A pounds 54,000 telephone bill? You've been phreaked!

Telephone hackers, or 'phreakers', have learnt to break into voice- mail systems and can run up huge bills at others' expense. Charles Arthur meets rogue, victim and sleuth

To anyone who spends a lot of their day on the telephone, voice- mail often seems like the curse of modern life. Everyone knows that sinking feeling when you are desperately trying to contact somebody and instead get an artificial voice saying, "To leave a message, press 1. For other options, press 2. To transfer to an operator, press 0." Americans call this phenomenon "voice-mail jail".

Voice-mail in the UK is one of the great success stories of the Nineties. Sales grew 65 per cent in 1994 to reach pounds 61.5m; market estimates suggest that 38 per cent of companies have some form of voice-mail, compared to fewer than 200 systems installed nationwide in 1989.

But voice-mail is not always good news for the companies that install it. Phone hackers - "phreakers" - have found the automated switchboards that let you transfer between extensions are a fruitful area for attack. With a little skill and applied intelligence, they can guess the code number of the owner of a voice-mail "box" (the answering-machine aspect of the system) and listen to messages there. Some more experimentation lets them set the extension up so that they can dial out to the extension of their choice. From there, the sky's the limit - especially where the company's telephone bill is concerned.

The phreaker's tale

(We met in a pub near a big city station. He had the etiolated late-teenager look of someone who has spent too much time awake when it is dark. How did it start?)

"I had wanted to be a hacker since I was quite young, but I never had a powerful computer. Then in 1992 I read a book called Approaching Zero which was about data crime in the computing world. I got more interested in becoming a hacker, but still didn't have a computer and modem.

"One paragraph of the book covered voice-mail and mentioned that it could be hacked, though it didn't say how. But you didn't need a computer, just a domestic phone. I already had that.

"So I bought a computer magazine, figuring that computer companies would advertise there and they would be likely to have voice-mail. One of them had an 0800 number. I called it one night, got the automatic response, and started pressing the star and hash keys and various numbers pretty much at random. After a while I found I had broken into their voice-mail system. It was a great moment, a terrific moment, that first time.

"I realised that on a lot of extensions the key to the voice-mail was the same number as the extension. That was the default and no one had changed it. I broke into people's mailboxes and listened to their messages. Then I found you could set it to divert incoming calls to another number. I spent a couple of nights playing around to find out how: at first it seemed not to work. Then I realised I had to prefix the numbers with '9' to get an outside line. That meant if the extension wasn't answered - and it wasn't going to be because I was calling between 10pm and 7am - then it would divert to the outside number I had set. They wouldn't notice during the day because they would either pick it up, or else the person ringing them who got diverted would think something odd had happened, but not bother about it.

"After that I just started going for 0800 numbers, working through the Yellow Pages. It takes about 1,000 calls to find one company you can crack. It takes about one night of dialling hard to go through that many. I was really good at cracking the SDX switchboards and the BT Meridian.

"At the end of 1993, I read a newspaper article about voice-mail hacking and began to realise there were quite a few other people doing what I was doing. Once, I hacked a voice-mail system so I was the system administrator - I had the power to set up voice-mail boxes for myself. All this from my phone in my bedroom. As I was going through the mailboxes, listening to the messages, I found a small community of hackers in the system, using a spare box. I left them a message telling them to get in touch.

"I could use those voice-mail systems I'd broken into from anywhere in the country, and talk for hours for free. The companies paid for the 0800 number and they paid for the outgoing calls, too. If somebody did it to me, though, I'd be really pissed off.

"The people who sell these systems could tell customers about these flaws, but they don't. Instead, they wait until the customer is defrauded or somebody tells them. Sure, you can argue that it's still an offence for someone to drive away a car even if you've left it unlocked with the keys in the ignition. But it's like the voice-mail companies know there are thieves out there but they don't put in locks and they just have a switch for the ignition."

The company's tale: the information systems manager

"BT installed one of the Meridian switchboards when we moved to Richmond. At first we thought we had a problem with nuisance calls. At about 5.30pm there'd be a call, and when the person answered it the phone would be put down. We didn't think much more of it.

"I discovered totally by fluke that people were calling in, waiting for a number, inputting '9' and ringing places like the US and Pakistan all night. It was between October and December of 1994, for six weeks. We had 48 lines going out of the building and at some times - at about 4am - they would all be busy. I just happened to be late in the building one night when I heard some phones ringing. Then I checked the exchange to see the load on the phone switchboard. I drove home and started dialling our company number and messing around and suddenly I hit it. It gave me the willies, I can tell you.

"I told BT straight away, and they reprogrammed the switchboard remotely so that particular facility was disabled. But they had never told us people could just dial in and dial through like that. The hackers cost us pounds 54,000 during those six weeks."

The consultant's tale

(John Chatterton, based in Wargrave, Berkshire, has helped a number of companies fend off phreakers.)

