home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Hacker Chronicles 1
/
HACKER1.ISO
/
phrk2
/
phrack21.8
< prev
next >
Wrap
Text File
|
1992-09-26
|
26KB
|
429 lines
==Phrack Inc.==
Volume Two, Issue 21, File 8 of 11
\`\`\`\`\`\`\`\`\`\`\`\`\`\`\`\`\`\`\`\`\`\`\`\`\`\`\`\`\`\`\
\`\ \`\
\`\ BLOCKING OF LONG-DISTANCE CALLS \`\
\`\ by Jim Schmickley \`\
\`\ \`\
\`\ Hawkeye PC, Cedar Rapids, Iowa \`\
\`\ \`\
\`\ Special Thanks To Hatchet Molly \`\
\`\ \`\
\`\`\`\`\`\`\`\`\`\`\`\`\`\`\`\`\`\`\`\`\`\`\`\`\`\`\`\`\`\`\
SUMMARY -- This file describes the "blocking" by one long-distance telephone
company of access through their system to certain telephone numbers,
particularly BBS numbers. The blocking is applied in a very arbitrary manner,
and the company arrogantly asserts that BBS SYSOPS and anyone who uses a
computer modem are "hackers."
The company doesn't really want to discuss the situation, but it appears the
following scenario occurred. The proverbial "person or persons unknown"
identified one or more "valid" long-distance account numbers, and subsequently
used those numbers on one or more occasions to fraudulently call a legitimate
computer bulletin board system (BBS). When the long-distance company
discovered the fraudulent charges, they "blocked" the line without bothering to
investigate or contacting the BBS System Operator to obtain his assistance. In
fact, the company did not even determine the sysop's name.
The long-distance carrier would like to pretend that the incident which
triggered the actions described in this article was an isolated situation, not
related to anything else in the world. However, there are major principles of
free, uninhibited communications and individual rights deeply interwoven into
the issue. And, there is still the lingering question, "If one long-distance
company is interfering with their customers' communications on little more than
a whim, are other long-distant companies also interfering with the American
public's right of free 'electronic speech'?"
CALL TO ACTION -- Your inputs and protests are needed now to counter the
long-distance company's claims that "no one was hurt by their blocking actions
because nobody complained." Obviously nobody complained for a long time
because the line blocking was carried out in such a manner that no one
realized, until April 1988, what was being done.
Please read through the rest of this article and judge for yourself. Then,
please write to the organizations listed at the end of the article; insist that
your right to telephone whatever number you choose should not be impaired by
the arbitrary decision of some telephone company bureaucrat who really doesn't
care about the rights of his customers. Protest in the strongest terms. And,
remember, the rights you save WILL BE YOUR OWN!
SETTING THE SCENE -- Teleconnect is a long-distance carrier and telephone
direct marketing company headquartered in Cedar Rapids, Iowa. The company is
about eight years old, and has a long-distance business base of approximately
200,000 customers. Teleconnect has just completed its first public stock
offering, and is presently (August 1988) involved in a merger which will make
it the nation's fourth-largest long-distance carrier. It is a very rapidly
growing company, having achieved its spectacular growth by offering long
distance service at rates advertised as being 15% to 30% below AT&T's rates.
When Teleconnect started out in the telephone interconnection business,
few, if any, exchanges were set up for "equal access," so the company set up a
network of local access numbers (essentially just unlisted local PABXs -
Private Automatic Branch eXchanges) and assigned a six-digit account number to
each customer. Later, a seventh "security" digit was added to all account
numbers. Teleconnect now offers direct "equal access" dialing on most
exchanges, but the older access number/account code system is still in place
for those exchanges which do not offer "equal access." That system is still
very useful for customers who place calls from their offices or other locations
away from home.
"BLOCKING" DISCOVERED -- In early April 1988, a friend mentioned that
Teleconnect was "blocking" certain telephone lines where they detected computer
tone. In particular, he had been unable to call Curt Kyhl's Stock Exchange BBS
in Waterloo, Iowa. This sounded like something I should certainly look into,
so I tried to call Curt's BBS.
CONTACT WITH TELECONNECT -- Teleconnect would not allow my call to go through.
Instead, I got a recorded voice message stating that the call was a local call
from my location. A second attempt got the same recorded message. At least,
they were consistent.
