From brendan@cs.widener.edu Fri Apr 24 14:04:43 1992 Date: Fri, 24 Apr 1992 10:52:39 -0400 From: Brendan Kehoe To: brendan@eff.org Subject: [inform@ccwf.cc.utexas.edu : no subject (file transmission)] ------- Start of forwarded message ------- Received: from doc.cc.utexas.edu by cs.widener.edu with SMTP id AA28874 (5.65c/Widener-4.2 for ); Fri, 24 Apr 1992 10:29:36 -0400 Received: by doc.cc.utexas.edu (5.61/1.34/CCWF 1.18) id AA18675; Fri, 24 Apr 92 09:29:19 -0500 Message-Id: <9204241429.AA18675@doc.cc.utexas.edu> From: inform@ccwf.cc.utexas.edu (Informatik Journal) Subject: no subject (file transmission) To: brendan@cs.widener.edu Date: Fri, 24 Apr 92 9:29:18 CDT X-Mailer: ELM [version 2.3 PL11] +=============================================================================+ | ## ## ## ###### ###### ###### ### ### ###### ###### ## ## ## | | ## ### ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## | | ## ## ### ##### ## ## ###### ## ## ###### ## ## #### | | ## ## ## ## ###### ## ## ## ## ## ## ## ## ## ## | +=============================================##==============================+ | Apr 24, 1992| | [ The Journal of Privileged Information ] | | | +-----------------------------------------------------------------------------+ | Issue 03 By: 'Above the Law' | +-----------------------------------------------------------------------------+ | | |Informatik--Bringing you all the information you should know... | | and a lot you shouldn't... | | | +=============================================================================+ /* Introduction */ By the Informatik staff Welcome to Issue number 3 of Informatik Journal. It's been a whopping 3 months since we released our last issue, but at least our time table matches that of 2600. Sorry this took so long, but guess what. . . we had a hell of a time getting submissions AGAIN. How about putting your creative talents to use and writing some articles so we can release Informatik a bit more frequently. For our new readers, Informatik is an electronic journal containing information that is for one reason or another usually withheld from the public. Sometimes it is for "security" reasons, and other times it is simply because it is felt that the public does not need to know. Hogwash we say! Information is power! Have they something to hide? Are there things in this world that we *gasp* just should not know about? I do not think so. In other news, we have decided to reduce our news coverage to strictly hack/phreak/fraud type events. No more general computer industry, telecommunications news. Our friends at Phrack have that angle covered admirably, and there's no reason to waste hard drive space with 60-70k per issue of duplicate news items. This issue brings us information on public telephone abuse by Brian Oblivion. Could this be the end of red boxing? For you radio phreaks we have the tools needed to track down those airphone transmissions, and information on how law enforcement monitors suspects and how you can get in on the action. Black Manta provides us with schematics on how you can build a simple universal garage door opener. HiBias brings us a guide to TRW business reports that explains just exactly what all those numbers mean, and another article reveals the workings of those nifty credit card verification machines. Tid-Bytes is back with some interesting blurbs, and the Hot Flashes of course keeps you abreast on all sorts of goings on. We'd like to thank you for your continued readership of Informatik, and we'd love it if you recommended it to your friends and upload it to your favorite boards, ftp sites, etc. Remember, subscriptions, submissions, questions, or suggestions and comments can be sent to our Internet address: inform@doc.cc.utexas.edu That's all for now, see you next issue. . . Mack Hammer & Sterling [Editors] - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - =========================================== ============== - CONTENTS - =============== ================ Issue 03 ================= ======= Release date April 24, 1992 ======= =========================================== 01) Issue #3 Introduction By: Informatik Staff 02) Coin Services Update By: Brian Oblivion 03) Law Enforcement Surveillance Scanning By: Sterling 04) TRW Business Reports By: HiBias 05) Building a Garage Door Hacker By: Black Manta 06) Air Phone Frequency Allocation By: Leroy Donnelly 07) Credit Card Authorization Machines By: Emery Lapinski 08) Tid-Bytes--Misc Contributions By: Informatik Staff 09) Hot Flashes--The Underground News Report By: Various Sources 10) Submission and Subscription Information By: Informatik Staff - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - *DISCLAIMER* Informatik Journal is printed for informational purposes only. We do not recommend or condone any illegal or fraudulent application of the information found in this electronic magazine. As such, we accept no liability for any criminal or civil disputes arising from said information. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - *************************************************************************** * * * Straight from the Bellyard: Coin Services Update * * * * by * * Brian Oblivion * * * * * * Courtesy of: Restricted-Data-Transmissions (RDT) * * "Truth is cheap, but information costs." * * * * * * 4/17/92 * *************************************************************************** Introduction - ------------ Public Telephones: we all know them, and how vulnerable they are to fraudulent abuse. Well, so does Bellcore and NYNEX and they have come up with a few methods on combatting fraudulent users. Coin deposits by a typical patron of the public telephone are communicated to the St Operator Services System (OSS) by bursts of certain dual-tone signals. These signals consist of the two frequencies 1.7 KHz and 2.2 KHz simul- taneously, which are detected in end-office and tandem-office environ- ments to provide accurate coin deposit detection. There are two types of interference that are encountered by outside origin. These are talkdown and talkoff. Talkdown is the failure to recognize a valid dual-tone signal because of interference from superimposed speech or other noise that may be from either the originating coin line or the terminating end. Talkoff is the false acceptance of speech, music, or background noises as valid coin deposits. This obviously includes redbox tones, whistles, tape reproductions, etc. In order to combat the erroneous acceptance of false credit the following methods have been defined and are to be employed eventually (if they haven't already), according to recent information. Frequency Limits - --------- ------ The detector must accept dual-tone signals if the frequencies of both tones are within +/- 5% of their respective nominal values of 1.7 KHz and 2.2 KHz. The detector must also reject dual-tone signals if the frequency of either or both tones is offset more than +/- 3.5% from its nominal value. Frequency offsets of +/- 1.5 percent are the extremes expected from properly designed and maintained coin telephones. The +/- 3.5 percent constraint is imposed to minimize the width of the stop-band notch filters in anti-fraud notch filters. Signal Power and Twist - ------ ----- --- ----- The detector must accept dual-tone signals if the individual power levels of both tones are within 0 to -25 dBm0 and within 5 dB of each other. (Twist is the dB difference between power levels of the two tones of a dual-tone signal) The detector must reject dual-tone signals if the individual poser level of either or both tones is below -30 dBm0. The range 0 to -25 dBm0 is the maximum expected from properly designed and maintained coin telephones and loops. The -30 dBm0 limit is imposed to minimize the depth of the stop-band needed in anti-fraud notch filters. Pulse Timing - ----- ------ Nickels, dimes, and quarters are represented by one, two, and five dual-tone TONE-ON pulses. The dollar signal is represented by a single long pulse. Each pulse is followed by a TONE-OFF interval. The following chart shows the timing specifics for all coin generated tones. +----------------------------------------------------------------------------+ | | Within-Coin | End-of-coin Tone OFF (ms)| |---------------------+-------------+-------------+-------+------+-----------| | | TONE-ON (ms)| TONE-OFF(ms)| Must | Must |Allowed to | | | Must Accept | Must Accept | Accept|Reject|Acc. or Rej| |---------------------+-------------+-------------+-------+------+-----------| | Nickel | 1 Pulse | 35 - 160 | ---- | >175 | <160 | 160 - 170 | |---------+-----------+-------------+-------------+-------+------+-----------| | Dime | 1st Pulse | 35 - 160 | 25 - 110 | | | | |---------+-----------+-------------+-------------+-------+------+-----------| | Dime | 2nd Pulse | 35 - 160 | ---- | > 75 | < 60 | 60 - 75 | |---------+-----------+-------------+-------------+-------+------+-----------| | Quarter | 1st Pulse | 20 - 100 | 20 - 110 | | | | |---------+-----------+-------------+-------------+-------+------+-----------| | Quarter | 2nd Pulse | 20 - 60 | 20 - 60 | | | | |---------+-----------+-------------+-------------+-------+------+-----------| | Quarter | 3rd Pulse | 20 - 60 | 20 - 60 | | | | |---------+-----------+-------------+-------------+-------+------+-----------| | Quarter | 4th Pulse | 20 - 60 | 20 - 60 | | | | |---------+-----------+-------------+-------------+-------+------+-----------| | Quarter | 5th Pulse | 20 - 100 | ---- | > 75 | < 60 | 60 - 75 | |---------+-----------+-------------+-------------+-------+------+-----------| | Dollar | 1 Pulse | 600 - 700 | ---- | > 75 | < 60 | 60 - 75 | |---------+-----------+-------------+-------------+-------+------+-----------| | Note: The detector is allowed to accept or reject tone-on and within-coin | | tone-off durations outside their respective must-accept ranges. | +----------------------------------------------------------------------------+ Methods of controlling talkdown and talkoff - ------- -- ----------- -------- --- ------- Talkdown, is more of a transmission error problem that is generated by interference from superimposed speech or ambient noise. This noise comes from the originating coin line or from the terminating end. Talkdown results in the failure of the detector to recognize a valid dual-tone signal. One of the main sources of talkdown is the improper muting of the voice path during tone generation. This attenuated speech or ambient noise power is superimposed on the coin signals which corrupts the signal. Muting is accomplished by shorting out the speech path with a cap- acitor. Minimum muting attenuation is 15 dB at 300 Hz, 25 dB at 1000 Hz, and 35 dB at 3000 Hz. The attenuated speech or ambient noise power is superimposed on the coin signals which could cause talkdown. Some talkdown is also generated from the called party, operator speech, or automated announcements. These signals can only reach the detector by reflection through the trans-hybrid path at a 3-to-4 wire junction, which is usually located in the originating end office. Talkoff - ------- Talkoff is the false acceptance of speech, music or background noises as valid coin deposit signals by a detector. This is what registers a valid deposit when no actual money is deposited. In order to combat, a few countermeasures are expected to be employed. o The call must be terminated or routed to an operator if the total amount due for an initial deposit or a subsequent deposit has been received within an overall session timeout period. o The overall session timeout must be an adjustable parameter with a default value of 45 to 50 seconds. Intentional talkoff can be induced by playing loud music into the coin telephone by doing this one hopes to get the detectors to produce too many talkoff clusters. A talkoff cluster is a group of talkoffs occurring within any 5-minute interval. Single quarter or dollar talkoffs are also included in this definition of a cluster. In order to combat this the following measures are being taken. o Total talkoffs must not exceed 12 dollars in 70 hours of continuous speech or music at a volume level of 0 vu referred to 0 TLP or, instead, at an active speech level of +1 dBm0. o The detector must not produce more than 12 talkoff clusters that exceed 20, or 40, or 95 cents in 70 hours of continuous speech or music at a volume level of 0vu referred to 0 TLP or, instead, at an active speech level of +1 dBm0. o Total