Wherever You Go, There You Are

by Mr. Icom

It was the early 1980s when you started seeing personal "microcomputers" in RadioShack and in department stores such as Sears, Caldor, and Service Merchandise.  The stores fiendishly placed demonstrator models in their consumer electronics departments so unsuspecting children, such as the author, could get hooked on the digital gateway drug known as Beginners All-Purpose Symbolic Instruction Code (BASIC).  You start typing and, if you are of a certain ilk, the whole megillah hits you like a ton of bricks and you realize that you have the power to do almost anything with sequences of ones and zeros, and all you have to do is learn the language.  It was 1982 when I received my first computer, and I got my first modem in late 1983.  I quickly found Private Sector BBS, and from there learned about 2600 Magazine.  I had already become familiar with the terms "hacker" and "hacking" from reading Steven Levy's book, and from there realized two things: one did not need a computer or modem to hack, and that there was an actual word for what I had been doing ever since conscious memory.  Getting notions, asking questions like, "What is this?" and "How does this work?," doing research, exploring, and experimenting.  You get the idea.

One of my first, and probably least successful at the time, notions was noticing a rail line, now known as the "Old Put" that ended at the lumber store where my parents used to shop, and deciding it would be a neat thing to explore.  This was in the 1970s and I was about four or five at the time.  This was about ten years before I learned from reading Steven Levy's book that the original hackers at MIT in the 1960s started with model railroads, and used surplus telephone equipment to do switching.  A book I have on the "Old Put" showed it was abandoned a few years before I discovered it, and later I remember the railroad pulling the tracks up.  The old right-of-way remained mostly intact for a number of years, and I explored it thoroughly looking for something I still can't quite put words to.  These days it's a rail trail and much more accessible than it was in the 1980s.  What's interesting about these former rail lines is that telecommunications infrastructure was, and in many cases still is, often run underground along the same right of way.  One active rail line in my area still has standing utility poles marked "WUT" (Western Union Telegraph).  Another former right-of-way turned rail trail has AT&T underground cable signs every few hundred yards or so.  The underground cable markings all have fairly recent dates on them, and they are often near manholes.

My next notion involved the phone system.  Keep in mind this was still during the late 1970s and early 1980s when one had to pay for any calls outside those of your local area.  Running up the parents' phone bill was an ill-advised course of action, as was doing anything on a line traceable to you, but around town were these public phones that recently started providing you with a dial-tone without having to put a dime in first.  You still had to pay for most calls, except for 800 numbers.  It was right around this time that personal microcomputers began showing up at places where mundane parents would normally shop, and I discovered them along with modems.  Then one day my friend Jim, who moved to a neighboring school district a few years earlier, introduced me to his friend Jason who was a hacker and told me about the late TAP magazine and this new one called 2600.

Playing around in BASIC and early eight-bit assembly language was fun, but for me, hacking was more about networks, the lines of communications and travel that connect everything together.  Computers and modems were simply tools to learn about the network, and I discovered that learning about networks whatever they may be, was and still is more about the journey than it is the destination.  The destinations can be cool (and often are), but the fun was in getting there.  You can start this journey without leaving home, because where you live is at the terminus of at least one network you can explore, and may be along the lines of communications of a few others.  As a bonus, most of your initial exploratory efforts can be passive and/or legal.  The former is good because passive exploration generates no signature for the most part.  The latter is good because you don't want to get your ass in a sling and have to hire a lawyer to get you undone.

Go outside for a minute and take a look at the utility pole in front of your home.  It should look something like what you see in the picture.  The two sets of wires labeled 1A and 1B are electric.  Number 1A is the primary at 10,000 plus volts in the U.S.

From there it goes through a transformer which is the can below the primary wires to a nominal 220/110 volt feed to your house, labeled 1B.

Don't fuck with those, because they will kill you in a painful and demonstrative manner.

Number 2 is the feed from the Cable TV (CATV) company.  It probably looks silver in color.  That's a radio frequency feed, and probably the most interesting of the lot due to the bandwidth that's coming down to your house if you have the service.  It potentially has both broadcast audio/video and Internet service on it.

