THE BLUE BOX

Another mistake made by the phone company was their publishing the actual values of the switching frequencies in technical journals, which were available in most college libraries. Electronics hobbyists and engineering students, among others, used this information to build devices known as Blue Boxes (which can be any color, but supposedly the first one confiscated by the authorities happened to be blue). Soon after the 1971 Esquire article was published, these journals were flagged and removed from circulation.

A Blue Box is simply an electronic gadget capable of producing MF tones. Phreaks published schematic diagrams of the devices in underground media, notably TAP Magazine (one of Abbie Hoffman's lesser-known enterprises). The box could be directly connected to the telephone line, or more commonly, acoustically coupled to the phone mouthpiece.

With a Blue Box, all a phone phreak has to do in order to gain control of the switching system is dial a non-local phone number and send 2600Hz as the call is connected. This tone tricks the system into thinking that the customer has hung up, terminating the call. Now, the tandem is in idle mode. At this point, to make a phone call, the phreak simply dials KP+area code+phone number+ST (in MF tones, not with the regular Touch-Tone keypad). Most phreaks dial an 800 number first; it is toll-free, it can be dialed from anywhere, and it is not logged by the phone company's billing computer (because there is no charge), so the Blue Box user has less chance of being discovered by telco security. (That also changed after the Esquire article -- Bell security modified the recording equipment to notice excessive 800-number calls. As "Al Gilbertson" put it, "...if you're foolish enough to talk for two hours on an 800 call, and they've installed one of their special anti-fraud computer programs to watch out for such things, they may spot you and ask you why you took two hours talking to Army Recruiting's 800 number when you're 4-F." (Rosenbaum, "Secrets")

Soon after the phone company found out about these exploits, they began to install "2600 traps" in local offices. These detected the frequency where it did not belong and traced the call. Phreaks found a way around this, however. Since 2600Hz tones can be produced by normal speech, telco equipment is programmed not to disconnect if it "hears" 2600Hz with other tones present; it only reacts to a pure 2600Hz blast. Otherwise, a person's voice could accidentally trip the disconnect signal. The solution, then, to evade the detector, was simply to send an impure 2600Hz signal. This is known as guard banding. But it leads to another problem: The tandem will not disconnect unless it receives a pure 2600Hz tone. Phreaks needed to get past the detector, but also needed to have an intact tone present afterward in order to signal the tandem.

Click here to go to the Tone Sampler page (javascript). Click here for non-javascript.

By adding a higher- frequency tone (about 3000-3200Hz) to the 2600Hz tone, phreaks are able to achieve both tasks. The higher frequency prevents the detector from hearing a pure 2600Hz. Once the pair of frequencies makes it past the local office, however, the higher frequency has become attenuated below the guard threshold (its strength degrades over that distance), and the 2600Hz tone is pure enough to signal the tandem to disconnect. (Draper, "Comments")

Phreaks apply the same method to accomplish a feat known as stacking tandems. Guard frequencies can be used to "sneak" a 2600Hz tone past one tandem, and signal another one down a second trunk line. In this fashion, several tandems can be stacked in a kind of daisy-chain, and a phone call can be routed through virtually any combination of tandems (although the tones must be boosted to compensate for signal loss over long distances). It also allows for international routing control, because many countries use similar switching systems with different sets of frequencies. The foreign signaling tones therefore do not interfere with U.S. telco frequencies, so calls can easily go back and forth between countries. With a Blue Box, it is even possible to route a call through satellite.