talkoffs must not exceed 2 dollars in 200 hours of continuous speech or music at -17 vu referred to 0 TLP or, instead, at an active speech level of -16 dBm0. Coin-Operated Telephone Fraud - ------------- --------- ----- Fraud is possible by acoustically coupling accurate coin deposit signals into the mouthpiece of the originating coin telephone, or >from the called party end. Fraudulent signals coming from the coin telephone end can only be stopped within the coin telephone with a notch filter to filter out any external fraudulent signals. In order to combat Fraudulent usage the following will be enacted. o End- or tandem-office switching systems will be equipped with detectors that monitor signals from the originating coin line. The following methods combat far-end fraud: o Sensing the direction of received coin signals and only registering those coming from the coin line. o Increasing the trans-hybrid path loss (using echo cancelers to knock down the fraudulent signal's signal strength to that under the detector's recognition threshold.) o Inserting a 2200-Hz notch filter in the voice transmission path from the far end only when the detector is expecting coin deposits. The filters 3 dB bandwidth must be less than 600 Hz centered on 2200 Hz. and the out-of-band attenuation below 1500 Hz and above 3000 Hz must be less than 1 dB. Conclusion - ---------- The BOCs are now taking action against 'Redboxing' as well as against some of their own equipment defects. It was only a matter of time, of course. I have no idea how long this conversion will take or even if it has started. There has been some indication as some start of an anti-fraud campaign in my local area. I have gotten word from some people that coin operated telephones have not been accepting tones. I am unaware if these machines were BOC operated or if they were COCOTS. I believe them to be BOC coin operated telephones. - ----------------------------------------------------------------- Brian Oblivion can be reached at Oblivion@ATDT.ORG. RDT welcomes any questions or comments you may have -- especially any new information you may have. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - /\ /\ / \ __________/ \ / \ ____________________________________________________ \/ \ / \/ Law Enforcement Surveillance Scanning by Sterling /\ /\ / \ ____________________________________________/ \ / \ _________________ \/ \ / \/ Now days it seems that Big Brother is always listening in. Wherever you are, whatever you do, there is a good chance that your private conversations aren't so private. The FBI, Secret Service, DEA, local police, and dozens of other government agencies are definitely interested in what you have to say. What can we do about this? Well, unfortunately they have the badges and the guns, so we may as well get used to it. Since we can't beat'em, might as well enjoy it, understand it, and learn something from it. Mikes and Bugs ~~~~~~~~~~~~~~ Most FCC legal devices are found in the 150 to 174 MHz band, and other, limited parts of the 40 to 952 MHz range. Here is a list of FCC approved bands for wireless mike, room bugs, and body mikes. Also note that other bands MAY be used with special FCC permission. (An "*" indicates a band that may be used by vehicle tracking transmitters. More on that later) 42.02 to 42.94 MHz 44.62 to 46.58 MHz 47.02 to 47.50 MHz 72.00 to 76.00 MHz 150.995 to 151.49 MHz * 153.74 to 154.445 MHz * 154.635 to 156.25 MHz * 157.05 to 157.11 MHz 158.715 to 159.645 MHz 166.25 to ------ MHz 170.15 to 173.40 MHz 453.05 to 453.95 MHz 458.05 to 458.95 MHz 460.025 to 460.625 MHz 462.95 to 462.975 MHz 465.025 to 465.625 MHz 467.95 to 467.975 MHz 470.00 to 512.00 MHz 821.00 to 824.00 MHz 866.00 to 869.00 MHz If the purpose of the surveillance is not going to be used for criminal prosecution, agencies are reported to work outside of FCC restrictions to avoid detection. Though the FCC declares them illegal, devices have been found that work in the government, TV broadcast, and even aero bands. The following areas of the spectrum are known to be used on occasion: 73.00 to 74.6 MHz 137.00 to 138.00 MHz 216.00 to 222.00 MHz 400.00 to 406.10 MHz 608.00 to 614.00 MHz Surveillance Repeaters ~~~~~~~~~~~~~~~~~~~~~~ Law enforcement agencies use mobile repeaters and extenders to retransmit comms of interest. These low power (about 15 watts) repeaters are usually located in patrol cars. This allows the officer to monitor the surveillance device from outside his car via portable handheld transceiver. These are often simply little used channels of their normal assigned bands. Surveillance mobile repeaters are still quite weak, so if you can hear it, it's probably close by! (under your bed ?!) Here is a list of mobile repeaters used by state enforcement agencies: Mobile Repeaters (Extenders) - ------------------------------------------------------------------------------ State Frequency Comments - ------------------------------------------------------------------------------ Alabama - - - - May equip in the future Arizona 155.505 15% equipped; no more planned Arkansas 154.785 Fully equipped California 154.905 Fully equipped Colorado - - - - May equip in the future Connecticut 154.83 40% equipped Delaware 465.475 Fully equipped 460.50 Alternate frequency Florida 465.1625 Fully equipped 156.18 Turnpike frequency Georgia 458.4875 Fully equipped Idaho - - - - May be equipped Illinois 155.505 Fully equipped 151.16 Dept. of Criminal Investigation Indiana 155.445 Fully equipped Iowa 453.625 Fully equipped Kansas 154.92 Fully equipped Kentucky 154.665 Fully equipped Louisiana 453.45 Fully equipped Maine 460.225 Some cars equipped Maryland 155.73 Fully equipped Massachusetts 154.92 About 40% of cars equipped Michigan 154.695 Over half of cars equipped Minnesota 458.25 Fully equipped 453.25 Minneapolis Mississippi 158.97 Fully equipped Missouri 154.905 Fully equipped Montana - - - - May or will be equipped Nebraska 465.525 Fully equipped Nevada 154.92 Fully equipped New Hampshire - - - - May be equipped New Jersey - - - - Not now equipped New Mexico 460.15 Fully equipped 465.15 Alternate frequency New York - - - - Not now equipped North Carolina 155.445 Fully equipped, freqs. vary by area 154.68 Alternate frequency 154.92 Alternate frequency 159.21 Alternate frequency North Dakota 453.45 Partially equipped Ohio 465.55 Northern areas 465.375 Southern areas 465.425 Some units 465.525 Turnpike units Oklahoma 154.905 Fully equipped (?) 465.0125 Alternate frequency 465.1625 Alternate frequency 465.3875 Alternate frequency 465.5625 Alternate frequency Oregon - - - - May be equipped or soon will Pennsylvania 154.755 Fully equipped Rhode Island - - - - May have future plans South Carolina 154.445 Some or all cars equipped South Dakota 453.375 Some cars equipped Tennessee 154.905 Fully equipped Texas - - - - Not now equipped Utah - - - - May have future plans Vermont - - - - May have future plans Virginia 453.35 Fully equipped Washington 453.475 Some cars equipped 453.975 Alternate frequency West Virginia 155.505 May be equipped, or soon will Wisconsin 465.125 Fully equipped Wyoming - - - - May be equipped, or soon will Vehicle Tracking Transmitters ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Enforcement agencies often need to track suspect vehicles, cargo shipments, or packages. Tiny transmitters are used that emit a quarter second beep once each second. Some contain motion detectors that beep once every ten seconds when not in motion. This saves battery life and of course provides some information as to the status of the tagged object. Vehicles used for tracking these transmitters are easy to spot. Look for four identical antennas mounted in a square configuration. (Hmm, that pizza-van has been parked across the street for over four days!) Remote Control Surveillance ~~~~~~~~~~~~~~~~~~~~~~~~~~~ Some transmitters can be set for remote control operation. That way they can be turned off during times of inactivity to conserver power. They can also be turned off to avoid detection during countersurveillance sweeps to avoid detection. Look for these types of systems in the 72.01 to 72.99 MHz and 75.99 MHz bands (20 kHz steps). Some are thought to operate in the 300 to 350 MHz band as well. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (T)(R)(W)(T)(R)(W)(T)(R)(W)(T)(R)(W)(T)(R)(W)(T)(R)(W)(T)(R)(W)(T)(R)(W) (T) (W) )R( TRW Business Reports )R( (W) (T) )R( by HiBias )R( (T) (W) (T)(R)(W)(T)(R)(W)(T)(R)(W)(T)(R)(W)(T)(R)(W)(T)(R)(W)(T)(R)(W)(T)(R)(W) TRW keeps tabs on the financial standing of businesses, both big and small. Just about everyone from AT&T to Billy-Bud's Bait Shop is referenced in their files. Just exactly what kind of information do they have? What kind of data do they give to creditors. Exactly what kind of things could reflect negatively on your credit standing? Following is a sample of a typical TRW business report and a sample small business advisory report. These will show the type of information that TRW hands out to creditors and how they interpret said information. TRW SAMPLE REPORT ~~~~~~~~~~~~~~~~~ PAGE RPT DATE TIME PORT TYPE 1 03-02-90 08:40:13 BC99 PROFILE 219 - -------------------------------------------------------------------------------- SAMPLE COMPANY TRW FILE NUMBER: 000000001 1000 MAIN STREET TRW FILE ESTABLISHED: PRIOR JAN 1977 ANYTOWN USA 11111 SIC NO: 0000 PHONE: 714-555-1212 BUS: SELLING GOODS TO AMERICA - -------------------------------------------------------------------------------- EXECUTIVE SUMMARY ----------------- DAYS BEYOND TERMS (DBT) FOR SAMPLE COMPANY AS OF 03-02-90 : DBT IS THE AVERAGE NUMBER OF DAYS LATE A FIRM TAKES PREDICTION : TO PAY ITS BILLS. THE DBT IS WEIGHTED BY THE DOLLAR AMOUNT OF EACH ACCOUNT. THE PREDICTION IS A FORECAST DBT NORMS OF THE DBT FOR 60 DAYS INTO THE FUTURE. IT IS BASED SAMPLE CO INDUSTRY : ON THE TREND IN DBT, THE TYPE OF INDUSTRY OF THE ALL INDUSTRIES : FIRM, ANY DEROGATORY PUBLIC RECORD INFORMATION, COLLECTION ACCOUNTS, # OF INQUIRIES, YEARS IN BUSINESS/FILE, ETC. THE INDUSTRY INFORMATION IS PROVIDED TO EVALUATE HOW THIS FIRM PAYS TODAY RELATIVE TO FIRMS IN THE SAME INDUSTRY (AT THE 2 DIGIT SIC LEVEL). CONTINUOUS AND NEWLY REPORTED TRADELINES ARE USED FOR THE DBT VALUES. A SUMMARY WILL ONLY BE PROVIDED WHEN THERE IS SUFFICIENT DATA. HISTORICAL PAYMENT GUIDE 6 MONTH ACCOUNT BALANCE RANGE : THIS LINE INDICATES THE TOTAL AMOUNT OWED BY THE FIRM FOR THE PAST 6 MONTHS AND THE CURRENT TOTAL. HIGHEST CREDIT AMOUNT EXTENDED: THIS LINE INDICATES THE LARGEST INDIVIDUAL AMOUNT OF CREDIT EXTENDED TO THE FIRM IN THE PAST 12 MONTHS AND THE MEDIAN AMOUNT (IE THAT VALUE IN WHICH 50% OF THE ACCOUNTS ARE GREATER AND 50% ARE LOWER). THE PURPOSE IS TO COMPARE THE CURRENT CREDIT REQUEST TO THESE AMOUNTS TO DETERMINE THE CREDIT GRANTOR'S RELATIVE RISK. INDUSTRY PAYMENT COMPARISON : THIS LINE REPRESENTS THE CONCLUSION FROM A COMPARISON OF THE 6 MONTH HISTORICAL DBT OF THE FIRM TO ITS INDUSTRY. THREE POSSIBLE CONCLUSIONS CAN BE MADE: A FIRM PAYS "THE SAME", "LATER THAN", OR "SOONER THAN" RELATED BUSINESSES. TO CONCLUDE A FIRM PAYS LATER OR SOONER, 4 OUT OF 6 MONTHS MUST DEVIATE FROM AT LEAST 50% OF THE FIRMS IN THE INDUSTRY. PAYMENT TREND INDICATION : THIS LINE PROVIDES THE CONCLUSION FROM AN ANALYSIS OF HOW THE PAYMENT BEHAVIOR OF THE FIRM IS PAGE RPT DATE TIME PORT TYPE 2 03-02-90 08:40:13 BC99 PROFILE 219 - ------------------------------------------------------------------------------- SAMPLE COMPANY TRW FILE NUMBER: 000000001 - ------------------------------------------------------------------------------- PAYMENT TREND INDICATION (CONTINUED) CHANGING IN THE PAST 6 MONTHS. FOR A TREND TO OCCUR, AT LEAST THE MOST RECENT TWO MONTHS OF DBT MUST DEVIATE FROM 70% OF THE NORMAL HISTORICAL RANGE OF DBT'S. FOUR POSSIBLE CONCLUSIONS CAN BE MADE: THE FIRM IS "IMPROVING TOWARD TERM REQUIREMENTS ","INCREASINGLY LATE", "STABLE" OR OR "NO TREND IDENTIFIABLE". SIGNIFICANT PUBLIC RECORD DATA THIS SECTION SUMMARIZES REPORTED PUBLIC RECORD OR OTHER DEROGATORY INFORMATION IN THE FOLLOWING WAYS: 1) BANKRUPTCY FILINGS WITHIN THE PAST 10 YEARS. 2) OPEN TAX LIENS/JUDGEMENTS REGARDLESS OF THE AMOUNT OF THE LIEN, OR ANY FILING RELEASED WITHIN THE PAST 5 YEARS. 3) A SUMMARY OF THE NUMBER OF UCC FILINGS WITH ONE OR MORE OF THE FOLLOWING PLEDGED COLLATERAL: -ACCOUNTS -ACCOUNTS RECEIVABLE -INVENTORY -CONTRACTS -HEREAFTER ACQUIRED PROPERTY -PROCEEDS -LEASES -NOTES RECEIVALBE 4) REPORTED COLLECTION ACCOUNTS. 