HOME

TheInfoList



OR:

A blue box is an electronic device that produces tones used to generate the
in-band signaling In telecommunications, in-band signaling is the sending of control information within the same band or channel used for data such as voice or video. This is in contrast to out-of-band signaling which is sent over a different channel, or even o ...
tones formerly used within the North American long-distance telephone network to send line status and called number information over voice circuits. This allowed the user, referred to as a " phreaker", to surreptitiously place long-distance calls that would be billed to another number or dismissed entirely as an incomplete call. A number of similar "color boxes" were also created to control other aspects of the phone network. First developed in the 1960s and used by a small phreaker community, the introduction of low-cost microelectronics in the early 1970s greatly simplified these devices to the point where they could be constructed by anyone reasonably competent with a
soldering iron A soldering iron is a hand tool used in soldering. It supplies heat to melt solder so that it can flow into the joint between two workpieces. A soldering iron is composed of a heated metal tip (the ''bit'') and an insulated handle. Heating ...
or
breadboard A breadboard, solderless breadboard, or protoboard is a construction base used to build semi-permanent prototypes of electronic circuits. Unlike a perfboard or stripboard, breadboards do not require soldering or destruction of tracks and are h ...
construction. Soon after, models of relatively low quality were being offered fully assembled, but these generally required tinkering on the part of the user to keep operational. An exception was the robust system designed by
Steve Wozniak Stephen Gary Wozniak (; born August 11, 1950), also known by his nickname "Woz", is an American electronics engineer, computer programmer, philanthropist, inventor, and entrepreneur, technology entrepreneur. In 1976, with business partner Steve ...
prior to starting work on the
Apple I The Apple Computer 1, originally released as the Apple Computer and known later as the Apple I or Apple-1, is an 8-bit desktop computer released by the Apple Computer Company (now Apple Inc.) in 1976. It was designed by Steve Wozniak. The i ...
. It was sold by
Steve Jobs Steven Paul Jobs (February 24, 1955 – October 5, 2011) was an American entrepreneur, industrial designer, media proprietor, and investor. He was the co-founder, chairman, and CEO of Apple; the chairman and majority shareholder of Pixar; ...
. Blue boxes stopped working as the long-distance network was increasingly digitized, replacing the call-control tones with
out-of-band signaling In telecommunication, signaling is the use of signals for controlling communications. This may constitute an information exchange concerning the establishment and control of a telecommunication circuit and the management of the network. Class ...
methods in the form of
common-channel signaling In telecommunication, common-channel signaling (CCS), or common-channel interoffice signaling (CCIS), is the transmission of control information ''( signaling)'' via a separate channel than that used for the messages, The signaling channel usually ...
(CCS) carried digitally on a separate channel that is inaccessible to the telecom customer. The original technique was of limited use by the 1980s, and of almost no use today.


History


Automated dialing

Local calling had been increasingly automated through the first half of the 20th century, but long-distance calling still required operator intervention. Automation was deemed essential by
AT&T AT&T Inc. is an American multinational telecommunications holding company headquartered at Whitacre Tower in Downtown Dallas, Texas. It is the world's largest telecommunications company by revenue and the third largest provider of mobile ...
. By the 1940s they had developed a system that used audible tones played over the long-distance lines to control network connections. Tone pairs, referred to as multi-frequency (MF) signals, were assigned to the digits used for telephone numbers. A different, single tone, referred to as single frequency (SF), was used as a line status signal. This new system allowed the telephone network to be increasingly automated by deploying the dialers and tone generators on an as-required basis, starting with the busier exchanges.
Bell Labs Nokia Bell Labs, originally named Bell Telephone Laboratories (1925–1984), then AT&T Bell Laboratories (1984–1996) and Bell Labs Innovations (1996–2007), is an American industrial research and scientific development company owned by mul ...
was happy to advertise their success in creating this system, and repeatedly revealed details of its inner workings. In the February 1950 issue of
Popular Electronics ''Popular Electronics'' was an American magazine published by John August Media, LLC, and hosted at TechnicaCuriosa.com. The magazine was started by Ziff-Davis Publishing Company in October 1954 for electronics hobbyists and experimenters. It soo ...
, they published an advertisement, ''Playing a Tune for a Telephone Number'', which showed the musical notes for the digits on a staff and described the telephone operator's pushbuttons as a "musical keyboard". Two keys on a piano would need to be pushed simultaneously to play the tones for each digit. The illustration did not include the tone pairs for the special control signals KP and ST, although in the picture the operator's finger is on the KP key and the ST key is visible. In the 1950s, AT&T released a public relations film, "Speeding Speech", which described the operation of the system. In the film, the tone sequence for sending a complete telephone number is heard through a loudspeaker as a technician presses the keys for dialing. In November 1954, the
Bell System Technical Journal The ''Bell Labs Technical Journal'' is the in-house scientific journal for scientists of Nokia Bell Labs, published yearly by the IEEE society. The managing editor is Charles Bahr. The journal was originally established as the ''Bell System Tech ...
published an article entitled "In-Band Single-Frequency Signaling", which described the signaling scheme used for starting and ending telephone calls for the purpose of routing over trunk lines. In November 1960, an article in the Bell System Technical Journal provided an overview of the technical details of signaling systems, and disclosed the frequencies of the signals. The system was relatively complex for 1950s technology. It had to accurately decode the frequencies and ignore any signals where that frequency might be accidentally created; music playing in the background might randomly contain the SF tones and the system had to filter these out. To do this, the signaling unit compared the signal power from a bandpass filter centered on 2600 Hz to signal power in other parts of the audio band, and only triggered if the tone was the most prominent signal. The originating end of the call would play the tone into the trunk line when the call ended, and trigger the remote end to end the call. After a short time, the originating end reduced the tone level and continued to send tone as long as it received on hook status from its local equipment.


