During a telephone conversation I heard through my Fellows Amplified
Headset that was connected to a multi line PBX style phone the
following: "Two minutes and your cell phone will be disconnected
unless new payment is received". One minute later the same warning
then the connection between my client and I was terminated.
My client called me back and asked why I had hung up on her. I figured
she was using a cell. Not so. My computer tracks the source of all
incoming phone calls as I have a toll free number so I checked her
number she called me on through Google and it was indeed a listed home
number. So neither One of us was on a cell phone. Even more
interesting she says she heard none of the warnings to terminate. This
warning was a strong clear recorded voice. I am in a single office
surrounded by other businesses owned or operated by unassociated
people except we are part of this complex renting individually. 1
large space , 50 individual offices. Suffice to say someone who could
hear my conversations, both sides, would have much to gain financially. 

Recently(60 days)a person asked to locate in the office next to mine while
there were 20 other available offices. His business is such that he
would benefit from my conversations.

SBC, the local phone co. will be out next week . The Sheriff was
notified and awaits their analysis.
The office manager said they both seemed less than enthused. There is
the background. 

Here is the question: With the setup I have described could someone
who has access to the phone wires "phreak" my phone or headset and
what would the setup look like.Why the cell and why could only I hear
the warnings?

---

Request for Question Clarification by aht-ga on 28 Oct 2004 22:20 PDT

maluca-ga:

Can you please provide some additional information that might help
with this question?

1. You mentioned a "multi line PBX style phone". Can you please tell
me more details about your phone system, such as whether it is indeed
run off of a PBX, whether the PBX is yours and yours alone as opposed
to shared with the other tenants of the facility, and whether you have
a direct-dial number from the outside as opposed to an extension.

2. You mentioned your Fellowes amplified headset, can you tell me
whether this is a wireless model? If so, what is the model number?

Thanks,

aht-ga
Google Answers Researcher

---

Clarification of Question by maluca-ga on 16 Nov 2004 17:51 PST

AHT;
Sorry this took so long..I missed the request for clarification request.

The phone system is run by a desktop computer. A light blinks next to
a button and I push it to speak. My phone set has the name ISOETEC on
it. There is mention on the back of the phone of it being part of a
EZ-1 ISOETEC system with software. It is shared with other tenants. It
is answered by a receptionist during the day and can be direct dialed
using the same number if shae does not answer such as after 5pm.

The Fellowes headset is not wireless.

Thank you.

Dear maluca,

Your use of the term "phreaking" is perfectly acceptable by the
conventions of the hacking subculture.


"Phreaking is a slang term for the action of making a telephone system
do something that it normally should not allow. [...] A phreak or
phreaker is a person who engages in the act of manipulating phones in
this way. [...] Most of the techniques formerly used in phreaking are
no longer effective due to changes in the telephone system."

Wikipedia:  Phreaking
http://en.wikipedia.org/wiki/Phreak


Based on recent events, you suspect that some malefactor has compromised
your phone system and is using the breach to eavesdrop on your
conversation. Judging from the details of your case and using my general
knowledge of telephone security, however, I conclude that your suspicion
is ill-founded and that you are not the victim of a phreaker. It is far
more likely that what you experienced was a case of interference or the
result of a technician's human error. I shall consider the circumstances
you describe one by one.

First, however, let me address the two questions you originally posed. You
ask whether someone could have phreaked your phone or headset. The
particular phreaking exploit that concerns you is the age-old one of
eavesdropping. The answer is that someone could theoretically have been
eavesdropping by means of a receiver/transmitter implanted in your
headset or directly in your phone, and might conceivably be doing so
at this moment. But the probability of such a crime taking place is no
greater, on the face of the evidence, for you than for anyone else. In
other words, it is unlikely to the point of negligibility that someone
is eavesdropping directly on your phone.

Even if eavesdropping were taking place through an implanted
receiver/transmitter, its symptoms would not resemble the curious
phenomenon you experienced. The intercepted conversation would not be
transmitted by a cellphone, but on some low-power radio frequency to a
nearby tape recorder that the malefactor would periodically refresh with
blank cassettes. Alternatively, the radio signal would be picked up in
a nearby location by a live agent listening on the appropriate bandwidth.

