Dear maluca,
Your use of the term "phreaking" is perfectly acceptable by the
conventions of the hacking subculture.
"Phreaking is a slang term for the action of making a telephone system
do something that it normally should not allow. [...] A phreak or
phreaker is a person who engages in the act of manipulating phones in
this way. [...] Most of the techniques formerly used in phreaking are
no longer effective due to changes in the telephone system."
Wikipedia: Phreaking
http://en.wikipedia.org/wiki/Phreak
Based on recent events, you suspect that some malefactor has compromised
your phone system and is using the breach to eavesdrop on your
conversation. Judging from the details of your case and using my general
knowledge of telephone security, however, I conclude that your suspicion
is ill-founded and that you are not the victim of a phreaker. It is far
more likely that what you experienced was a case of interference or the
result of a technician's human error. I shall consider the circumstances
you describe one by one.
First, however, let me address the two questions you originally posed. You
ask whether someone could have phreaked your phone or headset. The
particular phreaking exploit that concerns you is the age-old one of
eavesdropping. The answer is that someone could theoretically have been
eavesdropping by means of a receiver/transmitter implanted in your
headset or directly in your phone, and might conceivably be doing so
at this moment. But the probability of such a crime taking place is no
greater, on the face of the evidence, for you than for anyone else. In
other words, it is unlikely to the point of negligibility that someone
is eavesdropping directly on your phone.
Even if eavesdropping were taking place through an implanted
receiver/transmitter, its symptoms would not resemble the curious
phenomenon you experienced. The intercepted conversation would not be
transmitted by a cellphone, but on some low-power radio frequency to a
nearby tape recorder that the malefactor would periodically refresh with
blank cassettes. Alternatively, the radio signal would be picked up in
a nearby location by a live agent listening on the appropriate bandwidth.
If someone wanted to eavesdrop on you, a far better approach would be
to tap your phone line at a point outside your office. Bear in mind
that the signal you receive in your office has traveled there from the
building's phone box. To minimize the risk of detection, a malefactor who
wanted to eavesdrop on your conversations would tap the wire somewhere
between the phone box and your office. They would certainly not take
the conspicuous step of moving in right next to you. Such a move would
do nothing to promote the effectiveness of the eavesdropping operation
and would have the side effect, undesirable to the criminal mind, of
attracting suspicion from wary citizens.
A wiretap is not usually the physical connection with a phone line that
most people like to imagine. Instead, it suffices to place a metallic
coil in close proximity to the telephone wire. In an electrical process
known as induction, the coil resonates in synchrony with electromagnetic
radiation emanating from the phone line. The end result is that the
agent can pick up your phone conversation through his coil without
having to physically alter the telephone wiring. It may interest you
to know that this same process of induction often results in telephone
signals leaking throughout a building by means of electrical wiring
running near the phone lines. I learned about this some years ago when
I found that I could eavesdrop on the telephone in my parents' house by
holding a portable AM radio near the fluorescent lights in the basement.
Through the radio earphone, I could then hear the soft but quite distinct
murmur of private conversation.
All of this is to say that tapping someone's phone line is a simple
act to accomplish, certainly a much simpler one than hacking into a
telephone exchange in pursuit of one particular person. Fortunately, a
wiretap is readily detected by a compact gizmo that you can buy at some
electronics boutiques and at any good surveillance shop. This is because
the induction effect draws some current from the telephone line. At the
same time that your signal leaks, some power is leaking as well.
"There are a number of ways to monitor telephone conversations:
"* Recording the conversation - the person making/receiving the call
records the conversation using a 'telephone pickup coil' attached to
the ear-piece, or they fit an in-line tap with a recording output. Both
of these are easily available through electrical shops. Most who record
telephone conversations, such as journalists, will use the recording for
their own private work. But be aware that anything you say to someone
you don't know may be recorded and used for other purposes.
"* Direct line tap - this is what the state used to do via the telephone
exchange. But unofficial tapping, where the user's line is physically
tapped near the house, is also possible. The tap can either involve
a direct electrical connection to the line, or a coil placed around
the line to pick up the signal inductively. There will be some drop in
signal levels because of the loss of power from the line, and it may
also generate noise on the line. Direct taps usually require regular
maintenance, either to change tapes or replace batteries, which may give
away their presence.
"* Radio tap - this is like a bug that fits on the telephone line.