5) FRAUDULENT TELECOMMUNICATIONS ACCOUNTS THAT ARE REPORTED AS SERVICE DISCONNECTS, WRITE-OFFS, SKIPS, ETC. IF NO PUBLIC RECORD DATA IS REPORTED, THEN IT WILL BE STATED. RELEVANT DATES AND AMOUNTS WILL BE INCLUDED. TRADE PAYMENT INFORMATION ------------------------- TRADE PAYMENT EXPERIENCES (TRADE LINES WITH AN "*" AFTER DATE REPORTED ARE NEWLY REPORTED) RECENT ------ ACCOUNT STATUS ------ HIGH -DAYS PAST DUE- BUSINESS DATE LAST PAYMENT CREDIT BALANCE 1- 31- 61- CATEGORY REP'D SALE TERMS $ $ CUR 30 60 90 91+ COMMENTS ---------- ----- ----- ------- -------- -------- --- --- --- --- --- ---------- THIS SECTION PROVIDES THE DETAILED ACCOUNT RECEIVABLE INFORMATION FOR THE FIRM INQUIRED UPON. ONLY THOSE ACCOUNTS THAT ARE CONTINUOUSLY REPORTED OR NEWLY PAGE RPT DATE TIME PORT TYPE 3 03-02-90 08:40:13 BC99 PROFILE 219 - ------------------------------------------------------------------------------- SAMPLE COMPANY TRW FILE NUMBER: 000000001 - ------------------------------------------------------------------------------- TRADE PAYMENT EXPERIENCES (CONTINUED) REPORTED WILL BE INCLUDED IN THIS SECTION. THEREFORE, THE CREDIT GRANTOR IS EVALUATING ONLY THE MOST CURRENT TRADE INFORMATION. A CONTINUOUSLY REPORTED TRADE LINE MUST BE IN THE TRW FILE FOR AT LEAST SIX MONTHS AND UPDATED AT LEAST ONCE IN THE PAST THREE MONTHS. A NEWLY REPORTED TRADE LINE HAS BEEN ADDED TO THE FILE WITHIN THE LAST 3 MONTHS. EACH TRADELINE REPRESENTS A UNIQUE CREDIT EXPERIENCE. ------------------------------ -------- -------- --- --- --- --- --- ---------- TRADE LINE TOTALS: DBT: (THE SAME AS REPORTED IN THE SUMMARY) ADDITIONAL PAYMENT EXPERIENCES (INCLUDES NON-TRADE ACCOUNTS PLUS PREVIOUSLY REPORTED TRADE LINES) THIS SECTION WILL CONTAIN THOSE ACCOUNTS THAT REPRESENT PAYMENT INFORMATION, BUT DO NOT BEHAVE THE SAME AS A TRADE CREDIT ACCOUNT (IE THE ACCOUNT TYPE AND THE REPORTED DATA BEHAVES DIFFERENTLY THAN A TRADE ACCOUNT). FOR EXAMPLE, A LOAN WILL REFLECT THE TOTAL VALUE OF THE LOAN IN THE BALANCE INFORMATION AND THE AGING DATA REFLECTS THE CURRENCY OF THE MONTHLY PAYMENT ONLY. THIS SECTION INCLUDES TRADELINES NOT UPDATED BY CONTRIBUTORS WITHIN THE PAST 6 MONTHS. THE DATA, HOWEVER, CAN BE USED TO IDENTIFY ANY SIGNIFICANT DEROGATORY ACCOUNTS IN THE PAST. PAYMENT TOTALS RECENT ------ ACCOUNT STATUS ------ HIGH -DAYS PAST DUE- CREDIT BALANCE 1- 31- 61- $ $ CUR 30 60 90 91+ COMMENTS -------- -------- --- --- --- --- --- ---------- CONTINUOUSLY REPORTED LINES: THIS SECTION PROVIDES A SUMMARY OF THE TOTALS NEWLY REPORTED LINES: FOR THE TWO TRADELINE TYPES. IT CAN BE USED TO EVALUATE HOW MUCH THE NEW INFORMATION MAY EFFECT CONCLUSIONS FOR PAST PAYMENT BEHAVIOR. ------------------------------ -------- -------- --- --- --- --- --- ---------- TRADE LINE TOTALS: DBT: PAGE RPT DATE TIME PORT TYPE 4 03-02-90 08:40:13 BC99 PROFILE 219 - ------------------------------------------------------------------------------- SAMPLE COMPANY TRW FILE NUMBER: 000000001 - ------------------------------------------------------------------------------- PAYMENT TRENDS (BASED ON CONTINUOUSLY REPORTED TRADE LINES ONLY) -DAYS PAST DUE- BALANCE 1- 31- 61- DBT $ CUR 30 60 90 91+ --- -------- --- --- --- --- --- AS OF 03-02-90 THIS SECTION EXAMINES THE NEAR TERM CHANGES IN PAY- 12-01-88 MENT TRENDS. IT USES ONLY CONTINUOUSLY REPORTED 11-01-88 TRADELINES IN ORDER TO PROVIDE AN INDICATION OF 10-01-88 WHETHER OR NOT AN IMMEDIATE CHANGE IN PAYMENT 09-01-88 BEHAVIOR IS OCCURING. THE CONCLUSION FROM THE DATA 08-01-88 IS PRESENTED IN THE SUMMARY. A NEAR TERM CHANGE IN 07-01-88 BEHAVIOR CAN BE DUE TO THE WILLINGNESS OR ABILITY OF THE DEBTOR TO PAY ITS OBLIGATIONS. PAYMENT HISTORY--QUARTERLY AVERAGES (BASED ON CONTINUOUSLY AND NEWLY REPORTED TRADE LINES) -DAYS PAST DUE- BALANCE 1- 31- 61- DBT $ CUR 30 60 90 91+ --- -------- --- --- --- --- --- 4TH-Q-89 (OCT-DEC): THIS SECTION PRESENTS A ONE AND A QUARTER YEAR ANAL- 3RD-Q-89 (JUL-SEP): YSIS OF THE PAYMENT TRENDS. THE LONG TERM CHANGES IN 2ND-Q-89 (APR-JUN): DBT REFLECT THE ABILITY OF THE COMPANY TO GENERATE 1ST-Q-89 (JAN-MAR): SUSTAINED CASH FLOW OVER TIME. IF THE DBT IS 4TH-Q-88 (OCT-DEC): BECOMING SIGNIFICANTLY LARGER, IT IS LIKELY THAT THE COMPANY IS LESS ABLE TO PAY. PUBLIC RECORD INFORMATION ------------------------- THIS SECTION REFLECTS THE DETAIL OF BANKRUPTCY, TAX LIENS (FEDERAL, STATE, AND COUNTY), JUDGEMENTS, AND UCC FILINGS FOR A PARTICULAR ENTITY. IT INCLUDES THE DATE OF FILINGS, AMOUNTS, LOCATIONS, ETC. COMMERCIAL BANKING RELATIONSHIPS -------------------------------- THIS SECTION IDENTIFIES THE NAME, ADDRESS, PHONE NUMBER, AND ACCOUNT NUMBER OF THE PRIMARY BANK UTILIZED BY THE BUSINESS. PAGE RPT DATE TIME PORT TYPE 5 03-02-90 08:40:13 BC99 PROFILE 219 - ------------------------------------------------------------------------------- SAMPLE COMPANY TRW FILE NUMBER: 000000001 - ------------------------------------------------------------------------------- KEY FACTS INFORMATION --------------------- THIS SECTION TYPICALLY INCLUDES THE TYPE OF PRODUCTS/SERVICES OFFERED BY THE BUSINESSES, THE NUMBER OF YEARS IN BUSINESS, THE BUSINESS OWNERSHIP AND PRINCIPAL OFFICERS, ETC. INQUIRIES ---------- BUSINESS 1990 1989 CATEGORY JAN DEC NOV OCT SEP AUG JUL JUN MAY ---------- --- --- --- --- --- --- --- --- --- THE INQUIRIES WILL BE SUMMARIZED BY THE BUSINESS CATEGORY AND IDENTIFY THE NUMBER OF INQUIRIES EACH MONTH. THIS ALLOWS THE CREDIT MANAGER TO QUICKLY DETERMINE WHERE AND WHEN THE MOST FREQUENT CREDIT ACTIVITY ON THE PART OF THE DEBTOR HAS BEEN OCCURING. FEDERAL GOVERNMENT INFORMATION ----------------------------- THIS SECTION CONTINUES TO REFLECT THE FINANCIAL AND CONTRACT DATA PROVIDED BY GOVERNMENT AGENCIES (EG THE SMALL BUSINESS ADMINISTRATION). STANDARD & POORS INFORMATION ---------------------------- PROVIDES FINANCIAL INFORMATION ON PUBLICLY HELD COMPANIES AS COMPILED BY STANDARD AND POORS. THE INFORMATION INCLUDES: 1) THE MOST RECENT THREE YEARS OF PROFIT/LOSS STATEMENTS AND BALANCE SHEETS. 2) CRITICAL RATIOS OF PERFORMANCE RELATIVE TO INDUSRTY AVERAGES. 3) SUMMARY BUSINESS DESCRIPTION AND RECENT DEVELOPMENTS. THE INFORMATION HEREIN IS FURNISHED IN CONFIDENCE FOR YOUR EXCLUSIVE USE FOR LEGIMATE BUSINESS PURPOSES AND SHALL NOT BE REPRODUCED. NEITHER TRW INC, NOR ITS SOURCES OR DISTRIBUTORS WARRENT SUCH INFORMATION NOR SHALL THEY BE LIABLE FOR YOUR USE OR RELIANCE UPON IT. COPYRIGHT (C) 1989 TRW INC. **END REPORT** TRW SMALL BUSINESS ADVISORY SAMPLE REPORT ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ PAGE RPT DATE TIME PORT TYPE 1 03-02-90 08:40:13 BC99 SBAR 219 - -------------------------------------------------------------------------------- PRINCIPAL NAME/ADDRESS BUSINESS NAME/ADDRESS EMPLOYER NAME/ADDRESS - -------------------------------------------------------------------------------- JOHN Q PROPRIETOR PROPRIETOR CO AJAX HARDWARE 10655 BIRCH ST 604 BAKER ST 2035 BROADWAY BURBANK CA 91501 STUDIO CITY CA 90485 LOS ANGELES CA 90019 LAST UPDATE 12-89 AS ACCESSED 03-90 LAST UPDATE 06-88 - -------------------------------------------------------------------------------- RISK PROFILE ------------ CHANCE OF ACCOUNT ENTERING SERIOUSLY DEROGATORY STATUS WITHIN 1 YEAR: 3% THE PERCENTAGE ABOVE IS CALCULATED BY THE NATIONAL RISK MODEL, WHICH USES A POINT-SCORING SYSTEM THAT ADDS OR SUBTRACTS POINTS BASED ON A PROPRIETOR'S CREDIT BEHAVIOR. THE MODEL ONLY EXAMINES INFORMATION THAT APPEARS ON A PROPRIETOR'S SBAR REPORT, AND DOES NOT TAKE INTO ACCOUNT OTHER DATA, SUCH AS THE PROPRIETOR'S INCOME OR NET WORTH. THE PERCENTAGE, REFERRED TO AS A PROBABILITY PERCENTAGE, INDICATES THE LIKELIHOOD OF A PROPRIETOR BECOMING DEROGATORY IN HIS PAYMENT HABITS. DEROGATORY CREDIT BEHAVIOR CAN BE DEFINED AS MAINTAINING ACCOUNTS THAT HAVE DEVELOPED INTO COLLECTION ACCOUNTS, REPOSSESSIONS, CHARGE-OFFS OR BANKRUPTCIES. THE PERCENTAGES RANGE FROM 0% TO 100%. AS INDICATED ON THE SBAR, APPROXIMATELY 85% OF ALL PROPRIETORS HAVE A 0%-15% CHANCE OF BECOMING SERIOUSLY DEROGATORY WITHIN 1 YEAR; 12% HAVE A 16%-49% CHANCE; AND 3% HAVE A 50%-100% CHANCE. IN GENERAL, PROPRIETORS WITH A PROBABILITY PERCENTAGE OF 0%-15% ARE A GOOD RISK; THOSE WITH A PERCENTAGE OF 16%-49% ARE A MEDIUM RISK; AND PERCENTAGES OF 50%-100% INDICATE A POOR RISK. YOU MAY WANT TO IDENTIFY SEVERAL RANGES OF PERCENTAGES THAT YOU CONSIDER TO BE GOOD, MEDIUM, AND POOR RISKS, BASED ON HOW MUCH RISK YOU ARE WILLING TO TAKE IN EXTENDING CREDIT. PAGE RPT DATE TIME PORT TYPE 2 03-02-90 08:40:13 BC99 SBAR 219 - -------------------------------------------------------------------------------- PRINCIPAL NAME/ADDRESS BUSINESS NAME/ADDRESS EMPLOYER NAME/ADDRESS - -------------------------------------------------------------------------------- JOHN Q PROPRIETOR PROPRIETOR CO AJAX HARDWARE 10655 BIRCH ST 604 BAKER ST 2035 BROADWAY BURBANK CA 91501 STUDIO CITY CA 90485 LOS ANGELES CA 90019 LAST UPDATE 12-89 AS ACCESSED 03-90 LAST UPDATE 06-88 - -------------------------------------------------------------------------------- STATUS CHARACTERISTICS STATUS CHARACTERISTICS DEFINE THE SPECIFIC CONDITIONS WHICH CONTRIBUTE TO A PROPRIETOR'S PROBABILITY PERCENTAGE. ONE TO FOUR CHARACTERISTICS ARE DISPLAYED ON THE SBAR IN ORDER OF IMPORTANCE, AND GIVE YOU ADDITIONAL INSIGHT INTO A PROPRIETOR'S PERSONAL CREDIT HISTORY. FOR PROBABILITY PERCENTAGES OF 16%-100%, THE STATUS CHARACTERISTICS ARE A SIGNIFICANT INDICATOR OF WHY THE PERCENTAGE IS HIGH. FOR PERCENTAGES OF 0%-15%, THE CHARACTERISTICS ARE NOT A SIGNIFICANT INDICATOR, AND SHOULD NOT CARRY MUCH WEIGHT IN YOUR CREDIT-GRANTING DECISION. TO HELP YOU BETTER UNDERSTAND AND INTERPRET THE MEANING OF THE STATUS CHAR- ACTERISTICS, A "GLOSSARY OF STATUS CHARACTERISTICS" IS INCLUDED IN THE SBAR BROCHURE AVAILABLE FROM YOUR ACCOUNT EXECUTIVE. ACCOUNT PROFILES ---------------- PROPRIETORS' ACCOUNTS ARE DIVIDED INTO 3 CATEGORIES: NEGATIVE, POSITIVE, AND NEUTRAL. EACH TRADE LINE IN THE ACCOUNT PROFILE CONTAINS THE BUSINESS CATEGORY OF THE COMPANY THAT CONTRIBUTED THE INFORMATION; THE DATE THE INFORMATION WAS REPORTED; AND THE STATUS OF THE ACCOUNT. THE TRADE LINE MAY ALSO INCLUDE: THE DATE THE ACCOUNT WAS OPENED; TYPE AND TERMS OF LOAN; ORIGINAL LOAN AMOUNT; CREDIT LIMIT; HISTORICAL HIGH BALANCE; BALANCE DUE; SCHEDULED MONTHLY PAYMENT; AMOUNT PAST DUE; DATE LAST PAYMENT WAS MADE; TRANSACTION RELATIONSHIP; COMMENTS. ACCOUNT PROFILES PROVIDE YOU WITH DETAILED INFORMATION ABOUT A PROPRIETOR'S PERSONAL CREDIT PORTFOLIO. PAGE RPT DATE TIME PORT TYPE 3 03-02-90 08:40:13 BC99 SBAR 219 - -------------------------------------------------------------------------------- PRINCIPAL NAME/ADDRESS BUSINESS NAME/ADDRESS EMPLOYER NAME/ADDRESS - -------------------------------------------------------------------------------- JOHN Q PROPRIETOR PROPRIETOR CO AJAX HARDWARE 10655 BIRCH ST 604 BAKER ST 2035 BROADWAY BURBANK CA 91501 STUDIO CITY CA 90485 LOS ANGELES CA 90019 LAST UPDATE 12-89 AS ACCESSED 03-90 LAST UPDATE 06-88 - -------------------------------------------------------------------------------- NEGATIVE ACCOUNT PROFILE ------------------------ THIS SECTION PROVIDES YOU WITH ALL OF THE NEGATIVE TRADE LINES THAT APPEAR ON THE PROPRIETOR'S REPORT. THESE INCLUDE TRADE LINES THAT HAVE STATUSES SUCH AS DELINQUENT, REPOSSESSED, WRITE-OFF, CHARGED TO LOSS, BANKRUPT, ETC. POSITIVE ACCOUNT PROFILE ------------------------ THIS SECTION PROVIDES YOU WITH ALL OF THE POSITIVE TRADE LINES THAT APPEAR ON THE PROPRIETOR'S REPORT. IN GENERAL, THESE TRADE LINES ARE EITHER CURRENT ACCOUNTS THAT ARE BEING PAID ACCORDING TO TERMS, OR ACCOUNTS THAT HAVE BEEN CLOSED AND WERE PAID IN SATISFACTORY TERMS. NEUTRAL ACCOUNT PROFILE ----------------------- THIS SECTION PROVIDES YOU WITH ALL OF THE NEUTRAL TRADE LINES THAT APPEAR ON THE PROPRIETOR'S REPORT. THESE TRADE LINES INCLUDE ONES HAVE BEEN DELINQUENT AT ONE TIME, BUT ARE NOW CURRENT. PUBLIC RECORD PROFILE --------------------- THE PUBLIC RECORD PROFILE ENABLES YOU TO LEARN ABOUT WHAT TYPES OF LEGAL ACTIONS HAVE BEEN FILED AGAINST THE PROPRIETOR, SUCH AS BANKRUPTCIES, FEDERAL STATE, AND COUNTY TAX LIENS, JUDGEMENTS, AND SUITS. PAGE RPT DATE TIME PORT TYPE 4 03-02-90 08:40:13 BC99 SBAR 219 - -------------------------------------------------------------------------------- PRINCIPAL NAME/ADDRESS BUSINESS NAME/ADDRESS EMPLOYER NAME/ADDRESS - -------------------------------------------------------------------------------- JOHN Q PROPRIETOR PROPRIETOR CO AJAX HARDWARE 10655 BIRCH ST 604 BAKER ST 2035 BROADWAY