If someone wanted to eavesdrop on you, a far better approach would be
to tap your phone line at a point outside your office. Bear in mind
that the signal you receive in your office has traveled there from the
building's phone box. To minimize the risk of detection, a malefactor who
wanted to eavesdrop on your conversations would tap the wire somewhere
between the phone box and your office. They would certainly not take
the conspicuous step of moving in right next to you. Such a move would
do nothing to promote the effectiveness of the eavesdropping operation
and would have the side effect, undesirable to the criminal mind, of
attracting suspicion from wary citizens.

A wiretap is not usually the physical connection with a phone line that
most people like to imagine. Instead, it suffices to place a metallic
coil in close proximity to the telephone wire. In an electrical process
known as induction, the coil resonates in synchrony with electromagnetic
radiation emanating from the phone line. The end result is that the
agent can pick up your phone conversation through his coil without
having to physically alter the telephone wiring. It may interest you
to know that this same process of induction often results in telephone
signals leaking throughout a building by means of electrical wiring
running near the phone lines. I learned about this some years ago when
I found that I could eavesdrop on the telephone in my parents' house by
holding a portable AM radio near the fluorescent lights in the basement.
Through the radio earphone, I could then hear the soft but quite distinct
murmur of private conversation.

All of this is to say that tapping someone's phone line is a simple
act to accomplish, certainly a much simpler one than hacking into a
telephone exchange in pursuit of one particular person. Fortunately, a
wiretap is readily detected by a compact gizmo that you can buy at some
electronics boutiques and at any good surveillance shop. This is because
the induction effect draws some current from the telephone line. At the
same time that your signal leaks, some power is leaking as well.


"There are a number of ways to monitor telephone conversations:

"* Recording the conversation - the person making/receiving the call
records the conversation using a 'telephone pickup coil' attached to
the ear-piece, or they fit an in-line tap with a recording output. Both
of these are easily available through electrical shops. Most who record
telephone conversations, such as journalists, will use the recording for
their own private work. But be aware that anything you say to someone
you don't know may be recorded and used for other purposes.

"* Direct line tap - this is what the state used to do via the telephone
exchange. But unofficial tapping, where the user's line is physically
tapped near the house, is also possible. The tap can either involve
a direct electrical connection to the line, or a coil placed around
the line to pick up the signal inductively. There will be some drop in
signal levels because of the loss of power from the line, and it may
also generate noise on the line. Direct taps usually require regular
maintenance, either to change tapes or replace batteries, which may give
away their presence.

"* Radio tap - this is like a bug that fits on the telephone line.
The state does not normally do this because they have access via the
exchange, though certain organizations exempt from the common framework
of law that applies to citizens may use devices like this. It can be
fitted to one phone inside the house, or outside on the phone line. It
may produce noise (you might even get signal feedback down the line
on amateur made equipment) to alert you, but probably not as modern
state of the art equipment operates in the 30-300 GHz range. The unit
is powered from the line so once installed it's maintenance free, and
only transmits when there is a call in progress."

Wikipedia: Wiretap: The unofficial tapping of telephone lines
http://en.wikipedia.org/wiki/Wiretap#The_unofficial_tapping_of_telephone_lines


"Your phone line can be wiretapped or bugged and the telephone instrument
itself can be quickly and easily converted to a very efficient room
monitor.

"Not too much can be done about down-line taps. However, using the J1030,
you can check your phone line for on-premises series and parallel bugs
and wiretaps. You can also check your telephone for the most common
types of hook switch bypasses."

SpyVille: Wire Tap Detector
http://spyville.com/wire-tap-detector.html


Now we come to the question of the cell phone. The reason this detail
doesn't gibe at all with the hypothesis of an eavesdropping operation
is that someone who intended to compromise your security would surely
not rely on the least secure kind of telephone equipment. A cell phone
operates at frequencies that are not useful for intercepting signals or
leaked radiation from land lines, and there is absolutely no reason to
employ a cell phone in the transmission of an intercepted signal when
much simpler, cheaper, and more reliable means exist. What argues most
strongly against the use of a cell phone is its own susceptibility to
detection and signal interception.