"Virtually any phone exchange can be hit. Once a system is breached, the number of calls rises quickly for about a week or two and then reaches a plateau. Then it rises very sharply again, and goes to different countries as the number is spread to other phreakers over bulletin-board systems. Then it plateaus again. Then there's a final phase where calls get made to places like Africa, Russia and Pakistan, by which time the word is really all over.

"Most companies that get invaded are big, because they need a facility- rich exchange such as something that lets people dial in remotely to get voice-mail. Like computer hacking, no [company] tells the truth about being hit because it's too embarrassing. I have been trying to get cases brought to court but the companies are paranoid about anybody finding out that they were hit. In one week a team of phreakers could tot up a phone bill to a company of pounds 50,000, accelerating up to pounds 100,000 per week. The limiting resource is how many outgoing lines there are at the company.

"But hacking could always have been avoided. It's carelessness. The trouble is, these systems are being provided to people who haven't got the technical competence, which makes them natural victims. Or else the company's been getting rid of its telecoms department and replacing them with this switchboard, so there's no expertise inside the company."

Have you tried new the Independent Digital Edition apps?
Life and Style
ebookNow available in paperback
ebooks
ebookPart of The Independent’s new eBook series The Great Composers
  • Get to the point
Latest stories from i100
Have you tried new the Independent Digital Edition apps?
Independent Dating
and  

By clicking 'Search' you
are agreeing to our
Terms of Use.

ES Rentals

    iJobs Job Widget
    iJobs General

    Recruitment Genius: Junior Web Designer - Client Liaison

    £6 per hour: Recruitment Genius: This is an exciting opportunity to join a gro...

    Recruitment Genius: Service Delivery Manager

    Negotiable: Recruitment Genius: A Service Delivery Manager is required to join...

    Recruitment Genius: Massage Therapist / Sports Therapist

    £12000 - £24000 per annum: Recruitment Genius: A opportunity has arisen for a ...

    Ashdown Group: Practice Accountant - Bournemouth - £38,000

    £32000 - £38000 per annum: Ashdown Group: A successful accountancy practice in...

    Day In a Page

    Election 2015: How many of the Government's coalition agreement promises have been kept?

    Promises, promises

    But how many coalition agreement pledges have been kept?
    The Gaza fisherman who built his own reef - and was shot dead there by an Israeli gunboat

    The death of a Gaza fisherman

    He built his own reef, and was fatally shot there by an Israeli gunboat
    Saudi Arabia's airstrikes in Yemen are fuelling the Gulf's fire

    Saudi airstrikes are fuelling the Gulf's fire

    Arab intervention in Yemen risks entrenching Sunni-Shia divide and handing a victory to Isis, says Patrick Cockburn
    Zayn Malik's departure from One Direction shows the perils of fame in the age of social media

    The only direction Zayn could go

    We wince at the anguish of One Direction's fans, but Malik's departure shows the perils of fame in the age of social media
    Young Magician of the Year 2015: Meet the schoolgirl from Newcastle who has her heart set on being the competition's first female winner

    Spells like teen spirit

    A 16-year-old from Newcastle has set her heart on being the first female to win Young Magician of the Year. Jonathan Owen meets her
    Jonathan Anderson: If fashion is a cycle, this young man knows just how to ride it

    If fashion is a cycle, this young man knows just how to ride it

    British designer Jonathan Anderson is putting his stamp on venerable house Loewe
    Number plates scheme could provide a licence to offend in the land of the free

    Licence to offend in the land of the free

    Cash-strapped states have hit on a way of making money out of drivers that may be in collision with the First Amendment, says Rupert Cornwell
    From farm to fork: Meet the Cornish fishermen, vegetable-growers and butchers causing a stir in London's top restaurants

    From farm to fork in Cornwall

    One man is bringing together Cornwall's most accomplished growers, fishermen and butchers with London's best chefs to put the finest, freshest produce on the plates of some of the country’s best restaurants
    Don't believe the stereotype - or should you?

    Don't believe the stereotype - or should you?

    We exaggerate regional traits and turn them into jokes - and those on the receiving end are in on it too, DJ Taylor
    How to make your own Easter egg: Willie Harcourt-Cooze shares his chocolate recipes

    How to make your own Easter egg

    Willie Harcourt-Cooze talks about his love affair with 'cacao' - and creates an Easter egg especially for The Independent on Sunday
    Bill Granger recipes: Our chef declares barbecue season open with his twist on a tradtional Easter Sunday lamb lunch

    Bill Granger's twist on Easter Sunday lunch

    Next weekend, our chef plans to return to his Aussie roots by firing up the barbecue
    Joe Marler: 'It's the way I think the game should be played'

    Joe Marler: 'It's the way I think the game should be played'

    The England prop relives the highs and lows of last Saturday's remarkable afternoon of Six Nations rugby
    Cricket World Cup 2015: Has the success of the tournament spelt the end for Test matches?

    Cricket World Cup 2015

    Has the success of the tournament spelt the end for Test matches?
    The Last Word: Justin Gatlin knows the price of everything, the value of nothing

    Michael Calvin's Last Word

    Justin Gatlin knows the price of everything, the value of nothing