BURBANK CA 91501 STUDIO CITY CA 90485 LOS ANGELES CA 90019 LAST UPDATE 12-89 AS ACCESSED 03-90 LAST UPDATE 06-88 - -------------------------------------------------------------------------------- PUBLIC RECORD PROFILE (CONTINUED) --------------------------------- EACH PUBLIC DATA ENTRY INCLUDES THE TYPE OF LEGAL ACTION FILED, DATE FILED, COURT NAME, COURT CODE, DOCKET NUMBER, AMOUNT, AND JUDGEMENT CREDITOR. INQUIRIES --------- THE INQUIRY SECTION INCLUDES INFORMATION ABOUT INQUIRIES MADE ON THE PROPRIETOR IN THE PAST 24 MONTHS. THIS TELLS YOU HOW OFTEN THE PROPRIETOR HAS REQUESTED CREDIT IN THE PAST YEAR, AND THE TYPES AND NUMBER OF COMPANIES THAT HAVE REQUESTED CREDIT INFORMATION ON HIM. INQUIRIES INCLUDE THE BUSINESS CATEGORY OF THE COMPANY MAKING THE INQUIRY AND THE DATE OF THE INQUIRY, AND MAY INCLUDE THE TYPE, TERMS, AND AMOUNT OF THE LOAN OR CREDIT LINE. FILE VARIATION REFERENCES ------------------------- FILE VARIATIONS CAN BE DEFINED AS INFORMATION ABOUT THE PROPRIETOR CONTAINED IN TRW'S FILE UNDER A DIFFERENT NAME, ADDRESS, OR SOCIAL SECURITY NUMBER THAN WHAT YOU ENTERED DURING THE INQUIRY PROCESS. USUALLY, NAME VARIATIONS ARE EITHER MISPELLINGS OR MAIDEN NAMES; ADDRESS VARIATIONS ARE DEVIATIONS SUCH AS "STREET" INSTEAD OF "DRIVE", OR THE PROPRIETOR'S PREVIOUS ADDRESS; AND SOCIAL SECURITY NUMBER VARIATIONS ARE ONE OR TWO DIGIT TYPO MISTAKES. IN A SMALL NUMBER OF CASES, HOWEVER, THE INFORMATION IN THE FILE VARIATION SECTION MAY SIGNIFICANTLY CONFLICT WITH WHAT THE PROPRIETOR HAS GIVEN YOU, AND YOU MAY FIND THAT A MORE THOROUGH REVIEW OF THE PROPRIETOR IS NECESSARY. PAGE RPT DATE TIME PORT TYPE 5 03-02-90 08:40:13 BC99 SBAR 219 - -------------------------------------------------------------------------------- PRINCIPAL NAME/ADDRESS BUSINESS NAME/ADDRESS EMPLOYER NAME/ADDRESS - -------------------------------------------------------------------------------- JOHN Q PROPRIETOR PROPRIETOR CO AJAX HARDWARE 10655 BIRCH ST 604 BAKER ST 2035 BROADWAY BURBANK CA 91501 STUDIO CITY CA 90485 LOS ANGELES CA 90019 LAST UPDATE 12-89 AS ACCESSED 03-90 LAST UPDATE 06-88 - -------------------------------------------------------------------------------- FILE VARIATION REFERENCES (CONTINUED) ------------------------------------- YOU CAN SEE WHICH TRADE LINES, PUBLIC RECORD DATA, AND INQUIRIES ARE ASSOCIATED WITH SPECIFIC FILE VARIATIONS IN TRW'S FILE BY MATCHING THE FILE VARIATION REFERENCES IN THE BODY OF THE REPORT TO THE ONES CONTAINED IN THE FILE VARIATION REFERENCE SECTION. CONSUMER STATEMENT ------------------ CONSUMERS MAY ADD EXPLANATIONS TO THEIR CREDIT REPORTS IN ACCORDANCE WITH THE FAIR CREDIT REPORTING ACT AND STATE REPORTING LAWS. THESE STATEMENTS APPEAR AT THE END OF THE REPORT. THE INFORMATION CONTAINED IN THIS SMALL BUSINESS ADVISORY REPORT IS FURNISHED IN CONFIDENCE AND MUST BE USED EXCLUSIVELY FOR LEGITIMATE COMMERCIAL CREDIT PURPOSES. THE INFORMATION SHALL NOT BE REPRODUCED. NEITHER TRW INC., NOR ITS SOURCES OR DISTRIBUTORS WARRANT SUCH INFORMATION NOR SHALL THEY BE LIABLE FOR YOUR USE OR RELIANCE UPON IT. COPYRIGHT (C) 1990 TRW INC. **END SMALL BUSINESS ADVISORY REPORT** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - [#] [#] [#] [#] [#] [#] [#] [#] [#] [#] [#] [#] [#] [#] [#] [#] [#] [#] [#] [#] [#] [#] Building a Garage Door Opener Hacker [#] [#] [#] [#] by Black Manta [#] [#] [#] [#] [#] [#] [#] [#] [#] [#] [#] [#] [#] [#] [#] [#] [#] [#] [#] [#] [#] [#] Garage door openers employ a DIP switch that the owner sets to his own personal "code". The code is actually just a binary number created by the on/off positions of the switch. The device discussed here will enable you to open any automatic garage door (aside from some of the new dual switch models). The opener employs a 555 timer as a pulse generator to transmit pulses to a binary counter. Each pulse will increment the binary counter by one. You can adjust the speed of the counting by turning R1. You will have to experiment to find the best speed. If it is too fast, the signal will not be long enough to open the door. Normally, about 2.5 minutes to complete all 1024 combinations. As you hit the switch, it will begin counting up, lighting the leds for the corresponding switches as it turns each on. This will serve as a reference so that you can set any opener to. To connect to the garage door opener, first desolder the DIP switches from the door opener and solder an IC socket into where the DIP switches were. (This will allow you to put the DIP switches back, when operating in normal mode.) Second, you should connect the output to a wirewrap IC socket. If you mount the IC socket on your pc or perfboard you can use the socket to plug right into the door opener. When connecting the output, be sure that the connections on the wirewrap socket correspond to the ON setting of the DIP switches. Parts List ~~~~~~~~~~ Resistors R1 - PC mount 100k potentiometer R2 - 1k ohm 1/4 watt Capacitors C1 - 22MFD Integrated Circuits IC1 - 555CP Timer IC2 - CD4040BE 12 stage binary counter Misc Parts LED1 - 10 Light Emitting Diodes S1 - Normally Closed Momentary Push Button Switch Perfboard 9V Battery 10 leds going to the 10 pins of the dip switch Dip Switch Assemblies (2 of 10 shown) |------+----------------------------------+--------->>> to ground | | | | led led etc...... | | | | +-----> to dip switch # +-----> to dip switch # | | | | +-----> to IC2 pin # +-----> to IC2 pin # Wire in IC2 through the assemblies as follows. >From IC2 pin To Dip Switch Assembly ~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~ 2 6 3 5 4 7 5 4 6 3 7 2 9 1 12 9 13 8 14 10 >From IC2 pin To ~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~ 1 Not Used 10 IC1-pin #3 15 Not Used 16 + 9V The remaining components and remaining pins of IC2 hook up as follows: >from IC2 pin #8-----+-----(S1)---->to IC2 pin #11 | | to +9V | | | +---------------+------+ | | | | | IC1 pin 8 IC1 pin 4 R1 | | | IC1 pin 7---+ | | | R2 | | | IC1 pin 6 | | | | | +-----+ | | | | to IC1 pin 1 IC1 pin 2 C1 | | | +-----------------+-----------------------+ | +-->>> to ground - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + Air Fone Frequency Allocation + + + + Based on information from Leroy Donnelly + ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Ever wonder just what those trendy jet-setters talk about on their in-flight air to ground radiotelephones? The FCC has issued rules on allocation of the 849-851/894-895 MHz bands for air-ground radiotelephone service. Using this information it is quite easy for ANYONE with a scanner to intercept these calls. Nothing that is said over the air should be considered secure. Competiters, enemies, and the news media could be tuning in on "private" conversations at any time. Here is the information on how it is all set up. The new action (effective as of September 9, 1991) 1) changes channel spacing from GTE Airfone Inc.'s de facto standards; 2) orders GTE to make its service available to other air-ground licensees at non-discriminatory rates; 3) divides each channel block into 6 control channels (P-1 through P-6) and 29 communications channels (C-1 through C-29); 4) provides for a communications channel bandwidth of 6 kHz; 5) gives GTE 22 months to modify its current control channel scheme; during this period, GTE can use the lower 20 kHz of each channel block, which includes channels C-1, C-2, and C-3, for control. GTE then has another 38 months during which it can only use a 3.2 kHz control channel in channel C-2 of each channel block. After these transition periods end (September of 1996), GTE must switch to control channels marked P-1 through P-6 in the tables below; 6) empowers the FCC to assign exclusively one control channel to each air-ground licensee; 7) limits the ERP of airborne stations to 30 watts; maximum, and that of ground stations to 100 watts maximum; 8) limits the ERP of ground stations to 1 watt when communicating with aircraft on the ground. GROUND TO AIR CHANNELS ~~~~~~~~~~~~~~~~~~~~~~ (NOTE" "GB" in these listings denotes Guard Band, a series of 3 kHz spacings to separate communications channels from control channels) CH. # CHANNEL BLOCK 10 9 8 7 6 C-1 849.0055 849.2055 849.4055 849.6055 849.8055 C-2 849.0115 849.2115 849.4115 849.6115 849.8115 C-3 849.0175 849.2175 849.4175 849.6175 849.8175 C-4 849.0235 849.2235 849.4235 849.6235 849.8235 C-5 849.0295 849.2295 849.4295 849.6295 849.8295 C-6 849.0355 849.2355 849.4355 849.6355 849.8355 C-7 849.0415 849.2415 849.4415 849.6415 849.8415 C-8 849.0475 849.2475 849.4475 849.6475 849.8475 C-9 849.0535 849.2535 849.4535 849.6535 849.8535 C-10 849.0595 849.2595 849.4595 849.6595 849.8595 C-11 849.0655 849.2655 849.4655 849.6655 849.8655 C-12 849.0715 849.2715 849.4715 849.6715 849.8715 C-13 849.0775 849.2775 849.4775 849.6775 849.8775 C-14 849.0835 849.2835 849.4835 849.6835 849.8835 C-15 849.0895 849.2895 849.4895 849.6895 849.8895 C-16 849.0955 849.2855 849.4955 849.6955 849.8955 C-17 849.1015 849.3015 849.5015 849.7015 849.9015 C-18 849.1075 849.3075 849.5075 849.7075 849.9075 C-19 849.1135 849.3135 849.5135 849.7135 849.9135 C-20 849.1195 849.3195 849.5195 849.7195 849.9195 C-21 849.1255 849.3255 849.5255 849.7255 849.9255 C-22 849.1315 849.3315 849.5315 849.7315 849.9315 C-23 849.1375 849.3375 849.5375 849.7375 849.9375 C-24 849.1435 849.3435 849.5435 849.7435 849.9435 C-25 849.1495 849.3495 849.5495 849.7495 849.9495 C-26 849.1555 849.3555 849.5555 849.7555 849.9555 C-27 849.1615 849.3615 849.5615 849.7615 849.9615 C-28 849.1675 849.3675 849.5675 849.7675 849.9675 C-29 849.1735 849.3735 849.5735 849.7735 849.9735 GB 849.1765 849.3765 849.5765 849.7765 849.9765 to to to to to 849.1797 849.3797 849.5797 849.7797 849.9797 P-6 849.1813 849.3813 849.5813 849.7813 849.9813 P-5 849.1845 849.3845 849.5845 849.7845 849.9845 P-4 849.1877 849.3877 849.5877 849.7877 849.9877 P-3 849.1909 849.3909 849.5909 849.7909 849.9909 P-2 849.1941 849.3941 849.5941 849.7941 849.9941 P-1 849.1973 849.3973 849.5973 849.7973 849.9973 5 4 3 2 1 C-1 850.0055 850.2055 850.4055 850.6055 850.8055 C-2 850.0115 850.2115 850.4115 850.6115 850.8115 C-3 850.0175 850.2175 850.4175 850.6175 850.8175 C-4 850.0235 850.2235 850.4235 850.6235 850.8235 C-5 850.0295 850.2295 850.4295 850.6295 850.8295 C-6 850.0355 850.2355 850.4355 850.6355 850.8355 C-7 850.0415 850.2415 850.4415 850.6415 850.8415 C-8 850.0475 850.2475 850.4475 850.6475 850.8475 C-9 850.0535 850.2535 850.4535 850.6535 850.8535 C-10 850.0595 850.2595 850.4595 850.6595 850.8595 C-11 850.0655 850.2655 850.4655 850.6655 850.8655 C-12 850.0715 850.2715 850.4715 850.6715 850.8715 C-13 850.0775 850.2775 850.4775 850.6775 850.8775 C-14 850.0835 850.2835 850.4835 850.6835 850.8835 C-15 850.0895 850.2895 850.4895 850.6895 850.8895 C-16 850.0955 850.2855 850.4955 850.6955 850.8955 C-17 850.1015 850.3015 850.5015 850.7015 850.9015 C-18 850.1075 850.3075 850.5075 850.7075 850.9075 C-19 850.1135 850.3135 850.5135 850.7135 850.9135 C-20 850.1195 850.3195 850.5195 850.7195 850.9195 C-21 850.1255 850.3255 850.5255 850.7255 850.9255 C-22 850.1315 850.3315 850.5315 850.7315 850.9315 C-23 850.1375 850.3375 850.5375 850.7375 850.9375 C-24 850.1435 850.3435 850.5435 850.7435 850.9435 C-25 850.1495 850.3495 850.5495 850.7495 850.9495 C-26 850.1555 850.3555 850.5555 850.7555 850.9555 C-27 850.1615 850.3615 850.5615 850.7615 850.9615 C-28 850.1675 850.3675 850.5675 850.7675 850.9675 C-29 850.1735 850.3735 850.5735 850.7735 850.9735 GB 850.1765 850.3765 850.5765 850.7765 850.9765 to to to to to 850.1797 850.3797 850.5797 850.7797 850.9797 P-6 850.1813 850.3813 850.5813 850.7813 850.9813 P-5 850.1845 850.3845 850.5845 850.7845 850.9845 P-4 850.1877 850.3877 850.5877 850.7877 850.9877 P-3 850.1909 850.3909 850.5909 850.7909 850.9909 P-2 850.1941 850.3941 850.5941 850.7941 850.9941 P-1 850.1973 850.3973 850.5973 850.7973 850.9973 AIR TO GROUND CHANNELS ~~~~~~~~~~~~~~~~~~~~~~ CH. # CHANNEL BLOCK 10 9 8 7 6 C-1 894.0055 894.2055 894.4055 894.6055 894.8055 C-2 894.0115 894.2115 894.4115 894.6115 894.8115 C-3 894.0175 894.2175 894.4175 894.6175 894.8175 C-4 894.0235 894.2235 894.4235 894.6235 894.8235 C-5 894.0295 894.2295 894.4295 894.6295 894.8295 C-6 894.0355 894.2355 894.4355 894.6355 894.8355 C-7 894.0415 894.2415 894.4415 894.6415 894.8415 C-8 894.0475 894.2475 894.4475 894.6475 894.8475 C-9 894.0535 894.2535 894.4535 894.6535 894.8535 C-10 894.0595 894.2595 894.4595 894.6595 894.8595 C-11 894.0655 894.2655 894.4655 894.6655 894.8655 C-12 894.0715 