Discovery and early use

Before the technical details were published, many users discovered unintentionally, and to their annoyance, that a 2600 Hz tone played into the caller's handset would cause a long-distance call to disconnect. The 2600 Hz tone might be present if the caller were whistling into the telephone microphone while waiting for the called party to answer. Upon detecting the tone from the caller's end, the receiving signaling unit sent an on hook status to the connected equipment, which disconnected the call from that point forward, as if the caller had hung up. Among the earliest to discover this effect was Joe Engressia, known as ''Joybubbles'', who accidentally discovered it at the age of seven by whistling. He became fascinated with the phone network, and over the next decade had built up a considerable base of knowledge about the system and how to place calls using the control tones. He and other phone phreaks, such as " Bill from New York" and "The Glitch", trained themselves to whistle 2600 Hz to reset a trunk line. They also learned how to route telephone calls by At one point in the 1960s, packages of the
Cap'n Crunch Cap'n Crunch is a corn and oat breakfast cereal manufactured by Quaker Oats Company, a subsidiary of PepsiCo since 2001. After introducing the original cereal in 1963, marketed simply as ''Cap'n Crunch'', Quaker Oats has since introduced numerou ...
breakfast cereal included a free gift: a small whistle that, by coincidence, generated a 2600 Hz tone when one of the whistle's two holes was covered. The phreaker
John Draper John Thomas Draper (born March 11, 1943), also known as Captain Crunch, Crunch, or Crunchman (after the Cap'n Crunch breakfast cereal mascot), is an American computer programmer and former phone phreak. He is a widely known figure within the c ...
adopted his nickname "Captain Crunch" from this whistle. The "toll free" 800 service was launched in 1967 and gave the hackers easy numbers to call. The user would generally choose a number in the target area and then use it as above. Even if billing information were generated, it would be to a 1-800 number and thus free of charge. As before, the remote system would notice a call going to the ultimate non-free number, but could not match the other end.


Technology

It was technically possible to generate the tones with the technology available at the time the system was first deployed. A piano or electronic organ had keys that were close enough in frequency to work. With tuning, they could even be made dead on frequency. For dialing the phone number, the user would press 2 keys at a time. An experienced pianist might have found the key combinations awkward to play. But a blank player piano roll could have been punched to operate the required keys and dial a phone number. Another strategy would have been to purchase doorbells, remove the plungers, and mount them on a frame that could be set over the piano keyboard. Twelve DPDT pushbuttons, labelled KP, ST and the 10 digits, would operate pairs of plungers to play the phone company tones, after the E7 piano key had been pressed and released. At the time, there were consumer devices for recording on wire or blank phonograph records, so the piano did not have to be near the phone. Consumer tape recorders came later and made the recording process easier. Small, battery powered, tape recorders allowed the tones to be played back almost anywhere. It was possible to construct an electronic blue box with 1940s vacuum tube technology, but the device would have been relatively large and power hungry. Just as it did for radios, shrinking them from the size of toasters to the size of cigarette packages and allowing them to be powered by small batteries, transistor technology made a small, battery powered, electronic blue box practical. AT&T security captured its first blue box in about 1962, but it probably was not the first one built. A typical blue box had 13 pushbuttons. One button would be for the 2600 Hz tone, pressed and released to disconnect the outgoing connection and then connect a digit receiver. There would be a KP button, to be pressed next, 10 buttons for telephone number digits, and the ST button to be pressed last. The blue box may have had 7 oscillators, 6 for the 2 out of 6 digit code and one for the 2600 Hz tone, or 2 oscillators with switchable frequencies. The blue box was thought to be a sophisticated electronic device and sold on the black market for a typical $800–1,000 or as much as $3,500. Actually, designing and building one was within the capabilities of many electronics students and engineers with knowledge of the required tones, using published designs for electronic oscillators, amplifiers and switch matrixes, and assembled with readily available parts. Furthermore, it was possible to generate the required tones using consumer products or lab test equipment. The tones could be recorded on small, battery powered, cassette recorders for playback anywhere. To reduce call set up time, telephone numbers were transmitted from machine to machine in a "speed dial" format, about 1.5 seconds for a 10 digit number, including KP and ST. To catch the cheaters, AT&T could have connected monitors to digit receivers that were not being used for operator dialed calls and logged calls dialed at manual speed. So, some hackers went to the extra trouble of building blue boxes that stored telephone numbers and played the tones with the same timing as the machines.


