What is a phreaker in hacking or IT terms? Phreaking is largely obsolete and doesn’t happen much anymore, but it’s an important historical concept in computer security. While phreaking wasn’t the first form of hacking, it’s probably the first example of hacking in a modern sense.
Phreaking was hacking the phone system, usually to make long distance calls for free. Some people phreaked for the thrill of it, but many of them did it because they made more long distance calls than they could afford. Two famous phreakers from the 1970s were Steve Jobs and Steve Wozniak, the co-founders of Apple.
How phreakers relate to hackers
The phone system was the first large scale utility that people interacted with, rather than simply consuming. And the parallels between the phone system and a computer system make sense once you think about it, even though the phone system was largely electromechanical for most of the 20th century. Like a computer system, the phone system relied on user input. A consumer picked up the phone, dialed a number, and then the system reacted based on what the user dialed.
But the system worked based on pules and/or tones. Normal phones generated 10 sets of pulses or tones, and the system reacted by generating additional tones after you dialed a number. The only security on this was ordinary people not knowing the tones, something we call security by obscurity.
Eventually, curious people started learning how the system worked. And in learning how the system worked, they learned how to exploit and abuse it. That’s the modern definition of hacking. And in the 1970s, there was considerable overlap between phone phreakers and hobbyists building early home computers.
The origins of phone phreakers
While the golden age of phreaking started in the early 1970s and ended in the early 1990s, its origins actually started in the 1950s. The first and simplest form of phreaking is called switch hooking. Switch hooking is just making calls on phones that weren’t supposed to dial out. The phone’s handset, which was the piece you listened through and (usually) spoke through, sits on a part called a switch hook. Picking up the phone was also called taking it off the hook. A rotary phone generated pulses, based on what number you selected on the dial. By tapping the hook the same number of times, you could make the phone dial, even if the physical dial was locked or the phone didn’t have one.
This form of phreaking was fairly widely known. Paul Zindel’s 1968 young-adult novel The Pigman made reference to it, even though it didn’t call it phreaking or switch hooking. It was the story of two subversive teenagers, not a technical reference manual.
But this means I first learned about phreaking in high school, from a novel I read in freshman English class.
My experience with phone phreaking
This is as good of a time as any to interject my personal experience with phone phreaking. The golden age of phone phreaking was well underway before I was born, but it was still going on when I was a teenager in the late 1980s. If anything it was more widespread by then, because you could do more with long distance service than just yak on the phone. Kids with computers and modems used phone phreaking to argue with strangers and pirate computer software on the BBS scene.
My acquaintances would find calling card numbers and codes that allowed them to call long-distance for free. When they were bored and the BBS lines were busy, they might call someone long distance to talk. But more frequently, they were calling into the BBS, participating in discussions, and uploading and downloading software. Usually pirated software. It was an early form of social media.
I could program a little and my overall computer knowledge was well above average, so some of these phreakers would call me to recruit me. I was curious, so I’d talk. My parents probably wouldn’t have approved, since arguably I was complicit in a crime when I was talking to them. But it also meant the phone phreaking section of CISSP was strictly review for me later in life. I wasn’t just reading about this stuff, I knew people who’d done it, and we knew the history going back to the 70s even then.
Getting busted for phone phreaking in the 80s and 90s
I never got into phone phreaking myself because I saw it as a slippery slope. My acquaintances had a history of disappearing for months at a time. Sometimes it was a domestic situation. Subversive teens frequently didn’t have the most stable family lives. But frequently it meant they got caught. Sometimes that meant getting a bill from the phone company. A very large bill. Sometimes it was law enforcement. And then, like now, law enforcement didn’t understand how best to handle computer crime. Some people I knew spent time in juvenile detention, or sketchy mental hospitals.
I heard the stories, and that kept my curiosity low. Sure, I dialed a couple of codes here and there to see if the stories I was hearing were true, but I hung up before dialing a long distance number. My parents wouldn’t have approved of that either, but if anyone ever asked, I had plausible deniability. I could say I misdialed, found something weird, and hung up. No one asked.
My phreaker friends’ close calls
I remember in 1991 or 1992, having a conversation with another member of the local Commodore users group. “I don’t understand why people our age are risking their future to call Europe to pirate Grover’s Magic Numbers,” he said.
And decades later, I found out the reason for that. I met up with a mutual acquaintance at a friend’s wedding. When we figured out we knew each other in the 80s, we started talking about old times. Both he and the guy who made the comment about Grover’s Magic Numbers got caught phreaking. They negotiated their way out of it, but it scared them both straight. Well, straighter.
Today all three of us are productive members of society. The curiosity that (nearly) got us into trouble as teenagers made all of us good IT professionals. The guy who made the comment about Grover’s Magic Numbers ended up being a Unix administrator before he even finished college, working down the hall from me. I was a Windows NT administrator before I finished college.
Rob O’Hara, a fellow blogger, retro computing enthusiast, and IT professional, had a similar experience to mine, 500 miles from me. And one phone phreaker ended up being a somewhat prominent politician.
The golden age of phone phreaking
That’s quite enough about me and my subversive pals. Let’s talk about what you need to know about phone phreaking to pass a test.
Phone phreaking quickly grew from that discovery in the 1950s that you could dial the phone by rapidly tapping the hook mechanism. Two separate incidents in the 1950s led to this growth, then these discoveries grew through the 1960s counterculture and eventually converged.
