History/Tech pg 3

THE MISTAKE

In the late 1960s a flaw was discovered in the phone system's design. No one is certain who first stumbled upon this secret; but suddenly, many people had figured out how to make free phone calls. The phone company's customers now had the ability to do anything that a long-distance operator could do.

The flaw lies in the way the phone company's switching circuitry is designed. Two things have to occur for phone calls to work: an operator has to be able to route a call from its source to its destination, and the customers have to be able to hear each other. One possible way to achieve this is to utilize out-of-band signaling, where one circuit carries peoples' voices back and forth and another one is used by the operator to route calls through the endless web of phone lines. The phone company, however, reasoned that they could halve installation costs by using in-band signaling; both speech and routing data could share the same circuit. That was the error. They designed the switching and routing system to be controlled by sound -- by certain frequencies (like 2600Hz) that were generated by the operator's computer. But because they used in-band signaling, these frequencies could also be "heard" by the mouthpiece of the telephone. The company's equipment couldn't tell the difference!

When a tandem seizes a trunk line to send a long distance call, it translates the dialed number into multi-frequency (MF) tones. There are six master tones, and each MF tone is a combination of two of these six master tones (see diagram). They are different from the DTMF tones produced by a telephone (otherwise, anyone could bypass the operator's control simply by dialing the number himself!). Each tone is pulsed for about 60ms, with 60ms of silence between digits. (Exodus, "Blue Box")

The last three frequencies are used only on certain systems for international calls. The KP (Key Pulse) tone is sent by the originating end of the trunk to alert the far end that it is about to receive a dialed number. Then the number is sent, followed by ST (Start Transit), which tells the far end to begin processing the number. When the caller hangs up, 2600Hz is sent along the trunk to signify a disconnect and return the tandem to idle mode.

Normally, all of these functions are initiated by long-distance operators' computers. In the early 1960s, however, some of the phone company's customers found ways to interact with the switching equipment by playing tones into the mouthpiece of the telephone. According to one account of this discovery, a blind teenager named Joe Engressia (3 ) made a long-distance call, and while waiting for the operator to connect it, he started whistling. He then heard a click, followed by other strange sounds, and realized that his whistling had somehow affected the phone call.

Eventually, phreaks figured out that the switching tones could be produced by several different sources, including electric organs and toy whistles. (4) Engressia and others born with perfect pitch could whistle a burst of 2600Hz; a live operator could tell the difference, but the computerized switching system reacted as though the whistling was being produced by its own equipment. (Rosenbaum, "Secrets")

(3) Most of the original phone phreaks were blind; according to legend, Engressia shared his discoveries with his friends at a blind childrens' summer camp, and from there the information spread through a kind of telephone network of blind teenagers (they used a secret telco test number in Canada as a conference line).
(4) One of the most notorious phreaks, "Captain Crunch," took his name from a toy whistle that came in a box of Cap'n Crunch cereal; the whistle produced a perfect 2600Hz tone.
The Captain, a.k.a. John Draper, later worked for Apple developing a modem for the Apple ][ series personal computer; however, he had to be taken off the project when his supervisors found out he was including pre-programmed Blue Box tone capability in the modem. Another anecdote: Steve Wozniak was introduced to the Blue Box by Draper, and built and sold many boxes to fund Apple. Each box the Woz built contained the message, "He's got the whole world in his hands."

Home