Subculture

The widespread ability to blue box, once limited to just a few isolated individuals exploring the telephone network, developed into a subculture. Famous phone phreaks such as "Captain Crunch", Mark Bernay, and Al Bernay used blue boxes to explore the various 'hidden codes' that were not dialable with a standard telephone. Some of the more famous pranksters were
Steve Wozniak Stephen Gary Wozniak (; born August 11, 1950), also known by his nickname "Woz", is an American electronics engineer, computer programmer, philanthropist, inventor, and entrepreneur, technology entrepreneur. In 1976, with business partner Steve ...
and
Steve Jobs Steven Paul Jobs (February 24, 1955 – October 5, 2011) was an American entrepreneur, industrial designer, media proprietor, and investor. He was the co-founder, chairman, and CEO of Apple; the chairman and majority shareholder of Pixar; ...
, founders of
Apple Computer Apple Inc. is an American multinational technology company headquartered in Cupertino, California, United States. Apple is the largest technology company by revenue (totaling in 2021) and, as of June 2022, is the world's biggest company ...
. On one occasion, Wozniak dialed
Vatican City Vatican City (), officially the Vatican City State ( it, Stato della Città del Vaticano; la, Status Civitatis Vaticanae),—' * german: Vatikanstadt, cf. '—' (in Austria: ') * pl, Miasto Watykańskie, cf. '—' * pt, Cidade do Vati ...
and identified himself as
Henry Kissinger Henry Alfred Kissinger (; ; born Heinz Alfred Kissinger, May 27, 1923) is a German-born American politician, diplomat, and geopolitical consultant who served as United States Secretary of State and National Security Advisor under the presid ...
(imitating Kissinger's German accent) and asked to speak to the Pope (who was sleeping at the time). Wozniak said in 1986: Jobs later told his biographer that if it had not been for Wozniak's blue boxes, "there wouldn't have been an Apple."


In the media

Blue boxing hit the mainstream media when an article by Ron Rosenbaum titled ''Secrets of the Little Blue Box'' was published in the October 1971 issue of ''
Esquire Esquire (, ; abbreviated Esq.) is usually a courtesy title. In the United Kingdom, ''esquire'' historically was a title of respect accorded to men of higher social rank, particularly members of the landed gentry above the rank of gentlema ...
'' magazine. Suddenly, many more people wanted to get into the phone phreaking culture spawned by the blue box, and it furthered the fame of Captain Crunch. Two major amateur radio magazines ('73' and "CQ') published articles on the telephone system in the mid-1970s. CQ Magazine published details on phone phreaking, including the tone frequencies and several working blue box schematics in 1974. The June 1975 issue of '73' featured an article describing the rudiments of the long-distance signaling network, how to construct red and blue boxes, and put them into operation. Around the same time, do-it-yourself kits were available to build one's own blue box. In November 1988, the
CCITT The ITU Telecommunication Standardization Sector (ITU-T) is one of the three sectors (divisions or units) of the International Telecommunication Union (ITU). It is responsible for coordinating standards for telecommunications and Information Comm ...
(now known as
ITU-T The ITU Telecommunication Standardization Sector (ITU-T) is one of the three sectors (divisions or units) of the International Telecommunication Union (ITU). It is responsible for coordinating standards for telecommunications and Information Co ...
) published recommendation Q.140 for the
Signaling System No. 5 The Signaling System No. 5 (SS5) is a multi-frequency (MF) telephone signaling system that was in use from the 1970s for International Direct Distance Dialing (IDDD). Internationally it became known as CCITT5 or CC5.
, which caused a resurgence of blue boxing incidents in a new generation of users. During the early 1990s, blue boxing became popular with the international warez scene, especially in Europe. The software was made to facilitate blue boxing using a computer to generate the signaling tones and play them into the phone. For the PC there were BlueBEEP, TLO, and others, and blue boxes for other platforms such as
Amiga Amiga is a family of personal computers introduced by Commodore International, Commodore in 1985. The original model is one of a number of mid-1980s computers with 16- or 32-bit processors, 256 KB or more of RAM, mouse-based GUIs, and sign ...
were available as well.