I called my Teleconnect service representative and asked just what the problem
was. After I explained what happened, she suggested that it must be a local
call. I explained that I really didn't think a 70 mile call from Cedar Rapids
to Waterloo was a local call. She checked on the situation and informed me
that the line was being "blocked." I asked why, and she "supposed it was at
the customer's request." After being advised that statement made no sense, she
admitted she really didn't know why. So, on to her supervisor.
The first level supervisor verified the line was being "blocked by Teleconnect
security," but she couldn't or wouldn't say why. Then, she challenged, "Why do
you want to call that number?" That was the wrong question to ask this unhappy
customer, and the lady quickly discovered that bit of information was none of
her business. On to her supervisor...
The second level supervisor refused to reveal any information of value to
a mere customer, but she did suggest that any line Teleconnect was blocking
could still be reached through AT&T or Northwestern Bell by dialing 10288-1.
When questioned why Teleconnect, which for years had sold its long-distance
service on the basis of a cost-saving over AT&T rates, was now suggesting that
customers use AT&T, the lady had no answer.
I was then informed that, if I needed more information, I should contact
Dan Rogers, Teleconnect's Vice President for Customer Service. That sounded
good; "Please connect me." Then, "I'm sorry, but Mr. Rogers is out of town,
and won't be back until next week." "Next week?" "But he does call in
regularly. Maybe he could call you back before that." Mr. Rogers did call me
back, later that day, from Washington, D.C. where he and some Teleconnect
"security people" were attending a conference on telephone security.
TELECONNECT RESPONDS, A LITTLE -- Dan Rogers prefaced his conversation with,
"I'm just the mouthpiece; I don't understand all the technical details. Our
security people are blocking that number because we've had some problems with
it in the past." I protested that the allegation of "problems" didn't make
sense because the number was for a computer bulletin board system operated by a
reputable businessman, Curt Kyhl.
Mr. Rogers said that I had just given Teleconnect new information; they had not
been able to determine whose number they were blocking. "Our people are good,
but they're not that good. Northwestern Bell won't release subscriber
information to us." And, when he got back to his office the following Monday,
he would have the security people check to see if the block could be removed.
The following Monday, another woman from Teleconnect called to inform me that
they had checked the line, and they were removing the block from it. She added
the comment that this was the first time in four years that anyone had
requested that a line be unblocked. I suggested that it probably wouldn't be
the last time.
In a later telephone conversation, Dan Rogers verified that the block had been
removed from Curt Kyhl's line, but warned that the line would be blocked
again "if there were any more problems with it." A brief, non-conclusive
discussion of Teleconnect's right to take such action then ensued. I added
that the fact that Teleconnect "security" had been unable to determine the
identity of the SYSOP of the blocked board just didn't make sense; that it
didn't sound as if the "security people" were very competent. Mr. Rogers then
admitted that every time the security people tried to call the number, they
got a busy signal (and, although Mr. Rogers didn't admit it, they just "gave
up," and arbitrarily blocked the line). Oh, yes, the lying voice message,
"This is a local call...," was not intended to deceive anyone according to Dan
Rogers. It was just that Teleconnect could only put so many messages on their
equipment, and that was the one they selected for blocked lines.
BEGINNING THE PAPER TRAIL -- Obviously, Teleconnect was not going to pay much
attention to telephone calls from mere customers. On April 22, Ben Blackstock,
practicing attorney and veteran sysop, wrote to Mr. Rogers urging
that Teleconnect permit their customers to call whatever numbers they desired.
Ben questioned Teleconnect's authority to block calls, and suggested that such
action had serious overlays of "big brother." He also noted that "you cannot
punish the innocent to get at someone who is apparently causing Teleconnect
difficulty."
Casey D. Mahon, Senior Vice President and General Counsel of Teleconnect,
replied to Ben Blackstock's letter on April 28th. This response was the start
of Teleconnect's seemingly endless stream of vague, general allegations
regarding "hackers" and "computer billboards." Teleconnect insisted they did
have authority to block access to telephone lines, and cited 18 USC
2511(2)(a)(i) as an example of the authority. The Teleconnect position was
summed up in the letter:
"Finally, please be advised the company is willing to 'unblock' the line in
order to ascertain whether or not illegal hacking has ceased. In the
event, however, that theft of Teleconnect long distance services through
use of the bulletin board resumes, we will certainly block access through
the Teleconnect network again and use our authority under federal law to
ascertain the identity of the hacker or hackers."