The state does not normally do this because they have access via the
exchange, though certain organizations exempt from the common framework
of law that applies to citizens may use devices like this. It can be
fitted to one phone inside the house, or outside on the phone line. It
may produce noise (you might even get signal feedback down the line
on amateur made equipment) to alert you, but probably not as modern
state of the art equipment operates in the 30-300 GHz range. The unit
is powered from the line so once installed it's maintenance free, and
only transmits when there is a call in progress."
Wikipedia: Wiretap: The unofficial tapping of telephone lines
http://en.wikipedia.org/wiki/Wiretap#The_unofficial_tapping_of_telephone_lines
"Your phone line can be wiretapped or bugged and the telephone instrument
itself can be quickly and easily converted to a very efficient room
monitor.
"Not too much can be done about down-line taps. However, using the J1030,
you can check your phone line for on-premises series and parallel bugs
and wiretaps. You can also check your telephone for the most common
types of hook switch bypasses."
SpyVille: Wire Tap Detector
http://spyville.com/wire-tap-detector.html
Now we come to the question of the cell phone. The reason this detail
doesn't gibe at all with the hypothesis of an eavesdropping operation
is that someone who intended to compromise your security would surely
not rely on the least secure kind of telephone equipment. A cell phone
operates at frequencies that are not useful for intercepting signals or
leaked radiation from land lines, and there is absolutely no reason to
employ a cell phone in the transmission of an intercepted signal when
much simpler, cheaper, and more reliable means exist. What argues most
strongly against the use of a cell phone is its own susceptibility to
detection and signal interception.
"Cellular and cordless telephones by their very nature emit large amounts
of RF energy which may then be intercepted at fairly large distances. Even
the new, so called "secure" digital spread spectrum, TDMA, CDMA, PCS,
GSM, and similar telephones may be easily intercepted with only a few
dollars of parts."
Granite Island Group: Phone Bugging and Modifications
http://www.tscm.com/phonemods.html
"Are cell phone conversations secure?
"No conversation transmitted across radio frequencies is completely
secure, but you have a higher level of security with digital
and PCS (personal communications service) phones than with analog
phones. Conversations on analog phones can be intercepted on inexpensive
and readily available radio scanners."
AllBusiness: Cell Phone Security FAQs
http://www.allbusiness.com/articles/content/23787.asp
What you heard, then, is highly unlikely to be the result of a
phreaking effort on anyone's part. If someone wanted to eavesdrop on
you, they could easily do it in a fashion that was undetectable without
countersurveillance equipment. As for the individual who moved in next
to you, regardless of what motives one might attribute to her, consider
that a proper criminal would not need to and would not want to take such
a step. In any event, you say that she has since moved out. My best guess
as to her original reason for choosing an office neighboring yours is
that she liked the idea of occupying space next to a business related
to her own. It is the same thinking that causes garment districts, meat
districts, and so forth to develop in urban areas. Competitors tend to
cluster together for psychological reasons.
The warning you heard was in all probability a signal leaking from
someone's handset into your input line or, as suggested in a Comment
below, the result of haphazard testing by a phone-company technician. The
fact that the wiring is old tends to bolster this theory, what with the
attendant problems of poor wiring insulation and degraded connections. I
hope this information, along with the helpful Comments below, gives
you some peace of mind. If you are still nervous about the possibility
that someone is stealing information to the detriment of your business,
you might like to invest in a wiretap detector or switch to an encrypted
telephone system in future. Personally, I would not feel that I had any
cause to worry based on the event you describe.
Regards,
leapinglizard |
Clarification of Answer by
leapinglizard-ga
on
28 Nov 2004 07:24 PST
I'm sorry you feel that way about my research. I want you to work with
you to make sure all your information needs are satisfied. I posted my
answer in good faith, believing that it addresses exactly what you are
asking. Let me quote the final paragraph of your question.
Here is the question: With the setup I have described could someone
who has access to the phone wires "phreak" my phone or headset and
what would the setup look like.Why the cell and why could only I hear
the warnings?
I explained to you that someone could indeed phreak your phone or
headset, and described several possibilities for the setup. Because
this is a hypothetical question, based on the presumption of an
eavesdropping setup and not on the existence of one that can be
examined directly, there is of course some speculation and talk of
odds. I have described to you the most likely setups an enemy would
use. A cell phone would not, in all probability, be employed in an
eavesdropping operation. I do not doubt that you heard the message. I
absolutely believe that you heard what you say you heard, but I am
also confident that it is not the result of an eavesdropping
operation.