Operation


Automating dialing

Local
plain old telephone service Plain old telephone service (POTS), or plain ordinary telephone system, is a retronym for voice-grade telephone service employing analog signal transmission over copper loops. POTS was the standard service offering from telephone companies from 1 ...
works by watching the voltage on the telephone lines between the telephone company's exchange office and the customer's telephone. When the phone is on-hook ("hung up") the approximately 48 
volt The volt (symbol: V) is the unit of electric potential, electric potential difference (voltage), and electromotive force in the International System of Units (SI). It is named after the Italian physicist Alessandro Volta (1745–1827). Defin ...
electricity from the exchange flows to the phone and is looped back without passing through the handset. When the user picks up the handset, the current has to flow through the speaker and microphone in it, causing the voltage to drop to under 10 V. This sudden drop in voltage signals the user has picked up the phone. Originally, all calls were routed manually by an operator who would look for small
light bulb An electric light, lamp, or light bulb is an electrical component that produces light. It is the most common form of artificial lighting. Lamps usually have a base made of ceramic, metal, glass, or plastic, which secures the lamp in the soc ...
s that would illuminate when the user picked up the phone. They would connect a handset to the line, ask the user who they were calling, and then connect a cable between two phone jacks to complete the call. If the user was placing a long-distance call, the local operator would first talk to an operator at the remote exchange using one of the trunk lines between the two locations. When the local operator heard the remote customer come on the line, they would connect their local customer to the same trunk line to complete the call. The calling process began to be automated from the earliest days of the telephone system. Increasingly sophisticated
electromechanical In engineering, electromechanics combines processes and procedures drawn from electrical engineering and mechanical engineering. Electromechanics focuses on the interaction of electrical and mechanical systems as a whole and how the two systems ...
systems would use the changes in voltage to start the connection process. The
rotary dial A rotary dial is a component of a telephone or a telephone switchboard that implements a signaling technology in telecommunications known as pulse dialing. It is used when initiating a telephone call to transmit the destination telephone nu ...
was introduced around 1904 to operate these switches; the dial rapidly connects and disconnects the line, a process known as pulse dialing. In common systems, these periodic changes in voltage caused a
stepper motor A stepper motor, also known as step motor or stepping motor, is a brushless DC electric motor that divides a full rotation into a number of equal steps. The motor's position can be commanded to move and hold at one of these steps without any posi ...
to rotate one position for each digit, and longer delays to switch from one rotary switch to another. When enough digits had been decoded, typically seven in North America, connections between each rotor would select a single line, the customer being dialed. The concept of using voltages to complete the call worked well for the local exchange where the distance between the customer and exchange office might be on the order of a few kilometers. Over longer distances, the
capacitance Capacitance is the capability of a material object or device to store electric charge. It is measured by the change in charge in response to a difference in electric potential, expressed as the ratio of those quantities. Commonly recognized are ...
of the lines filter out any rapid changes in voltage and dialing flashes do not reach the remote office in clean form. Through this period, long-distance calls still required operator intervention. As telephone use grew, long-distance calling in particular, telephone companies were increasingly interested in automating this type of connection.


