[ D4RKCYDE ] yyyyyssssyyyy yyyyssssyyyy yyyy yyyy |lS$$ yy $$$$ """" yy lS$$ S$$$ S$$$$$ $$$$$ S$$$ssssyyyy :|lS$ ""yyyyy yyyyssss|lS$ lS$$ lS$$ yy$$$$$ lS$$ yy lS$$ :||lS$$ $$$$$ :|lS yy :|lS |lS$ |lS$ $$ yyyy |lS$ $$ |lS$ :::|l ,$$$$$ ::|l $$ ::|l :|lS :|lS $$ :|lS :|lS $$ :|lS ::::| $$$$$$ :::| $$ :::| ::|l ::|l $$ ::|l ::|l $$ ::|l .:::: ....... .:::....:::: .::| ..:|....:::| .::| .. .::| [ F41TH ISSUE TEN: OCTOBER 1999 ] . . : | +-----------[ hybrid * http://darkcyde.phunc.com +-----------[ jasun * http://hybrid.dtmf.org +-----------[ zomba * #darkcyde EFNET +-----------[ digiphreq * mailto: hybrid@dtmf.org +-----------[ downtime * mailto: hybrid@unixcode.com +-----------[ force * +-----------[ lowtek * +-----------[ bodie * +-----------[ microwire * +-----------[ shadowx * FIND US ON THE PSTN, B1TCH +-----------[ sintax * +-----------[ shylock * (C)D4RKCYDE 1997,98,99+ +-----------[ elaich * +-----------[ mata * | * +----------------------------------------------------------------+ | : . So close it has no boundaries... A blinking cursor pulses in the electric darkness like a heart coursing with phosphorous light, burning beneath the derma of black-neon glass. A PHONE begins to RING, we hear it as though we were making the call. The cursor continues to throb, relentlessly patient, until... . : | -+[ editorial and introduction to f41th 10 +-> jasun/hybrid <---+ -+[ letters to f41th & D4RKCYDE +-> doods <---+ -+[ news update /bt adsl +-> hybrid <---+ -+[ government covert telecommunications interception +-> hybrid <---+ -+[ DDSN intellegent network +-> kelticphr0st <---+ -+[ guide to being arrested in the uk +-> bodie <---+ -+[ meridian security audit, and switch hacking +-> hybrid <---+ -+[ sco buffer overflow lameness +-> darkraver <---+ -+[ making chipz +-> hitman <---+ -+[ systemx internal network operations /structure +-> hybrid/GBH <---+ -+[ digital access carrier system DACS +-> hybrid <---+ -+[ outness +-> jasun/hybrid <---+ | : . "when we come to your town, bow down" -the w00 . : | +-+[ editorial ]+---> by jasun <--------------------------+ +-+[ D4RKCYDE ]+---> jasun@phreaker.net <--------------------------+ | : . Here we are with f41th issue 10, edited this time around by jasun. I suggested to hybrid that I would take the job of editing and compiling this issue of f41th, so he could have a break from it for a while. So, here we are again with another issue packed full with info straight from the heart of some twisted but intelligent people, who are constantly increasing their knowledge base and kindly passing their knowledge onto you! You may have noticed some new sections in this issue, such as News and Letters. We decided that we would inlude these to let you all know some of the feedback we receive, as always some positive and some negative, everyone has their own opinions. The main thing is that by reading any issue of Faith and indeed any ezine or article, you are hopefully learning something new that you did not already know about or expanding your knowledge futher to what you already did know. Afterall, spreading knowledge to others is what it's all about... "Share what you know and learn what you don't" as they say. Also, just a little note about some two upcoming events, Catastrophe '99 & H2K. Catastrophe '99 will be held on the 4th December '99 in Manchester, United Kingdom. It's mainly a party, but from information that is flowing around, there will be speakers and much more as well. It should be a good event, considering the success of the previous Manchester parties. I don't have a url for this event yet, but it should be up soon. More details as they are announced will be posted in the next issue of Faith. H2K, Hope2000 will be Held in New York City, from July 14-16th next year. As this event is a little further away than Manchester, we are going to be booking travel and accomodation much earlier. A group of people are going from the UK, if you are considering it, please contact us as we can probably organsise a group discount deal if we all book together. H2K will be a 24 hour event for the full three days, as far as speakers and events are concerned, check out the official conference website, http://www.h2k.net Enjoy this issue, jasun. : " Good. Adaption. Improvisation. But your weakness isn't your technique. " -Morpheus/Matrix . : | +-+[ letters to f41th ]+---> <-----------------------------+ +-+[ D4RKCYDE ]+---> hybrid@dtmf.org <-----------------------------+ | : . Date: Wed, 4 Aug 1999 04:53:07 +0100 From: wheeler14@postmaster.co.uk To: hybrid@dtmf.org Subject: URL http://hybrid.dtmf.org/main.html Hi, i am a relative newcomer to phreaking and i was wondering if you could just answer a simple question for me.: whilst scanning 0800892xxx i kept getting an american woman saying, "your call cannot be completed as dialed please check and try again", prey tell if you will, what the ?