Number 3 belongs to the phone company.  It's probably black in color.  In most places it's a bundle of copper wire pairs, or maybe a fiber optic line.  It used to be that you could get a dial tone off it, but it's just as likely to be a digital VDSL signal instead, with the dial tone provided by your VDSL modem instead of telco switching equipment at the CO or RT.

Now look on your roof.

Back in the days before CATV was ubiquitous, people put antennas on the roofs of their homes to receive broadcast TV signals.  This is now called "Over-the-Air" (OTA) TV, and is still a thing among some people because it is free.  Last time I looked at OTA signals, I was in central Wyoming, one of the most remote places in the continental USA, and still managed to find 15 OTA channels with little more than a hunk of coat-hanger wire stuck above the roof line of a ranch house, maybe 10 to 15 feet off the ground.  If you have an antenna on the roof, there is still probably some feedline going down into your home somewhere, and there still might be a working directional rotor system that lets you aim the antenna in different directions.  Note this for later because that TV antenna probably has a frequency coverage range of about 50-900 MHz and may be useful in future explorations.

What I've just pointed out to you are a few avenues of exploration that don't require you to do anything but observe and pay attention to what you discover, and take notes.  This passive observation is undetectable, and for the most part totally legal.  Finally, it shows you firsthand how things work in the real world.

Let's start at the bottom, and take a look at the phone line coming into your house.  If your dial tone is provided by the black box hooked up to a VDSL or FiOS line, then there probably isn't much you can do.  If, however, you still have a POTS local loop going to an SLC or RT down the road, or perhaps all the way to the CO, there is an opportunity to hear all sorts of interesting things while your phone is on-hook.  The condition of your cable pair might be poor enough that you can hear crosstalk.  You might hear a technician borrowing your line to make a phone call.  You will also be able to hear any testing going on with your phone line, and anyone who decides to "Beige Box" off your pair.

The easiest and safest (for your equipment) way to do this is to build a telephone recording interface as shown here.  This schematic will allow low-level AC (audio) to pass through to the recording device, while blocking the nominal 48V and 90V line and ring voltages.  A low enough DC resistance on the line will cause it to go off-hook, and the ring voltage might damage any experimental equipment you have connected to the line.

For under $50 you can buy a voice-activated digital recorder that'll give you over 60 hours of recording time, or you can feed it into your soundcard input for recording to your PC.  Software and stand-alone electronic devices exist that will allow you to decode DTMF tones.  Recording your telecom experimentation (provided you're not otherwise breaking the law) and monitoring your line for service trouble is generally legal within certain guidelines that vary state to state.  Decoding the DTMF data that's being sent on a phone line you pay for is also legal.  Recording someone else's phone conversations is generally not legal.

Going further up the pole, the CATV feed gets more interesting.  That coaxial cable feed coming into your residence contains RF signals from 7 MHz to 1 GHz.  The frequency range from 54 MHz - 1 GHz is the downstream side going from the head-end to your residence, and 7-50 MHz is the upstream side for signals going back to the head-end.  Depending on the CATV system, the signals on the feed may be analog, digital, or a combination of both.  Also, depending on the level of CATV service your residence subscribes to, there may be filters on the CATV feed to block certain frequency ranges used by services/channels that are not in your subscription.  If you don't have any service, the CATV provider may have installed a filter that blocks all RF from coming down your coax feed.

Depending on the weather or how busy the tech was that particular day, a filter may not have been installed after service was discontinued.  Filters such as these were mostly a thing back in the days of analog television when you could just hook a TV up to your CATV feed and get a nominal level of service.  CATV service providers who are up to date are all digital and fully encrypted.  They rely on the encryption to prevent theft of service.  In this case your mileage may vary, and the only way to find out is to plug into the system and give it a look.

I purchased a Wavetek SAM (Signal Analysis Meter) at a hamfest (amateur radio swap meet) a few years ago for $20.  This receiver was used by TV technicians to check the signal strength at a customer's residence when installing a feed and troubleshoot system problems.  My SAM has a frequency range of 0-300 MHz, but some go up to 890 MHz for UHF over-the-air television.