THE GAUNTLET IS PICKED UP -- Mr. Blackstock checked the cited section of the
U.S. Code, and discovered that it related only to "interception" of
communications, but had nothing to do with "blocking." He advised me of his
opinion and also wrote back to Casey Mahon challenging her interpretation of
that section of federal law.
In his letter, Ben noted that, "Either Teleconnect is providing a communication
service that is not discriminatory, or it is not." He added that he would
"become upset, to say the least" if he discovered that Teleconnect was blocking
access to his BBS. Mr. Blackstock concluded by offering to cooperate with
Teleconnect in seeking a declaratory judgment regarding their "right" to block
a telephone number based upon the actions of some third party. To date,
Teleconnect has not responded to that offer.
On May 13th, I sent my own reply to Casey Mahon, and answered the issues of her
letter point by point. I noted that even I, not an attorney, knew the
difference between "interception" and "blocking", and if Teleconnect didn't,
they could check with any football fan. My letter concluded:
"Since Teleconnect's 'blocking' policies are ill-conceived, thoughtlessly
arbitrary, anti-consumer, and of questionable legality, they need to be
corrected immediately. Please advise me how Teleconnect is revising these
policies to ensure that I and all other legitimate subscribers will have
uninhibited access to any and all long-distance numbers we choose to call."
Casey Mahon replied on June 3rd. Not unexpectedly, she brushed aside all
my arguments. She also presented the first of the sweeping generalizations,
with total avoidance of specifics, which we have since come to recognize as a
Teleconnect trademark. One paragraph neatly sums Casey Mahon's letter:
"While I appreciate the time and thought that obviously went into your
letter, I do not agree with your conclusion that Teleconnect's efforts to
prevent theft of its services are in any way inappropriate. The
inter-exchange industry has been plagued, throughout its history, by
individuals who devote substantial ingenuity to the theft of long distance
services. It is not unheard of for an interexchange company to lose as
much as $500,000 a month to theft. As you can imagine, such losses, over a
period of time, could drive a company out of business."
ESCALATION -- By this time it was very obvious that Teleconnect was going to
remain recalcitrant until some third party, preferably a regulatory agency,
convinced them of the error of their ways. Accordingly, I assembled the file
and added a letter of complaint addressed to the Iowa Utilities Board. The
complaint simply asked that Teleconnect be directed to institute appropriate
safeguards to ensure that "innocent third parties" would no longer be adversely
affected by Teleconnect's arbitrary "blocking" policies.
My letter of complaint was dated July 7, 1988 and the Iowa Utilities Board
replied on July 13, 1988. The The reply stated that Teleconnect was required
to respond to my complaint by August 2, 1988, and the Board would then propose
a resolution. If the proposed resolution was not satisfactory, I could request
that the file be reopened and the complaint be reconsidered. If the results
of that action were not satisfactory, a formal hearing could be requested.
After filing the complaint, I also sent a copy of the file to Congressman Tom
Tauke. Mr. Tauke represents the Second Congressional District of Iowa, which
includes Cedar Rapids, and is also a member of the House Telecommunications
Subcommittee. I have subsequently had a personal conversation with Mr. Tauke
as well as additional correspondence on the subject. He seems to have a deep
and genuine interest in the issue, but at my request, is simply an interested
observer at this time. It is our hope that the Iowa Utilities Board will
propose an acceptable resolution without additional help.
AN UNRESPONSIVE RESPONSE -- Teleconnect's "response" to the Iowa Utilities
Board was filed July 29, 1988. As anticipated, it was a mass of vague
generalities and unsubstantiated allegations. However, it offered one item of
new, and shocking, information; Curt Kyhl's BBS had been blocked for ten
months, from June 6, 1987 to mid-April 1988. (At this point it should be noted
that Teleconnect's customers had no idea that the company was blocking some of
our calls. We just assumed that calls weren't going through because of
Teleconnect's technical problems).