$"£< does this bloody mean. i take it that these numbers are something to do with direct dialling, however i am probably totally wrong. If you could help me out with this poxy woman as i will scream if i hear her again. if you can assist i can be contacted through this mail address: wheeler14@postmaster.co.uk cheers, MAV [ yo mav.. "your call cannot be completed as dialed, please check the number and try again, 2BM".. anoying huh? Try scanning O8OO 96X-XXX, then you'll really see how anoying the stupid telco international DMS gateway recording really is. The answer is quite simple, where the 2BM recording is, a terminating line once existed. Infact, I'm sure that anyone that scans will find this 2BM recording EXTREAMLY anoying, infact, going through my scans I have just worked out that I've had to listen to that 2BM whore 2,429 times.. my advise to you: after listening to that damn recording over and over and over and over and over again, you'll notice a faint humming noise on the line just before the b1tch begins to speak.. just do what I do, hang up before you have to listen to it. If you are truely twisted and insane (like me) you can goto www.telecom-digest.org and follow the link to a website called "the website you have reached" where you can listen to 1OO's of telco fault/test recordings in .wav format. For those of you who want to hear this damn recording (from the UK) dial one of the following numbers, try to resist the urge to smash up your telephone... O8OO 961 OO6, O8OO 961 O21. ] Date: Sun, 25 Jul 1999 04:03:08 +0100 From: xrayman To: hybrid@dtmf.org Subject: subscribe subscribe xrayman@freeuk.com [ heh ] Date: Thu, 29 Jul 1999 21:15:16 +0100 From: tommy To: hybrid@dtmf.org Cc: tmcoy@globalnet.co.uk Subject: phreaking Regarding the uk phreaking scene, I hope you could please e-mail up-to-date information on obtaining free calls from bt phoneboxes and cocots and boxing including blue, black etc ( including wether any of the above are possible now in 99). As I have read alot of files on the web most if not all are outdated therefore I was hoping for you to provide some useful e-mail or irc sources because any new info is not released to the web to prevent BT who can monitor the web from holing up any loopholes. Finally, would you kindly obtain some bulletin board numbers with info on the above and comment on their usefulness. tommy [ heh. tip: nothing is outdated or obsolete, people just forget how to do shit. Phreaking is not about making free calls. I'm not going to mail you codez. BBSs: I used to run one, I got pissed off with ppl dialing up in the hope that when they discconect they will have the abilty to place free calls. BBSs are rare these days, and in most cases are aimed at people that take a more serious approach to the 'scene' (no k0d3 kiddies) - try altavista.com keywords "help i'm lame" or goto the library and get "toll-fraud for dummies" ] Date: Fri, 23 Jul 1999 18:04:45 +0100 From: Neon Bunny To: hybrid@dtmf.org Subject: Faith I'm currently compiling a collection of files about different types of systems (e.g. Shiva-LAN-Rover, VAX etc.) and how to identify them. I'd be grateful if you'd give me permission to distribute your article from Faith 3 on Shiva-LAN-Rover systems. I'll just snip the article but leave the header including the author's name & email. While on the subject of permission, I take it that it's ok to distribute the full collection of faith (1-7) at my site below, if not then let me know and I'll shift 'em. I also have a handscan of 0800 891XXX which I can send if you want it for the next faith. NeonBunny --- Have you seen the new BunnyBox??? www.bunnybox.f9.co.uk [ werd. n/p dude.. just one thing: if you decide to distro f41th on ya box, be sure to have the latest issue linked to the following address.. ] f41thx This message contains non-ASCII text, which can only be displayed properly if you are running X11. What follows may be partially unreadable, but the English (ASCII) parts should still be readable. please help me iam being bothered by this lad but i cant get his ip address to bother him back could you tell me how? shaggy@corl.fsnet.co.uk [ ? ] i have been reading faith zine for some time, and i was wondering if subscription is possible where some auto-bot would notify us, devoted users, of every new issue. thatnk you for your time. -- Be well, Net Runner [ just download it ] just a quick one,,,,,don't take away the ascii logs,, the humour in them and the similar funny parts of f41th are the things that set you apart from the "other mags". Like for example the fun you had in #jesus. that reminded me of when i went in there,, took the piss out of the ops for not being christian enough...