textfiles/phreak/NUMBERS/diverter.sty

"An Interesting Diversion"

By Lord Phreaker

From: 2600 magazine, October 1985


-------------------------------------------------------------------------------
A diverter is a form of call forwarding.  The phone phreak calls the customers
office phone number after hours, and the call is "diverted" to the customers
home.  This sort of service is set up so the phone subscriber does not miss
any important calls.  But why would a phreak be interested?  Well, often 
diverters leave a few seconds of the customers own dial tone as the customer
hangs up.  The intrepid phreak can use this brief window to dial out on the 
called party's dial tone, and, unfortunately, it will appear on the diverter
subscriber's bill.

HOW DIVERTERS ARE USED

One merely calls the customer's office number after hours and waits for him
to answer.  Then he either apologizes for "dialing a wrong number" or merely
remains silent so as to have the customer think it's merely a crank phone
call.  When the customer hangs up, he just waits for the few seconds of dial
tone and then dials away.  This would not be used as a primary means of
calling as it is illegal and multiple wrong numbers can lead to suspicion,
plus this method only works at night or after office hours.  Diverters are
mainly used for calls that cannot be made from extenders, International
calling, or the calling of Alliance Teleconferencing (see 2600, May 1985) are
common possibilities.  Another thing to remember is that tracing results in
the customer's phone number, so one can call up TRW or that DOD NORAD
computer with less concern about being traced.

Some technical problems arise when using diverters, so a word of warning is
in order.  Many alternate long distance services hang up when the called
party hangs up, leaving one without a dial tone or even back at the extender's
dial tone.  This really depends on how the extender interfaces with the local
phone network when it comes out of the long haul lines.  MCI and ITT are known
to do this frequently, but not all the time.  Also, hanging on the line until
"dial window" occurs doesn't work every time.

Now the really paranoid phreaks wonder, "How am I sure that this is ending
up on someone else's bill and not mine?"  Well, no method is 100% sure, but
one should try to recognize how a full disconnect sounds on the long distance
service of his choice.  The customer's hanging up will generate only one click,
because most diversions are local, or relatively local as compared with long 
distance.  Also, the customer hanging up won't result in winks - little beeps
of 2600 hertz tones heard when an in-band trunk is hung up.  The 2600 hertz
tone returns to indicate the line is free, and the beginning burst of it is
heard as it blows you off the line.  Also, if there are different types of
switching involved, the dial tone will sound radically different, especially
between an ESS and a crossbar or step-by-step, as well as sounding "farther 
away".  These techniques are good for undrstanding how phone systems work and
will be useful for further exploration.  The really paranoid should, at first,
try to dial the local ANI (automatic number ifentifier) for the called area
and listen to the number it reads off.  Or one merely cals the operator and
says, "This is repair service.  Could you tell me what pair I am coming in on?"
 If she reads off the phreak's own number, he must try again.

HOW TO FIND DIVERTERS

And now a phreak must wonder, "How are these beasties found?"  The best place
to start is the local yellow pages.  If one looks up the office numbers for
psychiatrists, doctors, real estate agents, plumbers, dentists, or any
professional who generally needs to be in constant contact with his customers
or would be afraid of losin gbusiness while at home.  Then one merely dials up
all these numbers after 6:00 or so, and listens for multiple clicks while the
call goes through.  Since the call is local, multiple clicks should not be the
norm.  Then the phreak merely follows through with the procedure above, and
waits for the window of vulnerability.

OTHER FORMS OF DIVERTERS

There are several other forms of diverters.  Phreaks have known for years of
recordings that leave a dial tone after "ending."  One eof the more famous was
the DoD Fraud Hotline's after hours recording, which finally ended, after
multiple clicks and disconnects, at an Autovon dial tone.  One common practice
occurs when a company finds its PBX being heavily abused after hours.  It puts
in a recording saying that the company cannot be reached now.  However, it
often happens that after multiple disconnects one ends up with a dial tone
inside the PBX, thus a code is not needed.  Also, when dialing a company and
talking (social engineering) with employees, one merely waits for them to hang
up and often a second dial tone is revealed.  976 (dial-it) numbers have been
known to do this as well.  Answering services also suffer  from this lack of
security.  A good phreak should learn never to hang up on a called party.  He
can never be sure what he is missing.  The best phreaks are always the last to
hang up the phone, and they will often wait on the line a few minutes until
they are sure it's all over.  One item of clarification - the recordings
mentioned above are not the telco standard "The number you have dialed..." or
the like.  However, telco newslines have been known to suffer from diverter
mis-disconnect.

DANGERS OF DIVERTING

So, nothing comes free.  What are the dangers of diverting?  Well, technically,
one is committing toll fraud.  However, a list of diverter numbers is just
that, a list of phone numbers.  Tracing is a distinct possibility but the
average diverter victim does not have the technical knowledge to identify
the problem.