894.2715 894.4715 894.6715 894.8715 C-13 894.0775 894.2775 894.4775 894.6775 894.8775 C-14 894.0835 894.2835 894.4835 894.6835 894.8835 C-15 894.0895 894.2895 894.4895 894.6895 894.8895 C-16 894.0955 894.2855 894.4955 894.6955 894.8955 C-17 894.1015 894.3015 894.5015 894.7015 894.9015 C-18 894.1075 894.3075 894.5075 894.7075 894.9075 C-19 894.1135 894.3135 894.5135 894.7135 894.9135 C-20 894.1195 894.3195 894.5195 894.7195 894.9195 C-21 894.1255 894.3255 894.5255 894.7255 894.9255 C-22 894.1315 894.3315 894.5315 894.7315 894.9315 C-23 894.1375 894.3375 894.5375 894.7375 894.9375 C-24 894.1435 894.3435 894.5435 894.7435 894.9435 C-25 894.1495 894.3495 894.5495 894.7495 894.9495 C-26 894.1555 894.3555 894.5555 894.7555 894.9555 C-27 894.1615 894.3615 894.5615 894.7615 894.9615 C-28 894.1675 894.3675 894.5675 894.7675 894.9675 C-29 894.1735 894.3735 894.5735 894.7735 894.9735 GB 894.1765 894.3765 894.5765 894.7765 894.9765 to to to to to 894.1797 894.3797 894.5797 894.7797 894.9797 P-6 894.1813 894.3813 894.5813 894.7813 894.9813 P-5 894.1845 894.3845 894.5845 894.7845 894.9845 P-4 894.1877 894.3877 894.5877 894.7877 894.9877 P-3 894.1909 894.3909 894.5909 894.7909 894.9909 P-2 894.1941 894.3941 894.5941 894.7941 894.9941 P-1 894.1973 894.3973 894.5973 894.7973 894.9973 5 4 3 2 1 C-1 895.0055 895.2055 895.4055 895.6055 895.8055 C-2 895.0115 895.2115 895.4115 895.6115 895.8115 C-3 895.0175 895.2175 895.4175 895.6175 895.8175 C-4 895.0235 895.2235 895.4235 895.6235 895.8235 C-5 895.0295 895.2295 895.4295 895.6295 895.8295 C-6 895.0355 895.2355 895.4355 895.6355 895.8355 C-7 895.0415 895.2415 895.4415 895.6415 895.8415 C-8 895.0475 895.2475 895.4475 895.6475 895.8475 C-9 895.0535 895.2535 895.4535 895.6535 895.8535 C-10 895.0595 895.2595 895.4595 895.6595 895.8595 C-11 895.0655 895.2655 895.4655 895.6655 895.8655 C-12 895.0715 895.2715 895.4715 895.6715 895.8715 C-13 895.0775 895.2775 895.4775 895.6775 895.8775 C-14 895.0835 895.2835 895.4835 895.6835 895.8835 C-15 895.0895 895.2895 895.4895 895.6895 895.8895 C-16 895.0955 895.2855 895.4955 895.6955 895.8955 C-17 895.1015 895.3015 895.5015 895.7015 895.9015 C-18 895.1075 895.3075 895.5075 895.7075 895.9075 C-19 895.1135 895.3135 895.5135 895.7135 895.9135 C-20 895.1195 895.3195 895.5195 895.7195 895.9195 C-21 895.1255 895.3255 895.5255 895.7255 895.9255 C-22 895.1315 895.3315 895.5315 895.7315 895.9315 C-23 895.1375 895.3375 895.5375 895.7375 895.9375 C-24 895.1435 895.3435 895.5435 895.7435 895.9435 C-25 895.1495 895.3495 895.5495 895.7495 895.9495 C-26 895.1555 895.3555 895.5555 895.7555 895.9555 C-27 895.1615 895.3615 895.5615 895.7615 895.9615 C-28 895.1675 895.3675 895.5675 895.7675 895.9675 C-29 895.1735 895.3735 895.5735 895.7735 895.9735 GB 895.1765 895.3765 895.5765 895.7765 895.9765 to to to to to 895.1797 895.3797 895.5797 895.7797 895.9797 P-6 895.1813 895.3813 895.5813 895.7813 895.9813 P-5 895.1845 895.3845 895.5845 895.7845 895.9845 P-4 895.1877 895.3877 895.5877 895.7877 895.9877 P-3 895.1909 895.3909 895.5909 895.7909 895.9909 P-2 895.1941 895.3941 895.5941 895.7941 895.9941 P-1 895.1973 895.3973 895.5973 895.7973 895.9973 Here is a reference chart of allocated channel blocks around the country. GEOGRAPHICAL CHANNEL BLOCK LAYOUT ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ (ground stations using the same channel block must be at least 300 miles apart) LOCATION CH. BLOCK ALASKA Anchorage 8 Cordova 5 Ketchikan 5 Juneau 4 Sitka 7 Yakutat 8 ALABAMA Birmingham 2 ARIZONA Phoenix 4 Winslow 6 ARKANSAS Pine Bluff 8 CALIFORNIA Blythe 10 Eureka 8 Los Angeles 4 Oakland 1 S. San Fran. 6 Visalia 7 COLORADO Colorado Spgs. 8 Denver 1 Hayden 6 FLORIDA Miami 4 Orlando 2 Tallahassee 7 GEORGIA Atlanta 5 St. Simons Is. 6 HAWAII Mauna Kapu 5 IDAHO Blackfoot 8 Caldwell 10 ILLINOIS Chicago 3 Kewanee 5 Schiller Park 2 INDIANA Fort Wayne 7 IOWA Des Moines 1 KANSAS Garden City 3 Wichita 7 KENTUCKY Fairdale 6 LOUISIANA Kenner 3 Shreveport 5 MASSACHUSETTS Boston 7 MICHIGAN Bellville 8 Flint 9 Sault S. Marie 6 MINNESOTA Bloomington 9 MISSISSIPPI Meridian 9 MISSOURI Kansas City 6 St. Louis 4 Springfield 9 MONTANA Lewistown 5 Miles City 8 Missoula 3 NEBRASKA Grand Island 2 Ogallala 4 NEVADA Las Vegas 1 Reno 3 Tonopah 9 Winnemucca 4 NEW MEXICO Alamogordo 8 Albuquerque 10 Aztec 9 Clayton 5 NEW JERSEY Woodbury 3 NEW YORK E. Elmhurst 1 Schuyler 2 Staten Island 9 NORTH CAROLINA Greensboro 9 Wilmington 3 NORTH DAKOTA Dickinson 7 OHIO Pataskala 1 OKLAHOMA Warner 4 Woodward 9 OREGON Albany 5 Klamath Falls 2 Pendleton 7 PENNSYLVANIA Coraopolis 4 New Cumberland 8 SOUTH CAROLINA Charleston 4 SOUTH DAKOTA Aberdeen 6 Rapid City 5 TENNESSEE Elizabethton 7 Memphis 10 Nashville 3 TEXAS Austin 2 Bedford 1 Houston 9 Lubbock 7 Monahans 6 UTAH Abajo Peak 7 Delta 2 Escalante 5 Green River 3 Salt Lake City 1 VIRGINIA Arlington 6 WASHINGTON Seattle 4 Cheney 1 WEST VIRGINIA Charleston 2 WISCONSIN Stevens Point 8 WYOMING Riverton 9 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ############################################ # Credit Card Authorization Machines # # Emery Lapinski # ############################################ This article contains information pertaining to VeriFone Credit Card Authorization machines. I have not run across any files containing information on this subject, but if anyone knows where I can find more information about these little grey boxes I would appreciate it. The VeriFone comes under different names. This file is from hacking a ZON Jr XL, but I have also seen ones that look much similar under the name TRANZ. If anoyone has any information on the similarities/differences of these machines I would appreciate the info.... THIS FILE IS FOR INFORMATIONAL PURPOSES ONLY. THIS FILE IS INTENDED FOR AUTHORIZED PERSONS IN UNDERSTANDING/OPTIMIZING THIER MACHINE. THE AUTHOR TAKES NO RESPONSIBILITY FOR THE ACTS OF OTHERS. WARNING! Please contact MichiganBankCard and all other applicible agencies before reading this file. This is the basic layout the machine, and some information on how it works. VeriFone ZON Jr XL (Michigan Bankcard) ||||||||||||||||||||||||||||||||||| |||||||16 CHARACTER DISPLAY|||||||| ||||||||||||||||||||||||||||||||||| - -sale-- -credit -force- ------- | QZ. | | ABC | | DEF | | | | 1 | | 2 | | 3 | |CLEAR| - ------- ------- ------- ------- - ------- -check- -auth-- ------- | GHI | | JKL | | MNO | |BACK-| | 4 | | 5 | | 6 | |SPACE| - ------- ------- ------- ------- cash- - ------- -mgmt-- balance- ------- | PRS | | TUV | | WXY se | | | 7 | | 8 | | 9 tt |ALPHA| - -recall -store- ------le ------- - ------- -check- -auth-- ------- | ,'" | | -SP | | | |FUNC | | * | | 0 | | # | |ENTER| - ------- ------- ------- ------- CLEAR: Pressing CLEAR at any time brings the VeriFone back to the READY state. BACKSPACE: Used to erase previously enterd characters. ALPHA: Used to scroll through the letters on each key. Pressing an 8 will display 8. Pressing ALPHA will change this first to T, and successive presses will change this to U, then V, then T again. FUNC/ENTER: Usually a blue key where all the other keys are grey. Used to indicate end of input when entering information, or to change the FUNCTIONS of the keys to do alternate things. (1)SALE: Pressing 1(SALE) means you want to process a sale transaction. The VeriFone will ask for the credit card number. The unit uses the CC number algorithm to check this number and can display BAD CC NUMBER. The expiration date may be entered at this time at the end of the CC nunmber, or after pressing ENTER it will ask for the expiration date which is of the form mmyy or myy. This information can be entered with the keypad or by sliding the credit card through the CC reader slot. Then the amount of the transaction is entered (without a decimal point and without rounding the cents) followed by ENTER. The VeriFone calls in to get a 6-digit authorization number. Usually this is 6 numbers, but I have seen it composed of two letters followed by 4 digits as well. It usually begins with AP which indicates approval. If the transaction in not approved it returns various messages depending on the reason. This could be DECLINE, meaning there is not enough money left in the account; CALL-HOLD meaning there is enough money but someone has done an AUTHORIZATION (not a SALE) which reserves some of the accounts money and will be released after 7-10 days if not DRAFT is recieved; or just CALL, which usually means the card is stolen or cancelled. This transaction is stored in the batch, if approved, and the approval number is displayed. Pressing CLEAR returns the unit to its READY state. (2)CREDIT: Pressing 2(CREDIT) is used for the processing of a CREDIT (as opposed to SALE) draft. Information same as above but the VeriFone does not call to get any kind of authorization. After all the information is enterd the unit retunrs to the READY state. This information is stored in the batch with CI in place of MC, VI, etc. to indicate a credit. (3)FORCE: Similar to a SALE except that the unit does not call to get an approval number. Used when an transaction is DENIED, or erased. The unit does not call to get an approval number. The information is stored in the batch. (4)UNDEFINED: Could be used for special services, like AMEX transactions or Collection Services. (5)CHECK: Something to do with authorization of checks and check cashing but I'm unclear about this one. (6)AUTH: Like SALE, returns approval or decline code but is not stored in batch. Places a HOLD on the card for the entered amount for 7-10 days. A sales draft can be sent in based on this, otherwise the HOLD will be removed. Used to reserve money on the account or to check to see if the card is good. (7)UNDEFINED: Can be used for more special services. (8)CASH-MGMT: I have no idea. (9)BALANCE & SETTLE FUNCTIONS: At the end of day or whenever the batch is filled (about 100 transactions) a batch number is obtained. This is a nine digit number that is used to reference the batch of transactions when dealing with credit corporations. First one must BALANCE the batch. Pressing 9 (to BALANCE) will ask for a password (stored in location 053). Enter this number and press ENTER. The VeriFone will ask for the number of transactions which is simply a count of the number of transactions followed by ENTER. If this is correct then it will ask for total amount, which is the total amount of all the transactions (the decimal point is not entered but the cents must not be rounded so that if the total was $174.30 it would be 17430) followed by ENTER. If either the # of transactions of total amount is incorrect then the VeriFone diaplays the first entry of the batch which is the last 5 digits of the credit card number followed by credit card type (VI, MC, etc.) followed by the 6 digit authorization number, followed by the amount of the transaction. By entering digits at this time, followed by ENTER,the amount of the transaction can be changed. The batch is scrolled forward by pressing ENTER. When the information is correctly entered, The VeriFone displays READY (or whatever is stored in location 030.) When the 9 is pressed again (to SETTLE) it calls to process the batch. It transmits its information (if any of the information has been changed, it sends it twice) and recieves the 9 digit batch number, which it displays. (0)AUTO: An auto-dialer of some sort. Phone numbers can be stored in memory, and pressing AUTO will dial it for you and tell yo to pick up the handset when it is finished. I'm not sure how to use it. MEMORY FUNCTIONS: To review the VeriFone's memory, press: FUNC,7 The screen will display = and will wait for you to enter three numbers or press ENTER which will start at 000. Pressing ENTER will increment the location displayed, ALPHA will decrement. To change the Verifone's memory, press: FUNC,8 You are asked for a password, but this is not the password stored at location 053 (this password is used for functions like getting batch numbers, clearing the batch, changing the information in the batch, etc.) On the two machines I have checked this password is 166831, which I obtained to when the local authorization phone number was changed. It would call this number twice getting a "The number you have called has been changed . . ." message, then would call the 1-800 number. Valid Memory Locations of form ### are: 000-399, 400-412, 500-512, 600-612, 700-712, 800-812, 900-912 Loc# Information Meaning (?) - -------------------------------------------- 000 12146808459 Phone number of some computer. 