A pounds 54,000 telephone bill? You've been phreaked!

Telephone hackers, or 'phreakers', have learnt to break into voice- mail systems and can run up huge bills at others' expense. Charles Arthur meets rogue, victim and sleuth

To anyone who spends a lot of their day on the telephone, voice- mail often seems like the curse of modern life. Everyone knows that sinking feeling when you are desperately trying to contact somebody and instead get an artificial voice saying, "To leave a message, press 1. For other options, press 2. To transfer to an operator, press 0." Americans call this phenomenon "voice-mail jail".

Voice-mail in the UK is one of the great success stories of the Nineties. Sales grew 65 per cent in 1994 to reach pounds 61.5m; market estimates suggest that 38 per cent of companies have some form of voice-mail, compared to fewer than 200 systems installed nationwide in 1989.

But voice-mail is not always good news for the companies that install it. Phone hackers - "phreakers" - have found the automated switchboards that let you transfer between extensions are a fruitful area for attack. With a little skill and applied intelligence, they can guess the code number of the owner of a voice-mail "box" (the answering-machine aspect of the system) and listen to messages there. Some more experimentation lets them set the extension up so that they can dial out to the extension of their choice. From there, the sky's the limit - especially where the company's telephone bill is concerned.

The phreaker's tale

(We met in a pub near a big city station. He had the etiolated late-teenager look of someone who has spent too much time awake when it is dark. How did it start?)

"I had wanted to be a hacker since I was quite young, but I never had a powerful computer. Then in 1992 I read a book called Approaching Zero which was about data crime in the computing world. I got more interested in becoming a hacker, but still didn't have a computer and modem.

"One paragraph of the book covered voice-mail and mentioned that it could be hacked, though it didn't say how. But you didn't need a computer, just a domestic phone. I already had that.

"So I bought a computer magazine, figuring that computer companies would advertise there and they would be likely to have voice-mail. One of them had an 0800 number. I called it one night, got the automatic response, and started pressing the star and hash keys and various numbers pretty much at random. After a while I found I had broken into their voice-mail system. It was a great moment, a terrific moment, that first time.

"I realised that on a lot of extensions the key to the voice-mail was the same number as the extension. That was the default and no one had changed it. I broke into people's mailboxes and listened to their messages. Then I found you could set it to divert incoming calls to another number. I spent a couple of nights playing around to find out how: at first it seemed not to work. Then I realised I had to prefix the numbers with '9' to get an outside line. That meant if the extension wasn't answered - and it wasn't going to be because I was calling between 10pm and 7am - then it would divert to the outside number I had set. They wouldn't notice during the day because they would either pick it up, or else the person ringing them who got diverted would think something odd had happened, but not bother about it.

"After that I just started going for 0800 numbers, working through the Yellow Pages. It takes about 1,000 calls to find one company you can crack. It takes about one night of dialling hard to go through that many. I was really good at cracking the SDX switchboards and the BT Meridian.

"At the end of 1993, I read a newspaper article about voice-mail hacking and began to realise there were quite a few other people doing what I was doing. Once, I hacked a voice-mail system so I was the system administrator - I had the power to set up voice-mail boxes for myself. All this from my phone in my bedroom. As I was going through the mailboxes, listening to the messages, I found a small community of hackers in the system, using a spare box. I left them a message telling them to get in touch.

"I could use those voice-mail systems I'd broken into from anywhere in the country, and talk for hours for free. The companies paid for the 0800 number and they paid for the outgoing calls, too. If somebody did it to me, though, I'd be really pissed off.

"The people who sell these systems could tell customers about these flaws, but they don't. Instead, they wait until the customer is defrauded or somebody tells them. Sure, you can argue that it's still an offence for someone to drive away a car even if you've left it unlocked with the keys in the ignition. But it's like the voice-mail companies know there are thieves out there but they don't put in locks and they just have a switch for the ignition."