"Cellular and cordless telephones by their very nature emit large amounts
of RF energy which may then be intercepted at fairly large distances. Even
the new, so called "secure" digital spread spectrum, TDMA, CDMA, PCS,
GSM, and similar telephones may be easily intercepted with only a few
dollars of parts."

Granite Island Group: Phone Bugging and Modifications
http://www.tscm.com/phonemods.html


"Are cell phone conversations secure?

"No conversation transmitted across radio frequencies is completely
secure, but you have a higher level of security with digital 
and PCS (personal communications service) phones than with analog
phones. Conversations on analog phones can be intercepted on inexpensive
and readily available radio scanners."

AllBusiness: Cell Phone Security FAQs 
http://www.allbusiness.com/articles/content/23787.asp


What you heard, then, is highly unlikely to be the result of a 
phreaking effort on anyone's part. If someone wanted to eavesdrop on
you, they could easily do it in a fashion that was undetectable without
countersurveillance equipment. As for the individual who moved in next
to you, regardless of what motives one might attribute to her, consider
that a proper criminal would not need to and would not want to take such
a step. In any event, you say that she has since moved out. My best guess
as to her original reason for choosing an office neighboring yours is
that she liked the idea of occupying space next to a business related
to her own. It is the same thinking that causes garment districts, meat
districts, and so forth to develop in urban areas.  Competitors tend to
cluster together for psychological reasons.

The warning you heard was in all probability a signal leaking from
someone's handset into your input line or, as suggested in a Comment
below, the result of haphazard testing by a phone-company technician. The
fact that the wiring is old tends to bolster this theory, what with the
attendant problems of poor wiring insulation and degraded connections. I
hope this information, along with the helpful Comments below, gives
you some peace of mind. If you are still nervous about the possibility
that someone is stealing information to the detriment of your business,
you might like to invest in a wiretap detector or switch to an encrypted
telephone system in future. Personally, I would not feel that I had any
cause to worry based on the event you describe.


Regards,

leapinglizard

---

Request for Answer Clarification by maluca-ga on 27 Nov 2004 23:44 PST

Leapinglizard:
Your answer is not acceptable. My suggestion is from now on you post a
"Answer" which even you state in so many words really is not the
answer, as a comment.

I experienced what is outlined in my Question. You have not explained
the reason only I could hear the warnings. There is no explanation why
I was disconnected exactly when this cell message said it was to
happen.I do not need to know how setups that do not relate to my
situation work or your thoughts on the odds of this happening to me.
It happened. There is a explanation.

Providing circumstances surrounding what happened allows me to give
you all I know and do not know. Then I posed the question. It was not
answered.

A signal "Leaking" from someones handset cannot disconnect me.

---

Clarification of Answer by leapinglizard-ga on 28 Nov 2004 07:24 PST

I'm sorry you feel that way about my research. I want you to work with
you to make sure all your information needs are satisfied. I posted my
answer in good faith, believing that it addresses exactly what you are
asking. Let me quote the final paragraph of your question.

   Here is the question: With the setup I have described could someone
   who has access to the phone wires "phreak" my phone or headset and
   what would the setup look like.Why the cell and why could only I hear
   the warnings?

I explained to you that someone could indeed phreak your phone or
headset, and described several possibilities for the setup. Because
this is a hypothetical question, based on the presumption of an
eavesdropping setup and not on the existence of one that can be
examined directly, there is of course some speculation and talk of
odds. I have described to you the most likely setups an enemy would
use. A cell phone would not, in all probability, be employed in an
eavesdropping operation. I do not doubt that you heard the message. I
absolutely believe that you heard what you say you heard, but I am
also confident that it is not the result of an eavesdropping
operation.