Teleconnect avoided putting any specific, or even relevant, information in
their letter. However, they did offer to whisper in the staff's ear;
"Teleconnect would be willing to share detailed information regarding this
specific case, and hacking in general, with the Board's staff, as it has in the
past with various federal and local law enforcement agencies, including the
United States Secret Service. Teleconnect respectfully requests, however, that
the board agree to keep such information confidential, as to do otherwise would
involve public disclosure of ongoing investigations of criminal conduct and the
methods by which interexchange carriers, including Teleconnect, detect such
theft."
There is no indication of whether anyone felt that such a "confidential"
meeting would violate Iowa's Open Meetings Law. Nobody apparently questioned
why, during a ten-months long "ongoing investigation," Teleconnect seemed
unable to determine the name of the individual whose line they were blocking.
Of course, whatever they did was justified because in their own words,
"Teleconnect had suffered substantial dollar losses as a result of the theft of
long distance services by means of computer 'hacking' utilizing the computer
billboard which is available at that number."
Teleconnect's most vile allegation was, "Many times, the hacker will enter the
stolen authorization code on computer billboards, allowing others to steal long
distance services by utilizing the code." But no harm was done by the blocking
of the BBS number because, "During the ten month period the number was blocked,
Teleconnect received no complaints from anyone claiming to be the party to whom
the number was assigned." The fact that Curt Kyhl had no way of knowing his
line was being blocked might have had something to do with the fact that he
didn't complain.
It was also pointed out that I really had no right to complain since, "First,
and foremost, Mr. Schmickley is not the subscriber to the number." That is
true, I'm just a long-time Teleconnect customer who was refused service because
of an alleged act performed by an unknown third party.
Then Teleconnect dumped on the Utilities Board staff a copy of a seven page
article from Business Week Magazine, entitled "Is Your Computer Secure?" This
article was totally unrelated to the theft of long-distance service, except for
an excerpt from a sidebar story about a West German hackers' club. The story
reported that, "In 1984, Chaos uncovered a security hole in the videotex system
that the German telephone authority, the Deutsche Bundespost, was building.
When the agency ignored club warnings that messages in a customer's private
electronic mailbox weren't secure, Chaos members set out to prove the point.
They logged on to computers at Hamburger Sparkasse, a savings bank, and
programmed them to make thousands of videotex calls to Chaos headquarters on
one weekend. After only two days of this, the bank owed the Bundespost $75,000
in telephone charges."
RESOLUTION WITH A RUBBER STAMP -- The staff of the Iowa Utilities Board replied
to my complaint by letter on August 19, 1988. They apparently accepted the
vague innuendo submitted by Teleconnect without any verification; "Considering
the illegal actions reportedly to be taking place on number (319) 236-0834, it
appears the blocking was reasonable. However, we believe the Board should be
notified shortly after the blocking and permission should be obtained to
continue the blocking for any period of time."
However, it was also noted that, "Iowa Code 476.20 (1) (1987) states, 'A
utility shall not, except in cases of emergency, discontinue, reduce, or impair
service to a community or a part of a community, except for nonpayment of
account or violation of rules and regulations, unless and until permission to
do so is obtained from the Board." The letter further clarified, "Although the
Iowa Code is subject to interpretation, it appears to staff that 'emergency'
refers to a relatively short time..."
CONSIDER THE EVIDENCE -- Since it appeared obvious that the Utilities Board
staff had not questioned or investigated a single one of Teleconnect's
allegations, the staff's response was absolutely astounding. Accordingly, I
filed a request for reconsideration on August 22nd.
Three points were raised in the request for reconsideration;
(1) The staff's evaluation should have been focused on the denial of
service to me and countless others of Teleconnect's 200,000 customers,
and not just on the blocking of incoming calls to one BBS.
(2) The staff accepted all of Teleconnect's allegations as fact, although
not one bit of hard evidence was presented in support of those
allegations.
(3) In the words of the staff's own citation, it appeared that Teleconnect
had violated Iowa Code 476.20 (1) (1987) continuously over a ten
months' period, perhaps as long as four years.
