A Brief History of Phreaking ____________________________ by BucWheat Like most college students, I have occasionally been assigned research papers for one class or another. My latest assignment was for a systems analysis class- the subject chosen was required to be computer related. Intrigued by the ideas presented in the movie War Games, I chose hacking as my topic. As I began my research, the subjects of hacking and phreaking are somewhat intertwined, and as a result I learned a lot of fascinating information about the history of phreaking. That information is summarized below. (The following is an excerpt from Out of the Inner Circle by The Cracker, Microsoft Press. Used without permission, but who really cares?) In the 1970s, before personal computers became as common as they are now, the telephone system was explored by a group of hackers who called themselves phone phreaks. The ethical and technical predecessors of today's hackers, the phone phreaks were anarchic "musicians" who delighted in using flutes, whistles, and any other sound generators that worked to enter and explore the worldwide telephone network. The phone phreaks were far less organized and widespread than today's hackers are, and, in the beginning, none of the even knew of each other's existence. The cult itself came into being in the late 1960s, partly because of a brilliant young man in Tennessee named Joe Engressia. Joe was the first phone phreak to achieve media notoriety when a 1971 Esquire article told about him and his cohorts. Like many other early phone phreaks, Joe is blind. He was only twenty- two when the article was published, but he had been tweaking the phone system since the age of eight. Telephones had always fascinated him, and Joe happens to be one of those rare individuals who are born with perfect pitch. One day, by accident, he discovered how this gift could help him manipulate some of the most sophisticated and widespread technology in the world. He was dialing recorded messages, partly because it was the only way he knew to call around the world for free, and partly because it was a favorite pastime. He was whistling while listening to a recorded announcement when suddenly the recording clicked off. Someone with less curiosity might have assumed it was one of those strange things the phone company does to you, but Joe had an idea. He fooled around with some other numbers, and discovered he could switch off any recorded message by whistling a certain tone. He called the local telephone company and asked why tape recorders stopped working when he whistled into the telephone. He didn't fully understand the explanation he was given (remember, he was only eight years old), but it sounded as if he had stumbled upon a whole new world of things to do and explore. And to a blind eight-year-old, an easily explored world, no farther away than his telephone, was, indeed, an intriguing discovery. Joe was able to control some of the telephone company's global switching network - which is what he had stumbled upon with his whistling - because of a decision American Telephone and Telegraph (AT&T) made sometime in the 1950s. Their long-term, irreversible, multi-billion dollar decision was to base their long distance switching on a series of specific, audible tones called the multifrequency system. The multifrequency system (known to phreaks as "MF") is a way for numbers that designate switching paths to be transmitted as tones similar to those that touch tone phones make. Certain frequencies are used to find open lines, to switch from local to long distance trunks, and, essentially, to do most of the jobs a human operator is able to do. Undoubtedly, the decision makers at AT&T did not give a moment's thought to the possibility that the system might someday fall before a blind eight-year-old with perfect pitch, but Joe found that he could maneuver his way through the system by whistling that one specific tone at the right time. His motivation was not to steal free telephone calls, but to find his way around the network and to learn how to extend his control over it. Joe had explored for years, but he never thought of himself as an enemy of the telephone system. He loved the system. His dream was to work for the telephone company someday. But he finally ran afoul of his intended employer one day when he was caught whistling up free phone calls for his fellow college students. The publicity surrounding Joe's case had an unfortunate (for the telephone company) side effect: it led to the creation of the phone phreak network. Soon after the story hit the papers, Joe began to get calls from all over the country. Some of the callers were blind, most were young, and all of them had one thing in common: an enormous curiosity about the telephone system. Joe put the callers in touch with one another, and these scattered experimenters soon found that they had stumbled upon several different ways to use the MF system as the ticket to a world of electronic globe-trotting. Joe Engressia may have been the "phounding phather" of the phone phreaks, but just as one discovery often leads to another and another, it soon happened that someone else discovered a very large error made by the Bell Telephone System in 1954. The Bell System's technical journal had published a complete description of the MF system, including the exact frequencies and descriptions of how those frequencies were used. Once the frequencies became public knowledge, phreaks began to use pipe organs, flutes, and tape recorders to create the tones that gave them control over the entire telecommunications network. Then came the ultimate irony: the news spread that a simple toy whistle, included as a giveaway inside boxes of Cap'n Crunch cereal, produced a pure 2600 Hz. tone when one of the holes was taped shut. Using the whistle at just the right point in the process of making a connection, phreaks could call each other whenever and wherever they wanted to without