News Items
You wouldn't know it walking around in the streets and malls, but our nation is facing an incredible crisis. Phone numbers are running out faster than anyone expected. New area codes are being created almost weekly. And, in what is bound to be a first, one area code is on the verge of exhausting its supply of numbers before anyone has even used it. According to Bellcore, exchanges in the new 500 Special Area Code (SAC) for personal communication services are being assigned so quickly that at least one more code will probably be necessary in the very near future. (We're told it definitely won't be of the X00 format.) AT&T is currently offering three exchanges: 346, 367, and 677. They say they won't be discontinuing their 0-700 EasyReach service but it's pretty obvious they want their customers to switch to their new 500 service called True Connections. They say it will have better features, like Call Scheduling, Call Sequencing, and Voice Mail and, unlike 700 numbers, it won't be necessary to dial into the AT&T network to reach the number.
Speaking of AT&T's EasyReach service, there have been some changes. For one thing, we're no longer using our 10288-0-700-751-2600 number for access to our voice BBS. You can dial direct at 516-473-2626. But we are using the 0-700 number for all kinds of other things, including AT&T's newest feature. You can now forward your EasyReach number to go to almost anywhere in the world. Callers to the number, however, are warned that they are about to be charged for an international call to [insert name of country here]. Apart from the joy of hearing the recording speak the name of funny-sounding countries, it is now possible for anyone in this country to give others a huge phone bill just by having them call into their EasyReach number. (EasyReach call forwarding works differently than regular call forwarding - EasyReach bills the original caller while normal call forwarding bills the person forwarding their phone.)
For example, if you were to call our 0-700 number anytime in the near future, you could wind up with a phenomenal bill very quickly because we've forwarded it to Inmarsat Atlantic West (country code 874). This is the most expensive long distance call you can make - the rates are $30 for the first three minutes and about $1 per six seconds thereafter. You have to hit a couple of Touch-Tones to verify that you really want to do this but no international access is necessary. And, no, we don't make anything from calls to that number - in fact we have to pay $7 a month to keep it. And we are not encouraging anybody to call it, except maybe to hear the funny warning recording.
700-460-1000 (via AT&T) is a toll-free number to make appointments to call Cuba. However, the only time you can make appointments is between 9 pm and 11 pm Eastern Time. We're not sure why they have to use a 700 number for this when an 800 would have sufficed. By the way, did you know there are only two phone lines from the United States into Cuba and they go by way of Italy? Seems the whole thing is the result of a squabble between the two governments over surcharges for collect calls. Negotiations are under way to increase that number to several hundred.
You can now access via modem Bellcore's vast database of documents and search for specific titles and product numbers. To access the system from the Internet, Telnet to info.bellcore.com and login as cat10. If you don't have net access, you can call 201-829-2005 and type telnet info at the annex: prompt. You can then login as cat10. No password is required.
Look for new numbers in the 555 exchange to start showing up soon. Historically, 555-1212 has been used for directory assistance and every other number in the exchange has either gone unused or also was connected to directory assistance, sometimes without incurring a charge. Now the 555 exchange is being opened up to all sorts of public information services. Numbers can be for one area code, multiple area codes, or nationwide. They've even considered what to do about fictitious numbers like the kind seen in films and on television. Currently almost any number in 555 can be used. But under this new system, only 100 numbers would be usable: 555-0100 through 555-0199. Anyone interested in obtaining application forms can call: 201-740-4645
The good news is that directory assistance rates are going down by 45 percent. The bad news is that it's not in the United States but in the United Kingdom. It seems all of this automation is saving them money so they're passing it onto the consumer. Calls from payphones or by disabled persons to directory assistance will continue to be free. Charges for information were introduced in April 1991.
