Path: ux1.cso.uiuc.edu!uwm.edu!linac!att!pacbell.com!lll-winken!telecom-request@eecs.nwu.edu
From: pahsnsr@jupiter.nmt.edu (Paul A. Houle)
Newsgroups: comp.dcom.telecom
Subject: Public FAX Machines/Phraud
Message-ID: <telecom11.817.5@eecs.nwu.edu>
Date: 13 Oct 91 19:41:52 GMT
Sender: Telecom@eecs.nwu.edu
Organization: TELECOM Digest
Lines: 43
Approved: Telecom@eecs.nwu.edu
X-Submissions-To: telecom@eecs.nwu.edu
X-Administrivia-To: telecom-request@eecs.nwu.edu
X-Telecom-Digest: Volume 11, Issue 817, Message 5 of 12

pay fax machines in public libraries and similar places, and some
people in the BBS community discovered a number of methods of phraud
based upon these machines.  Some of these machines contain an
automatic dialer that automatically calls an 800 number, where an
operator picks up the phone and asks for your credit card number,
verifies it, and connects you to your destination fax machine, running
the call through.  I don't know exactly how answer supervision is
handled here, but using fax machines, one could use the carrier tone.
  
       I discovered that, when the machine was unplugged, one could
pick up the handset and get a regular dial tone.  There is no
touch-tone pad, so it's impossible to dial out normally, but one can
dial by clicking the switchhook, and bopping the switchhook ten times
connects you to an operator, and you can give her the phone number
that you want to dial.  I used this to make a local call just to see
if this could be done, and I mentioned this to a friend.
  
      Other people in the BBS community in that area later discovered
that there was no toll restriction on those lines, either, so one
could dial two zeros, get an AT&T operator, and then call his phriends
anywhere in the world.  A person armed with a tone dialer would have a
whole spectrum of phraudulent options availible to him -- the 'start a
conference and transfer control to a pay phone' trick, never mind just
calling 900 numbers with a tone dialer just for the hell of it.
  
      Of course, I can't advocate any of this behavior because it is
illegal or immoral, but public fax machines, like COCOTS, have some
weaknesses against phraud -- and they really could design them quite a
bit better so they both provide better service and are more resistant
to people with evil intent.


[Moderator's Note: The public Fax machine that was installed in the
post office downtown was a sham, security-wise. They had the phone
line plugged into a modular jack mounted on the wall next to it. By
unplugging the Fax machine and plugging in an ordinary phone, you got
dial tone that would get you anywhere. And no one at the post office
seemed to keep an eye on the machine or care who did what over in that
corner of the (relatively, in the wee hours of the morning) deserted
lobby area. The machine was removed a couple months ago and the phone
line -- I assume -- turned off ... but who knows.   PAT]


Downloaded From P-80 International Information Systems 304-744-2253