having to pay the phone company. One of the more curious and inventive phreaks using the Cap'n Crunch whistle was John Draper, a young Air Force technician stationed overseas. Draper used the whistle for free calls to his friends in the United States. He was interested in the way this bizarre tool worked, so he began experimenting with the system and found that he could use his whistle and his knowledge of the switching network to route his calls in peculiar ways. He began by calling people who worked inside the telephone system. They weren't aware that he was an outsider, so he was able to start gathering "intelligence". Soon, he was calling Peking and Paris, and routing calls to himself around the world. He set up massive clandestine conference calls that phreaks around the world could join or drop out of at will. Soon, he became known in the phreak underground as Cap'n Crunch. Cap'n Crunch soon found out from other electronically minded phreaks that it was possible to build specially tuned electronic tone generators that could reproduce the MF frequencies. A few electronic wizards began to circulate the generators, which were first known as "MF boxes" because they reproduced the multifrequency tones, and later came to be called "blue boxes", as they are today. The number of phreaks grew, and as they added their own discoveries to the collection of phreak knowledge, the cult's power to manipulate the system steadily increased. Then, in October, 1971, the whole underground scene, from Joe Engressia to Cap'n Crunch became well known to the outside world. Esquire magazine published "Secrets of the Little Blue Box" by Ron Rosenbaum, a journalist who had encountered the top phreaks of the time. Cap'n Crunch was characterized somewhat romantically in Rosenbaum's piece as a roving prankster who drove the author around in his specially equipped van, pausing frequently at public telephones to phone locations around the world: the American embassy in Moscow, a group of blind teenage phreaks in Canada, a public telephone in Trafalgar square. After the article was published (though not as a direct result) Crunch was arrested twice, convicted, and ended up spending four months in the federal prison in Lompoc, California in 1976, and two in Northampton State Prison in Pennsylvania in 1977. While he was in prison, several mob-connected inmates tried to enlist him in a commercial blue box venture. Draper/Crunch declined. The convicts broke Draper's back and knocked out his front teeth. After he left prison, Draper quit phreaking and decided to start programming. An old friend by the name of Steve Wozniak seemed to be doing pretty well with a piece of hardware he called the Apple ][, and Draper started writing software for Apple Computer. He developed a word-processing program known as EasyWriter and gained another niche in the technological hall of fame in 1981, when EasyWriter was chosen as the first word processor to be available for the IBM personal computer. Now, Cap'n Crunch makes a legitimate living under a new handle, Cap'n Software. TAP During his trial, John Draper claimed (and still claims) that his interest in phreaking was strictly devoted to learning about the workings of the complex, worldwide communication- switching networks. There were other phreaks, though, of a more political mind, who saw this method of technological trespassing as a tool for spreading anarchy, and one radical branch of the phreak fraternity grew out of the political group of the late 60s and early 70s known as the Yippies. On May Day, 1971, the founding Yippie, Abbie Hoffman, and a phone phreak who used the handle Al Bell started a subversive publication called the Youth International Party Line, which focused on information about cracking the phone network. A few years later, its name was changed to Technological Assistance Program (TAP), when the technology phreaks separated from their more politically motivated counterparts. TAP was purely anarchist. Through it, phreaks learned how to make plastic explosives, how to obtain phony birth certificates and illicit airline tickets, and how to abuse credit cards. It published circuit diagrams of blue boxes, and its members specialized in obtaining and trading hard to get telephone numbers, such as that of the Vatican or the Kremlin. TAP even secured the phone number of the American Embassy in Teheran after it was seized by students during the hostage crisis of 1980, posted the number, and invited phreaks to "tell off" the revolutionary guards. In the late 1970s the phreak most closely associated with TAP also became a well-known hacker with the aliases Richard Cheshire and Cheshire Catalyst. Often employed as a computer and communications consultant by large corporations who are unaware of his secret identity, Cheshire has a widespread, carefully cultivated network of cohorts inside the telephone company and other institutions. Avoiding what he calls "dark side hacking" that results in damage to data, Cheshire claims that there are some kinds of information which even TAP will not publish. For example, Cheshire once said: "A few years ago, before the Progressive magazine actually published the plans for making a hydrogen bomb, we were approached by someone who had similar plans. I decided that anything like the hydrogen bomb, which has the capability of destroying the phone network, is not in our interests." Cheshire also mentioned an incident in which a hacker he knew stumbled upon the data processing facilities of a top secret American seismic station in Iceland, a facility responsible for monitoring Soviet nuclear testing. The hacker got out as soon as he realized where he was - "We try to stay away from that sort of stuff," Cheshire said. He also remarked, "I once invited the CIA to attend a public lecture of mine, and there were a couple of guys at that talk, seated towards the back, who definitely turned a couple shades of green when I told about that Icelandic station."