(i was arguing that jesus wouldn't ban ppl from the chat room)...... the logs and other stuff make the readers think that the zine's being written by people we understand and emphasize with. it's nothing massive but it's one step away from the mag we can read and laugh at the same time. cheers anyway, mail us back if you want to discuss anyfing,,, or catch me on efnet - Degener8 [ yeah/ish ] Hi, Just a quick note to say what a great site you have got and to ask a quick question. If I wanted to obtain Tools and Equipment for research purposes to do with hacking/phreaking where could I get hold of them? Cheers THE FAT MAN [ the donut store ] This message contains non-ASCII text, which can only be displayed properly if you are running X11. What follows may be partially unreadable, but the English (ASCII) parts should still be readable. APT Issue 5 is now out. Download it from: http://surf.to/krash For subscription information, email me with the subject CMD:HELP [ NO#@~%$!! - your magazine and its SWAT team crew can suck my left nut. All the stuff on your site sucks, i dont wanna know how to blow shit up, I THINK I KNOW HOW TO FUCKING RED B4WX.... GO AWAY, AND SEEK HELP ] " Your spoon does not bend because it is just that, a spoon. Mine bends because there is no spoon, just my mind. " -SpoonBoy/Matrix . : | +-+[ f41th Newz ]+---> by hybrid <-----------------------------+ +-+[ D4RKCYDE ]+---> hybrid@dtmf.org <-----------------------------+ | : . /* * UK moblie telecom companys asked to * cut down on cellular masks */ UK cellphone companys such as Orange, one2one, cellnet etc have been told not to install to many radio masks. The fact is, we need more to improve reception, but alot of people seem to think they ruin the scenery of England. WTF?.. This is no shit, now cellular giants such as cellnet are developing anttenas that are in the shape of trees and brown in colour so they "blend in" LOL. In one area of the UK, an anttena was errected near to an old persons home, soon after, residence of the old peoples home complained that the CellNet radio mask was interfering with thier hearing-aid equipment! And of course the mask was taken down and moved, so a whole bunch of people lost cellular coverage simply because some old hag's hearing aid.. shiet@œ$! what is this country! -- i want out!, wheres my ticket to NY? /* * BTs new generation of switches * for the UK communications backbone. */ BT have announced a framework agreement with Ericsson for the development and supply of the next generation, high performance switches designed to meet the needs of the rapid data traffic growth in the UK. The deal is worth potentially up to œ270 million and will secure BTs network capacity into the next millennium. The new switches from Ericsson will enable BT to expand its backbone network capacity rapidly to meet the anticipated growth in Internet, high speed data and video services. The Ericsson switches will integrate seamlessly into BTs existing network. The switches will be deployed over the next four years using state of the art technology, providing initial switching capacities of up to 160 Gigabits per second and future growth into Terabits. The first switch was scheduled to go live in June, 1999. All switches will be directly connected to BTs optical fibre SDH network, which currently has more than 600 nodes and is doubling in size every year. Installation work to replace existing trunk switches with the new high performance switches started during 1999 and will continue over the next four years. This investment is over and above the œ800 million expenditure BT announced last May, which is being used to extend significantly the reach of BTs core Synchronous Digital Hierarchy (SDH) optical fibre transmission network and exploit Dense Wave Division Multiplexing (DWDM) technology. /* * Oftel look into ADSL * (about fucking time) */ There are many things that I dislike about BT and UK regulators such as Oftel, one of them being they all brag about "High-Tech" technologys on the UK PSTN such as ISDN, or how gratefull we should be that we _only_ have to pay 1p a minute for local calls (net access). Like, get with the program, heh. BT need to sort it out.. ISDN blows, but they seem to think its the forefront of technology.. Oh yeah, not to mention the fact that if you have a standard line, and ask BT for a second line for net access, guess what? - they wont install a second line for you, they will stick a device such as the DACS (Digital Access Carrier System) on your line which will split it into 2 seperate carriers.. W0W, thanks BT, now I can join the "BT SuperHighway" at lightning speeds of a maximum of 28800bps, and courtisy of BT "SuperHighway" I get bonus CRC checksum errors! IF YOU ARE ONE OF THE MILLIONS OF UK BT SUBSCRIBERS THAT ASKED BT TO INSTALL A SECOND