Long-distance direct dialing

To address this need, the Bell System adopted a second system on the circuits that connected the exchanges. When the user dialed a long-distance number, indicated in North America by dialing a "1" at the beginning of the number, the call was switched to a separate system known as a "
tandem Tandem, or in tandem, is an arrangement in which a team of machines, animals or people are lined up one behind another, all facing in the same direction. The original use of the term in English was in ''tandem harness'', which is used for two ...
". The tandem would then buffer the remaining digits and decode the number to see which remote exchange was being dialed, generally using the
area code A telephone numbering plan is a type of numbering scheme used in telecommunication to assign telephone numbers to subscriber telephones or other telephony endpoints. Telephone numbers are the addresses of participants in a telephone network, r ...
for this purpose. They would then look for a free trunk line between the two exchanges; if none were available the tandem would play the reorder signal (the "fast busy") to tell the user to try the call again later. The basic protocol for finding a free line worked by playing a 2600 Hz tone into the line whenever it was not being used. The tandems at both ends of a given trunk line did this. When the tandem determined which remote exchange was being called it scanned the trunk lines between the two exchanges looking for the tone. When it heard the tone on one of the lines, it knew that line was free to use. They would then select that line and drop the 2600 Hz tone from their end. The remote tandem would hear the tone stop, drop their tone, and then play a ''supervision flash'', making a "ka-cheep" sound, to indicate they had noticed the signal. The line was now free on both ends to connect a call. Pulse dialing still had the problem that sending the dialed number to the remote exchange would not work due to the capacitance of the network. The tandems solved this by buffering the phone number and then converting each digit into a series of two tones, the multi-frequency signaling system, or "MF". Once the local tandem had found a free line and connected to it, it then relayed the rest of the phone number over the line using the tone dialing method. The remote tandem then decoded the tones and turned them back into pulses on the local exchange. To indicate the start and end of a series of MF digits, special MF tones, KP and ST, were used. When the call was complete and one of the parties hung up the phone, that exchange would notice the change in voltage and begin playing the 2600 Hz tone into the trunk line. The other end of the connection would hear the tone and cause their local call to hang up as well, and then began playing the tone into their end as well to mark the line free on both ends.


Blue boxing

The blue box consisted of a set of audio oscillators, a
telephone keypad A telephone keypad is a keypad installed on a push-button telephone or similar telecommunication device for dialing a telephone number. It was standardized when the dual-tone multi-frequency signaling (DTMF) system was developed in the Bell S ...
, an
audio amplifier An audio power amplifier (or power amp) is an electronic amplifier that amplifies low-power electronic audio signals, such as the signal from a radio receiver or an electric guitar pickup, to a level that is high enough for driving loudspea ...
and
speaker Speaker may refer to: Society and politics * Speaker (politics), the presiding officer in a legislative assembly * Public speaker, one who gives a speech or lecture * A person producing speech: the producer of a given utterance, especially: ** In ...
. The operation of a blue box was simple: First, the user placed a
long-distance telephone call In telecommunications, a long-distance call (U.S.) or trunk call (also known as a toll call in the U.K. ) is a telephone call made to a location outside a defined local calling area. Long-distance calls are typically charged a higher billing rate ...
, often to a number that was in the target area. Usually, this initial call would be to a
1-800 number A toll-free telephone number or freephone number is a telephone number that is billed for all arriving calls. For the calling party, a call to a toll-free number from a landline is free of charge. A toll-free number is identified by a dialing prefi ...
or some other non-supervising telephone number like directory assistance. Using a toll-free number ensured that the phone being used for access would not be billed. When the call began to ring, the caller would hold the speaker over the microphone in the handset and use the blue box to send the 2600 Hz tone (or 2600+2400 Hz on many international trunks followed by a 2400 Hz tone). Hearing this tone, the remote office believes the user hung up before the call completed, and disconnects the call on their exchange. As always, it then begins playing 2600 to mark the line free. However, this does not disconnect the call locally, only physically hanging up the phone will do that. So, in this case, the user is left on a live line, one that is connected via a long-distance trunk line to a target exchange. The user now stops playing the tone. The remote exchange interprets this loss of tone to mean the exchange's tandem is attempting to place another call. It responds by dropping its tone and then playing the flash to indicate it is ready to accept routing tones. Once the far end sends the supervision flash, the user uses the blue box to send a "Key Pulse" or "KP", the tone that starts a routing digit sequence, followed by either a telephone number or one of the numerous special codes that were used internally by the telephone company, then finished with a "Start" tone, "ST". At this point, the far end of the connection would route the call the way it was told, while the user's local exchange would presume the call was still ringing at the original number.