The company's tale: the information systems manager

"BT installed one of the Meridian switchboards when we moved to Richmond. At first we thought we had a problem with nuisance calls. At about 5.30pm there'd be a call, and when the person answered it the phone would be put down. We didn't think much more of it.

"I discovered totally by fluke that people were calling in, waiting for a number, inputting '9' and ringing places like the US and Pakistan all night. It was between October and December of 1994, for six weeks. We had 48 lines going out of the building and at some times - at about 4am - they would all be busy. I just happened to be late in the building one night when I heard some phones ringing. Then I checked the exchange to see the load on the phone switchboard. I drove home and started dialling our company number and messing around and suddenly I hit it. It gave me the willies, I can tell you.

"I told BT straight away, and they reprogrammed the switchboard remotely so that particular facility was disabled. But they had never told us people could just dial in and dial through like that. The hackers cost us pounds 54,000 during those six weeks."

The consultant's tale

(John Chatterton, based in Wargrave, Berkshire, has helped a number of companies fend off phreakers.)

"Virtually any phone exchange can be hit. Once a system is breached, the number of calls rises quickly for about a week or two and then reaches a plateau. Then it rises very sharply again, and goes to different countries as the number is spread to other phreakers over bulletin-board systems. Then it plateaus again. Then there's a final phase where calls get made to places like Africa, Russia and Pakistan, by which time the word is really all over.

"Most companies that get invaded are big, because they need a facility- rich exchange such as something that lets people dial in remotely to get voice-mail. Like computer hacking, no [company] tells the truth about being hit because it's too embarrassing. I have been trying to get cases brought to court but the companies are paranoid about anybody finding out that they were hit. In one week a team of phreakers could tot up a phone bill to a company of pounds 50,000, accelerating up to pounds 100,000 per week. The limiting resource is how many outgoing lines there are at the company.

"But hacking could always have been avoided. It's carelessness. The trouble is, these systems are being provided to people who haven't got the technical competence, which makes them natural victims. Or else the company's been getting rid of its telecoms department and replacing them with this switchboard, so there's no expertise inside the company."

News
A 1930 image of the Karl Albrecht Spiritousen and Lebensmittel shop, Essen. The shop was opened by Karl and Theo Albrecht’s mother; the brothers later founded Aldi
people
Arts and Entertainment
Standing the test of time: Michael J Fox and Christopher Lloyd in 'Back to the Future'
filmA cult movie event aims to immerse audiences of 80,000 in ‘Back to the Future’. But has it lost its magic?
Arts and Entertainment
Flora Spencer-Longhurst as Lavinia, William Houston as Titus Andronicus and Dyfan Dwyfor as Lucius
theatreThe Shakespeare play that proved too much for more than 100 people
News
exclusivePunk icon Viv Albertine on Sid Vicious, complacent white men, and why free love led to rape
PROMOTED VIDEO
Have you tried new the Independent Digital Edition apps?
Life and Style
ebookA wonderful selection of salads, starters and mains featuring venison, grouse and other game
Arts and Entertainment
Stir crazy: Noel Fielding in 'Luxury Comedy 2: Tales from Painted Hawaii'
comedyAs ‘Luxury Comedy’ returns, Noel Fielding on why mainstream success scares him and what the future holds for 'The Boosh'
Life and Style
Flow chart: Karl Landsteiner discovered blood types in 1900, yet scientists have still not come up with an explanation for their existence
lifeAll of us have one. Yet even now, it’s a matter of debate what they’re for
Arts and Entertainment
'Weird Al' Yankovic, or Alfred Matthew, at the 2014 Los Angeles Film Festival Screening of
musicHis latest video is an ode to good grammar. But what do our experts think he’s missed out?
Sport
New Real Madrid signing James Rodríguez with club president Florentino Perez
sportColombian World Cup star completes £63m move to Spain
Travel
Hotel Tour d’Auvergne in Paris launches pay-what-you-want
travelIt seems fraught with financial risk, but the policy has its benefits
Arts and Entertainment
booksThe best children's books for this summer
Life and Style
News to me: family events were recorded in the personal columns
techFamily events used to be marked in the personal columns. But now Facebook has usurped that
Independent
Travel Shop
the manor
Up to 70% off luxury travel
on city breaks Find out more
santorini
Up to 70% off luxury travel
on chic beach resorts Find out more
sardina foodie
Up to 70% off luxury travel
on country retreats Find out more
Latest stories from i100
Have you tried new the Independent Digital Edition apps?
Independent Dating
and  

By clicking 'Search' you
are agreeing to our
Terms of Use.