The first of these incidents was the Bell System publishing the methods and frequencies it used for inter-office signaling in 1954. This was only meant for internal use by Bell System engineers, but its technical journal was distributed to college campuses as well. In 1954 this may have been mostly a curiosity, but electronics were rapidly miniaturizing, so building electronics to exploit this knowledge was practical by the 1960s.
The second of these incidents happened around 1957, when Joe Engressia, an adolescent with perfect pitch, accidentally hung up on himself by whistling the fourth E above Middle C (2637.02 Hz). This frequency ends a phone call, but it turned out that if you followed it with a sequence of other tones, you could start a new call. John Draper learned in the 1960s that a whistle that came as a prize in Cap’n Crunch cereal produced this same tone. This led to his using the handle Cap’n Crunch.
Phreaking devices were referred to as color boxes, initially based on whatever color of enclosure the first guy who built one used, but later, picking an available unused color. There were at least 10, but these five are the ones you’re most likely to encounter on a test because they were the most common and useful.
Blue box phreaking
Electronic devices that used the frequency of approximately 2600 Hz to exploit the phone system became known as Blue Boxes. Initial experiments with this technique happened with instruments or whistles, but using electronics greatly enhanced the capability of what you could do, and it opened possibilities to people with better technical chops than musicianship.
In the early 1970s, several magazines published articles about blue boxing, some including schematics. Amateur radio operators, who were used to working on electronics, started building blue boxes based on the plans.
Steve Wozniak said in 1986 he was phreaking to learn about the phone system and amuse himself with pranks. He said he always paid when he was calling his parents or making a non-prank call, and that he stopped after six months because there wasn’t anything left to learn. He expressed surprise that others were profiting off blue boxing and ripping the phone company off.
Blue boxing experienced a resurgence once personal computers and modems became popular. The computer and modem gave another reason to steal long distance service, and the computers themselves could generate the tones. Using software, the computer itself could become a blue box.
Countermeasures from phone companies and changes in the way phone networks worked eventually rendered blue boxing ineffective and obsolete. The legacy of blue boxing remains. The hacking magazine 2600 is a reference to the tones used in blue boxing.
Red box phreaking
Red boxes have nothing to do with the movie kiosks. They’re probably called red boxes because payphones are traditionally red in the United Kingdom. Red boxes simulate the tones used by payphones to make free calls on payphones. I have heard stories that this worked from residential lines too at one time, to prevent a toll call, but the stories you hear today talk about using it on payphones. Phreaking utilities for the Commodore 64 contained red box functionality, so I know people tried it at home. But it may have only been useful for recording onto tape, then playing back from a tape recorder.
Eventually, payphones contained filters in their handsets to filter out any tones people played into them.
Beige box phreaking
I never heard of these referred to as beige boxes, but rather, as lineman’s handsets. These are just an ordinary phone with alligator clips on the ends that allow you to connect up to a phone line from the outside and make a call. It’s phreaking in a sense that it was stealing long distance service, but it was stealing it from another individual, not the phone company.
For some reason a lot of BBSes had instructions for making these, but they weren’t any help for BBSing.
Black box phreaking
Black boxes are a type of box I didn’t know about in the 80s and 90s. They allowed a residential line to receive calls without charging the caller, in effect, turning your landline into an 800 number. It was just a resistor or zener diode in line with the phone line, and it defeated the mechanical relays in the phone network that were used to trigger billing. Unlike red boxes or blue boxes, black boxes worked on the receiving end.
I hesitate to call this phreaking, because orange boxes were used to spoof caller ID after caller ID became available in the late 1980s. They didn’t steal long distance services, but allowed you to make a call while making it look like it came from somewhere else. It’s phreaking in the sense that Steve Wozniak says he phreaked, for amusing himself with pranks. While phreaking is obsolete today, caller ID spoofing is positively rampant.
The end of phreakers
Phreaking is obsolete today, of course. As I was writing this, my wife walked in the room and asked what I was writing about. “Stealing long distance,” I said nonchalantly.
“Why does anyone need to do that anymore?” she asked.
It’s been a long time since there was any reason to steal long distance service in the United States. Two things happened in the mid 90s that caused it.
Let’s start with the less obvious first. Gen X went to college and discovered the Internet. This was a gradual thing, but our older friends would go to college, and tell us when they came back for the summer about the Internet. We’d get there, then we’d discover this amazing thing for ourselves. Granted, it wasn’t much like it is now, but we had e-mail and chat and file transfers. And none of it involved making long distance calls. You just went to the computer lab, or dialed into your university’s modem bank, and it connected you to the world. Or at least, the world of your other friends in college.
And it’s no great exaggeration that it was Gen X who didn’t want to give up the Internet after graduation and figured out how to commercialize it. BBSing and the Internet existed in parallel for a few years, but they sure faded fast after the mid 90s.
The more obvious reason was affordable cellular phones. In 1987, a cell phone cost $1,400 and that didn’t include a plan to use it. Now, before you say that phones cost $1,000 today, when you adjust for inflation, that’s $3,179 in today’s dollars. But by 1993, I was seeing ads in all the college papers for phones. The phone itself cost around $200 as long as you bought a plan, and I remember the plan costing around $50 a month. The ad encouraged you to buy it even just to use for long distance. If you made more than 8 hours’ worth of long distance calls every month, it was worth it.
Not everyone did, at least not at first. But by the early 2000s, I knew people who had ditched their landlines and just used cellular phones for everything. They made enough long distance calls that it saved them money.