The cell phone warning you heard must either have been the result of
interference or of human error on the part of a technician working on
the building's phone box or at the telephone exchange. The fact that
your phone was disconnected shortly after you heard this message
cannot be explained by interference alone. If the warning message was
the result of interference, then the phone disconnection could only be
a coincidence. You tell me that the building has old phones. Do they
frequently disconnect? If the only time you have ever experienced a
disconnection was this event you describe, then I am less inclined to
attribute the message to interference. In that case, the explanation
is human error.

The fact that only you could hear the message means that it is not a
result of your conversation being intercepted. Since the other person
heard nothing, the message was not played into the circuit that is
formed by the normal connection of two phones on a POTS line. The
message had to have been fed into your line at the phone box or at the
telephone exchange. Clearly, your number was mistaken for some reason
-- a misread numeral, a wavering finger -- with that of a prepaid cell
phone. The normal course of events if such a phone runs out of credits
is to play the message and then disconnect the line. When this
happens, only the user of the cell phone is supposed to hear the
message, and not the party with whom they are conversing. In a sense,
then, the intervention worked as it was supposed to: only you heard
the message, and then you were disconnected. The only trouble is that
this was done to the wrong number.

Once again, let me emphasize that this does not imply that you are
being targeted maliciously. As I have explained at great length,
someone who wanted to compromise your security and intercept your
conversations would not use a cell phone to do so. I can only
attribute the message you heard to a mistake on the part of the phone
company. It is no surprise that they are reluctant to own up to it.
The sequence of events you describe is perfectly plausible in the
context of the notion that your number was confused by a technician
with the number of a prepaid cell phone. What you experienced is
exactly what would happen in such a case.

People do make mistakes. I have myself experienced several egregious
errors made by the phone company. On one occasion some years ago, I
picked up the phone to make a call, only to hear a conversation going
on between a man and a woman. When I spoke into the headset, they
could not hear me. More recently, when I moved from one part of town
to another, I arranged the new number connection through an Internet
form provided by the telephone company. Although I gave the correct
data in the form, as I was able to verify later, someone at central
office read my address incorrectly and sent the technician to the
wrong house, so my new line was connected on the other side of the
street. For days afterward, they denied that anything had gone wrong,
insisting that the wiring inside my house was faulty. It was only by
tracking down the phone-company van, which a neighbor had seen on the
other side of the street at the wrong house, and speaking to the
technician was I able to resolve the problem.

I am not surprised, therefore, that they could have confused your
number with that of a prepaid cell phone. Everything you experienced
would follow naturally from such a mistake. You should not leap to the
conclusion that someone is phreaking your phone. That is the least
likely explanation of all.

leapinglizard

---

Request for Answer Clarification by maluca-ga on 29 Nov 2004 17:01 PST

LL:
Your answer as near as I can tell is that there is no answer. You know
of no setup like the one I described that for whatever reason includes
the cell phone component. The best answer is that it was a mistake. Am
I correct?

---

Clarification of Answer by leapinglizard-ga on 29 Nov 2004 17:35 PST

That's not quite the way I'd put it, but you have the right idea. The
answers to the questions you posed in your listing, and I quote --

(a) "With the setup I have described could someone who has access to
the phone wires 'phreak' my phone or headset and what would the setup
look like?"

(b) "Why the cell and why could only I hear the warnings?"

-- are, in brief, the following.

(a) Yes, someone could phreak your phone. The setup would consist of a
non-invasive wire tap on the phone line running from the building's
phone box to your office. The signal would be picked up by a tape
recorder or by a live listener.

(b) There is absolutely no reason to include a cell phone in such an
eavesdropping setup. In theory, it could be used as the link between
the wiretap and a tape recorder or live listener, but this would only
compromise the robustness of the setup. No sane phreaker would use a
cell phone. Furthermore, the disconnection you experienced could not
be caused by the cell phone alone, so it could only be explained as a
coincidence. For these reasons, we must conclude that the message you
heard was, in fact, the result of an error committed by the phone
company, who confused your telephone number with that of a prepaid
cell phone. In such a case, it would be normal behavior that only you
could hear the message and that the line would be disconnected. The
only abnormality consists in the erroneous number, and there is ample
precedent for such mistakes committed by the phone company.