LINE FOR YOU, CHANCES ARE YOU HAVE A DACS II, OR WB900 UNIT MULTIPLEXING YOUR LINE.. TRY DOING A SALT TEST FROM THE LINE.. 17070.. IT WONT WORK CUSE THAT LINE IS NON EXISTANT. PHONE BT _NOW_ TELL THEM YOU DONT WANT THEIR PIECE OF SHIT "HIGH TECH" DACS UNIT ON YOUR LINE.. GET WHAT YOU PAID FOR (A REAL LINE). DACS/WB900= 28.8, TELL THEM WHERE TO GO. note: I know someone that had a BT DACS line spliter fitted who asked BT for a SECOND line.. we phoned BT and asked why this was.. " dood, why can I only get 28.8 on my line? " " you need to update your modem " " i have a 56k modem, it doesnt like your DACS superhighway " blah blah blah.. then they said... (get aload of this shit) " The reason the DACS II system is deployed is because we have concerns about the environment, if everyone had 2 lines it would be wires everywhere.... " AND..?? BT seem to think that including E.T. in their lame-ass adverts will impress customers with their services.. The money they spent on the copyright rights to show E.T. was probably enough to update an exchange, but thats BT for you, they'll be selling baked-bean cans with string attached to them soon.. THEY DONT CARE ABOUT UK TELECOMS.. THEY JUST WANT YOUR 1P p/m Anyways, I'm getting worked up here, so I'm going to continue with the newz.. The UK telecoms regulator Oftel, has proposed that ADSL should be present in rural and "disadvantaged" areas of the UK, therefore BT have (proposed) that 400 exchanges will be updated to carry the "new" technology by March 2000.. Areas that will benifit from ADSL (Asymmetric Digital Subscriber Line) are as follows: London * Cardiff * Belfast * Coventry * Manchester * Newcastle * Leeds * Edinburgh * Glasgow * Heh, BT need to sort it out.. considering ppl in NewYork are able to get 7 Mbit/sec ADSL connections (equivalent to 1,500 BT "superhighway" connections) sn1per$/sbin/ping :( For more information regarding Oftel and BT goto: www.oftel.gov.uk or www.bt.com /* * PLE (phone loosers of england) * appologise to D4RKCYDE... */ [ taken from http://www.phoneloosers.com ] [ phoneloosers of england ] 03/09/1999 PLE Appologises to D4rkcyde "We want to apologise to d4rkcyde for including some of their scanned numbers in the PLE Phone directory without getting their permission. OKaos sent you an E-mail but when you never replied he stupidly took this as a yes, and this was obviously wrong. OKaos has now been relieved of his duties of Editor - we felt this was the best thing to do. If we could find any of your important members on IRC or anywhere else for that matter we would apologise in person, but as we can't even find your site anymore this will have to do. Sorry Guys, hope you can understand / forgive..." irc: #darkcyde efnet url: http://darkcyde.phunc.com " Fuckin' idiots don't know shit. " -Neo/Matrix . : | +-+[ Government telecommunications interception ]+---> by hybrid <-----------+ +-+[ D4RKCYDE ]+---------------------------> hybrid@dtmf.org <-----+ | : . BL4CKM1LK teleph0nics [ http://hybrid.dtmf.org ] Covert Government/Military Interception of International Telcommunications. (Pure Paranoia) Written for f41th magazine, October 1999 by hybrid Part I 1. Introduction 2. Communications Intelligence (COMINT) and the NSA a) UKUSA Alliance 3. The Covert Interception of International Telecommunications a) International Leased Carrier (ILC) Interception b) High Frequency Radio Interception c) Interception of Microwave Radio Relays d) Interception of Submerged Telecommunications Cables e) Covert Communications Satellites f) Communications Techniques o Operation SHAMROCK o More High Frequency Radio Interception o The Space interception of InterCity Networks o SIGNIT Satellites Part II 5. Introduction to part II a) Submarine Cable Interception b) Covert Interception of the Internet Protocol 6. Covert Collection of High Capacity Signals a) New Satellite Networks/Systems b) ILC Processing Techniques 7. Hardcore Telecommunications Covert Interception a) Broadband (High Capacity Multi-Channel) Communications b) Covert Telecommunications Interception Equipment o Extraction of Wideband Signals and Data Analysis o Covert Data Processing, Fax Transmission Analysis o Multi Protocol Traffic Analysis Techniqes c) Speech Recognition and Voice Interception o Advanced Speech Recognition, Real CallerID 8. Closing, Summerisation a) My PGP Key ;> Part I ------ 1. Introduction =============== Are you paranoid? You damn well should be. I've recently come accross some very disturbing facts about how international covert governemt organisations intercept, filter and colate data from international communication protocols and networks. This article is only the very tip of the iceberg, their is no way I could possibly cover the wide spectrum of "big brother" activity that shadows over the communication