Exploding the Phone: The Untold Story of the Teenagers and Outlaws who Hacked Ma Bell

Posted on by Ben Rothke

In Exploding the Phone: The Untold Story of the Teenagers and Outlaws who Hacked Ma Bell, author Phil Lapsley  was able to track down many of the original phone phreaks and get their story.  Many of them, even though the years have passed and statute of limitations expired, had asked Lapsley not to use their real names.

While parts of the story have been told before, Lapsley’s far-reaching research brings many of the central characters into a single read, resulting in an extremely interesting and engrossing read.

When Alexander Graham Bell created his harmonic telegraph, which would later turn into the telephone, it was like the Internet, built for functionality, with no inherent security controls.  Those security vulnerabilities were begging to be found, and when they were discovered by the phone phreaks, it was a wake-up call to AT&T.

Defining a phone phreak is just as challenging as defining a hacker; as it means different things to different people.  Lapsley defines it as “someone who loves exploring the telephone system and experimenting with it to understand how it works. 

What the phone phreaks did was to spend endless hours dialing different numbers to understand how the inner-workings of the telephone system operated.  Meaningless sounds to most people were music to the phreaks as they could determine how calls were routed via these tones.  

Many of the phreaks practiced what is today known as social engineering and would impersonate phone company employees and technicians. 

The devices that enabled them to make phone calls were called black boxes, blue boxes, and red boxes.  The book notes that Steve Wozniak (who wrote the foreward to the book) and Steve Jobs sold blue boxes before they started Apple.  In fact, Jobs is quoted as saying that if they hadn't built blue boxes, there wouldn’t have been an Apple.

The book has many layers to it.  One part is an interesting history of the telephone and long-distance communications.  It then segues into phone phreaks, who much like early computer hackers, used the phone network as a portal for exploration and hacking.  The vast majority of the phone phreaks did it for the thrill, rather than just to make free phone calls.

One of the things the phone phreaks did was to read as much corporate documentation and manuals (obtained both legally and serendipitously) as they could.  Lapsley notes that many of the technical documents that the phone company shared were in truth highly confidential.

As AT&T was a monopoly (and a hostile one at that) with zero competition, the notion that someone would use their own technical documentation against them was inconceivable.  Lapsley writes that for reasons of corporate pride, national service and public relations, AT&T felt an obligation to share its latest and greatest technical feats with the public.  For that reason, the Bell System Technical Journal was required reading for every phone phreak.

The books web site has available many of the technical documents detailed in the book that played a role in the development of phone phreaking.   Included is the article a 1971 article from EsquireSecrets of the Little Blue Box by Ron Rosenbaum, that AT&T was able to suppress.

The book details many similarities between the phone phreaks and the early Internet hackers.  While law enforcement stated that Kevin Mitnick could launch missiles via whistling into the phone, law enforcement called the phone phreaks a public menace, mentally unstable, a national threat and much more.

Like early hackers, the phone phreaks showed how engineering insiders are often the last to know what is actually possible with the systems they design.  Lapsley noted that part of the problem was pride, in that Bell Labs had created the public telephone switching network, and they didn’t want to admit how vulnerable it was.  Its engineers were spring-loaded to disbelieve reports to the contrary. 

Another advantage the phone phreaks, like hackers, had is that the Bells Labs engineers only looked at the systems as how it was supposed to work.  That blinded them to how the system actually did work and how it could be made to do things it was never designed to do,

The results were that they couldn’t see the holes in their own network; holes that a blind teenager found.  Even when that blind teenage told them of the problem, (the book tells the story of Joe Engressia), they didn’t understand it when first described to them.

The book describes another major technical security oversight made by AT&T in 1970 with the introduction of the telephone credit card. Lapsley writes that fraud was epidemic as AT&T’s credit card numbering system was a bad joke from a security perspective.  The card numbers were easy to guess and highly predictable resulting in millions of dollars of related fraudulent calls.

One of the main recurring characters in the book is John Draper, better known as Captain Crunch.  Draper made a lot of money as a legitimate software engineer, but lost it due to his business naiveté and personal demons. Draper had numerous arrests related to phone phreaking and served time in prison.

The book notes that Draper’s arrest in 1976 is a textbook case of how not to deal with the FBI when arrested.   One of the incredulous things Draper did when he was read his rights was to waive them.  While the FBI didn’t have a search warrant, he voluntarily allowed them to search his apartment and Volkswagen Van, where incriminating evidence was indeed discovered.

While Draper was later convicted, the book quotes a fascinating observation by a phone company employee in that 90% of the phone phreak and hacker cases, law enforcement in fact had no criminal case.  Most of the evidence they had was things they couldn’t be prosecuted for.  Either there was no legitimate crime on the books or all they had was the phone phreaks confession, but no tangible evidence.

It wasn’t just the phone phreaks who were raising havoc on the phone company networks.  The book writes of others who used black boxes and blue boxes for free calls. From Mafia bookies, to the Hare Krishna movement making fraudulent long-distance phone calls.

The book closes in 1982 when the US Dept. of Justice and AT&T came to an agreement to break up Ma Bell in the Baby Bells.

Lapsley has a degree in electrical engineering from UC. Berkeley so he as a deep first-hand understanding of the technology he is writing about.  He also has the unique ability to write about bland technical topics and make them both engaging and comprehendible. He understands directly the curiosity the phone phreaks had and the passion to understand the inner workings of the phone system.

For a book that ends over 30 years ago, Phil Lapsley does a superb job of writing the story of the glory days of phone phreaking.  In 2013, the notion of a domestic long-distance call is for the most not in anyone’s lexicon. But making free long-distance calls was the mantra of the phone phreaks.

Exploding the Phone is the first comprehensive history of the era of phone phreaking and Lapsley has done a masterful job a making the story fascinating and readable. 

Ben Rothke

Senior Information Security Manager, Tapad

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment.  Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA® Conference, RSA Security LLC or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.

Share With Your Community