For additional details and reasoning leading to these conclusions,
please consult the material above. I hope I have been able to make
everything crystal clear.

leapinglizard

---

Request for Answer Clarification by maluca-ga on 03 Dec 2004 15:29 PST

This afternoon I saw a SBC truck across the street from my office. I
asked him about the explanation given. He said there was a number of
reasons this would be the unlikely cause. First our conversation went
on for 52 minutes before being disconnected. Secondly the connections
are not done manually and thirdly how would the cell connection be in
the same "priority" (think he meant area) as a land line. He was not a
friendly fellow but totally dismissed the notion. I did not see him as
being protective of the company he works for and it is the one
involved. I still remain unconvinced this question and answer are
compatable.

---

Clarification of Answer by leapinglizard-ga on 03 Dec 2004 16:50 PST

In addition to showing a lousy attitude, the guy in the phone company
truck was giving you false information. The length of your phone call
has nothing to do with the chance of a mistakenly patched and dropped
connection. You might just as well have been speaking for thirty
seconds or thirty hours when it took place. No one is suggesting that
connections are manually switched. But manual patching does take place
routinely. Every time you see a technician standing by a phone box in
the street, probing it with his handset, that is precisely what he is
doing. He can interfere with the telephone switching network at will.
Mistakes do happen, and in the absence of any other plausible
explanation, that is what happened to you. You were the victim of an
unnerving but innocuous and entirely typical mistake. There is nothing
easier than to incorrectly enter the priority code, or telephone
number prefix, of a test number. It is no surprise to me when inept
blue-collar technicians, whether mechanics or utility employees,
become hostile as their shortcomings are pointed out. The less
competent the technician, the more arrogantly he addresses customer
inquiries. I am all too familiar with this kind of ill-bred, unlearned
behavior.

leapinglizard

This was a straight forward, inclusive question. The answer was to
include all things described including setups as described
incorporating the cell phone and ability of only myself to hear the
warnings. The disconnect was a important capability of the setup. The
question was disected and attempted answers given. There was no clear
answer so the should have been none offered. If one was offered it
should have been as a comment alluding to the fact none was available
but would I like to continue which I clearly would not have. This
question was obviously asked to get a answer action could potentially
be taken on. In the third paragraph of the answer it says for itself
the Expert has only a general knowledge and that this scenario did not
happen with me as the victim. Time for the "Expert" to move on. He has
no answer to my question.

Alot of information was thrown against the wall but nothing stuck. The
question was never answered, only why it should not happen the way I
experienced it. The question was disected to support the answer given.
Leapinglizard felt there was no reason for the setup but tried to
answer the question. This should have been approached with LL asking
if a partial answer or opinion would be satisfactory which it would
not have been for obvious reasons.

'Phreaking' provides techniques for obtaining free phone calls.

It may be possible for other parties to use your account for this
purpose. It was certainly quite common with the 1st Generation Mobile
Phones of the analogue type. This can usually be spotted from phone
bills that provide itemised billing.

'Electronic Eavesdropping' is also feasible for anyone who can gain
access to your landline. It is also practised by some Government
agencies through the telephone exchanges that provide this facility.

It is also possible to get interference on a telephone line and 'crossed lines'.

It should be easy to see if you have been targeted by a phreaker from
examination of your phone bill.

I was told it was referred to as Phreaking. It may be called something else. 

It would not have been to use my line to save money. Some one was on
my line. When you read the question you see there was a
disconnect..this is not crossed lines.

If someone reads the question carefully who is knowledgable in this
area they should recognize what someone is up to, how they did it. I
need to make certain it does not happen again..or is still happening.

Hello, maluca, 

I can assure you that probonopublico's use of terminology is correct.
Since he and I disagree on nearly every subject, you can rest assured
I'm not trying to bolster either the commenter, or incorrect use of
the terminology.

Phreaking is simply the ability to hack or crack a phone network,
generally for the purpose of free usage. Since you state this is not
this is not the case, and you discount crossed lines, the incident
would most likely fall under the umbrella term of eavesdropping.