networks that are deployed at present, to do so would require a whole database. The fact is big brother IS watching you, not just you, but also other governments and echonomical bodies. In this file I will discuss the different, very covert techniques that are deployed by certain agencys and alliances to efectivly intercept any type of public, or supposid "classified" data/voice transmission. After reading this article, you'll probably think twice before placing a phone call. 2. Communications Intelligence (COMINT) and the NSA =================================================== COMINT is an abbreviation for Communications Intellegence. The covert interception of telecommunications has existed for a very long time, and began around about the same time that public telecommunications became widely available. It is evident that every single "technologicly advanced" country in the world participates in the covert interception of foreign communication mediums. I would define it as an ongoing game of counter- intellegence, where superpower nations are spying on each other, spying on each other. The scary thing is, it's not just diplomatic communications that are being intercepted, in most cases, an entire nations telecommunications infastructer is being monitored, both from remote locations, and from our own intellegence organistaions spying on us. The NSA openly admit to such activity, although would probably deny any "local" communication interception techniques. COMINT is in the same intelllegence fammily as SIGNIT (Signals Intellegence) which involves the interception of signal emmisions from sources such as radar emmisions. Obvious COMINT communications targets: (interception) o military communications o diplomatic communications o economic intellegence o scientific intellegence o drug trafficking o organisied crime o severe fraud o terrorism Side note: hacking, phreaking, participation in "underground" hacking collectives would be defined as organised crime, and in some cases defined as terrorism. (they have a real nice way of classifying things) a) UKUSA Alliance USSS (United States Signit System) is made up of the NSA (National Security Agency), collective sub-units known as the "CSS" (Central Security Service), aswell as some parts of the CIA and surrrounding organisations/bodies. After the second world war in 1947, the US made and aggrement with the UK to commense international intellegence operations world wide. Other English speaking countrys where allied into the UKUSA aggrement as second partys, they include Canada, NewZealand and Austailia. The UKUSA intellegence alliance was not exposed until earlier this year (March 1999), when the Austrailian government confirmed its deployment of DSD (Defense Signals Directorate) and admited to being part of the UKUSA colaboration of intellegence gathering. 3. The Covert Interception of International Telecommunications ============================================================== a) International Leased Carrier (ILC) Interception A knowledgable phreak will know how easy it is to intercept supposid private telecommunications, we all know that the US PSTN (Public Switched Telephone Network) is made up of RBOCs (Regional Bell Operating Companys) which all deploy multiple levels of switching architecture and signal protocols. For over 80 years, incomming and outgoing international telecommunications traffic passing through International eXchange Bounderys have been intercepted and filtered for an initative known as "National Security". All US RBOCS have strong links with COMINT, and IXCs (Inter eXchange Carriers) such as AT&T have ties with goverment communication collectives. COMINT organistaions refere to such carrier providers as ILCs (International Leased Carriers), and would obviously have to work closly with such providers where telecommunications interception is involved. b) High Frequency Radio Interception The majourity of the worlds international contempory telecommunications networks are made up of optical transmission protocols, but before this, most international telecommunications where conducted via HF transmission (Higher Freqency) and was used both for public communication aswell as diplomatic and military communications. ------------x-----------------------x-----------------------x / \ / \ / / \ / \ / / \ / \ / / \ / \ / / \ / \ / x-----------------------x-----------------------x------------- x) y) z) In the above diagram, (x) is transmitting to (z). The HF signal is bouncing from the Earths ionosphere back down to (y), then back to the ionosphere, down to (z). Incididently, in this scenario, (y) is the dude in the middle, incercepting the transmission before it reaches (z). Here, the interception of transmission was reletivly straight forward because HF radio transmissions