The cell phone warning you heard must either have been the result of
interference or of human error on the part of a technician working on
the building's phone box or at the telephone exchange. The fact that
your phone was disconnected shortly after you heard this message
cannot be explained by interference alone. If the warning message was
the result of interference, then the phone disconnection could only be
a coincidence. You tell me that the building has old phones. Do they
frequently disconnect? If the only time you have ever experienced a
disconnection was this event you describe, then I am less inclined to
attribute the message to interference. In that case, the explanation
is human error.
The fact that only you could hear the message means that it is not a
result of your conversation being intercepted. Since the other person
heard nothing, the message was not played into the circuit that is
formed by the normal connection of two phones on a POTS line. The
message had to have been fed into your line at the phone box or at the
telephone exchange. Clearly, your number was mistaken for some reason
-- a misread numeral, a wavering finger -- with that of a prepaid cell
phone. The normal course of events if such a phone runs out of credits
is to play the message and then disconnect the line. When this
happens, only the user of the cell phone is supposed to hear the
message, and not the party with whom they are conversing. In a sense,
then, the intervention worked as it was supposed to: only you heard
the message, and then you were disconnected. The only trouble is that
this was done to the wrong number.
Once again, let me emphasize that this does not imply that you are
being targeted maliciously. As I have explained at great length,
someone who wanted to compromise your security and intercept your
conversations would not use a cell phone to do so. I can only
attribute the message you heard to a mistake on the part of the phone
company. It is no surprise that they are reluctant to own up to it.
The sequence of events you describe is perfectly plausible in the
context of the notion that your number was confused by a technician
with the number of a prepaid cell phone. What you experienced is
exactly what would happen in such a case.
People do make mistakes. I have myself experienced several egregious
errors made by the phone company. On one occasion some years ago, I
picked up the phone to make a call, only to hear a conversation going
on between a man and a woman. When I spoke into the headset, they
could not hear me. More recently, when I moved from one part of town
to another, I arranged the new number connection through an Internet
form provided by the telephone company. Although I gave the correct
data in the form, as I was able to verify later, someone at central
office read my address incorrectly and sent the technician to the
wrong house, so my new line was connected on the other side of the
street. For days afterward, they denied that anything had gone wrong,
insisting that the wiring inside my house was faulty. It was only by
tracking down the phone-company van, which a neighbor had seen on the
other side of the street at the wrong house, and speaking to the
technician was I able to resolve the problem.
I am not surprised, therefore, that they could have confused your
number with that of a prepaid cell phone. Everything you experienced
would follow naturally from such a mistake. You should not leap to the
conclusion that someone is phreaking your phone. That is the least
likely explanation of all.
leapinglizard
|
Clarification of Answer by
leapinglizard-ga
on
29 Nov 2004 17:35 PST
That's not quite the way I'd put it, but you have the right idea. The
answers to the questions you posed in your listing, and I quote --
(a) "With the setup I have described could someone who has access to
the phone wires 'phreak' my phone or headset and what would the setup
look like?"
(b) "Why the cell and why could only I hear the warnings?"
-- are, in brief, the following.
(a) Yes, someone could phreak your phone. The setup would consist of a
non-invasive wire tap on the phone line running from the building's
phone box to your office. The signal would be picked up by a tape
recorder or by a live listener.
(b) There is absolutely no reason to include a cell phone in such an
eavesdropping setup. In theory, it could be used as the link between
the wiretap and a tape recorder or live listener, but this would only
compromise the robustness of the setup. No sane phreaker would use a
cell phone. Furthermore, the disconnection you experienced could not
be caused by the cell phone alone, so it could only be explained as a
coincidence. For these reasons, we must conclude that the message you
heard was, in fact, the result of an error committed by the phone
company, who confused your telephone number with that of a prepaid
cell phone. In such a case, it would be normal behavior that only you
could hear the message and that the line would be disconnected. The
only abnormality consists in the erroneous number, and there is ample
precedent for such mistakes committed by the phone company.
For additional details and reasoning leading to these conclusions,
please consult the material above. I hope I have been able to make
everything crystal clear.
leapinglizard
|