The Joys of Voice Mail

by snes

The key to most Voice Mail Systems (VMS) is that they are very user-friendly, but only if you know how to use them.  If your college has a VMS then you probably know how to use the main functions.  On the other hand, if you call in and try to widen your VMS horizons, then you will probably notice that it seems considerably more difficult.

They are designed this way, so you must be patient in learning the ways of the system.  One thing to remember is that it's easy to get system administration to help you - all you have to do is act extremely technically uninclined.

Example:  You want into someone else's mailbox for a limited time, so you tell your administrator that someone has changed your password and you can't get in.  When he asks for your mailbox number, say the numbers slowly, and just a little erratically.  This makes you sound unfamiliar with numbers, machinery, etc.  Remember: one of the best hacks is to act like a victim of one.  Now that you have some general ideas of voice mail, on with the meat.

Below is listed enough of the intricacies of "Meridian Mail" to get you going.  If anything, this article will be a guideline so others can document their systems for the rest of us.  Anything listed in outline form is simply for easy reading and quick access.

To get into a mailbox, dial the system number, then dial the 4-digit mailbox number, then #.  Dial the password (see below), then #.

In this system, most mailbox commands are 2-digits.  These include changing the password, recording messages of all kinds, and in mine, you can even change the preset for operator assistance.  Because of a prank I played in early 1992, my school now has randomly assigned passwords at the beginning of each year.

However, when a mailbox is first created, its password is the same as the mailbox number.  The lazy admin of most colleges leaves it like this.  The help hotkey for Meridian Mail is the * key.  Pressing this will bring sweet Ms. Meridian to your aid.

Playing pranks or just keeping an eye on your student government, the key lies in not utilizing one mailbox function, but rather in combining them.  Unfortunately, there are certain safeguards against password hacking in this system.  This also can work to your advantage: in this system, after the third incorrect password attempt, the mailbox in question will lock up, preventing access to anyone, even to the person with the right password (grin).  If you do get the right password, you rarely want to change it because as soon as the owner tried to access it, they would not get in and inadvertently lock it up, screwing up (maybe permanently) your access to that mailbox.

In one incident, a certain person was the victim of a fairly good hack/prank.  This served as a study and enabled collection of a great deal of information concerning the entire system.  For all practical purposes, we will give the victim the name Tony.

Tony did not change his password from the default, which made things quite simple.  In Meridian Mail, there is a command called "Distribution List" which enables a message to be sent to a list of numbers already entered into the mailbox.  As it turns out, it had the capacity to hold about 500 numbers altogether.  (Unfortunately, all of these had to be entered by hand.)  Another command is called "Acknowledgment" which sends a message back to the mother mailbox (in this case, Tony's) when the message was listened to.  The third and essential mailbox function was "Timed Delivery" which should be fairly obvious.

All of these were tied together when all of the numbers were entered into the distribution list, tagged for acknowledgment, and set for timed delivery, for four consecutive days.  What this did was send a junk message to 500 people.  But each time someone listened to it, they unknowingly sent a message of acknowledgment back to Tony's mailbox.

This resulted in approximately 500 messages a day in this poor soul's mailbox... for four days.  They tried changing his password, his number, just about everything.  But the system still had the remaining messages and still knew where he lived, so he continued to get them.  System Admin didn't know they were timed, so they had no choice but to assume that someone knew their admin commands and codes.  A friend of mine was fired from his computer lab job and rehired only after he convinced proper admin that a computer was not used, and definitely not the college's computer system which he knew so much about.

Several people were scrutinized during that week, but nothing could be done because all the work was done from public access phones.  Now beware - some schools monitor use to the point of recording it on disk and paper, as my school did last year.  They have stopped because of new management, but the ability remains.

So if you do stuff, don't do it from your phone.  The ultimate key is to play dumb and ask questions, because the most important secrets in life are entrusted to the stupid.