111 lines
5.1 KiB
Plaintext
111 lines
5.1 KiB
Plaintext
================================[MiNDCRiME]================================
|
|
[FiLE #5:]
|
|
|
|
eASE dROPPING aND cARDS
|
|
y---[MiNDCRiME #2!]---y
|
|
aRTICLE tYPED bY iP?!
|
|
_ _ _____ 12.o4.94 ]____ _ _
|
|
|
|
Every now and then, those of us who take the time to be
|
|
observant stumble across something remarkable. Let me
|
|
relate to you one of those experiences.
|
|
It was an all too lazy sunny afternoon in Indiana. I
|
|
was bored, and I decided to listen to my Realistic
|
|
PRO-2004 scanner. I flipped it on and scanned through
|
|
the usual federal government, military aviation, and
|
|
cordless phone frequencies, but there was no action to
|
|
be found. I happened to come across some scrambled DEA
|
|
transmissions and a droning cordless phone conversation
|
|
by some neighbors I could not identify. So for a
|
|
change I decided to scan through the marine radio
|
|
channels. The scanner then stopped on marine radio
|
|
channel 26, which is used to ship-to-shore telephone
|
|
calls. A man was reading off his calling card number
|
|
to the operator, who gladly accepted and connected his
|
|
call. Calling card numbers over the airwaves! I was
|
|
shocked -- astonished that such a lack of security
|
|
could not only exist, but be accepted practice.
|
|
|
|
I began mointoring marine telephone to find out more,
|
|
and it turns our that using a calling card for billing
|
|
is commonplace on VHF marine radiotelephone. People use
|
|
calling cards for billing all the time. That's what
|
|
the are for. But is it that big of a deal? [k0d3z!]
|
|
You bet it is. Marine telephone uses two frequencies,
|
|
one for the ship and one for the shore station.
|
|
[obviously]
|
|
The shore station transmits both sides of the
|
|
conversation at a some-what considerable power, enough
|
|
to offer reliable communications up to 50 miles
|
|
offshore. Anyone with a standard police type scanner
|
|
costing as little as $100 can listen in. People using
|
|
marine radiotelephonecan be broadcasting their calling
|
|
card number to a potential audience of thousands.
|
|
[k0d3z] And that just shouldn't be happening, but it
|
|
is. [I won't complain] And there is no doubt that
|
|
calling card fraud is occurring because of this lack of
|
|
security.
|
|
|
|
From the phone compant's [many Bell and non-Bell
|
|
companies provide marine telephone service] point of
|
|
view it must be a trade-off for customer convenience.
|
|
You see, there just aren't that many ways to bill a
|
|
ship-to-shore call. Most calls are collect, a few are
|
|
billed to the ship if they have an account, and a few
|
|
go to third party numbers [hehe] or other special
|
|
accounts. .. Sometimes the operators have trouble
|
|
verifying billing information. I monitored one man,
|
|
who after racking-up $40 worth of AT&T charges was
|
|
informed that they couldn't accept his international
|
|
account number. The operator finally coaxed him into
|
|
giving a address for billing. Calls are often billed
|
|
to third party numbers with verification [hmm], but
|
|
calling cards make billing easy for both the customer
|
|
and the phone company involved. It would also be
|
|
tricky for a company to not allow calling card use
|
|
[very tricky]. Doing so would be a inconvenience to
|
|
customers and would force them to admit a lack of
|
|
communications security. Of course people using marine
|
|
radio should already realize that their conversations
|
|
aren't private, but announcing the fact wouldn't help
|
|
the phone compant at all. In fact, people may place
|
|
less calls.
|
|
|
|
The convenience offered by calling cards makes them an
|
|
easy target for fraud. They can be used by anyone from
|
|
any phone and with a variety of different long distance
|
|
carriers via 10XXX numbers. No red of blue box
|
|
hardware necessary here, just 14 digits, but of course,
|
|
the number won't be valid for long after all those
|
|
strange charges start showing up on someone's bill. It
|
|
should be noted that when a calling cafd is used, the
|
|
number called, time and date of call, and location [and
|
|
often, the number] from which the call was placed are
|
|
printed on the bill. A fraudulent user could be caught
|
|
via that information if they were careless. Also, some
|
|
long distance companies may contact the owner of the
|
|
card if they notice and unusually high number of
|
|
charges on the card. .. Long distance companies bear
|
|
with the brunt of the bills caused by calling card
|
|
fraud. However, if you read the fine print, the cards
|
|
offered by many companies have a certain minimum amount
|
|
that the customer must pay, say $25 or $50. [I have yet
|
|
heard of a case where a phone compant got away with
|
|
charging a customer when the only thing stolen was a
|
|
number and not the card itself] .. So, whats the moral
|
|
of the story? Simple. Be damn careful what you say
|
|
over any radio, and that included cordless and cellular
|
|
telephones.
|
|
|
|
Also, be careful about how sloppy you are when using
|
|
cards. If you are using a calling card, enter it with
|
|
touch tones. =) If you happen to make VHF marine
|
|
radiotelephone calls, bill collect or charge to your
|
|
phone number as you would to a third party number --
|
|
without the last four calling card digits. For the most
|
|
part radio communications are easy to intercept, and
|
|
keeping them secure is up to you. Then again, it gives
|
|
hackers and phreakers the cutting edge, and I must say
|
|
no one is in any situation to bitch or complain.
|
|
|