83 lines
4.7 KiB
Plaintext
83 lines
4.7 KiB
Plaintext
The THC Hack/Phreak Archives: AMEXFONE.STO (77 lines)
|
|
Note: I did not write any of these textfiles. They are being posted from
|
|
the archive as a public service only - any copyrights belong to the
|
|
authors. See the footer for important information.
|
|
==========================================================================
|
|
|
|
|
|
|
|
An American Express Phone Story
|
|
|
|
By: Chester Holmes
|
|
|
|
Reprinted from 2600 magazine, March 1986
|
|
|
|
-------------------------------------------------------------------------------
|
|
|
|
This story is a memory of hacking a formidable American
|
|
institution - American Express. No, not AX's internal telecommunications
|
|
network, but the corporation's toll-free charge card authorization number.
|
|
The following can be safely told as our "system" went down a few years ago.
|
|
|
|
It all started in the summer of 1982. I had been on the lookout for
|
|
various extenders and other nifty things a phone could link up with. Most
|
|
were found by scanning and searching 800 number series using the time-honored
|
|
"hang-up-if-a-human-answers" technique. After a long and fruitless afternoon
|
|
of such looking, I decided to take a run on down to the local Chinese eatery
|
|
as my stomach's contents had been depleted several hours earlier. I wasn't
|
|
wont on dining there; take-out would have been fine. Well, as Murphy would
|
|
predict, my fried rice order wasn't ready at the appointed time, so I found
|
|
myself at the register with a few moments to kill. Murphy struck again: on
|
|
the register was a sticker with several 800 numbers and the words "American
|
|
Express Charge Authorization" emblazoned theron.
|
|
|
|
The MSG in Chinese food affects people in a variety of ways. Some folks get
|
|
rambunctious, but I get sleepy. I told my associate about this number, and
|
|
told him my right index finger was worn down from hours of dialing. He
|
|
understood, and made some discoveries while playing with the system all that
|
|
night.
|
|
|
|
If I can recall correctly, when one dialed the number (alas, time has erased
|
|
the number from my brain's RAM), the merchant would be prompted to enter the
|
|
card number, amount, etc., and the computer would give an approval code. A *#
|
|
would abort the procedure at any time and disconnect. Merely pressing ## during
|
|
the call would get an AX operator. This was accomplished by the system
|
|
obtaining a dial tone and then automatically touch-toning the four-digit
|
|
extension. We had our fun harassing the operators, for when they hung up, the
|
|
dial tone would return, but would not automatically dial! We were thus free
|
|
to make local calls within New York City! We soon tired of this game, so
|
|
instead we developed a method of beating the system's demon dialer. Upon dial
|
|
tone receipt, we quickly touch-toned 9958. The first 9 would give us an
|
|
outside line, and the 958 was the Automatic Number Identification for New
|
|
York. The four system-generated digits would then come through and be ignored.
|
|
This trick saved us from continual arousal of credit-operator suspicion, and
|
|
the dial tone was returned after ANI did her thing. We also learned how many
|
|
different phone numbers they used for this system.
|
|
|
|
You'll note I said we were free to make local calls. We were able to dial
|
|
9-0 to get a Bell operator, who was most happy to assist in placing our
|
|
rong-distance calls. For some reason, however, these operators couldn't help
|
|
with 900 calls (I got the same operator three times in one night while trying
|
|
to listen to the space shuttle. We developed a kinship by the last call).
|
|
The AX PBX would give a stern warning if we tried to dial a long distance call
|
|
directly ("Class of Service Restriction. Class of Service Restriction."), but
|
|
we soon outsmarted it: it wasn't looking for a 1+NPA etc., but had a timer
|
|
going, and if you dialed more than eight digits (9+, etc.) in a period of
|
|
about five seconds, you'd get that mesge. So we dialed the first few
|
|
digits, paused, dialed the remainder, and the call went through (even to the
|
|
space shuttle).
|
|
|
|
Connections were generally less than optimum (in fact they sucked) but if
|
|
you and your called party were in quiet rooms, you could talk for hours.
|
|
Another minor annoyance was crosstalk. I had often heard the familiar 9958
|
|
off in the background, and once I even faintly heard my buddy. We shouted at
|
|
one another for a while until one of us hit *#.
|
|
|
|
I don't think AX was ever quite aware of our exploits since it was online
|
|
for several months: a new system was installed when their authorization people
|
|
moved to Florida. I had an Amex card all the while, but recently gave it up
|
|
when they raised their annual "membership" to $45, and didn't tell me. It was
|
|
them pissing me off like that that prompted me to tell this tale.
|
|
|
|
|