==================================================== [ Hacker Supreme's - Hackers Directory Volume # 32 ] [ Compiled by: Ninja Squirrel and Logan - 5 ] ==================================================== ======================================= [ Hack Copyright: Hacker Supreme 1986 ] ======================================= Bug Detection on Home phones First of all to test for bugs, you need a VOM (Multimeter) the higher the impedance the better (a Digital with FET circuitry or a Vacuum Tube Volt Meter is the best). First disconnect the phone line(s) AT BOTH ENDS. Undo the phone instrument and hook it up to the entry point of the phone line from the outside world (Ma Bell does not like you cut her off completely.) The scheme is the physi- cally isolate your house, apartment, etc from the outside world. But before you do this measure the line voltage (It should be approximately 48 Volts). Now with the wires disconnected at both ends set your resistance scale to a high reading and measure the resistance of the phone line, it should be very high on the order of million ohms or more, this is the normal condition, since you are measuring the resistance of an open circuit. If it is much less, say 50-100Kohms then you a device on the line that does not belong there, probably a parallel bug. Now twist the end of the disconnected wire and go to the other end and measure the resistance of this. This resistance should be about one ohm or two at the most in a big house with a lot of phones. If it is more, then you probably have a series bug. If in the first case, taking parallel measurements using a meter (not LED/ LCD) and you notice a "kick" in the needle, you probably have a line tap Now if you also make a measurement with the wire end twisted together and you notice the resistance reads about 1-2kohms, then you may have a drop-out relay. A drop-out relay is a relay that senses a phone going off hook, and signals a tape recorder to start recording. Another test to do with the phones still hooked up to the outside world, on hook voltage is about 48 Volts and off hook is about 6-10 Volts. Any other conditions may mean telephone surveillance. If you use a Wide Range Audio frequency generator and call you house, apartment, etc. from another phone and sweep up and down the spectrum, and you notice the phone answers itself somewhere in the sweep you probably have an infinity transmitter on your line. The above information tells nothing about TELCO taps at the central office, or anywhere else along the line, but this information may tell you that your wife, girlfriend(boyfriend), or business associate may be monitoring your phone activities. An Infinity transmitter, is a neat device It allows you to call the bugged place and it shuts off the ringer and defeats the switchhook, so the mouthpiece now becomes a room bug. It was orginally sold from the travelling business man to make sure his wife was safe at home not being attacked (or Screwing her boyfriend behind his back). Call