home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Hackers Underworld 2: Forbidden Knowledge
/
Hackers Underworld 2: Forbidden Knowledge.iso
/
PHREAK
/
MISP55.TXT
< prev
next >
Wrap
Text File
|
1994-07-17
|
8KB
|
251 lines
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$ $
$ --------------------------------- $
$ ! investigative procedures. ! $
$ !-------------------------------- $
$ $
$ of $
$ $
$ --------------------------------- $
$ ! electronic toll fraud devices ! $
$ --------------------------------- $
$ $
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
**investigative procedures**
--------------- -----------
this section reviews the investiga tive
procedures used by the security
department of ma bell.
most of the discussion will concern
blue box investigations because of the
frequency of the blue box cases
referred to law enforcement officials
for prosecution.
the security department may initially
discover evidence of etf activity. This
may result from an analysis of calling
patterns to particular numbers. Such
analyses may reveal abnormal calling
patterns which possibly are the result
of etf activity
. Moreover, cases of suspected etf are
referred to the security department
from the various operating departments
of bell, from other telephone companies
, or from law enforcement officials. In
some instances, detection and indenti-
fication of a calling station origin-
ating suspected blue box tones can be
provided by use of a special non-
monitoring test equipment.
if initial indications are that there
is a substantial possibility that a
blue box is being used on a partic-
ular line, the security department
determines certain information about
the line. The name of the subscriber to
that line is identified, and an
inventory is made of the line and
station equipment being provided to
him. A discreet background investi-
gation (record) is conducted to
establish the subscriber's identity.
after this preliminary data is gathered
, etf detection units are installed on
the suspected line to establish
"probable cause" for further investi-
gation. If the "probable cause"
equipment indicates repeated etf
activity on the line, other equipment
is then installed to document such
activity.
the "probable cause" equipment
ascertains the presence of multi-
frequency tones on the subscribers end
of the line which would not be present
in normal usage. The "probable cause"
device now being used by some bell
central offices register each and every
application of 2600hz tones in
single-frequency (sf) signalling and/
or 2600hz tone followed by kp tones
used in multi-frequency (mf) signalling
. As previously stated, such tones
should not normally be present on the
line.
if "probable cause" is established,
other detection, indentification and
documentation equipment is installed.
the primary equipment now being used is
the dialed number recorder (dnr),
coupled with an auxillary tape
recorder. The dnr is activated when the
suspect subscriber's phone goes
"off-hook" andb prints on paper tape
the following information concerning
the call: the date and time of the call
and the digits dialed over the suspects
line. Moreover, the dnr records on the
paper tape an indicator of the presence
of 2600hz tones on the line and the
presence of multi-frequency signalling
tones on the subscriber's line. The
auxiliary tape recorder is activated
*only* after the presence of 2600hz
tone on the line is detected by the dnr
(indicating the use of a blue box)
. Once the tape recorder is activated,
it records the tones being emitted by
the blue box, other signalling tones,
and the ringing cycle on the called end
. It also records a minimum amount of
ensuing conversation for the purpose of
(1) establishing that the fraudulent
call was consummated
(2) establishing the identity of the
fraudulent caller. The timing duration
of the tape recorder is pre-set. A time
of one-minute (including pulsing,
ringing and conversation) is the stand
ard setting; however, if the blue box
user is suspected of making overseas
calls, the timing may be set for 2
minutes because of the greater time
required by the blue box user to
complete the call. Upon termination of
the call, the dnr automatically prints
the time of termination and the date.
it should be pointed out that the
presence of 2600hz tones *plus* multi-
frequncy signalling tones on a
subscriber's line positively estab-
lishes that a blue box is being used to
place a fraudulent call because such
tones are not normally originated from
a subscribers line.
once the raw data described above is
gathered, the security department
collects and formulates the data into
legally admissable evidence of criminal
activity. Such evidence will establish:
(1) that a fraudulent call was placed
by means of an etf device,
(2) that conversation ensued,
(3) that the fraudulent call was placed
by an identified individual, and(4)
that such call was not billed to the
subscriber number from which the blue
box call originated. The evidence which
is then available consists of documents
and also of expert witness testimony by
telephone company personnel concerning
the contents of those documents, the
oper-
ation of the blue box, and the oper-
ation of the detection equipment.
(note- similar techniques are used in
the investigation of other forms of
etf.)
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
presentation of evidence to prosecutors
------------ -- -------- -- -----------
the evidence accumulated by the
security department is carefully review
ed by the legal department for the
purpose of determining whether suff-
icient evidence exists to warrent the
presentation of the evidence to law
enforcement officials. If the evidence
does warrent such action, it is pres-
ented under appropriate circumstances
to the proper law enforcement officials
. In all cases where prosecution is
recommended, a professionally invest-
igated and documented summary of the
case will be preparted and presented by
the security department to the
prosecutor's office. Each case
recommended for prosecution will be
prepared as completely as possible,
usually necessitating little or no
pre-trial investigation for the
prosecutor. The summary of the case
will include the following:
(a) a background of the case with
details of the defendant's activities
and a summary of all pertinent invest-
igative steps and interviews conducted
in the course of the investigation.
(b) identification of witnesses.
(c) synopsis of pertinent points to
which each witness can testify.
(d) description of all documents and
items of evidence and the suggest-
ed order of proof showing the chron-
ology of events. The physical evidence
presented will normally consist of one
or more of the following: magnetic
tapes from the auxilairy tape recorder,
paper tapes from the dnr, worksheets
and notes prepared in connection with
the analysis of each fraudulent call,
the suspect's toll billing records
covering the period during which the
fraudulent activity occured, computer
printouts which established probably
cause or a statement of the source of
the "probable cause", and the tele-
phone company records of equipment
being provided to the suspect.
(e) upon request, the law applicable to
the case.
other pertinent company records will be
furnished under subpoena or demand of
lawful authority. If an arrest or
search warrent is sought, the security
representitives will cooperate fully
and furnish affidavits required to
support the application for the warrent
s, nevertheless, upon request, such
representatives will accompany the
executing officers to assist in the
identification of any suspected etf
equipment found. The security repre-
sentitive will also be available to
suggest pertinent areas for interro-
gation of the persons suspected of
engaging in the fraudulent activity.
(i hope that this will help most of you
who blu