019 JXL0001 Type of machine 021 2-ART,VIDEO Type of store 022-029 030 READY Message Displayed when machine is ready 053 123456 Some functions require password, this is it (?) 056,058 18002221455 More Computers 057,059 18005543363 More Computers 100 9299783 More Computers 108 SALE Message display when 1(SALE) key is pressed 208 CREDIT Message display when 2(CREDIT) key is pressed #08 Locations 108,208, . . . are messages displayed when that key is pressed. Not true for 008. Can be changed to whatever you want. 311-399 Many of the other locations contain long strings of characters that are some sort of password/id/information (up to 40 characters I think) that the VeriFone passes when it calls in, others are empty or used to store new information. Chnaging these can upset the functionality of the unit. Local numbers are called first, and if no successful connection, then the 1-800 number is called. CLEARING THE BATCH: Pressing FUNC,6(?) followed by the password (location 053) followed by ENTER. The VeriFone asks "CLEAR BATCH?". Pressing ENTER clears the BATCH, CLEAR cancels this. To restore the BATCH, FORCE would be used to restore this information insted of SALE as SALE would obtain a second transaction and approval number. UNIT SEND & UNIT RECIEVE: Pressing FUNC,* or FUNC,#(?) does UNIT SEND or UNIT RECIEVE which does some sort of UPLOAD/DOWNLOAD functions. I'm not sure how this one works. Useful if important memory locations of the VeriFone are chnaged and upset some of the functions, then the central company can replace the information easily. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - /-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/ -/- -/- /-/ *> TID-BYTES <* /-/ -/- -/- /-/ by the Informatik Staff /-/ -/- -/- /-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/ Tid-Bytes is a standing column of miscellaneous bits of information. This issue we have an update on cordless phone frequencies, a complete CLASS code list, a list of companies that can provide you with information and material on bombs, survival, crime, and other fun stuff, and Holistic Hacker gives us a peek into Bell. Cordless Phone Update ~~~~~~~~~~~~~~~~~~~~~ This is a little extra info on cordless phone frequencies from issue 01. I decided that there are times that the handset frequencies could also be handy for when the base itself is out of range. Note that a good many cordless phones handsets are simplex, so the conversation will be one-sided. Here is the list again, with the updated handset frequencies. channel base handset 1 46.610 49.670 2 46.630 49.845 3 46.670 49.860 4 46.710 49.770 5 46.730 49.875 6 46.770 49.830 7 46.830 49.890 8 46.870 49.930 9 46.930 49.990 10 46.970 46.970 CLASS and Custom Calling Feature Control Codes: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The following list was compiled from comp.dcom.telecom postings and the Bell Atlantic "IQ services" information line at (800) 365-5810. (These appear to be standard, but may be changed locally) *57 Customer Orignated Trace (COT) Activation "call trace" The number of the last call you received is logged at the CO. You get an acknowledging recording. Then hang up. Write down the date and time. You don't get the number - you must contact the business office or police. Costs $1.50 - $3 depending on your area. *60 Selective Call Rejection (SCR) Activation (start "call block" list management) *61 Selective Distinctive Alerting (SDA) Activation (start "priority call" list management) *62 Selective Call Acceptance (SCA) Activation *63 Selective Call Forwarding (SCF) Activation (start "select forwarding list" management) *65 ICLID Activation (caller ID) (turn on caller ID delivery to me, the subscriber) *66 Automatic Recall (AR) Activation (activate "repeat call" - retry last number for 30 minutes) *67 Call Privacy Toggle (block caller ID delivery for next call only) *68 Computer Access Restriction Toggle *69 AC Activation "return call" (call last person who called you) *70 Call waiting disable "tone block" (prevent call waiting tone, useful for data calls) *70 // dial tone // the number you're dialing *71 Ring, no-answer forward activation *72 Call forwarding immediate Activation (72# on some systems) *73 Call forwarding Deactivation (73# on some systems) *74 Speed call 8 program (74# on some systems) *80 SCR Deactivation "call block" *81 SDA Deactivation "priority call" *82 SCA Deactivation *83 SCF Deactivation "select forwarding" *85 ICLID Deactivation (turn off caller ID delivery to me, the subscriber) *86 AR Deactivation "repeat call" *89 AC Deactivation "return call" n# speed dial (n=2 to 9) nn# speed dial (nn=20-49) 72# activate call forwarding 73# deactivate call forwarding 74# set speed dialing (8 numbers) 75# set speed dialing (30 numbers) Rotary/pulse phones: use 11 for the * (ex: *57 => 1157) (is there a pulse code for #? I doubt it becuase it's not a prefix) You do not need to subscribe to call trace to use it. Some areas allow return call and repeat call on a per use basis. The cost is higher per use than with a subscription, but you pay nothing for months where you don't use it. *65 and *85 are used when you subscribe to Caller-ID if you want to reduce the number of calls logged because there's a surcharge after 400 calls per month. New York Telephone has a recorded message system describing their services. Here's what I gathered from (800) EASY-NYT (327-9698) (this mostly jives with information from the Bell Atlantic IQ services information line at (800) 365-5810) Menu choice: 45 -> A person relays voice/TDD at no additional charge. This is WITHIN New York State only. What about calls in/out of New York State? The operator said the originator should call information for the relay service. This is a service of AT&T, and is currently not allowed to call across states. (800) 421-1220 voice (800) 662-1220 TDD The AT&T newsline (908) 221-6397 (221-NEWS) for Friday June 8, 1991 mentioned that the (Chicago) Illinois relay center opened June 10. It is the fourth, others being in New York, Alabama and California. [and Sprint's in Texas as mentioned in TELECOM Feb 1992] 46 -> restrict outgoing calls to pay services exchanges 540, 550, 970, 970 area codes 700, 900 This service is free of charge. 14 -> "Ring Mate" allows you to add one or two additional numbers, each with a unique ring pattern (and call waiting beep). AT&T has language translation centers. I believe these are the numbers: (408) 648-5871 AT&T Language Line (outside the USA) (800) 628-8486 AT&T Language Line (USA only) (800) 752-6096 AT&T Language Line information You can get translators (English/Japanese, ...) as needed, but the cost is rather high. I'm not sure if reservations/appointments are necessary. It would be interesting to see the setup and costs for a conference call from the US to Japan, using the translation center and a TDD relay for the deaf (particularly if the deaf were non-english). Or better yet -- a video conference from the US to Russia with translators. CCITT rules: How to write a number: +1 212 555 1212 international (spaces, NO dashes) (212) 555 1212 within the country (parentheses around the optional city code) Politically Incorrect Publishers ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This is a listing of mail-order publishers & distributors of books concerning weapons, combat, explosives, etc. A pound sign (#) indicates that the company carries a line of books, but specializes in other items, such as gun leather, yuppie survival goods, ID cards & certificates, medals & patches, outdoor clothing, etc. There are all sorts of nify goodies that you can order. Brigade Quartermasters # 1025 Cobb International Blvd. Kennesaw, GA 30144-4300 Information: (404) 428-1234 Orders: (800) 338-4327 Fax Orders: (404) 426-7726 Telex: 54-2461 Butokukai P.O. Box 430 Cornville, AZ 86325 (602) 634-6280 CEP, Incorporated P.O. Box 865 Boulder, CO 80306 (303) 443-2294 Delta Press, Ltd. P.O. Box 1625 215 S. Washington St. El Dorado, AR 71731 Orders: (800) 852-4445 Service: (501) 862-4984 Desert Publications P.O. Box 1751 716 Harrell St. El Dorado, AR 71731-1751 Orders: (800) 852-4445 Fax Orders: (501) 862-9671 Information: (501) 862-2077 Eden Press P.O. Box 8410 Fountain Valley, CA 92728 Orders: (800) 338-8484 Info & CA: (714) 556-2023 Loompanics Unlimited P.O. Box 1197 Port Townsend, WA 98368 (No phone?) Mass Army Navy Store # 15 Fordham Road Boston, MA 02134 Orders: (800) 343-7749 Info & MA: (617) 783-1250 Fax: (617) 254-6607 National Intelligence Book Center 1700 W St., N.W Suite 607 Washington, DC 20006 Phone: (202) 797-1234 (SUBSCRIPTION) Phone: (202) 337-8084 (ORDER) fax: (202) 342-2342 NIC, Inc. (Law Enforcement Supply) # 220 Carroll St., Suite D1 P.O. Box 5210 Shreveport, LA 71135-5210 Orders: (318) 222-2970 (24 hr.) Fax: (318) 869-3228 (24 hr.) Paladin Press P.O. Box 1307 Boulder, CO 80306 Orders: (800) 392-2400 Service: (303) 443-7250 Phoenix Systems, Inc. # P.O. Box 3339 Evergreen, CO 80439 Fax: (303) 278-8101 Throat: (303) 277-0305 (08:00-17:00 MST/MDT) Quartermaster # 750 Long Beach Blvd Long Beach, CA 90813 P.O. Box 829 Long Beach, CA 90801-0829 Orders: (800) 444-8643 Info: (800) 933-3135 Survival Books 11106 Magnolias Blvd. N. Hollywood, CA 91601-3810 (818) 763-0804 U.S. Cavalry # 2855 Centennial Ave. Radcliff, KY 40160-9000 Orders: (800) 777-7732 Info: (502) 351-1164 Southwestern Bell Visitor Passes ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Holistic Hacker - H0D sends us this note: I acquired this goody on a visit of the SW Bell facilities in St. Louis last year. Here's a brief description of it. The pass is on light blue cardboard stock approximately 2.5" wide by 3.5" high. The Bell logo is in the top left corner and "Southwestern Bell Telephone" is typed along the top. Centered about 1.5" from the top is "Visitor Temporary Pass." Below that is name, company, and admit to, all followed by some lines to write the appropriate BS in. "Void After" and "Issued By" are farther down. On my pass, "Admit To" = OBC (One Bell Center) and "Issued By" = F.A. Too bad I couldn't keep the visitor pass to their data center... - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (%)%(%)%(%)%(%)%(%)%(%)%(%)%(%)%(%)%(%)%(%)%(%) )%( )%( (%) > Hot Flashes < (%) )%( )%( (%) The Underground News Report (%) )%( )%( (%) Edited by: the Informatik Staff (%) )%( )%( (%) Jan thru Apr 1992 (%) )%( )%( (%)%(%)%(%)%(%)%(%)%(%)%(%)%(%)%(%)%(%)%(%)%(%) IMPORTANT NOTE: We have decided to not generally include any future news features on hacking or phreaking. Occasionally we may include one or two if we feel that they have not been covered elswhere. Our decision is based on the fact that Phrack, a long-standing electronic publication devoted to the hacker community, does an excellent job of collecting them. There is no use in both of use publishing the same stories over and over. We do plan to keep stories concerning fraud, government, and other goodies not normally addressed by Phrack. SO, for most hacking and phreaking news stories check out Phrack. ===================================== Wireless Cable Lottery Spurring Scams ===================================== WASHINGTON, D.C., U.S.A., 1992 APR 15 (NB) -- The Federal Communications Commission's lottery of rights to operate wireless cable systems is becoming a hotbed for con-men, according to federal and state officials. The Bush Administration has said it wants to end the lottery process and award new frequencies based on auctions, while Congress wants hearings and awards based on a "public interest" test. But until all that is sorted out, lotteries, in which people file applications and the agency chooses winners by lot, are the way the agency will allocate rights. The current controversy involves wireless cable television, a technology using microwave radio technology to transmit TV programs to viewers' homes, bypassing wired cable systems. The low capacity of such systems, compared with the high capacity of existing wired cable systems, makes them a risky business proposition in large cities wired for cable, but that has not stopped the con artists. So far, 18 state securities agencies have investigated or taken action against suspected scams in Georgia, with Illinois and Florida adding their voices in the form of press releases and warnings from state officials. The Federal Trade Commission has also been investigating lottery fraud, and has