Countermeasures

Blue boxing remained rare until the early 1970s when the required systems began to drop in cost and the concept began to be more widely known. At the time, phreakers felt there was nothing Bell Telephone could do to stop blue boxing because it would require Bell to upgrade all their hardware. For the immediate term, Bell responded with a number of blue box detection and law enforcement countermeasures. Armed with records of all long-distance calls made, kept by both mechanical switching systems and newer electronic switching systems, including calls to
toll-free telephone number A toll-free telephone number or freephone number is a telephone number that is billed for all arriving calls. For the calling party, a call to a toll-free number from a landline is free of charge. A toll-free number is identified by a dialing pre ...
s which did not appear on customer bills, telephone security employees began examining those records looking for suspicious patterns of activity. For instance, at the time, calls to long-distance information, while answered, deliberately did not return the electrical "off hook" signal indicating that they had been answered. When an information call was diverted to another number that answered, the billing equipment would log that event. Billing computers processing the logs and would generate lists of calls to information that were answered. In the early days, the lists were probably intended to detect equipment malfunctions, but the follow up investigation did lead to blue box users. After the toll free "800" service was inaugurated, the billing computers were also programmed to generate lists of lengthy calls to toll free numbers. While many of these calls were legitimate, telephone security employees would examine the lists for irregularities and follow up. In this case, filters could be installed on those lines to block the blue box. Bell also would wiretap the affected lines. In one 1975 case, the Pacific Telephone Company targeted one defendant's line with the following equipment: * A CMC 2600, a device which registers on a counter the number of times a 2600 Hz tone is detected on the line; * A tape recorder, activated automatically by the CMC 2600 to record two minutes of telephone audio after each burst of 2600 Hz activity; and * A Hekemian 51A, which replicates the functions of the CMC 2600 and also produces a paper tape print-out of outgoing calls. Ordinary calls were recorded in black ink and destination numbers called via the blue box were recorded in red ink. These actions resulted in several highly publicized trials.


Decline

The ultimate solution to the blue box vulnerability was to do what the phreakers thought impossible and upgrade the entire network. This process occurred in stages, some of which were already well underway in the early 1970s. The T1 system was developed beginning in 1957 and began to be deployed around 1962. It digitized the voice signals so that they could be more efficiently carried in high-density connections between exchanges, carrying 24 lines on a single 4-wire connection. Depending on the network layout, the user might no longer be connected directly to a tandem, but instead to a local office that forwarded the signal over a T1 to a more distant exchange that did have the tandem. Simply due to the way the system worked, the supervisory signals had to be filtered out in order for the digitization of the analog signal to work. Recall that the 2600 Hz tone was not dropped from the trunk until the line was connected all the way and would be mixed with other tones like the ringing or busy signal; when used over a T1 this tone mixed with other signals and caused a problem known as "quantization noise" that distorted the sound. These tones were thus filtered down on either side of the T1 connection. Thus it was difficult to blue box in such an environment, although successes are known. But blue boxing was eventually eliminated entirely for unrelated reasons. In the existing tandem-based network, completing a call required several stages communicating over the trunk line, even if the remote user never answered the call. As this process might take on the order of 10 to 15 seconds, the total wasted time across all of the trunk lines could be used to carry additional calls. To improve line usage, Bell began the development of the Number One Electronic Switching System (1ESS). This system performed all the calling and line supervision using a separate private line between the two offices. Using this system, when a long-distance call was placed the trunk line was not initially used. Instead, the local office sent a message containing the called number to the remote exchange using this separate channel. The remote office would then attempt to complete the call, and indicate this to the original office using the same private line. Only if the remote user answered would the systems attempt to find a free trunk line and connect, thereby reducing the use of the trunk lines to the absolute minimum. This change also meant the signaling system was available internally to the network on this separate line. There was no connection between the user lines and this signaling line, so there was no route by which the users could influence the dialing. The same rapid reduction in prices that made the blue box possible also led to the rapid reduction in cost of the ESS systems. First applied only to their busiest connections, by the 1980s, the latest
4ESS The No. 4 Electronic Switching System (4ESS) is a class 4 telephone electronic switching system that was the first digital electronic toll switch introduced by Western Electric for long-distance switching. It was introduced in Chicago in Janua ...
models and similar machines from other companies were deployed to almost all major exchanges, leaving only corners of the network still connected using tandems. Blue boxing worked if one connected to such an exchange, but could only be used end-to-end if the entire network between the two endpoints consisted only of tandems, which became increasingly rare and disappeared by the late 1980s. Analog long-distance transmission systems remained more cost effective for the long haul circuits until, at least, the 1970s. Even then, there was a huge installed base of analog circuits, and it made better economic sense to keep using them. It was not until competitor Sprint built its all digital, "quiet", network, where "you could actually hear a pin drop", that AT&T took a multi-billion dollar write-off and upgraded its long-distance network to digital technology. The phreaking community that had emerged during the blue box era evolved into other endeavors and there currently exists a commercially published hacking magazine, titled '' 2600'', a reference to the 2600 Hz tone that was once central to so much of telephone hacking.