this Number to Check for a Bug/trace on your line. 415-284-1111. If you get a high pitched fast beeping, there is a tap on your line, if you hear a high pitched long tone that start low and goes steadly higher, then No tap/bug/trace is on the line. ----------- SCANNING: ----------- THE PURPOSE OF SCANNING IS TO FIND THE PHONE NUMBERS OF COMPUTERS THAT ARE HOOKED INTO THE PHONE SYSTEM. WHY YOU WOULD WANT SUCH INFORMATION IS YOUR OWN BUSINESS! ONE WAY TO DO SCANNING IS THE OLD MANUAL APPROACH. JUST SIT DOWN WITH YOUR PHONE AND START DIALING. THE TONE THAT WE ALL KNOW AND LOVE SO WELL IS EASY TO SPOT--WHEN YOU HEAR IT, JUST JOT DOWN THE NUMBER YOU JUST DIALED. UNLESS YOU ARE REALLY INTO RUNNING THE RISK OF BEING JAILED AS A NUISANCE CALLER, AND YOU HAVE A STEEL DIALING FINGER, I DO NOT RECOMMEND THE MANUAL METHOD. IT'S OK IF YOU JUST WANT TO CHECK ONE OR TWO NUMBERS, BUT OTHERWISE, FORGET IT. THERE ARE A NUMBER OF SIMPLE TOOLS THAT WILL MAKE THE TASK OF SCANNING A LOT EASIER AND MORE PRODUCTIVE. FIRST, YOU NEED A GOOD SCANNING PROGRAM. IT SHOULD BE CAPABLE OF AUTOMATiCALLY DIALLING A WHOLE LOT OF NUMBERS, PREFERABLY FROM A DISK FILE. IT SHOULD ALSO BE ABLE TO AUTOMATICALLY RECORD THE HITS AND THE MISSES. AND, IT SHOULD BE ABLE TO AUTOMATICALLY HANG UP THE PHONE. YOU DO NOT WANT TO BE TRACED BY THE SIMPLE EXPEDIENT OF HAVING THE COMPUTER HANG ONTO YOUR LINE LONG ENOUGH FOR MA BELL TO SWING INTO ACTION...... YOU CAN WRITE YOUR OWN PROGRAM EASILY ENOUGH, OR ELSE YOU WOULD NOT HAVE ANY USE FOR THE DESIRED COMPUTER PHONE NUMBERS ANYWAY....BUT IN CASE YOU ARE LAZY, YOU MIGHT HAVE A LOOK AT PC-SCAN, A BASIC PROGRAM FOR THE IBM PC AND THE HAYES SMART MODEM. ONCE YOU HAVE THE IDEA, YOU CAN EASILY MODIFY IT TO RUN ON OTHER MACHINES. TWO OTHER TOOLS YOU WILL FIND VERY HANDY ARE A STANDARD PHONE BOOK FOR THE AREA OF INTEREST, AND A SEQUENTIAL PHONE BOOK. THE STANDARD PHONE BOOK LISTS THE PHONE NUMBERS IN THE ALPHABETICAL ORDER OF THE SUBSCRIBERS' NAMES; IN THE YELLOW PAGES, THE SUBSCRIBERS ARE FIRST GROUPED BY BUSINESS CATEGORY. IN A SEQUENTIAL PHONE BOOK, THE NUMBERS ARE LISTED SEQUENTIALLY IN NUMERICAL ORDER, OF COURSE ALONG WITH THE SUBSCRIBERS' NAMES. MOST LARGE LIBRARIES WILL HAVE BOTH TYPES OF PHONE BOOK...JUST ASK THE REFERENCE LIBRARIAN. THE PLACE TO START IS WITH THE YELLOW PAGES. THINK OF EVERY CATEGORY OF BUSINESS THAT MIGHT HAVE AN ON-LINE COMPUTER. TO START, LOOK UP LARGE SCHOOLS AND UNIVERSITIES, COMPUTER VENDORS, DATA PROCESSING HOUSES, LARGE PRIVATE DETECTIVE AGENCIES, CREDIT REPORTING AGENCIES (THESE ARE REAL SCUM), FBI, LOCAL POLICE, MILITARY ESTABLISHMENTS, DEFENSE RESEARCH OUTFITS, CONSULTING FIRMS, ETC. YOU WILL PROBABLY HAVE TO CONSULT THE WHITE PAGES TO FIND THE NUMBERS FOR VARIOUS GOVERNMENT AGENCIES (CITY, COUNTY, STATE, PROVINCIAL, AND FEDERAL). NOTE DOWN THE NUMBERS OF ANY OUTFITS THAT LOOK LIKE APPROPRIATE CANDIDATES. NOW, STOP AND THINK FOR A MOMENT. THEY KNOW YOU ARE LURKING OUT THERE...SOOO, THEY ARE NOT ABOUT TO ADVERTISE THE PHONE NUMBER OF THEIR