Various means of electronic eavesdropping exist that can utilize a
cell phone or landline to relay conversations, in realtime, from the
point they are intercepted, to another point outside immediate
transmission range. I suspect this may be part of the puzzle. I am
familiar enough with telphony (from the security/enforcement side)
that I understand this to be possible, but do not have the technical
background to describe how it is accomplished.

Hopefully, others will be able to add pieces that help you figure out
the total picture.

---larre

Hi, Maluca & Larre

Wow! Isn't Larre nice?

I do assure you that I know what I am talking about because I have met
many notorious phreakers and I have spoken to many, many others from
the US (where it all began) to the Netherlands, Bulgaria, Germany and
the UK.

I have even got various phreaking devices, books and magazines ... for
educational purposes only.

All the Best

Cap'n Crunch

I lied ... I'm not the legendary Cap'n Crunch.

But I thought I'd check to see if he is still around and YES he is ...
and what's more he even remembers me!

http://www.webcrunchers.com/crunch/

I have worked with computers for the majority of my life and have
excessive experiance from basic to advanced programming in some
languages.  I however uderstand the concept of hacking, cracking,
pheaking, etc. and can give you an idea of how to find the current
problem and how very complex it will be to accomplish.  I have been a
geek in the past.  I just want to let you know how qualified I am to
answer your question.

OK, here goes.  When you look at the entire world in a sense and
understand that a telephone server is a certain node, or connection
point, of the internet as well as the phone system, you now have the
possibility of having access to phones through only DSL and dial-up. 
However Cable connections including T1 and T3 are not using the phone
lines at all.  I would immagine somewhere they meet through other
nodes such as web server hosting computers (Hosting companies, other
means of hosting site, etc.) Now this means that you can connect to
the phone lines and the world wide web all from any web accessable
computer, cell phone, (They do use a specialized server as well) land
style phones like home phones, networked phones like yours, etc.  I
would imagine that you are on the right track by calling SBC since
they can actually map EVERYONE who connects directly to thier service
and maybe with permission have access to extended networks.

If you think about it, is here anyone who may have access to the
building at night or when no one is there?  This can be as simple as
an electronic bug in your phone or network, even your headset.  It
sounds to me like someone wanted money, but had no idea that they
can't get it from you through your phone.  However there may be a way
with a code.  You yourself can hack a bug even as it is software or a
chip containing sofware.  This means that you can even be evil and get
them back by reversinbg the code if you really wanted to.  I wouldn't
reccommend it.  Besides if you do know someone who can hack it's
source, there will be a way to look at how it is coded and see if
anyone recognises the code.  You may also want a police detective to
research this further and see if they can network the path to it.

This is a rather complicated, yet simple process and I wish I could
volunteer to find it myself, but I don't want that responsibility for
legal issues.  I can give you hints though since I know how it is
done.

So when you trace a bug, here are the steps I would personally take.

1.) Look at my surroundings and determine if it is in the building. 
This may require permission if in a building and would be beter to
tell the management.  Yet at home I would do it that way.

2.) Since only you can hear it, that means that it only conected to
your phone/network (PBX) and had not activated the microphone as this
serves hardly any purpose.

3.) Next I would make sure it was not planted in my house as far as I
know and then tell the police and phone company so they would be able
to check the nodes on the network.

Any electronics technichian with computer experiance, like me, would
know how to check a signals strenth.  You can use what is called an
Oscilloscope or otherwise known as a scope.  There ore other means of
doing it as well wich phone companies will typically use to make sure
you can use thier service reasonably from the phone station closest to
you.  The way they would most likely be able to do this is see where
the signal is coming from using the connections between the stations. 
However here are signal boosters so this is why it is complicated to
do it this way.  You in fact have other ways to do it as well. 
Although there may be a way around this without disrupting the system
since everything and anything is possible in the programming world.

When you find the source of the bug, you have found the bug itself. 
This means that you can find a way to disarm the bug.  If it is in
someones house, you know who it was easily and the police will most
likely give them a trial and then if found guilty they will be in
prison for a while.