ES Rentals

    iJobs Job Widget
    iJobs General

    Sustainability Manager

    Competitive: The Green Recruitment Company: Job Title: Scheme Manager (BREEAM)...

    Graduate Sustainability Professional

    Flexible, depending on experience: The Green Recruitment Company: Job Title: T...

    Programme Director - Conduct Risk - London

    £850 - £950 per day: Orgtel: Programme Director - Conduct Risk - Banking - £85...

    Project Coordinator/Order Entry, SC Clear

    £100 - £110 per day: Orgtel: Project Coordinator/Order Entry Hampshire

    Day In a Page

    Noel Fielding's 'Luxury Comedy': A land of the outright bizarre

    Noel Fielding's 'Luxury Comedy'

    A land of the outright bizarre
    What are the worst 'Word Crimes'?

    What are the worst 'Word Crimes'?

    ‘Weird Al’ Yankovic's latest video is an ode to good grammar. But what do The Independent’s experts think he’s missed out?
    Can Secret Cinema sell 80,000 'Back to the Future' tickets?

    The worst kept secret in cinema

    A cult movie event aims to immerse audiences of 80,000 in ‘Back to the Future’. But has it lost its magic?
    Facebook: The new hatched, matched and dispatched

    The new hatched, matched and dispatched

    Family events used to be marked in the personal columns. But now Facebook has usurped the ‘Births, Deaths and Marriages’ announcements
    Why do we have blood types?

    Are you my type?

    All of us have one but probably never wondered why. Yet even now, a century after blood types were discovered, it’s a matter of debate what they’re for
    Honesty box hotels: You decide how much you pay

    Honesty box hotels

    Five hotels in Paris now allow guests to pay only what they think their stay was worth. It seems fraught with financial risk, but the honesty policy has its benefit
    Commonwealth Games 2014: Why weight of pressure rests easy on Michael Jamieson’s shoulders

    Michael Jamieson: Why weight of pressure rests easy on his shoulders

    The Scottish swimmer is ready for ‘the biggest race of my life’ at the Commonwealth Games
    Some are reformed drug addicts. Some are single mums. All are on benefits. But now these so-called 'scroungers’ are fighting back

    The 'scroungers’ fight back

    The welfare claimants battling to alter stereotypes
    Amazing video shows Nasa 'flame extinguishment experiment' in action

    Fireballs in space

    Amazing video shows Nasa's 'flame extinguishment experiment' in action
    A Bible for billionaires

    A Bible for billionaires

    Find out why America's richest men are reading John Brookes
    Paranoid parenting is on the rise - and our children are suffering because of it

    Paranoid parenting is on the rise

    And our children are suffering because of it
    For sale: Island where the Magna Carta was sealed

    Magna Carta Island goes on sale

    Yours for a cool £4m
    Phone hacking scandal special report: The slide into crime at the 'News of the World'

    The hacker's tale: the slide into crime at the 'News of the World'

    Glenn Mulcaire was jailed for six months for intercepting phone messages. James Hanning tells his story in a new book. This is an extract
    We flinch, but there are degrees of paedophilia

    We flinch, but there are degrees of paedophilia

    Child abusers are not all the same, yet the idea of treating them differently in relation to the severity of their crimes has somehow become controversial
    The truth about conspiracy theories is that some require considering

    The truth about conspiracy theories is that some require considering

    For instance, did Isis kill the Israeli teenagers to trigger a war, asks Patrick Cockburn