Wiltel has sunk to a new low in finding ways to collect large sums of money for phone calls. By dialing 10658-0-416-444-2222, you're connected with a sex line that charges $3.99 a minute. The Wiltel 10555 prefix also works in this manner. And what's even worse is that any phone line unfortunate enough to select Wiltel as its primary carrier need only dial 0-416-444-2222 to be charged a huge amount. Up until now, 0+ calls implied operator assistance. Thanks to Wiltel, you can now be charged a lot extra without ever coming into contact with an operator. But the real icing on the cake is the fact that the ten-digit number in real life has no relation to the ten-digit number that Wiltel has concocted. Result: some poor person in Toronto is getting tons of calls from slobbering sex callers in the States who think that Wiltel's number corresponds to the actual number. We would love to know what Wiltel was thinking when they introduced this service. Also, how on earth would someone make a 0+ call to that 416 number if Wiltel were their primary carrier?
According to a former government official quoted in Federal Computer Week, "On any given day DOD literally does not have control of five or six of its computer systems; the hackers do." Password sniffers that capture the first 120 keystrokes of a session seem to be the biggest cause for concern. According to Michael Higgins, a DOD official, hundreds of thousands of passwords, perhaps millions, have been captured in this manner. And they say that hackers are even getting in through fax machines! If the fax is connected to an office LAN or is also a network printer, access to the network through the fax is possible. With stories like this circulating, we can only wonder what the ultimate "reaction" will be.
BI Profile is one of the automated check-in systems used for people on probation. Callers dial 900-737-6781, enter a personal identification number and a password. According to the pamphlet that comes with this "service," "A charge for this service appears on your home telephone bill. This is part of your supervision that you are expected to pay." The system uses Touch-Tone or voice recognition and asks the following questions: "Has your home address changed since you last checked in? Has your phone number changed since you last checked in? Have you changed jobs since your last check-in? Have you had any trouble with the law or been rearrested since you last checked in? Are you following the requirements of your supervision such as court-ordered payments, treatment, counseling, or other conditions?" If your answers indicate anything other than normalcy, you'll be asked to go into detail. The system tells you when to call again. But the most important part is a lesson in courtesy we can all benefit from. If you hang up before the computer says "Goodbye," your call will not count at all.
The FCC has finally started to take action to prevent certain 800 toll-free numbers from charging customers. (They really know when to take a stand, don't they?) But there still may be some of these rip-off numbers operating. Don't dial:
A couple of other exchanges that could be trouble are: 719-898-XXXX and 303-960-XXXX.
Speaking of rip-offs, we must advise you never to use phones inside hotel rooms except for making internal hotel calls. Here's an excerpt from the billing page of the Omni Shoreham Hotel in Washington, D.C.: "Local Calls: Billing commences after 45 seconds. A $1.10 charge will be added to your account for each local call, third-party call, and credit card or collect calls." In other words, even if you think you're billing it to your calling card, you'll wind up paying twice. "Long Distance Calls: $1.50 + Daytime AT&T charges." In addition to a surcharge, you won't even get a time of day discount. "Information: $1.76." There are no words to describe that outrage. Finally, the kicker - "Toll Free Calls: $1.50." And they wonder why people steal the towels.
How do cellular companies handle fraud? Not as effectively as they could, according to what we've seen. From United States Cellular Corporation (USCC):
"The cellular industry is engaged in a constant battle against tumbling ESN fraud. At present, there are three alternatives available to minimize the negative impact of this problem.
1.) USCC can ask a roaming partner to deny roaming privileges to a MIN that is tumbling its ESN.
2.) USCC can deny roaming privileges to all roamers temporarily by deleting our exchange from a roaming partner's switch.
3.) Cellular carriers can implement pre-call validation systems designed to detect tumbling ESNs and shut down fraudulent roamer calls in progress.
Unfortunately, this last alternative is in many cases cost prohibitive. The most commonly used solution is to deny roaming privileges to all roamers on a temporary basis...
"If fraudulent calls do appear on your customer's bill, instruct your billing or customer service representative to review the Billed ESN Mismatch Report. This report details all calls that passed our roamer call edit. Remember that our roamer call edit searches the MIN and the first three-digits of the ESN. It does not check the entire ESN. If a fraudulent user programs a phone with your legitimate customer's MIN and with an ESN that matches the manufacturer's code of your customer's phone, the calls will appear on your customer's bill."