If it isn't there, you need to keep it quarentined and then get it
examined by somneone who can catch the criminal and also have gotten
rid of the bug after most likely giving it to a virus or other place
who can block this later on.  However it may have been the persons
real voice or a scrampled/distorted voice on the phone.  These are
easily studied, but may not even be thier voice and may be
electronically generated.

This sort of thing is not able to ever go away very easily.  There
will always be a way to do it even later on down the road with a
diferent more advanced approch.

This must have been a black hat as they are refered to because the are
not obeying the hackers code of ethics.  A good hacker, known as a
white hat will not damage anything at all.  Rather they just enjoy the
satisfaction of being able to do it for fun.

Well I hope this helps!  :)

~*Annie*~

Annie:
What your saying is the could access my office buildings PBX via the
computer network? Also please clairfy number 2 in your answer:
"2.) Since only you can hear it, that means that it only conected to
your phone/network (PBX) and had not activated the microphone as this
serves hardly any purpose."

Why does it (microphone) not serve any purpose. Dont they need to hear
what is being said?  I heard the recorded voice say 2 minutes...1
Minute etc..then SHUT DOWN my phone connection. If I could understand
how they did that through the mistake they obviously made in letting
their cell which was part of the setup run out of minutes? Don't cell
phone usually just keep charging you? Maybe at some point they say
ENOUGH! We want some money no matter the plan they are on.

I really appreciate all help. Thank you.

You say that you heard the "Two minutes and your cell phone will be
disconnected unless new payment is received" on an Amplified Headset.
And that she heard no warnings, only you.

I believe this is just a phenomenon of Cross-Talk and a poor time 
to Splice.

I have experience in Telco's Central Offices and happen to know that
all of the residential/business/T1's/anything coming into the office on 
copper goes to a Main distribution frame.  Basically what happens there is
there's anywhere between 100 and 2,000+ blocks.  Each block consisting of
approx. 60-120 pair connections.  
There's a couple of guys that run up and down on this distribution
frame connecting new lines, disconnecting other ones.
My hunch is that the "two minutes adn your cell phone will be
disconnected" is a prerecorded voice message that they bridge onto
someone's line before it gets disconnected.
Now, its' very easy to punch down on the wrong pair.  Realistically
your phone gets disconnected or something gets added on once every
6months depending on the density of your area.
Anyways, your line probably got disconnected because it was right
beside a co-location line for a cellular providor.  Or maybe when the
tech pulling out the pair beside yours just dialed up the wrong test
number and played the wrong recording, and then he disconnected the
wrong line.

I really think this was a random set of events.


The reason you can only hear the warning is because the test recording
that was being sent to you was sent from your office.  Basically
here's a small rundown of how the telco system works.

Your phone goes to the closest central office, this is called a loop. 
Once you dial the numbers, your C.O. sends a ringback tone, approx.
90vrms 20Hz.  From the central office the number you dialed gets sent
to a CSS-7 office.  This office basically determines the shortest open
path to your destination. (For routing and billing) so your call could
get redirected through multiple different offices to get to where you
need to go.  These lines are called Trunks.  Once your call goes to
the last trunk where your caller goes, his c.o. sends his own Ring
Tone.

Now you see if the caller's phone was off-hook then the css-7 server
would know that and tell your c.o. to send you a busy signal.  This is
because there's alot more loops than there are trunks.  and it's
inefficient to propogate the signalling and tying up a trunk just to
send a busy signal.
Now where I'm going with this, is that the test messages (ie. your
cell phone disconnection warning and other busy signals, ringing
signals) are sent from your office, and the person on the other line
shouldn't hear it.

The police usually aren't too concerned with this issue, because
they're got murderers and rapists to deal with. And it's probably
paranoia that you're being tapped.

