Sign in to follow this  
Followers 0
ansichart

Tapping a payphone by calling it (concept)

9 posts in this topic

I was just thinking about this one day, and I was wondering if there was a name for this. I'm sure this has been done before.

If you call an ACTS payphone that has the ringer disabled, waiting for someone to answer. When someone answers you immediately play the dial-tone sound. The person doesn't know someone was trying to call the payphone (since the ringer is disabled) and is expecting to use the payphone to make a call. So, they dial a number and you play operator telling them that for a limited time only, all calls are free... or some bullshit like that.

Let's say you are using VoIP and you are using the DTMF tones they sent, you call whoever they were wanting to reach and you just act as a proxy. You can hear all of this from your end of course. This might not sound all that bad, but you could also use this to get credit card numbers when John Doe checks his balance on his TCF account.

If you are expecting someone to make a call on an ACTS payphone with a disabled ringer, you could essentially tap it. Of course this isn't really practical, but it's kind of a neat concept. What do you think?

0

Share this post


Link to post
Share on other sites

I'm confused, how does VoIP specifically come into the picture? In any event, I see some payphones around here get a fair amount of use, but you'd have to search a while to find an ACTS phone with the ringer off. Most COs just forward the calls to some announcement pretending the phone isn't in service. On top of all that, if you actually ring these phones back using the ringback program on the switch, the ringers will probably end up being active anyway!

0

Share this post


Link to post
Share on other sites
I'm confused, how does VoIP specifically come into the picture? In any event, I see some payphones around here get a fair amount of use, but you'd have to search a while to find an ACTS phone with the ringer off. Most COs just forward the calls to some announcement pretending the phone isn't in service. On top of all that, if you actually ring these phones back using the ringback program on the switch, the ringers will probably end up being active anyway!

I think what he was saying that with VoIP/Asterisk when the user picks up and dials, have the Asterisk system complete the call. That way, you could record/monitor the traffic. I've seen similar VoIP scams with banks. For example, scammer sets up a 1-800 number into a Asterisk box. They then send out emails with the phone number explaining the mark needs to call in (of course, giving the scammer 1-800 number) and "check there account". When the mark calls the scammers 1-800 number, the system acts as a MITM and transfer the mark to the bank. They then enter there pin number and all that which the scammer can now harvest.

What he's saying is similar to that idea (I believe).

0

Share this post


Link to post
Share on other sites

That is definitely a plausible concept, although difficult. There are a surprising number of payphones with disabled/broken ringers that can be called repetitively until an answer supervision is detected. One problem you could run into is when a payphone's modem picks up after X amount of rings, in which you'd have to limit the number of rings before a disconnect and redial. There would be a lot of timing and trial and error, but you could theoretically pull it off. Also, it would be more realistic to completely automate the process, because no human can sit in front of their Asterisk box all day and night waiting to intercept a call. You'd need the simulated dialtone to also be waiting for DTMF input for a phone call.

I've been told of an alleged story of how the mafia used to use older hardware to pull off the same stunts for the purpose of acquiring calling card and credit card numbers that payphone users would dial on the payphone they were using. Not sure how true that is, but I found interesting, especially since the mob also used to use Gold Boxes (some referred to them as "Cheese Boxes") back in the day.

0

Share this post


Link to post
Share on other sites
That is definitely a plausible concept, although difficult. There are a surprising number of payphones with disabled/broken ringers that can be called repetitively until an answer supervision is detected. One problem you could run into is when a payphone's modem picks up after X amount of rings, in which you'd have to limit the number of rings before a disconnect and redial. There would be a lot of timing and trial and error, but you could theoretically pull it off. Also, it would be more realistic to completely automate the process, because no human can sit in front of their Asterisk box all day and night waiting to intercept a call. You'd need the simulated dialtone to also be waiting for DTMF input for a phone call.

I've been told of an alleged story of how the mafia used to use older hardware to pull off the same stunts for the purpose of acquiring calling card and credit card numbers that payphone users would dial on the payphone they were using. Not sure how true that is, but I found interesting, especially since the mob also used to use Gold Boxes (some referred to them as "Cheese Boxes") back in the day.

Yes - automation would be a "must". Off the top of my head, you'd need to drop a outbound call file that'd ring for X number of seconds (before the modem picked up). Upon call supervision (non-modem), the call file would connect it to a extension (in your extensions.conf) and drop the user to DISA. This gives the user the "dial tone" they need. Any of the DMTF passed at that point could be/would be recorded. In conjunction with recording the call (monitor), you'd have to pull out any other DTMF used. Right off, I can't see it being that difficult to rip out such a routine. Of course, you connect the call via VoIP . Rinse, repeat..... multiple calls to the same payphone might raise some flags at the telco... hmmmmm

Another interesting idea you could add in and/or use.. If the call supervises, test for modem V.8 tones. If present, hang up - wait and recall. This way, even if your timing is off about the modem pickup, you'll detect it and handle it properly.

I'm not going to try it....I have no interest in defrauding people or snooping on them.... but it wouldn't be hard. Interesting to think about never the less.

Edited by Beave
0

Share this post


Link to post
Share on other sites

Reminds me of the things I used to do 20 years ago....

Yeah, I'm showing my age, but it was the glory day of pay phones.

Bridging two lines together, or pretended to be the operator when they dialed "0". Yeah, you can figure it out from there! :D

0

Share this post


Link to post
Share on other sites
I think what he was saying that with VoIP/Asterisk when the user picks up and dials, have the Asterisk system complete the call. That way, you could record/monitor the traffic. I've seen similar VoIP scams with banks. For example, scammer sets up a 1-800 number into a Asterisk box. They then send out emails with the phone number explaining the mark needs to call in (of course, giving the scammer 1-800 number) and "check there account". When the mark calls the scammers 1-800 number, the system acts as a MITM and transfer the mark to the bank. They then enter there pin number and all that which the scammer can now harvest.

What he's saying is similar to that idea (I believe).

Yea, that's the general idea.

0

Share this post


Link to post
Share on other sites

Call it a monkey box. i.e. monkey in the middle ;)

0

Share this post


Link to post
Share on other sites
Call it a monkey box. i.e. monkey in the middle ;)

ohhh i like it! we need more boxes.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0