are bounced from the Earths ionosphere and back down to the Earths surface, forming a zigzag type path around the world. This provided ample space for a primitive "man in the middle" interception of the reception of such data. c) Interception of Microwave Radio Relays Microwave radio was deployed in the 1950s as a means to provide higher- cappacity inter-city communications, implementing telephony and televison. Microwave parabolic dishes are placed around 50km apart from each other, as a means of communicaion relay stations. Later I will discuss how such a communications medium can be intercepted. d) Interception of Submerged Telecommunications Cables Early international telecommunications where very primitive compared to what we have today, and only allowed a maximum capacity of 100 telephone calls on similtanious channels. Today Optical Fibre transmission systems are deployed as part of the world wide PSTN, and can handle 5Gbps of similtanious data transmission, which is 60,000 phone calls occuring similtaniously, which is why we no longer require operators to place international calls. e) Covert Communications Satellites Because of the nature of microwave emmisions, they do not reflect off of the Earths ionosphere like HF radio transmissions. Instead, they penetrate the Earths atmosphere and are emited off into space. This is where the covert satelites come into the picture. x salelite / \ / \ / \ / \ / \ ------------x-----------------------x------------ ionosphere / \ / \ / \ / \ / \ x-----------------------------------------------x- earths surface x) z) The most popular satelite setup are those that operate in geo-stationary orbit, or (the clark belt) and are provided for broadcasting purposes. The largest collection of communications satelites in orbit are the COMSATs and are operated by the International Telecommunications Satelite organisation (Intelsat). The latest addition of telecommunications satelites can handle over 90 thousand similtanious calls each. f) Communications Techniques Before 1970, the majourity of communications systems where of anolouge nature and utilised continuous wave technique. Now, in all majour communication systems are digitaly derived, and provide a much higher capacity. The highest capacity systems are for use of internet backbone usage (STM-1/OC-3) and can operate at data rates of 155Mbs (Million bits per second) which is the equivalent to the transmission of 1 thousand books a minute. I'll cover these transmission techniques in more detail in the technical part of this file. Where this type of digital communication is deployed COMINT organisations cannot intercept data unless they have diect access to the communications channels that the data travels over. The data is usually encrypted, but no big deal for such an collective as COMINT, so they obtain access to these communications channels with (or without) the prior co-operation of the carrier provider. o Operation SHAMROCK The NSA are well known for systematically gathering telecommunications traffic from offices of majour cable companys. The interception of cable traffic in the US is refered to as "operation shamrock", and until recently remained un-exposed for over 30 years. In 1975 an NSA director admitted to the US house of representatives that such operations do exist within the NSA. "..The NSA systematically intercepts international communications, both voice and cable" "messages to and from American citizens have been picked up in the course of gathering foreign intelligence". "...was obtained incidentally in the course of NSA's interception of aural and non-aural (e.g., telex) international communications and the receipt of GCHQ-acquired telex and ILC (International Leased Carrier) cable traffic (SHAMROCK)..." o More High Frequency Radio Interception HF radio transmissions are easy to intercept, in the sense that all you need is the appropraite equipment, and an area which is located in a quiet radio location. Up until 1980 the NSA and the UK's GCHQ used HF radio interception equipment to capture European HF communication on a base in Scotland. The equipment used then was a 400 meter in dialmeter antenna, and was designed to be omnidirectional (capture emitions from every possible angle). Their is a secret base in the UK at Chicksands which is operated by the NSA and DODJOCC, It's purpose is to collect and intercept Soviet and Warsaw Pact air force communications, and also to collect ILC and "NDC" (Non-US Diplomatic Communications). o The Space interception of InterCity Networks Long distance microwave involves the implementation of many transmitters and relay stations. When a microwave transmission takes place, the recieving end only absorbs a small fraction of the orional signal strength, the parts of the microwave