Now, I have a few questions or clarificitations.  The PBX you use,
does each of the local businesses have a KTU or is the PBX shared
between all users?
Who controls the PBX?  Is it Customer owned and maintained? or does
the Telco own it?  If it's the customer, then who has the programming
code?  Can you only accesss the PBX through a physical connection, ie.
a serial connector and a Dumb terminal?  or can you do it remotely
through a telephone set?  If it's physicall access, what are the safe
guards around the equipment room?  Are there locks/who has the keys. 
Do you have a T1 or digital signal coming to the PBX then split
between the different offices?

The reality of it is.  If he is eavesdropping, no one really cares. 
Unless you hire a Private Investigator who has a little leeway in
getting the ball rolling down at the police office.  If you want to
protect yourself, get fibre to your office.  It's Damn expensive but
you can't tap it unless you're at the c.o. end or unless you do a cut
and fusion splice, in which case you'll notice downtime.
Copper is electricity and it will always obey the electrical laws of inductance.
Another way to protect yourself is use a VoIP H.323 phone or a
different proprietary type phone.  The H.323 protocol uses a form of
encryption.  I'm assuming you've got a meridian, nortel, nec type
phone which is a digital signal.  But anyone with the same type of
phone can capture the packets and make a translation device.  With a
VPN and VoIP it'll be hard to tap into as far as a telco point of
view.  But that still leaves the direct microphone attacks, in which
case you can talk into a bubble :)
I know in canada you can use PGP mail (pretty good privacy) to encrypt your 
email.  This ensures that the sender is who he says he is.  PGP is
hard to crack, but in any realistic time it's not going to happen.

Good luck, hope this answers alot.  Let me know if you need any clarificaiton.

Pumpkin:
Really appreciate your input. I am checking with powers that be and
will have the answers posted by the end of the week.

Your right about no one caring. However the party that moved next door
and would benefit from the information gave their 30 day notice after
4 months citing lack of business. This was 3 days after I confronted
them politely about the phone situation. The Office manager who
oversees the 50 units has so far been unable to tell me who or when
from SBC is coming so I can file a report. Paranoia? Maybe but I am
just a guy trying to make a living and something of this sort would
put me out of business. A few items:

The phones are old and we all share the same PBX. It is customer owned
and some outside person maintains it. The access is a regular door
with outside access, no need to enter the offices. Some private person
who looks to have no company affiliation "maintains" the system. There
is Internet access to the room as well. Its broadband.I will get the
rest answered asap. Thanks.

Intriguing question and some great comments.

And WOW ... That Pumpkin really knows his stuff and then some!

But, Maluca, have you stopped to consider that one of the commentators
may really be working for 'the opposition'?

A double agent, no less?

But which one? 

It isn't me ... Promise!

But I would say that, wouldn't I?

All the Best

Bryan

Long story short any thing is possible. 

Before you accuss someone of a crime, lets do some very very basic
detective work, almost Blues Clues level.

Did you noticed a significant increase in your phonebill of calls you
did not make? So that should stick out. And I am not sure what the
rent is on your place, but you think the phone call cost off sets the
rent?

Maybe you are fearing he is monitoring you. That is possible too. And
he could have manipulated the PBX to relay calls made from your
circuits to a cell #, hince you getting the message response you did. 
So my question is, does he have access to your PBX? And if he does,
you should too, and you should be able to go see if you see something
unusually like a Cellphone interfaced that has been "hot wired" into
it. But maybe he has already covered his tracks. Hmm several ways he
could have done this to monitor your lines. But ultimately requires
touching (Rewiring), or recoding the PBX to do such task. But the
truth is in the pudding. You should find hardware either in his place,
or your place or the PBX that is doing the cell phone relay. And the
PBX coding or wiring should still be intact. That is your evidence.
Need to get some phone guys there to help investigate. Old School PBX
uses the old square button flashy flashy phones that you could do a
Ohm test to test the load to determine how many sets where on that
circuit. The new School is all digital. and each peace of equipment
has a unique identifier (IP Address). The later would be harder to
hack than the first. He would need to know how to reprogram the PBX.
And there again does he have un-hindered ahd unobserved access to the
PBX?

Sounds to me the hacker or phreaker PI or enemy..... used a pay phone to eavesdrop 
on your conversation using a recording device. he/she got disconected
and so did you.