filed three lawsuits. Florida Comptroller, Gerald Lewis, who regulates the state's banks, claimed at a news conference that "boiler room" operations touting license lotteries have taken in $50 million nationwide. He said the con artists claim that for $5,000 they can virtually guarantee a successful application. The actual filing fee is $155, and over 36,000 applications have been received so far, according to the FCC. Illinois Secretary of State George Ryan estimated in a press statement that investors have risked $75 million on the schemes, and his office has taken action against two such companies in that state. The FCC has been granting wireless cable licenses for nine years, but fewer than 170 such systems are actually up and running, he added, indicating the business risk is considerable since wireless cable works only in a "line of sight" from a central antenna to a subscriber. Later this year, the FCC will launch a second and, perhaps, more lucrative lottery process. This will be for new frequencies to run communications adjuncts to interactive TV systems like that offered by TV Answer of Reston, Virginia. TV Answer has won agreement from Hewlett-Packard to make set-top converters for its system, which will offer banking, shopping, information, and games. In this lottery, however, winning bidders will be forced to build-out at least half their systems before selling their interests. Applications will cost about $5,000-$10,000, depending on the size of the market applied for, and total costs to winning bidders are estimated at $150,000-$250,000, again depending on the size of the market. - ------------------------------------------------------------------------------ ============================== SPA Raids Grand Central Camera ============================== WASHINGTON, DC, U.S.A., 1992 APR 8 (NB) -- On March 25, U.S. Marshals and representatives of the Software Publishers Association raided grand Central Cameras (AKA GCT Photo Dealers) based on charges that the company had been making illegal copies of software and selling computers preloaded with the programs in violation of U.S. copyright laws. SPA member companies whose software has allegedly been copied include Lotus, Microsoft, WordPerfect, Datastorm Technologies, Fifth Generation Systems, Interplay Productions, and Sphere. Copied software was found on 25 seized floppy diskettes which allegedly served as duplication masters. In addition, sales records with names of customers were also taken and will reportedly be used to determine if those obtaining pirated software will be named in the case against the store. Also seized in the raid, which was based on a federal court order issued in the United States Court for the Southern District of New York, were three desktop computers and two laptops which the SPA says contained illegal or pirated copies of software. Grand Central Cameras has agreed to submit to, and the court subsequently entered, a preliminary injunction forbidding unauthorized software copying by the reseller. The SPA maintains an anti-piracy hotline, 800-388-7478, which collects information from people wishing to report software copyright violations. To get a copy of the SPA Self-Audit Kit and SPAudit inventory management program, companies should write to: SPAudit Software Publishers Association 1730 M. Street, NW, Suite 700 Washington, D.C. 20036. - ------------------------------------------------------------------------------ =================================================== MCI Nixes Billing For Problem Pay-Per-Call Services =================================================== WASHINGTON, D.C., U.S.A., 1992 APR 1 (NB) -- MCI Communications has announced it is no longer accepting applications for the more dubious firms offering financial services on its premium-rated "900" area code lines. Specifically, MCI is prohibiting companies offering credit card and loan advice services on the premium rate services. Newsbytes notes that the majority of these companies are usually only dispensing common-sense rules on building credit ratings up and charging heavily for the privilege. One "900" number that Newsbytes called in the US recently in connection with a financial feature turned out to be a thinly- disguised mail-order operation with a "Gold card" membership costing $50 that allowed members to buy mail order goods at normal prices. Considering that callers to the "900" number paid $10 for the call itself, this was clearly a scam. In addition to the financial services block on "900" lines, MCI has also ceased handling billing for job agencies which offer generic job descriptions and suggestions on how to get a job. The changes, which take effect from April 1, are in addition to a previously-announced block on adult services on "900" numbers. "MCI has instituted these policies to further ensure that consumers are protected and are subjected to less confusion and fewer incidences of abusive sales tactics by some 900 information providers," said Carol Herod, MCI senior vice president for business marketing, announcing the block. "While we have previously taken strong policy steps that are consistent with FCC rules, these additional safeguards can help to protect consumers during uncertain economic times. At the same time, we want them to be able to take advantage of the numerous consumer and business-oriented programs which offer legitimate and valuable services," she added. The "900" area code service changes, which were notified to its major subscribers in February of this year, are likely to cause a major contraction in the number of companies offering premium services, Newsbytes notes. MCI, ironically, was one of the first telecommunications companies to offer "900" area code premium rate services at the beginning of last year. - ------------------------------------------------------------------------------ ================================================================= Electronic Filing Breeds Tax Fraud Scams; Include Illegal Refunds ================================================================= Los Angeles Times, Apr 14, 1992 Los Angeles - Jerome Hearne used to rob people for a living, but sometime in the late 1980s or early 1990s he turned to a more lucrative livelihood: robbing the U.S. Treasury. Hearne's adopted brand of crime was electronic tax fraud. He and a band of Los Angeles cohorts joined a fast-growing group of crooks who are raiding millions of taxpayer dollars every year by filing false returns and getting quick, illegal refunds in the form of bank loans. The scams bring together clever ringleaders and large numbers of co- conspirators, often unemployed or homeless people who are willing to have their real names and Social Security numbers used on fake tax returns. In Georgia, such fraud is a growing problem, partly because electronic tax filing has been in place for only three years. "All of the kinks and bugs are going to have to be ironed out," said Loretta Bush, a spokeswoman for the Internal Revenue Service in Atlanta. However, she said, intensified efforts by the government to fight electronic filing fraud are working. Two Riverdale men recently pleaded guilty to filing false tax returns electronically. It was the first criminal prosecution of its kind in the Northern District of Georgia. The government charged that the men prepared tax returns for clients and, then without the clients' knowledge, altered the filings and claimed larger refunds than legally were due. The men arranged "refund anticipation loans" for their clients, using the returns with the inflated refunds. When a bank issued checks for the loans, the men endorsed the clients' names on the back of the checks, the government said. Then they deposited the money in their own accounts. The men then issued checks to their clients for the amount they were legally owed - and pocketed the difference. In Los Angeles, the fraud also involved bank loans. The crooks filed fraudulent returns electronically using the government's computerized tax-return system. Then they applied for bank loans based on the anticipated return. It takes only two to three days for the bank to approve such loans and for the scam artists to have checks in their hands. By the time IRS auditors discover what has happened, everyone involved usually has disappeared with the money - sometimes a great deal of it. Hearne and the government dispute the exact size of the take in his scam, but the total could top $1 million in false returns. Hearne, who denies he was the group's ringleader but has pleaded guilty to tax fraud and conspiracy charges, faces sentencing later this month. Hearne's case - which involved seven other defendants charged with similar crimes - is the nation's biggest so far. But Hearne has plenty of company in the electronic tax-scam business. "This is a major problem for us," said Dennis Crawford, chief of the criminal investigation division of the IRS's Los Angeles office. "It's what's hot right now. We've had to pull people off other areas to deal it." - ------------------------------------------------------------------------------ ============================================= Ads With '800' Numbers Don't Always Ring True ============================================= Elliott Brack, The Atlanta Constitution, Apr 1, 1992 Hey, no fooling. You may not believe this, but things aren't always what they seem. Really! Yet if anyone gave you a 1-800 telephone number, you would automatically think that it would be a toll-free call, right? Not always, we have learned. Though in most cases the 1-800 number is entirely free, the con artists have found another way to work a scam, aimed at getting into your pocketbook. You may remember that over the last few months we have reported a wave of mail to us and other people offering "free gifts," "free vacations" or "official notices" that you might have won something free. Actually, the way the message is composed, it appears that you are guaranteed of winning some major gift. In all instances, all you have to do is call the telephone number provided to learn what you have won. Up to now, it has been a 1-900 number for you to call, which should have told you it would cost you to dial that number. Yet the off-chance of winning something big has caused lots of people to pay those 1-900 toll charges - only to find that the prize is either less than they anticipated or inconsequential. CHARGES KICK IN IF YOU STAY ON THE LINE Now comes the new twist. Recently many people have received notifications, printed like a postcard, urging them to call a 1-800 number. It goes further than that. It says "call toll free 1-800 [number] for complete instructions." Now that would make anyone think there would be no charge for this call, right? Wrong. When they call the 1-800 number, they are connected to a computerized voice, which tells them to remain on the line and follow the instructions. It's here that the computer also warns that they will be billed for this service if they stay on the line. But since the postcard said "toll free," many people ignore this warning, only to find out later they have been billed for the call by their telephone company. DON'T BE FOOLED, ESPECIALLY TODAY If you stay on the line, here's what happens next. The computer asks you to punch in the 12-digit ID number listed on the postcard, as well as your telephone number and ZIP code, before the prize will be revealed. In other words, if you stay on the line, the con artists get enough information to bill you for telling you what you might have won. The 1- 800 number was used to lure callers, but what eventually happens is just like calling a 1-900 number. It all amounts to what appears to be one thing, but is distinctly another. This reminds me of what consumer advisers continually tell people: Don't give out your credit card numbers on the phone. Only this time, you also should not be giving out your telephone number, or else you'll get a bill from what appeared to be a 1-800 toll-free call. Today is April Fool's Day. Make a call to a 1-900 number, or even in some instances to a 1-800 number, and you could be fooled any day of the year. Things are not always what they seem. - ------------------------------------------------------------------------------ ==================================================================== Teen Accused of Avoiding Payment on $41,000 Worth of Phone-Sex Calls ==================================================================== Jeff