transmission that the reciever didn't pick up pass through the Earths atmosphere into space as discussed before. Therefore, contempory microwave communications are intercepted by covert intellegence gathering satelites that are mounted 80 degrees longditude of the horizon. At present, their are many secret satelites operating both in geo-syncronous orbit aswell as satelites following mission paths that gather as much microwave communication traffic as possible and relay back to secret installations on Earth. o SIGNIT Satellites The CIA first launched the SIGINT satelite program back in 1967 which lasted until 1985. The satelites where operated from remote ground installations in Austrailia and implemented parabolic antenna which where able to unfold once in orbit, initially the satelites intercepted transmisisons from the VHF radio band. To this date, similar satelites are in use, codenamed MAGNUM and ORION, they are designed to intercept and filter multiple communications methods on Earth such as VHF radio, cellular and mobile phones, pagers, and also mobile data links, packet radio etc. The idea of this is fairly daunting, basically if you page your girlfriend, chances are the pager radio signal will be intercepted but probably filtered as it would be of no relevance to "national security". This is not some paranoia/conspiracy theory, this is fact. The IOSA system (Intergrated Overhead Signet Architecrure) is very much at large to this date, and is controled from ground level at the following locations accross the world: o Buckley Field, Denver, Colorado o Pine Gap, Australia o Menwith Hill, England o Bad Aibling, Germany Each "secret" installation is rumoured to cost alot of money to run, somthing in the line of 1 billion dollars each. In 1998, the US National Reconnaissance Office (NRO) said it would combine the three separate classes of Sigint satellites into an Integrated Overhead Sigint Architecture (IOSA) in order to " improve Sigint performance and avoid costs by consolidating systems, utilising ... new satellite and data processing technologies". Because of this new spy satelite setup in earth orbit, the US can now use its newly aquired technology to intercept ANY mobile communications source, including city to city traffic accross the globe. The main intension of these satelites is however to concentrate on foreign military and diplomatic "hotspots". GCHQ in the UK are now part of project MERCURY and use the system for similar purposes. Part II ------- Introduction to part II ======================= Summerising part I, we now know about covert satelites, the basess, and the general layout of microwave interception. Now I'm going to discuss the slighlty more scary stuff, the parts that affect me and you, ranging from the interception of phone traffic, to the mass intellegence gathering on the internet. Hopefully you've read all of part I so you can understand the folowing better, if you just paged you suck. Submarine cable interception Submarine cables are widley used in international telecommunications, and are therfore a target for anyone wishing to intercept international telecommunications traffic. Juring the 1970s, a secret submerged cable taping operation nammed "IVY BELLS" was executed by US submarines near the USSR. The mass line tap operation of USSR communication ended in 1992 when the geographic locations of the submerged line taps where sold to KGB by a former NSA employlee. To this date, the US still plant submerged line taps on various communications links, rumoured to be the Middle East, the med, eastern asia, and south america. The United States is the only naval power known to have deployed deep-sea technology for this purpose. Where fibre Optic cables are concerned, it is impossible to simply place a radio sensitve inductive tap on them, because obviously fibre Optics don't leak radio freqency signals. However, the NSA spend alot of time and money into the research of Optical fibre tapping, and are rumoured to be successful in such research using optoelectronic "repeaters" which boost signal levels over long distances. Covert Interception of the Internet Protocol ============================================ The NSA and GCHQ all operate a private network which is concidered to be just as large as the public net. This private network is known as project EMBROIDERY and is said to span the globe via a massive WAN network. It is this network which is said to serve such purposes as project ECHELON and other intellegence projects. The whole system is based on the IP protocol. The majority of internet traffic origionates or is passed through the US, and major routers. Sinse early 1990, the COMINT project have developed systems which intercept and filter all packet, or digital data traveling via the US net backbones. The