Frequencies and timings

Each multifrequency tone consists of two frequencies chosen from a set of six, shown in the table on the left. The
Touch Tone Dual-tone multi-frequency signaling (DTMF) is a telecommunication signaling system using the voice-frequency band over telephone lines between telephone equipment and other communications devices and switching centers. DTMF was first developed ...
encoding is shown by the table on the right:
The rightmost column is not present on consumer telephones.
Normally, the tone durations for passing numbers from machine to machine in a "speed dialing" format are on for 60 ms, with 60 ms of silence between digits. The 'KP' and 'KP2' tones are sent for 100 ms. KP2 (ST2 in the R1 standard) was used for dialing internal Bell System telephone numbers. However, actual tone durations can vary slightly depending on location, switch type, and the machine status. For operators, technicians, and blue box phone phreakers, the tone durations would be set by how long the buttons were held down and, for silence, how long before manually pressing the next button. A blue box could have been constructed which would send the tones with machine to machine timing, with the number either stored in digital memory or a matrix of switches. In the switch matrix, there might be 10 rows for digits, each with 5 switches. Two switches would be moved to on, selecting the 2 tones. (KP and ST would be hard wired.) The 5 switches could be labelled 0, 1, 2, 4, and 7, with the user selecting pairs of switches adding to each digit, with special case 4 plus 7 for digit 0. Alternatively, the tones could be recorded on magnetic tape, which would be cut into pieces and spliced together, using a commercial splicer for accurate alignment. If the phreaker matched machine dialing and recorded at 7.5 ips (inches per second), the splices for tone and silence would be about 1/2-inch long., with KP 3/4-inch long. For more manageable splicing lengths, the phreaker could use a 15 ips tape recorder, which was less common, and double those lengths. For those without a 15 ips machine but having 2 tape recorders, the tones could be recorded an octave low at 7.5 ips, the pieces spliced together would be were double those lengths. The spliced tape would be re-recorded from a 7.5 ips machine to a 3.75 ips machine. The resulting recording could be played back at 7.5 ips. An interval of 2600 Hz, to disconnect the trunk, followed by an interval of silence, to give enough time for a digit receiver to connect, would be added to precede KP. This set of MF tones was originally devised for
Bell System The Bell System was a system of telecommunication companies, led by the Bell Telephone Company and later by the American Telephone and Telegraph Company (AT&T), that dominated the telephone services industry in North America for over one hundr ...
long-distance operators placing calls manually, as well as machine to machine dialing, and predates the DTMF ''Touch-Tone'' system used by subscribers. The leading 1 for customer dialed long-distance calls was not dialed. For operators, the line was muted during dialing, but, for customer telephones, it was only muted while a key was pressed. The Touch Tone frequencies were chosen to minimize the risk of customer talking while dialing, or background sounds, being registered as a digit or digits and resulting in a wrong number. Muting guarded against that happening during operator dialing, so the MF system did not have to be, and was not, so robust. The tones have a simple 200 Hz spacing. For Touch Tone, harmonic relationships and intermodulation products were taken into account in the choice of tones.


Special codes

Some of the special codes a person could get onto are in the chart below. " NPA" is a telephone company term for 'area code'. Many of these appear to have been originally three-digit codes, dialed without the leading area code, and the format of destination numbers dialed to the international senders has changed at various points as the ability to call additional nations was added. * NPA+100 – Plant Test – Balance termination * NPA+101 – Plant Test – Toll Testing Board * NPA+102 – Plant Test – Milliwatt tone (1004 Hz) * NPA+103 – Plant Test – Signaling test termination * NPA+104 – Plant Test – 2-way transmission and noise test * NPA+105 – Plant Test – Automatic Transmission Measuring System * NPA+106 – Plant Test – CCSA loop transmission test * NPA+107 – Plant Test – Par meter generator * NPA+108 – Plant Test – CCSA loop echo support maintenance * NPA+109 – Plant Test – Echo canceler test line * NPA+121 – Inward Operator * NPA+131 – Operator Directory assistance * NPA+141 – Rate and Route Information * 914+151 – Overseas incoming (White Plains, NY) * 212+151 – Overseas incoming (New York, NY) * NPA+161 – trouble reporting operator (defunct) * NPA+181 – Coin Refund Operator * 914+182 – International Sender (White Plains, NY) * 212+183 – International Sender (New York, NY) * 412+184 – International Sender (Pittsburgh, PA) * 407+185 – International Sender (Orlando, FL) * 415+186 – International Sender (Oakland, CA – in this era, 510 was TWX) * 303+187 – International Sender (Denver, CO) * 212+188 – International Sender (New York, NY) Not all NPAs had all functions. As some NPAs contained multiple cities, an additional routing code was sometimes placed after the area code. For instance,
519 __NOTOC__ Year 519 ( DXIX) was a common year starting on Tuesday (link will display the full calendar) of the Julian calendar. At the time, it was known as the Year of the Consulship of Iustinus and Cillica (or, less frequently, year 1272 ''A ...
+044+121 may reach the Windsor inward operator and 519+034+121 the
London London is the capital and List of urban areas in the United Kingdom, largest city of England and the United Kingdom, with a population of just under 9 million. It stands on the River Thames in south-east England at the head of a estuary dow ...
inward operator distant, but in the same area code.