Schultz, Atlanta Constitution, Apr 9, 1992 The first bombshell - to outward appearances a normal, $25, no-calls- to- Uncle-Fred-in-Pago-Pago telephone bill - arrived in the mail in December. Dorothy Brown opened it, waded through the stack of computer printed pages, and . . . and . . . "I nearly had a heart attack," she said. "I mean, $13,000! I thought that was bad enough. Then I got the next one." Ms. Brown's next bill from United Telephone arrived at her Mountain City, Tenn., home in January - this one in excess of $27,000. She still hasn't gotten over the shock, but at least now there's some knowledge to go with the palpitations. Christoper Brown, her 19-year-old son, has been indicted by a grand jury on a charge of attempting to avoid payment for services valued at more than $500. The services were phone-sex numbers. The total was nearly $41,000. Mr. Brown, who is accused of making 746 calls in a two-month period, was arrested Tuesday and is being held in Johnson County Jail in lieu of $10,000 bond. He will be arraigned May 1. This is the first time AT&T - the long-distance provider of the 900 services - and United Telephone have indicted somebody for telephone fraud related to such services. Tennessee is trying the case as a felony theft, punishable by a prison term, fines and restitution. Her son's future is only one of many concerns facing Ms. Brown, a machine operator at Levi Strauss and Co. During a 15-minute phone interview - she called collect - she asked a reporter numerous times, "This won't hurt my credit, will it?" and, "Am I going to have to pay for these calls?" She said she struggles to support herself and two sons in Mountain City (population 2,000) and added, "I'm having quite a bit of financial trouble as it is. I can't afford an attorney." Neither would she post bond for her son when he called her at work from jail at 10:30 a.m. Tuesday. "He still didn't act like he was sorry when I talked to him," she said. "He was kind of giving smart answers. I told him I couldn't [post bond]. He said, 'Yes, you can. You get down here and sign it.' I told him, 'No, you should've known better.' " Ms. Brown said that when she received the first bill, her son denied placing the calls. She suspected that a prisoner in the state penitentiary, 15 miles from her house, was billing calls to her number. "Then I started seeing tablets around the house with those numbers written on it. They're those romance numbers. I know he got them on TV. He don't have a job so he's home all day. I asked him about the numbers, but he said, 'Oh, it's nothing.' " She said that only after the second bill did Mr. Brown, , who last month was laid off from his job at a chair manufacturer, admit to the calls. Jim Cosgrove, a spokesman for United Telephone, said telephone fraud affects the industry to the tune of $500 million annually, "but it's difficult to get enough evidence to press charges." - ------------------------------------------------------------------------------ ========================================== Privacy Is Hot-Selling Item At $2 A Minute ========================================== Marilyn Kalfus, The Orange Country Regester, Apr 2, 1992 Richard Koch says he has no clue who his customers are. That's the point. Mr. Koch sells privacy - at $2 a minute. His Untraceable Phone Calls, based outside Boston, is a nationwide service that prevents people's telephone numbers from being identified and keeps their calls from being traced. So, just who's using this service? "I'm completely in the dark," Mr. Koch said. "It's kind of a strange business." When callers dial Mr. Koch's 900 number, they reach a computer near Las Vegas. The computer, which connects them to a nationwide long- distance line Mr. Koch buys from AT&T, gives them a dial tone. The number? 1-900-Stopper. "This is not a sleazy 900 service," Mr. Koch said. "It's quite the opposite. "The people who call want to have privacy," he said. "The only call that shows up on their phone bill is the 1-900-Stopper call." The cost is $2 a minute for calls inside the United States, $5 a minute for international calls. The service can be used for local calls, long-distance calls and calls to 800 lines, but not for calls to 900 lines. That way he avoids having to pay for 900-line calls that charge more than $2 a minute. Mr. Koch figures his service is especially popular in states that have approved Caller ID. "When any call you make or receive can end up in a marketing database, it's time for concern," he said. Mr. Koch also says his service is valuable for anyone who doesn't want his or her phone records showing up in court records. Daisy Ottmann, a spokeswoman for AT&T, confirmed that it works. Mr. Koch concedes that some people might use the service to hide criminal activity, calling it "a double-edged sword." But he said, "Criminals use the U.S. mail, and we don't keep track of everyone's mail. Criminals can go out and use a pay telephone and do the same thing." Indeed, anyone can conceal his calls by using a pay phone, Mr. Koch and Ms. Ottmann noted. "I just provide the convenience of using your home telephone," Mr. Koch said. "You don't have to stand in line at a pay phone and hope no one's looking over your shoulder." He estimates that more than 200,000 untraceable calls have been made on the system since it started two years ago. "They can't all be criminals," he said. - ------------------------------------------------------------------------------ ======================================== Italian Crooks Let Others Pay Phone Bill ======================================== Translated from "Tagespiegel" (The Berlin Daily Newspaper), Feb 22, 1992 Lui, Rome, 21. February 1992. [...] Half a million Italians are the proud owners of portable telephones. The cordless appliance has become the favorite toy of the Southerners, but the game may soon be over: the "telefonini" are not protected. Under the motto "Buy one, pay for two", crooks sell manipulated phones that are used so that the buyer has to pay for the toll calls of the seller. The trick works like this: the crooks take a computer with a computing program [whatever that may be--ed.] like the ones uses to crack automatic teller machines, and fuss with it until they find the secret code for the telephone. The code is a combination of the telephone number and the serial number that is supposed to only be available to the telephone company SIP. When the code has been cracked, it is no problem to transfer it to a second telephone, so that both telephones have the same license number. One phone is sold "under the hand" by the crooks. As an added deal, the buyer not only gets to pay his own phone bill, but the fees run up on the second phone as well. The Italian underworld is especially keen on using this method.[...] The mafia uses the "portabili" for conducting their unclean business. [... The police] have not been able to find the instigators, but they suspect that employees of the telephone manufacturing company are involved, as they have the knowledge of how the phones are constructed. [...] The portable telephone is well-known for the ease of tapping the telephone conversations [which cannot, however, be traced to the place of origin. A book calle "Italy, I hear you calling" with some of the more interesting tapped conversations has just been published.] - ------------------------------------------------------------------------------ =========================== Robber 'Foiled Bank System' =========================== The Independent (Uk), Mar 13, 1992 An electronics expert stole more than (pounds) 17,000 in a high-tech robbery spree, plundering dozens of accounts from automatic cash dispensers at banks, Paisley [Scotland] Sheriff Court was told yesterday. Clydesdale Bank chiefs claimed their dispensing system was foolproof and told angry customers that members of their own households must have been responsible for making withdrawals without their knowledge. Anthony Pratt, 32, a bank engineer, used a hand-held computer inside bank premises to record transactions being made by customers at "hole-in-the-wall" machines outside. He recorded the customer's secret number and later used it on plastic cards he made with magnetic strips. Pratt, of East Kilbride, was finally arrested after he took cash from a machine in Glasgow. He admitted conspiracy to rob and robbery. Sentence was deferred for reports until 2 April. - ------------------------------------------------------------------------------ =============================================== FBI Fear Phone Advances Will Hamper Wiretapping =============================================== LA Times, Mar 7, 1992 Washington- The FBI, contending that rapidly developing telecommunications technology is hampering the vital tool of wiretapping, proposed legislation Friday that would require the industry to ensure that improvements do not interfere with the ability to secretly record conversations. It also proposed that consumers pick up the cost of changing current wiretapping equipment to keep pace with new technology. If the problem is not solved, "terrorists, violent criminals, kidnapers, drug cartels and other criminal organizations will be able to carry out their illegal activities using the telecommunications system without detection." FBI Director William S. Sessions said. [...] At issue is the rapid move toward digital telephone communications and fiber-optic systems in which thousands of conversations can be carried by filaments roughly the size of a strand of human hair. William A. Bayse, assistant FBI director for technical services, and other FBI officals contend that the transmission of hundreds and sometimes thousands of digital conversations over a single link prevents current wiretapping technology from isolating conversations for recording as required under the 1968 federal wiretap law. [...] Other FBI offical said the expense could be passed on to telephone users at a cost of "probably less than 20 cents an average per month." [...] FBI officals maintained, however, that they already have encountered difficulties in recording digitally transmitted conversations, now used by about 10% of the nations phones. They declined, however, to give any examples of such difficulties. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Informatik Submission & Subscription Policy ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Informatik is an ongoing electronic journal, and thus we are faced with the ever present need for a steady influx of new material. If you have an area of interest or expertise that you would like to write about, please do not hesitate to contribute! We depend on reader submissions, especially for the "Hot Flashes" news reports. We do ask that any submissions fit the following guidelines... General Content ~~~~~~~~~~~~~~~ Material for Informatik should concern information of interest to the computer underground community. Examples of this include, but are by no means limited to scams, cellular workings, government agencies, fraud, clandestine activity, abuse of technology, recent advances in computing or telecommunications technology, and other of information not readily available to the public. Please include a title and author name. Text Format ~~~~~~~~~~~ * standard ASCII test * 79 characters per line * no TAB codes * no special or system specific characters * mixed case type News submissions ~~~~~~~~~~~~~~~~ * Submit only recent news items * Include the headline or title of the article the author's name (if given) the publication of origin the date of publication Subscriptions and Submission Address ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ We are happy to provide an Internet based subscription service to our readers. To be on our mailout list, send mail to our Internet address, "inform@doc.cc.utexas.edu" and include the word subscription in the subject of your message. If you do not have internet access, try to reach us through the many various BBS's across the USA, or route it through a friend who does have internet access. Back Issues ~~~~~~~~~~~ Back issues of Informatik are available via ftp at ftp.eff.org in the /pub/cud/inform directory. The site also contains a plethora of other electronic texts of interest to the "computer underground" community including Phrack, NIA, PHUN, and the LOD tech journals. /* End; Issue 03 */ ------- End of forwarded message -------