I’ve been asked this before: How did you not get caught hacking in your youth, especially when you were being looked at by at least two federal agencies? The short answer is OPSEC and luck. Today’s blog post is a bit of detail about one specific “tactic” I used related to OPSEC. I think this was a rather uncommon tactic that really helped my efforts, and hopefully you’ll find it entertaining.

Background

First a bit of background. I’d had at least two land lines at the house since the early ‘90s, and added a third line as I got serious about the whole Internet thing. At one point there was a fourth line added. You see, there was the main phone line, the kids’ phone, the Internet dialup, and the fax line. Yes, a dedicated fax line, it was used probably at least once a week during its peak usage. Eventually as technology would change and choices were offered up, the lines slowly disappeared.

With the advent of ISDN in my service area by my local provider AT&T, I opted to disconnect the POTS Internet line and replace it with ISDN. The wiring on the outside of my house was a bit of a mess, and when the tech was installing the new ISDN hardware, I asked if they were going to pull the old line out. Oh no, he said, too much effort. If they needed the connection at the junction box out by the main street they’ll disconnect things there. And this gave me an idea.

I knew where that junction box was. I had visited it before (mainly out of curiosity) and thought wait a minute, maybe I should check this out a bit further as I have an idea.

The Junction Box Hack

A few days after ISDN was installed and the old Internet POTS line was disconnected, I grabbed some tools including a linesman’s handset, a hard hat, a reflective vest, and headed over to the junction box. I figured if I looked the part, no one would question what I was doing. I opened the junction box (a simple lock, easy to pick) and after some trial and error I was able to determine which line was probably my recently disconnected Internet POTS line. A bit more trial and error and I had a list of working phone numbers in that junction box, compiled by using the handset and dialing the local ANAC.

After a bit of research at home, I had a candidate - one of the circuits in the junction box was an insurance agent and their business office was in a nearby strip shopping center. Back to the junction box, I wired my disconnected POTS line into the business circuit, and that evening after the business was closed, I tested the line at home. Success! Now I could use my old modem attached to this line, and when that business was closed I could use their business line for dialup.

What was the point of this? Well, I wanted to avoid a wiretap incriminating me. This seemed like a great way to get around the old-fashioned wiretaps. They don’t put the taps on the outside of your house - they contact the phone company, get your phone lines, and tap them at the phone company central office nearest your home. If they did that to me, they’d get nothing.

The Process

Of course the seasoned amongst you might have spotted a minor flaw in this bit of OPSEC. I lived extremely close to this business, and if an investigator tracing back an attack to that business and discovered that my residence was on the same junction box, well, that would be that. So I devised a process:

• I only connected in the evening hours, usually quite late in case anyone at that business decided to work late.

• I never made a long distance call from that business. Instead I dialed into a Ft. Worth business and their PBX which was the Meridian Mail system. I had a Meridian Mail “zero day” of sorts, in that I knew how to input a series of choices that would drop me out to a dial tone, and then I’d dial up another modem using that business’ outbound 800 trunk.

• From that other modem I could get on the Internet and go do my voodoo.

This meant that if I were being investigated, from my end they’d get nothing. From the receiving end of my “activities” they’d get one of several modems in different parts of the country which they could trace back as far as the business in Ft. Worth, and from there it would be rather difficult to trace back further. Not impossible, but with all of these added layers I felt some level of protection.

Summary

Just so you know, a lot of my experience with phone companies and hardware was because of my weird dealings with AT&T. I had also spent a lot of time on hacker BBSes and had done a fair bit of wardialing, so I had a general working knowledge of phreaking. I simply put it to good use. I wish I could remember the name of that agent’s insurance business - they closed shop decades ago. I do remember when I saw the “for lease” sign in the insurance business’ window I disconnected my line, for fear that a new tenant might require a visit by the phone company to the junction box. Many old junction boxes are still around in the neighborhood, with most being abandoned and vandalized, but the particular one I accessed is long gone.

Did I take other precautions? Sure, but those can wait until another day.