A pounds 54,000 telephone bill? You've been phreaked!

Telephone hackers, or 'phreakers', have learnt to break into voice- mail systems and can run up huge bills at others' expense. Charles Arthur meets rogue, victim and sleuth

To anyone who spends a lot of their day on the telephone, voice- mail often seems like the curse of modern life. Everyone knows that sinking feeling when you are desperately trying to contact somebody and instead get an artificial voice saying, "To leave a message, press 1. For other options, press 2. To transfer to an operator, press 0." Americans call this phenomenon "voice-mail jail".

Voice-mail in the UK is one of the great success stories of the Nineties. Sales grew 65 per cent in 1994 to reach pounds 61.5m; market estimates suggest that 38 per cent of companies have some form of voice-mail, compared to fewer than 200 systems installed nationwide in 1989.

But voice-mail is not always good news for the companies that install it. Phone hackers - "phreakers" - have found the automated switchboards that let you transfer between extensions are a fruitful area for attack. With a little skill and applied intelligence, they can guess the code number of the owner of a voice-mail "box" (the answering-machine aspect of the system) and listen to messages there. Some more experimentation lets them set the extension up so that they can dial out to the extension of their choice. From there, the sky's the limit - especially where the company's telephone bill is concerned.

The phreaker's tale

(We met in a pub near a big city station. He had the etiolated late-teenager look of someone who has spent too much time awake when it is dark. How did it start?)

"I had wanted to be a hacker since I was quite young, but I never had a powerful computer. Then in 1992 I read a book called Approaching Zero which was about data crime in the computing world. I got more interested in becoming a hacker, but still didn't have a computer and modem.

"One paragraph of the book covered voice-mail and mentioned that it could be hacked, though it didn't say how. But you didn't need a computer, just a domestic phone. I already had that.

"So I bought a computer magazine, figuring that computer companies would advertise there and they would be likely to have voice-mail. One of them had an 0800 number. I called it one night, got the automatic response, and started pressing the star and hash keys and various numbers pretty much at random. After a while I found I had broken into their voice-mail system. It was a great moment, a terrific moment, that first time.

"I realised that on a lot of extensions the key to the voice-mail was the same number as the extension. That was the default and no one had changed it. I broke into people's mailboxes and listened to their messages. Then I found you could set it to divert incoming calls to another number. I spent a couple of nights playing around to find out how: at first it seemed not to work. Then I realised I had to prefix the numbers with '9' to get an outside line. That meant if the extension wasn't answered - and it wasn't going to be because I was calling between 10pm and 7am - then it would divert to the outside number I had set. They wouldn't notice during the day because they would either pick it up, or else the person ringing them who got diverted would think something odd had happened, but not bother about it.

"After that I just started going for 0800 numbers, working through the Yellow Pages. It takes about 1,000 calls to find one company you can crack. It takes about one night of dialling hard to go through that many. I was really good at cracking the SDX switchboards and the BT Meridian.

"At the end of 1993, I read a newspaper article about voice-mail hacking and began to realise there were quite a few other people doing what I was doing. Once, I hacked a voice-mail system so I was the system administrator - I had the power to set up voice-mail boxes for myself. All this from my phone in my bedroom. As I was going through the mailboxes, listening to the messages, I found a small community of hackers in the system, using a spare box. I left them a message telling them to get in touch.

"I could use those voice-mail systems I'd broken into from anywhere in the country, and talk for hours for free. The companies paid for the 0800 number and they paid for the outgoing calls, too. If somebody did it to me, though, I'd be really pissed off.

"The people who sell these systems could tell customers about these flaws, but they don't. Instead, they wait until the customer is defrauded or somebody tells them. Sure, you can argue that it's still an offence for someone to drive away a car even if you've left it unlocked with the keys in the ignition. But it's like the voice-mail companies know there are thieves out there but they don't put in locks and they just have a switch for the ignition."

The company's tale: the information systems manager

"BT installed one of the Meridian switchboards when we moved to Richmond. At first we thought we had a problem with nuisance calls. At about 5.30pm there'd be a call, and when the person answered it the phone would be put down. We didn't think much more of it.

"I discovered totally by fluke that people were calling in, waiting for a number, inputting '9' and ringing places like the US and Pakistan all night. It was between October and December of 1994, for six weeks. We had 48 lines going out of the building and at some times - at about 4am - they would all be busy. I just happened to be late in the building one night when I heard some phones ringing. Then I checked the exchange to see the load on the phone switchboard. I drove home and started dialling our company number and messing around and suddenly I hit it. It gave me the willies, I can tell you.

"I told BT straight away, and they reprogrammed the switchboard remotely so that particular facility was disabled. But they had never told us people could just dial in and dial through like that. The hackers cost us pounds 54,000 during those six weeks."

The consultant's tale

(John Chatterton, based in Wargrave, Berkshire, has helped a number of companies fend off phreakers.)

"Virtually any phone exchange can be hit. Once a system is breached, the number of calls rises quickly for about a week or two and then reaches a plateau. Then it rises very sharply again, and goes to different countries as the number is spread to other phreakers over bulletin-board systems. Then it plateaus again. Then there's a final phase where calls get made to places like Africa, Russia and Pakistan, by which time the word is really all over.

"Most companies that get invaded are big, because they need a facility- rich exchange such as something that lets people dial in remotely to get voice-mail. Like computer hacking, no [company] tells the truth about being hit because it's too embarrassing. I have been trying to get cases brought to court but the companies are paranoid about anybody finding out that they were hit. In one week a team of phreakers could tot up a phone bill to a company of pounds 50,000, accelerating up to pounds 100,000 per week. The limiting resource is how many outgoing lines there are at the company.