Since Teleconnect had dumped a seven page irrelevant magazine article on the
staff, it seemed only fair to now offer a two page completely relevant story to
them. This was "On Your Computer - Bulletin Boards," from the June 1988 issue
of "Changing Times." This excellent article cited nine BBSs as "good places to
get started." Among the nine listed BBSs was Curt Kyhl's "Stock Exchange,
Waterloo, Iowa (319-236-0834)." Even the geniuses at Teleconnect ought to be
able to recognize that this BBS, recommended by a national magazine, is the
very same one they blocked for ten months.
MEANWHILE, BACK AT THE RANCH -- You are now up-to-date on the entire story.
Now, we are in the process of spreading the word so that all interested people
can contact the Iowa authorities so they will get the message that this case is
much bigger than the blocking of one BBS. YOU can help.
Read the notice appended to this file and ACT. If you are a Teleconnect
customer, it is very important that you write the agencies listed on the
notice. If you are not a Teleconnect customer, but are interested in
preserving your rights to uninhibited communications, you can help the cause by
writing to those agencies, also. Please, people, write now! Before it is too
late!
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
T E L E C O N N E C T C U S T O M E R S
= = = = = = = = = = = = = = = = = = = = = = = =
If you are user of Teleconnect's long distance telephone service, you
need to be aware of their "blocking" policy:
Teleconnect has been "lashing out" against the callers of bulletin boards
and other "computer numbers" by blocking access of legitimate subscribers
to certain phone numbers to which calls have been made with fraudulent
Teleconnect charge numbers. Curt Kyhl's Stock Exchange Bulletin Board in
Waterloo has been "blocked" in such a manner. Teleconnect representatives
have indicated that other "computer numbers" have been the objects of
similar action in the past, and that they (Teleconnect) have a "right" to
continue such action in the future.
Aside from the trampling of individual rights guaranteed by the Bill of
Rights of the U.S. Constitution, this arbitrary action serves only to
"punish the innocent" Teleconnect customers and bulletin board operators,
while doing absolutely nothing to identify, punish, or obtain payment from
the guilty. The capping irony is that Teleconnect, which advertises as
offering significant savings over AT&T long-distance rates, now suggests to
complaining customers that the blocked number can still be dialed through
AT&T.
Please write to Teleconnect. Explain how long you have been a customer,
that your modem generates a significant amount of the revenue they collect
from you, and that you strongly object to their arbitrarily deciding what
numbers you may or may not call. Challenge their "right" to institute a
"blocking" policy and insist that the policy be changed. Send your
protests to:
Teleconnect Company
Mr. Dan Rogers, Vice President for Customer Service
500 Second Avenue, S.E.
Cedar Rapids, Iowa 52401
A complaint filed with the Iowa Utilities Board has been initially resolved
in favor of Teleconnect. A request for reconsideration has been filed, and
the time is NOW for YOU to write letters to the State of Iowa. Please
write NOW to:
Mr. Gerald W. Winter, Supervisor, Consumer Services
Iowa State Utilities Board
Lucas State Office Building
Des Moines, Iowa 50319
And to:
Mr. James Maret
Office of the Consumer Advocate
Lucas State Office Building
Des Moines, Iowa 50319
Write now. The rights you save WILL be your own.
After filing a request for reconsideration of my complaint, I received a reply
from the Iowa State Utilities Board which said, in part:
"Thank you for your letter dated August 22, 1988, with additional comments
concerning your complaint on the blocking of access to certain telephone
numbers by Teleconnect.
"To ensure that the issues are properly investigated, we are forwarding
your comments to the company and requesting a response by September 15,
1988."
Again, this is a very large issue. Simply stated; Does ANY telephone company
have the right to "block" (or refuse to place) calls to ANY number on the basis
of unsubstantiated, uninvestigated charges of "telephone fraud," especially
when the alleged fraud was committed by a third party without the knowledge of
the called party? In the specific case, the question becomes; Can a long
distance carrier refuse to handle calls to a BBS solely because some unknown
crook has placed fraudulently-charged calls to that BBS? Incidentally, when
you write, please cite file number C-88-161.
If you have any additional information which might be helpful in this
battle, please let me know.
You can send mail to me via U.S. Mail to: Jim Schmickley
7441 Commune Court, N.E.
Cedar Rapids, Iowa 52402
(See "On The Edge Of Forever" in PWN XXI/1 for an update on this issue. -KL)
Downloaded From P-80 International Information Systems 304-744-2253 12yrs+