Here are steps that one cellular company takes against four types of fraud:
- Tumbler Fraud
- Customer disputes roaming charges appearing on a bill.
- Check the current Billed ESN Mismatch report for customer's MIN.
- If customer's MIN appears on the Billed ESN Mismatch report along with the disputed call, review the past three bills for calls placed to disputed telephone number.
- If review of past three bills does not show calls to disputed number, credit customer's bill with Disputed Roamer Charge Adjustment voucher code.
- Contact the Corporate Fraud Control Analyst if the disputed dollar amount exceeds $250. Have photocopies of disputed charges, three previous bills, and voucher ledger available to send to Corporate Fraud Analyst upon request.
- Cloning Fraud
- Customer disputes roaming charges appearing on a bill.
- Check the current Billed ESN Mismatch report for customer's MIN.
- If customer's MIN does not appear on the Billed ESN Mismatch report, contact Corporate Fraud Control Analyst immediately for further instructions.
- Have photocopies of disputed charges and three previous bills available to send to Corporate Fraud Control Analyst upon request.
- Do not credit customer's account before speaking to Corporate Fraud Control Analyst.
- Subscription Fraud
- Welcome package is returned as undeliverable and two attempts to locate the customer are unsuccessful - or - unable to locate a customer who has an outstanding balance.
- Suspend the customer's ESN/MIN in the switch - or - begin the collection procedures.
- If unable to contact customer or collect an open balance, finalize the customer's ESN/MIN.
- Pull ESN/MIN out of the switch.
- Notify Corporate Roaming Department of ESN/MIN non-pay status.
- If outstanding account balance is unusually large or anything seems out of the ordinary, contact the Corporate Fraud Control Analyst for further instructions.
- Do not credit customer's account before speaking to Corporate Fraud Control Analyst.
- Stolen Phones
- Customer enters office to activate a used cellular phone (customer provided equipment).
- Phone's ESN is found in the switch's local deny file - or - circumstances surrounding the activation seem out of the ordinary.
- Contact the Corporate Roamer Hotline to verify that the phone has not been stolen.
- If phone's ESN is listed as stolen in the Industry Negative File and a police report has been filed, do not activate the phone and do not say anything to the customer. Attempt to confiscate the phone. If you feel that you are in danger, calmly tell the customer that the phone cannot be activated due to industry regulations and that the phone will not be usable nationwide. If the customer does not wish to give up the phone, have a coworker contact the police. Obtain the customer's driver license number and vehicle license plate number. Be prepared to provide local police with detailed information about the applicant.
- If phone's ESN is listed as stolen in the Industry Negative File and a police report has not been file d, activate the phone once the Roamer Hotline has confirmed that the stolen entry in the Industry Negative File has been restored.
Recently, one of our writers confused the hell out of Pennsylvania Turnpike tollbooth collectors when the magnetic strip indicator showed a time span of several days for a trip of a couple of miles. This led to an extended discussion with tollbooth authorities who referred to a "maximum time formula" and an exchange of letters, excerpts of which follow: "As a frequent traveler on the Pennsylvania Turnpike, I would like to know the specific requirements that drivers such as myself are bound to so that I can achieve maximum compliance and enjoyment of the Turnpike in general." The Pennsylvania Turnpike Commission would not tell our writer what the maximum time formula was but "Such information would certainly be provided to any motorist charged with such a violation." In other words, you'll find out what the law is once you break it and not an instant sooner.
Those of you capable of dialing Milo, Iowa can take advantage of immediate free Internet service with no validation. Dial 515-945-7000 for access. This system is only available as a dial-in but it has full Internet access in every other way. We don't know who's behind it or anything else about the system except that they use unshadowed passwords and the phone number you give them will show up in the passwd file which everyone can see. Apart from that, we'll reserve judgment until we learn more.
The following comes from an AT&T press release dated August 17, 1994:
AT&T has formed an investigative team to track the theft of business long distance service to the "hacker's hideout."
