has the facility of restricting the access to the outgoing circuits in the transit mode to the appropriate incoming routes. This means, for instance, that if you were incoming from London, the country code 44 for the UK would not be accepted, because the equipment can recognise that calls from one part of the UK to another are not normally routed via Sydney, even though a telephone enthusiast might consider it a reasonable thing to do. In practice, transit access from Sydney to New Zealand, Hong Kong and Malaga is all that is allowed to UK traffic—which is of restricted interest to the UK telephone enthusiast since these countries are available directly via the International Common Access System.
From the enthusiast’s point of view it is therefore fortunate that there is a way of gaining unrestricted access to the international exchange and this works as follows. Operators in certain large exchanges, such as Adelaide, can dial their own international calls, rather than having to rely upon the international operators in Sydney. This traffic is routed over the 2VF network and, as has been mentioned above, it is possible to gain access to this network incoming into Australia. This makes it possible to set up a telephone call all the way round the world.
Firstly, set-up a call to Adelaide via New York (or some other US Gateway) and then send the 2VF access code and the 2VF routing for Sydney, all using CCITT5/USA signalling. Having allowed this connection to complete, the distant 2VF circuit will now accept AC1 signals. Using the pulsed 600 Hz signalling for the digits, one next sends the digits 99 1 44 2 1 838 7603 followed by a short burst of tone at 750Hz to indicate end of signalling. The digits 99 are the access code for the Gateway exchange, the digit 1 is used for discrimination purposes and the country code 44 is for the UK. The next digit, 2, is known as a language digit and indicates in this case that the call is being set up by an English speaking operator. The area code for London is 1 and this is followed by the required London number. This rather cumbersome procedure follows from difficulty in interfacing an older type of signalling, AC1, with the international routing equipment. A call set up in this way will be routed, via the Indian ocean satellite, back to London. This feat was first achieved in the June of 1972.
The term ‘language digit’ referred to above is rather a misnomer and originated in the days when most of the international circuits were operated manually. This meant that an originating international operator could not in general complete a call but would require the assistance of an operator in the distant country and the purpose of the language digit was to ensure that the call was routed to an assistance operator speaking a specified language. Today, the bulk of international traffic is switched automatically and furthermore the English language has become more or less universally used by international operators. A few countries such as France and Russia insist on using the French language. Spanish is used to some extent within South America but in the vast majority of cases the language digit has become redundant. Its use is however mandatory by international agreements and must be used.
Many countries now have ISD and with the increase in subscriber originated traffic international agreements have come into force that require such traffic to carry the language digit zero. This is to allow discrimination by the incoming equipment to prevent certain types of call. For example, a subscriber is not allowed access to an assistance operator. When ISD was first introduced to New York from London one could dial New York using the published dialling code 0101 212, followed by the New York number. But instead of dialling a New York number, one could dial a further North American area code and follow this by 1211 to reach the incoming assistance operator in that area, free of charge. This gave interesting possibilities, you could call the Montreal operator and ask for Sydney, then ask Sydney for Hong Kong. All of this is possible to a Blue Box (US MFC) user but in those days it was quite novel, and required no special equipment or dialling codes.
Today, discrimination by means of the language digit ‘0’ prevents all this. This language digit is automatically inserted by the London ICA equipment when accessed via ISD routes and it follows, therefore, that traffic to, say Australia (a non-ISD country) having this language digit can only have originated from a telephone enthusiast. In an attempt to thwart such activities the Australian authorities have arranged for the incoming equipment to reject incoming traffic from London with this language digit. This can only be a temporary measure since ISD to Australia will be introduced in two or three years time. In the meantime, one can route calls via the USA or, say, Copenhagen, using methods described above. Throughout the world the various telephone administrations are making increasing efforts to prevent the activities of the telephone enthusiast and it is this, I think, that will keep the hobby alive as new areas of exploration diminish. After all it’s nice to beat the system but even nicer to beat the people trying to stop you.
This anonymous but extremely well informed article was first published in Undercurrents, issue 7, July-August 1974.
This text was found on an American CD-ROM and is included purely for its historical interest.
The most famous trial of British phreaks was called the Old Bailey trial. Which started on 3 Oct. 1973. What the phreaks did was to dial a spare number at a local call rate but involving a trunk to another exchange then they send a ‘clear forward’ to their local exchange, indicating to it that the call is finished; but the distant exchange doesn’t realise because the caller’s phone is still off the hook. They now have an open line into the distant trunk exchange and sends to it a ‘seize’ signal: ’1′ which puts him onto its outgoing lines. Now, if they know the codes, the world is open to them. All other exchanges trust his local exchange to handle the billing; they just interpret the tones they hear. Meanwhile, the local exchange collects only for a local call. The investigators discovered the phreaks holding a conference somewhere in England surrounded by various phone equipment and bleeper boxes, also printouts listing ‘secret’ Post Office codes (they probably got them from trashing?). The judge said: “Some take to heroin, some take to telephones.” For them phone phreaking was not a crime but a hobby to be shared with fellow enthusiasts and discussed with the Post Office openly over dinner and by mail. Their approach and attitude to the world’s largest computer, the global telephone system, was that of scientists conducting experiments or programmers and engineers testing programs and systems. The judge appeared to agree, and even asked them for phreaking codes to use from his local exchange!!!
The story comes from here: http://strowger-net.telefoonmuseum.com/tel_hist_phreak.html
An interesting link:
http://ahzo7.blogspot.com.au/2011/03/signaling-for-analog-telephone-networks.html
2 Comments
Although I can’t remember all the details, I recall an encounter with a phone phreaker when I was working a string of midnight shifts in the ITMC at Broadway. The fellow had a German/Scandinavian accent, and he had somehow discovered he could call the ITMC orderwire (101?) from a public coin-phone at his location, but it didn’t take his coins (presumably because the orderwire did not generate an “answer” signal).
For three nights running, at about the same time, he would call for no particular reason, other than to boast at length about the fact that he could do it. Unfortunately, the timing of his pranks coincided with the middle of our graveyard shift, which made him extremely unpopular, but polite requests that he desist, or simply hanging up, only encouraged him to call back repeatedly, with the same pointless crowing. Leaving the orderwire “busy” for a period of time eventually discouraged him on each occasion, but this was less than satisfactory from an operational perspective.
On the fourth evening, at about the expected time, the orderwire rang again, but a call-trace and device to circuit record inquiry were ready and waiting. Sure enough, the incoming call was from Sweden… The incoming call was picked up on the comms panel at the appropriate Channel Patch Rack, rather than the main orderwire desk, with a patch cable at the ready, and the incoming voice path piggy-backed to speaker (for the amusement of my colleagues).
After listening to the usual crowing for about 30 seconds, and again requesting that he desist from tying up our orderwire, I piggy-backed a long series of “answer” signals into the outgoing path toward him. Over the speaker, you could hear coins literally cascading into the collection box of his phone, and his voice, initially surprised, then increasingly alarmed, asking what was I doing, and how was I doing it. This rose to a crescendo of abuse, followed by a hangup, and glorious silence. He never called again.
Priceless!
From Robert Brand:
I seem to remember you talking about this story at the time. Yes, it would sort of annoy a person if you had to pay for your calls. He probably had a group of friends watching his antics and the last call may have been an embarrassment.