"But hacking could always have been avoided. It's carelessness. The trouble is, these systems are being provided to people who haven't got the technical competence, which makes them natural victims. Or else the company's been getting rid of its telecoms department and replacing them with this switchboard, so there's no expertise inside the company."

FootballGerman sparks three goals in four minutes at favourite No 10 role
Rumer was diagnosed with bipolarity, attention deficit hyperactivity disorder and post-traumatic stress disorder: 'I was convinced it was a misdiagnosis'
peopleHer debut album caused her post-traumatic stress - how will she cope as she releases her third record?
A long jumper competes in the 80-to-84-year-old age division at the 2007 World Masters Championships
Have you tried new the Independent Digital Edition apps?
Life and Style
ebooksA superb mix of recipes serving up the freshest of local produce in a delicious range of styles
Life and Style
ebooksFrom the lifespan of a slug to the distance to the Sun: answers to 500 questions from readers
Radamel Falcao was forced to withdraw from the World Cup after undergoing surgery
premier leagueExclusive: Reds have agreement with Monaco
Arts and Entertainment
'New Tricks' star Dennis Waterman is departing from the show after he completes filming on two more episodes
tvHe is only remaining member of original cast
Life and Style
Walking tall: unlike some, Donatella Versace showed a strong and vibrant collection
fashionAlexander Fury on the staid Italian clothing industry
Arts and Entertainment
Gregory Porter learnt about his father’s voice at his funeral
Arts and Entertainment
tvHighs and lows of the cast's careers since 2004
Life and Style
Children at the Leytonstone branch of the Homeless Children's Aid and Adoption Society tuck into their harvest festival gifts, in October 1936
food + drinkThe harvest festival is back, but forget cans of tuna and packets of instant mash
Lewis Hamilton will start the Singapore Grand Prix from pole, with Nico Rosberg second and Daniel Ricciardo third
F1... for floodlit Singapore Grand Prix
New Articles
Life and Style
Couples have been having sex less in 2014, according to a new survey
Latest stories from i100
Have you tried new the Independent Digital Edition apps?
Independent Dating

By clicking 'Search' you
are agreeing to our
Terms of Use.

ES Rentals

    iJobs Job Widget
    iJobs General

    Volunteer Trustee opportunities now available at The Society for Experimental Biology

    Unpaid Voluntary Position : Reach Volunteering: Volunteer your expertise as Tr...

    Early Years Educator

    £68 - £73 per day + Competitive rates of pay based on experience: Randstad Edu...

    Nursery Nurse

    £69 - £73 per day + Competitive London rates of pay: Randstad Education Group:...

    Primary KS1 NQTs required in Lambeth

    £117 - £157 per day + Competitive London rates: Randstad Education Group: * Pr...

    Day In a Page

    Scottish referendum: The Yes vote was the love that dared speak its name, but it was not to be

    Despite the result, this is the end of the status quo

    Boyd Tonkin on the fall-out from the Scottish referendum
    Manolo Blahnik: The high priest of heels talks flats, Englishness, and why he loves Mary Beard

    Manolo Blahnik: Flats, Englishness, and Mary Beard

    The shoe designer who has been dubbed 'the patron saint of the stiletto'
    The Beatles biographer reveals exclusive original manuscripts of some of the best pop songs ever written

    Scrambled eggs and LSD

    Behind The Beatles' lyrics - thanks to Hunter Davis's original manuscript copies
    'Normcore' fashion: Blending in is the new standing out in latest catwalk non-trend

    'Normcore': Blending in is the new standing out

    Just when fashion was in grave danger of running out of trends, it only went and invented the non-trend. Rebecca Gonsalves investigates
    Dance’s new leading ladies fight back: How female vocalists are now writing their own hits

    New leading ladies of dance fight back

    How female vocalists are now writing their own hits
    Mystery of the Ground Zero wedding photo

    A shot in the dark

    Mystery of the wedding photo from Ground Zero
    His life, the universe and everything

    His life, the universe and everything

    New biography sheds light on comic genius of Douglas Adams
    Save us from small screen superheroes

    Save us from small screen superheroes

    Shows like Agents of S.H.I.E.L.D are little more than marketing tools
    Reach for the skies

    Reach for the skies

    From pools to football pitches, rooftop living is looking up
    These are the 12 best hotel spas in the UK

    12 best hotel spas in the UK

    Some hotels go all out on facilities; others stand out for the sheer quality of treatments
    These Iranian-controlled Shia militias used to specialise in killing American soldiers. Now they are fighting Isis, backed up by US airstrikes

    Widespread fear of Isis is producing strange bedfellows

    Iranian-controlled Shia militias that used to kill American soldiers are now fighting Isis, helped by US airstrikes
    Topshop goes part Athena poster, part last spring Prada

    Topshop goes part Athena poster, part last spring Prada

    Shoppers don't come to Topshop for the unique
    How to make a Lego masterpiece

    How to make a Lego masterpiece

    Toy breaks out of the nursery and heads for the gallery
    Meet the ‘Endies’ – city dwellers who are too poor to have fun

    Meet the ‘Endies’ – city dwellers who are too poor to have fun

    Urbanites are cursed with an acronym pointing to Employed but No Disposable Income or Savings
    Paisley’s decision to make peace with IRA enemies might remind the Arabs of Sadat

    Ian Paisley’s decision to make peace with his IRA enemies

    His Save Ulster from Sodomy campaign would surely have been supported by many a Sunni imam