PET COMPUTER. CHANCES ARE THAT NONE OF THE NUMBERS YOU HAVE WRITTEN DOWN ARE NUMBERS FOR A COMPUTER. BUT, BUSINESSES AND OTHER LARGE OUTFITS FREQUENTLY HAVE WHOLE BANKS OF NUMBERS ASSIGNED TO THEIR USE, AND VERY FREQUENTLY, THE NUMBERS ARE SEQUENTIAL. THAT MEANS THAT THE NUMBER FOR THEIR COMPUTER IS PROBABLY NOT TOO FAR AWAY FROM THE NUMBER IN THE PHONE BOOK. SO FAR, SO GOOD. NOW, TAKE YOUR LIST OF PROSPECTS AND THE SEQUENTIAL PHONE BOOK AND LOOK THEM UP. CHANCES ARE THAT THE NUMBERS LISTED IN THE SEQUENTIAL PHONE BOOK ARE NOT NUMBERS FOR COMPUTERS EITHER. WHAT YOU SHOULD BE LOOKING FOR IS GAPS IN THE SEQUENTIAL LISTING NEAR ANY OF YOUR PROSPECT PHONE NUMBERS. ACTUALLY, ANY GAPS ARE GOOD TO CHECK, BUT YOUR EYES WILL FALL OUT AFTER A LITTLE WHILE LOOKING FOR THEM. THE MAIN POINT IS THAT YOU WANT TO CONCENTRATE YOUR SEARCH IN AREAS THAT ARE MOST LIKELY TO HAVE WHAT YOU ARE AFTER. AS FAR AS POSSIBLE, YOU WANT TO AVOID DIALING UP MR. GOOD. MR. GOOD WILL NOT TAKE KINDLY TO BEING CALLED AND HAVING NO ONE ON THE PHONE. AND WHEN MR. GOOD IS UPSET, HE COMPLAINS TO MA BELL, WHICH UPSETS MA BELL. AND WHEN MA BELL GETS UPSET, WE ALL SUFFER. AT LAST, YOU ARE READY TO START SCANNING...BUT PLEASE DO IT THE SMART WAY, NOT THE DUMB WAY. YOU SHOULD NOT SCAN PHONE NUMBERS IN STRICT SEQUENCE. MA BELL MAY NOT BE THE BRIGHTEST OLD SOUL, BUT EVEN SHE GETS SUSPICIOUS WHEN SOMEONE DIALS ONE NUMBER AFTER ANOTHER IN ORDER. SUPPOSE YOU WANT TO SCAN THE NUMBERS IN THE 666 EXCHANGE, FROM 6500 THROUGH 6600. ONLY A DUMMY WOULD TRY 6500, THEN 6501, THEN 6502, THEN ... YOU SHOULD ONLY SCAN THE SEQUENCE BY HAVING REASONABLE GAPS BETWEEN THE SUCCESSIVE NUMBERS THAT YOU TRY. FOR EXAMPLE, FIRST START WITH 6500, THEN 6505, ANF SO ON IN STEPS OF 5; WHEN YOU GET TO THE END, START OVER WITH 6501, THEN 6506, AND SO ON. IN THIS WAY YOU CAN COVER THE ENTIRE RANGE WITHOUT DOING IT SEQUENTIALLY. THIS SORT OF STEP PROCEDURE IS EASY TO DO IF YOU CAN DIAL FROM A DISK FILE, AS IN PC-SCAN. JUST SET UP THE DIALING FILE IN WHATEVER ORDER YOU LIKE. A FEW OTHER POINTERS...YOU SHOULD TRY TO KEEP A FILE OF THE MISSES. AFTER ALL, UNLESS YOU WANT TO LISTEN TO THE ENTIRE SCAN, YOU WILL NOT KNOW WHETHER THE MISS IS THE RESULT OF A BUSY LINE, NO ANSWER TO A RING, OR A VOICE ANSWER. SO YOU MAY WANT TO TRY THE FILE OF MISSED NUMBERS SERAL TIMES. ALSO, TRY TO KEEP TRACK OF THE TIME OF DAY (OR NIGHT) WHEN THE HIT WAS MADE, AS WELL AS THE DAY OF THE WEEK. SOME COMPURTERS ARE ONLY HOOKED UP ON WEEKENDS, SOME ONLY AT NIGHT, AND SOME ONLY DURING NORMAL BUSINESS HOURS. SO, YOU MAY WANT TO TRY YOUR MISSES AT VARIOUS TIMES OF DAY AND VARIOUS DAYS OF THE WEEK. YOU SHOULD ALSO TRY DIALING AT VARIOUS BAUD RATES, AS SOME SYSTEMS WILL ONLY ANSWER TO ONE RATE. YOU SHOULD ALSO TRY DIALING IN ANSWER MODE; AS A SIMPLE FORM OF SECURITY, SOME SYSTEMS ANSWER THE LINE IN ORIGINATE MODE! IF YOU REALLY WANT TO GET SNEAKY, YOU CAN TRY TO FIND THE "ONE-RING, CALL-BACK"SYSTEMS. ON THESE, IF THE PHONE RINGS MORE THAN ONCE, THE SYSTEMS WILL NOT ANSWER. YOU