Path: ux1.cso.uiuc.edu!uwm.edu!linac!att!pacbell.com!lll-winken!telecom-request@eecs.nwu.edu From: pahsnsr@jupiter.nmt.edu (Paul A. Houle) Newsgroups: comp.dcom.telecom Subject: Public FAX Machines/Phraud Message-ID: Date: 13 Oct 91 19:41:52 GMT Sender: Telecom@eecs.nwu.edu Organization: TELECOM Digest Lines: 43 Approved: Telecom@eecs.nwu.edu X-Submissions-To: telecom@eecs.nwu.edu X-Administrivia-To: telecom-request@eecs.nwu.edu X-Telecom-Digest: Volume 11, Issue 817, Message 5 of 12 pay fax machines in public libraries and similar places, and some people in the BBS community discovered a number of methods of phraud based upon these machines. Some of these machines contain an automatic dialer that automatically calls an 800 number, where an operator picks up the phone and asks for your credit card number, verifies it, and connects you to your destination fax machine, running the call through. I don't know exactly how answer supervision is handled here, but using fax machines, one could use the carrier tone. I discovered that, when the machine was unplugged, one could pick up the handset and get a regular dial tone. There is no touch-tone pad, so it's impossible to dial out normally, but one can dial by clicking the switchhook, and bopping the switchhook ten times connects you to an operator, and you can give her the phone number that you want to dial. I used this to make a local call just to see if this could be done, and I mentioned this to a friend. Other people in the BBS community in that area later discovered that there was no toll restriction on those lines, either, so one could dial two zeros, get an AT&T operator, and then call his phriends anywhere in the world. A person armed with a tone dialer would have a whole spectrum of phraudulent options availible to him -- the 'start a conference and transfer control to a pay phone' trick, never mind just calling 900 numbers with a tone dialer just for the hell of it. Of course, I can't advocate any of this behavior because it is illegal or immoral, but public fax machines, like COCOTS, have some weaknesses against phraud -- and they really could design them quite a bit better so they both provide better service and are more resistant to people with evil intent. [Moderator's Note: The public Fax machine that was installed in the post office downtown was a sham, security-wise. They had the phone line plugged into a modular jack mounted on the wall next to it. By unplugging the Fax machine and plugging in an ordinary phone, you got dial tone that would get you anywhere. And no one at the post office seemed to keep an eye on the machine or care who did what over in that corner of the (relatively, in the wee hours of the morning) deserted lobby area. The machine was removed a couple months ago and the phone line -- I assume -- turned off ... but who knows. PAT]