There has been at least one investigation of diverter fraud involving the FBI.
However there were no arrests and the case was dropped.  It seems that one
prospective victim in Connecticut realized that he was being defrauded after
receiving multiple phone calls demanding that he put up his diverter NOW so
that a conference call could be made.  He then complained to the FBI.  
However, these aware customers are few and far between, and if a phreak does
not go to such radically obnoxious extremes, it is hard to be caught.  Unless
the same number is used to place many expensive calls.
Initial commit 2021-04-15 13:31:59 -05:00			`"An Interesting Diversion"`

			`By Lord Phreaker`

			`From: 2600 magazine, October 1985`


			`-------------------------------------------------------------------------------`
			`A diverter is a form of call forwarding. The phone phreak calls the customers`
			`office phone number after hours, and the call is "diverted" to the customers`
			`home. This sort of service is set up so the phone subscriber does not miss`
			`any important calls. But why would a phreak be interested? Well, often`
			`diverters leave a few seconds of the customers own dial tone as the customer`
			`hangs up. The intrepid phreak can use this brief window to dial out on the`
			`called party's dial tone, and, unfortunately, it will appear on the diverter`
			`subscriber's bill.`

			`HOW DIVERTERS ARE USED`

			`One merely calls the customer's office number after hours and waits for him`
			`to answer. Then he either apologizes for "dialing a wrong number" or merely`
			`remains silent so as to have the customer think it's merely a crank phone`
			`call. When the customer hangs up, he just waits for the few seconds of dial`
			`tone and then dials away. This would not be used as a primary means of`
			`calling as it is illegal and multiple wrong numbers can lead to suspicion,`
			`plus this method only works at night or after office hours. Diverters are`
			`mainly used for calls that cannot be made from extenders, International`
			`calling, or the calling of Alliance Teleconferencing (see 2600, May 1985) are`
			`common possibilities. Another thing to remember is that tracing results in`
			`the customer's phone number, so one can call up TRW or that DOD NORAD`
			`computer with less concern about being traced.`

			`Some technical problems arise when using diverters, so a word of warning is`
			`in order. Many alternate long distance services hang up when the called`
			`party hangs up, leaving one without a dial tone or even back at the extender's`
			`dial tone. This really depends on how the extender interfaces with the local`
			`phone network when it comes out of the long haul lines. MCI and ITT are known`
			`to do this frequently, but not all the time. Also, hanging on the line until`
			`"dial window" occurs doesn't work every time.`

			`Now the really paranoid phreaks wonder, "How am I sure that this is ending`
			`up on someone else's bill and not mine?" Well, no method is 100% sure, but`
			`one should try to recognize how a full disconnect sounds on the long distance`
			`service of his choice. The customer's hanging up will generate only one click,`
			`because most diversions are local, or relatively local as compared with long`
			`distance. Also, the customer hanging up won't result in winks - little beeps`
			`of 2600 hertz tones heard when an in-band trunk is hung up. The 2600 hertz`
			`tone returns to indicate the line is free, and the beginning burst of it is`
			`heard as it blows you off the line. Also, if there are different types of`
			`switching involved, the dial tone will sound radically different, especially`
			`between an ESS and a crossbar or step-by-step, as well as sounding "farther`
			`away". These techniques are good for undrstanding how phone systems work and`
			`will be useful for further exploration. The really paranoid should, at first,`
			`try to dial the local ANI (automatic number ifentifier) for the called area`
			`and listen to the number it reads off. Or one merely cals the operator and`
			`says, "This is repair service. Could you tell me what pair I am coming in on?"`
			`If she reads off the phreak's own number, he must try again.`

			`HOW TO FIND DIVERTERS`

			`And now a phreak must wonder, "How are these beasties found?" The best place`
			`to start is the local yellow pages. If one looks up the office numbers for`
			`psychiatrists, doctors, real estate agents, plumbers, dentists, or any`
			`professional who generally needs to be in constant contact with his customers`
			`or would be afraid of losin gbusiness while at home. Then one merely dials up`
			`all these numbers after 6:00 or so, and listens for multiple clicks while the`
			`call goes through. Since the call is local, multiple clicks should not be the`
			`norm. Then the phreak merely follows through with the procedure above, and`
			`waits for the window of vulnerability.`

			`OTHER FORMS OF DIVERTERS`

			`There are several other forms of diverters. Phreaks have known for years of`
			`recordings that leave a dial tone after "ending." One eof the more famous was`
			`the DoD Fraud Hotline's after hours recording, which finally ended, after`
			`multiple clicks and disconnects, at an Autovon dial tone. One common practice`
			`occurs when a company finds its PBX being heavily abused after hours. It puts`
			`in a recording saying that the company cannot be reached now. However, it`
			`often happens that after multiple disconnects one ends up with a dial tone`
			`inside the PBX, thus a code is not needed. Also, when dialing a company and`
			`talking (social engineering) with employees, one merely waits for them to hang`
			`up and often a second dial tone is revealed. 976 (dial-it) numbers have been`
			`known to do this as well. Answering services also suffer from this lack of`
			`security. A good phreak should learn never to hang up on a called party. He`
			`can never be sure what he is missing. The best phreaks are always the last to`
			`hang up the phone, and they will often wait on the line a few minutes until`
			`they are sure it's all over. One item of clarification - the recordings`
			`mentioned above are not the telco standard "The number you have dialed..." or`
			`the like. However, telco newslines have been known to suffer from diverter`
			`mis-disconnect.`

			`DANGERS OF DIVERTING`

			`So, nothing comes free. What are the dangers of diverting? Well, technically,`
			`one is committing toll fraud. However, a list of diverter numbers is just`
			`that, a list of phone numbers. Tracing is a distinct possibility but the`
			`average diverter victim does not have the technical knowledge to identify`
			`the problem.`

			`There has been at least one investigation of diverter fraud involving the FBI.`
			`However there were no arrests and the case was dropped. It seems that one`
			`prospective victim in Connecticut realized that he was being defrauded after`
			`receiving multiple phone calls demanding that he put up his diverter NOW so`
			`that a conference call could be made. He then complained to the FBI.`
			`However, these aware customers are few and far between, and if a phreak does`
			`not go to such radically obnoxious extremes, it is hard to be caught. Unless`
			`the same number is used to place many expensive calls.`