In other countries

Another signaling system widely used on international circuits (except those terminating in North America) was
CCITT The ITU Telecommunication Standardization Sector (ITU-T) is one of the three sectors (divisions or units) of the International Telecommunication Union (ITU). It is responsible for coordinating standards for telecommunications and Information Comm ...
Signaling System No. 4 (friendly named 'SS4'). Technical definitions are specified in formerly CCITT (now
ITU-T The ITU Telecommunication Standardization Sector (ITU-T) is one of the three sectors (divisions or units) of the International Telecommunication Union (ITU). It is responsible for coordinating standards for telecommunications and Information Co ...
) Recommendations Q.120 to Q.139.CCITT SS4 / ITU-T Q.120–139 https://www.itu.int/rec/dologin_pub.asp?lang=e&id=T-REC-Q.120-Q.139-198811-I!!PDF-E&type=items This was also an in-band system but, instead of using multifrequency signals for digits, it used four 35 ms pulses of tone, separated by 35 ms of silence, to represent digits in four-bit binary code, with 2400 Hz as a '0' and 2040 Hz as a '1'. The supervisory signals used the same two frequencies, but each supervisory signal started with both tones together (for 150 ms) followed, without a gap, by a long (350 ms) or short (100 ms) period of a single tone of 2400 Hz or 2040 Hz. Phreaks in Europe built System 4 blue boxes that generated these signals. Because System 4 was used only on international circuits, the use of these blue boxes was more specialized. Typically, a phreak would gain access to international dialing at low or zero cost by some other means, make a dialed call to a country that was available via direct dialing, and then use the System 4 blue box to clear down the international connection and make a call to a destination that was available only via operator service. Thus, the System 4 blue box was used primarily as a way of setting up calls to hard-to-reach operator-only destinations. A typical System 4 blue box had a keypad (for sending four-bit digit signals) plus four buttons for the four supervisory signals (clear-forward, seize-terminal, seize-transit, and transfer-to-operator). After some experimentation, nimble-fingered phreaks found that all they needed was two buttons, one for each frequency. With practice, it was possible to manually generate all the signals with sufficient timing precision, including the digit signals. This made it possible to make the blue box quite small. A refinement added to some System 4 blue boxes was an anti-acknowledgment-echo guard tone. Because the connection between the telephone and the telephone network is two-wire, but the signaling on the international circuit operates on a four-wire basis (totally separate send and receive paths), signal-acknowledgment tones (single pulses of one of the two frequencies from the far end of the circuit after receipt of each digit) tended to be reflected at the four-wire/two-wire conversion point. Although these reflected signals were relatively faint, they were sometimes loud enough for the digit-receiving circuits at the far end to treat them as the first bit of the next digit, messing up the phreak's transmitted digits. What the improved blue box did was to continuously transmit a tone of some other frequency (e.g., 600 Hz) as a guard tone whenever it was not sending a System 4 signal. This guard tone drowned out the echoed acknowledgment signals so that only the blue box-transmitted digits were heard by the digit-receiving circuits at the far end.


See also

* Falsing *
Operation Cybersnare Operation Cybersnare was a United States Secret Service operation in 1995 targeted at computer hackers. In January 1995, the Secret Service set up an undercover bulletin board system in Bergen County, New Jersey. This was the first undercover ...
– Story involving blue boxing from the United States


References


Bibliography

*


External links


The SARTS technical journal





Text files about blue boxing



Fun with Dick and Jane by Lewis Gum and Edward Oxford – an article that appeared in the 1978 Bell Telephone Magazine about telephone fraud and Phone Phreaks

A site dedicated to the history of phone phreaking, with extensive information on blue boxing.

A working, publicly accessible simulation of the old telephone network that allows legal blue boxing. It also has instructions for building a basic blue box.

November 1954, Bell System Technical Journal article titled "In-Band Single-Frequency Signaling" (A. Weaver and N. A. Newell)

November 1960, Bell System Technical Journal article titled "Signaling Systems for Control of Telephone Switching" (by C. Breen and C. A. Dahlbom)
*
A commercially available test set playing tones "speed dial"
{{Phreaking Boxes Phreaking boxes