When TV went digital, the older analog SAMs started getting sold for pennies on the dollar.  These days, the older SAM units are popular with FM broadcast band radio enthusiasts.  I hooked mine up to a disconnected Comcast CATV feed to discover what I could hear.  The only things I heard were a couple of local AM broadcast band stations, and the digital buzz of the TV channel signals.  The latter was to be expected, and I'm guessing the former was due to the length of the coaxial cable feed from the pole acting as an antenna.  A TV receiver was then attached to the system and, not surprisingly, I discovered that the system was 100 percent encrypted.  Regardless of the outcome, you don't know what you might find on a communications cable feed unless you explore and go look.  I'm an old-school analog hardware hacker type, and prefer gear like the Wavetek SAM that I can easily take apart, work on, and modify if I so desire.  Getting that kind of gear involves visiting places like hamfests and surplus stores looking for older gear cheap.  If this is not for you right now, you can duplicate the previous exercise with an RTL-SDR.  You will likely need an RF adapter to connect the male F-connector on your CATV coax to whatever your RTL-SDR is using, probably either an SMA or BNC female.

So far you've looked at the terminus of two different communications networks that feed into your home.  Depending on the age of your telecom and CATV infrastructures, you might have discovered some interesting things or nothing at all.  Whatever you found, you were still limited by the bandwidth of the media and the equipment on the other end.  Now you get to expand your reach into the aether.  Earlier in this article, I asked you to look on the roof of your residence to see if an OTA TV antenna was still there from the days before CATV.  You should check even if you live in an apartment building complex.  When I moved out of my parents' house in the mid 1990s, my first apartment had a TV antenna feed despite also being wired for CATV.

Twenty-five years later I checked Google Street View, and there is still an antenna on the roof of the building.  If you have a modern (digital) TV, plug it into the cable coming down from the antenna, and do a channel scan.  See what OTA channels you can receive, and research the location of the stations' transmitter sites on the FCC web page.  If the antenna and cabling to it is still serviceable, you should be able to pick up something.  OTA TV might be interesting for a little while if you can get PBS or an independent station that's not affiliated with the big four (ABC, NBC, CBS, and Fox), but if the OTA feed is working, you should connect an RTL-SDR to it and see what else is out there.

If the antenna system has a rotor on it (many home systems did), you will want to find the controller, hook it up, and see if the rotor still works.  Point the antenna in different directions and note how the reception changes.  Start by pointing it in the directions where the horizon is lowest, and then try pointing it at the highest elevation on the horizon.  Enter in your location at www.heywhatsthat.com to find these.

When investigating the airwaves, you will find a host of signals across the spectrum that your RTL-SDR covers.  You will discover analog and digital voice signals that are easily demodulated and decoded if unencrypted.  You will also discover data signals.  Some data signals will be easy to decode, others may be proprietary and a little more difficult, and a few might be encrypted.  You will also notice what are known as non-communications emitters.  You will initially have no idea what these are, but you can still investigate them and find=out what they belong to.  CPU frequencies from the lowly 33 MHz Intel 486 to the 1+ GHz Intel Core models are worth noting for future reference while checking out the airwaves.  RF exploring (a.k.a. aether surfing) is a subject worthy of its own article, and I'll talk about it in detail in my next one.

No matter where you go, you will find opportunities for hacking.  You just need to look for them, and you can start where you are right now.  It doesn't matter what you find, if anything, because this is really more about the journey than the destination, and what you learn in the process.  I can recall, during my early hacking days in the 1980s, reading on BBSes about the exploits of other hackers who lived in more populated areas than I did, and finding that a lot of it didn't apply to me in the suburbs.

I did, however, discover equally interesting things when I started looking around and observing where I was, and I tailored my experimentation accordingly.  You may find yourself in a similar situation.  Don't be afraid to wing it, and just start hacking with what you have and can find.

Return to $2600 Index