AT&T Global Business Communications Systems (GBCS) has created an investigative unit whose sole purpose is to monitor, track, and catch phone-system hackers in the act of committing toll fraud. The unit will initiate "electronic stakeouts" with its business communications equipment customers in cooperation with law enforcement agencies, and work with them to prosecute the thieves.
"We're in a shoot-out between "high-tech cops" - like AT&T - and "high-tech robbers" who brazenly steal long distance service from our business customers," said Kevin Hanley, marketing director for business security systems for AT&T GBCS. "Our goal is not only to defend against hackers but to get them off the street."
AT&T said hackers today are more sophisticated and organized than ever before. For example, a publication for hackers celebrated its 10th anniversary this past weekend by gathering hundreds of hackers in New York City to share their tricks of the trade.
Although communications and computer companies continually educate business customers on protecting themselves from hackers, illegal access continues to cost billions of dollars in losses of long distance service and proprietary information.
"We're working with our customers to beef up security to effectively battle well-organized hackers," Hanley said. "Our 'SWAT' team can shut down some of the worst offenders, but businesses still must be as aggressive in protecting their communications systems as hackers are in attacking them."
As part of its equipment maintenance services, AT&T's Technical Service Center in Denver uses advanced "expert systems" to conduct security as well as maintenance checks 24-hours-a-day on AT&T business communications equipment. When system vulnerabilities are detected, customers are alerted and advised on how to increase security.
The new program takes this further. AT&T's investigators, using data collected by the expert systems, profile hacker activity. They then contact customers and work with them and law enforcement authorities to "stake out" the customers' vulnerable access points. When unauthorized access occurs, the team gathers information on the hacker and springs the trap for prosecution.
AT&T also offers a broad range of other security systems and services to protect business customers against toll fraud, such as AT&T's Hacker Tracker (TM) software for call accounting systems and NetProtect (SM) service, which monitors and alerts customers of suspicious calling patterns on their business communications systems.
The first thing that comes to mind upon seeing this is that these people have really missed their calling. All this talk of stake outs, SWAT teams, cops and robbers, and attacks makes you think these people really wanted to be cops but for whatever reason wound up in their air-conditioned corporate offices drawing huge salaries. Apart from the gross distortions of reality that they've claimed as fact in the past, it should be noted that the sole purpose of this press release was to get publicity for dubious new products that AT&T is releasing at, no doubt, a grossly inflated price. What better way to spur sales than to create an atmosphere of hysteria and anti-hacker fervor?
Speaking of the latest from AT&T, check this one out: 800-433-3210. What is it? Merely the latest in AT&T's "You Will" campaign to invade our privacy and sell information about us to anyone wanting it. The service allows you to have a House of Windsor catalog sent to anyone you choose. Just enter their phone number and off it goes. Oh, did we mention that the computer tells you the address of the phone number you've entered? There are gaps in the database but unlisted numbers don't appear to be treated any differently than listed ones. In other words, if someone can get your phone number - listed or unlisted, this 800 number, using AT&T's Infoworks product, will give them your address. Business addresses can also be obtained in this manner. AT&T appears to get this information from local phone companies and, judging from what we've seen, is taking no precautions to protect it against misuse.
Those of you with a copy of the new crime bill might want to look at the Computer Abuse Amendments Act of 1994. By changing the word "intent" to "reckless disregard," the number of hackers prosecuted could substantially increase. Another change broadens the type of computers that someone can be prosecuted for accessing from "federal interest computers" (banks, government agencies, etc.) to computers "used in interstate commerce." That basically means any machine hooked to the Internet.
Finally, here in 516, an era has ended. For the first time ever, effective September 24, we're now required to dial 1 before an area code when calling outside 516. The 516 and 914 area codes were two of the last areas where it was still possible to just dial an area code without a preceding 1. Since area codes will be indistinguishable from exchanges starting in January, it was necessary to adopt the same standard as everyone else. Please be patient while we try to catch up to the rest of the country.
New Area Codes for 1995