MUST DIAL THE NUMBER, LET IT RING ONCE, HANG UP, AND THEN DIAL BACK. PC-SCAN HAS THIS OPTION IN AUTOMATIC MODE. WELL, THAT'S ENOUGH FOR NOW. I AM SURE THAT ALL YOU HACKERS CAN FIND ENOUGH NEW NUMBERS TO KEEP YOU BUSY. HAPPY SCANNING!!!! ------------------ PHONE TAPS: Part 2. HERE IS SOME INFO ON PHONE TAPS. I HAVE ENCLOSED A SCHEMATIC FOR A SIMPLE WIRETAP & INSTRUCTIONS FOR HOOKING UP A TAPE RECORDER CONTROL RELAY TO THE PHONE LINE. FIRST I'LL DISCUSS TAPS A LITTLE. THERE ARE MANY DIFFERENT TYPES OF TAPS. THERE ARE TRANMITTERS, WIRED TAPS AND INDUCTION TAPS TO NAME A FEW. WIRED AND WIRELESS TRANSMITTERS MUST BE PHYSICALLY CONNECTED TO THE LINE BEFORE THEY'LL DO ANY GOOD. ONCE A WIRELESS TAP IS CONNECTED TO THE LINE, IT CAN TRANSMIT ALL CONVERSATIONS OVER A LIMITED RANGE. THE PHONES IN THE HOUSE CAN EVEN BE MODIFIED TO PICK UP CONVERSATIONS IN THE ROOM & TRANSMIT THEM TOO! THESE TAPS ARE USUALLY POWERED OFF THE PHONE LINE, BUT CAN HAVE AN EXTERNAL POWER SOURCE. WIRED TAPS, ON THE OTHER HAND, NEED NO POWER SOURCE, BUT A WIRE MUST BE RUN FROM THE LINE TO THE LISTENER OR TO A TRANSMITTER. THERE ARE OBVIOUS ADVANTAGES OF WIRELESS TAPS OVER WIRED ONES. THERE IS ONE TYPE OF WIRELESS TAP THAT LOOKS LIKE A NORMAL TELEPHONE MIKE. ALL YOU HAVE TO DO IS REPLACE THE ORIGINAL MIKE WITH THIS & IT'LL TRANSMIT ALL CONVERSATIONS! THERE IS AN EXOTIC TYPE OF WIRED TAP KNOWN AS THE 'INFINITY TRANSMITTER' OR 'HARMONICA BUG'. IN ORDER TO HOOK UP ONE OF THESE, YOU NEED ACCESS TO THE TARGET TELEPHONE. IT HAS A TONE DECODER & SWITCH INSIDE. WHEN IT IS INSTALLED, SOMEONE CALLS THE TAPPED PHONE & *BEFORE* IT RINGS, BLOWS A WHISTLE OVER THE LINE. THE X-MITTER RECEIVES THE TONE & PICKS UP THE PHONE VIA A RELAY. THE MIKE ON THE PHONE IS ACTIVATED SO THE CALLER CAN HEAR ALL CONVERSATIONS IN THE ROOM. THERE IS A SWEEP TONE TEST AT 415/BUG-1111 WHICH CAN BE USED TO DETECT ON OF THESE TAPS. IF ONE THESE IS ON YOUR LINE & THE TEST # SENDS THE CORRECT TONE, YOU'LL HEAR A CLICK. INDUCTION TAPS HAVE ONE BIG ADVANTAGE OVER TAPS THAT MUST BE PHYSICALLY WIRED TO THE PHONE. THEY DON'T HAVE TO BE TOUCHING THE PHONE IN ORDER T O PICK UP THE CONVERSATION. THEY WORK ON THE SAME PRINCIPLE AS THE LITTLE SUCTION-CUP TAPE RECORDER MIKES YOU CAN GET AT RADIO SHACK. INDUCTION MIKES CAN BE HOOKED UP TO A TRANSMITTER OR BE WIRED. HERE IS AN EXAMPLE OF INDUSTRIAL ESPIONAGE USING THE PHONE: A SALESMAN WALKS INTO AN OFFICE & MAKES A FONE CALL. HE FAKES THE CONVERSATION, BUT WHEN HE HANGS UP HE SLIPS SOME FOAM-RUBBER CUBES UNDER THE HANDSET, SO THE FONE IS STILL OFF THE HOOK. THE CALLED PARTY CAN STILL HEAR ALL CONVERSATIONS IN THE ROOM. WHEN SOMEONE PICKS UP THE FONE, THE CUBES FALL AWAY UNNOTICED. I USE A TAP ON MY LINE TO MONITOR WHAT AE-PRO IS DOING WHEN IT AUTO-DIALS, SINCE IT DOESN'T TAKE ADVANTAGE OF THE HANDSET ON THE APPLE CAT II. I CAN ALSO HOOK UP THE TAP TO A CASSETTE RECORDER OR AMPLIFIER. HERE IS THE SCHEMATIC: -------)!----)!(-------------> )!( CAP ^ )!( )!( )!( )!( ^^^^^---)!(-------------> ^ 100K ! !