Fraud and the Blue Box

by Colin Berkshire

Colin here. A recurring, popular news theme is about hackers and the billions of dollars in fraud that they inflict upon the public. It’s a feel good topic that gets people outraged.

Blue Box

Bust most if the stories on fraud are something of a fraud themselves. This is as true today with credit card fraud as it was fifty years ago with Blue Box fraud.

Fifty years ago the Blue Box was invented. Quite simply, you dialed a toll fee number and then using the internal signaling tones of the phone company you redirected the call to any number on earth that you desired. The billing system thought the call was free and the switching system just followed orders and put the call through. The mechanics were profoundly simple…you just needed to be able to generate seven different tones…a task no more complicated than the circuitry inside a touch-tone dial.

For decades AT&T fought these fraudsters, called Phone Phreaks. For 25 years AT&T claimed it was technically unable to prevent this fraud because these Phreaks were deeply embedded into the logic of the phone network. In fact, this story was far from the truth.

The security on the AT&T toll network was grossly inadequate, more akin to a vending machine operating by having a cup of change in front of it and everybody paying using the honor system. Let me explain.

For most of the life of circuit switching systems, AT&T used a philosophy of “calling party control.” Basically, the dialing party had absolute control over the connection. You could, for example, go to a coin phone and drop in a nickel and call somebody and they literally could not hang up the line. Then, you went to their home and robbed them or whatever and they couldn’t use their phone because they couldn’t get a dialtone. As long as the coin phone remained off hook the called phone was locked out of service.

This trivially fixed flaw is truly what enabled all Blue Boxing. Had AT&T modified their phone systems to disconnect the circuit when the called party hung up then Blue Boxing would not have worked.

You see, Blue Boxers would call a toll free number to start up the free billing. Then, they would send a 2600 Hz tone to signal the toll network that the calls was terminated and the toll network could tear down the connection. But the local Central Office would not disconnect until the far end hung up. The 2600 Hz tone then caused the toll network to think a new call was originating and allow a new number to be entered.

Had the local Central Office been designed so that the far end could hang up and the entire connection be dropped Blue Boxing would have been impossible.

In the late 1970s I was asked to solve the Blue Boxing problem. (I was known as a go-to guy full of simple and clever solutions to problems). I explained that we could eliminate all Blue Boxing with a programming change of about 250 lines of code in the 1ESS, and with a simple wiring change to crossbar and panel offices. The step-by-step switches were problematic, but were being phased out rapidly. My boss was ecstatic, and being a Vice President he called in some folks from Bell Labs, WeCo, and AT&T Long Lines to check my answer out.

We had a special meeting to discuss adding called party control to the Class 5 central offices, which would have prevented Blue Boxing. Everybody agreed it was a pretty simple answer. For the 1ESS switches the nationwide cost was estimated at about $250,000 based upon the average Bell Laboratories cost of $1,000 per line of code. Wiring mods would need to be installed on the electro-mechanical common controls of Crossbar and Panel offices. It was all very straightforward.

Everything was on track to eliminate Phone Phreaking in less than a year until the Marketing department got involved. Then, things got crazy.

Marketing then asked what would happen to company revenues if we solved the Blue Box problem. We all responded that they would go up. I remember the Marketing Manager yelling at all of us: “Wrong. Wrong. Wrong! Our revenues would go down.” Huh?

He stated that he didn’t feel that many of these blue box calls would actually be paid for if they weren’t free. Many were from hobbyists as an entertainment of sorts and they wouldn’t be paying for long distance.

He then stated that we actually make money on Blue Box calls. The increased circuits we needed to build out were simply added to the “rate base.” We earned a fixed percentage of our rate base, being a regulated monopoly. Thus, if these Blue Boxers chewed up 5% of our network then that is a 5% growth in our rate base and a 5% growth in our profits.

Not only would it be stupid to invest the few million dollars to prevent this problem, but it could potentially cost us many times more than that by reducing the rate base. As far as  marketing was concerned the Blue Boxers would better serve the company if they would simply place their calls during the peak hours that determined how many facilities we needed to build out. He then joked that the fraud security folks were sales people keeping alive the allure of Phone Phreaking in colleges by slapping students on the wrist.

It was this perverse experience which was one of my earliest introductions to corporate revenue fraud. It was perverse because in the end the powers  understood that fraud can be a profit center.