targets of such interceptions are communications between Europe, Asia, Oceania, Africa and South America. When a packet is sent, depending on the time stamping of the origin and destination, it is likely it will pass through a major network exchange somewhere in the US. For example, routers in USwest are most idle when European packet traffic is at its peak beacuse of the time zone differences. Because of this, hig capicity network traffic will pass through the routers which are situated in USwest, which subseqentialy the NSA have access to (for COMINT purposess), it is then that the NSA can intercept data traveling to and from European countrys. Where COMINT and the internet are concerned, COMINT interception takes advantage of the way in which internet packets are routed, in the sense that datagrams contain the numerical routing instructions which are used by COMINT to filter irrelevant traffic. Any packet with a military or diplomatic datagram origin, is likely to be intercepted at a major US network backbone to be filtered or analyised. alt.Usenet discussion groups are well known to be intercepted and analyised by government agencys, such usnet traffic accumulates about 15 gigs of transmitted data per day. Intellegence agencies have open access to all usenet discussion groups, and most store the information in massive data- bases. For example, in the UK, the DERA (Defense Evaluation and Research Agency) maintain a 1 terrabyte databasse which contains 90 days worth of all usnet messages. DERA also operate web-robots which scan the net for certain keywords and then mirror entire sites on this database. Subseqentialy my own site has been visited by DERA, and sinse then is visited 2 per month by, xxx.dera.gov.uk - - [18/Jul/1999:16:10:05 -0500] "GET /files/hybrid-files/x Recently an NSA employee informed the public that certain major backbone net exchanges are being monitored for ALL data traveling through them in the US. The NSA either have direct access to them, or have mass sniffer programs running to collect as much data as possible traveling through the follwowing major internet exchanges in the US: (NSA Internet Comint access at IXP sites) Internet site Location Operator Designation ------------------------------------------------------------------------------ FIX East College Park, Maryland US government Federal Information Exchange ------------------------------------------------------------------------------ FIX West Mountain View, California US government Federal Information Exchange ------------------------------------------------------------------------------ MAE East Washington, DC MCI Metropolitan Area Ethernet ------------------------------------------------------------------------------ New York NAP Pennsauken, New Jersey Sprintlink Network Access Point ------------------------------------------------------------------------------ SWAB Washington, DC PSInet/BellAtl SMDS Washington Area Bypass ------------------------------------------------------------------------------ Chicago NAP Chicago, Illinois Ameritech Network Access Point ------------------------------------------------------------------------------ SanFran NAP SanFrancisco, California Pacific Bell Network Access Point ------------------------------------------------------------------------------ MAE West San Jose, California MCI Metropolitan Area Ethernet ------------------------------------------------------------------------------ CIX Santa Clara California CIX Commercial Internet Exchange ------------------------------------------------------------------------------ It is rumoured, and almost certanly true, that a leading US telecommunications and internet provider company are contracted with the NSA to develop specialised mass data gathering software for installation on such internet exchanges, other software manufactures such as microsoft and netscape etc are said to aid in the production of specialised network traffic interception equipment. (see enclosed .jpg files for screenshots) 6. Covert Collection of High Capacity Signals ============================================= Where very sensitive data is concerned, diplomatic agencies are usually very wise to the fact that someone out their may be interested in intercepting it. Therefore, when the more obvious interception methods/procedures are inpracticle, COMINT agencies develope special devices that can be installed on the target premisiss or base. The NSA manufactures specialised equipment for use in covert activitys, one such device is called the "ORATORY" -a computer that fits into a brief case, which is programed to behave on dictionary selection for use in sigint data interception. a) New Satellite Networks/Systems A popular means of communication for government employees are private dedicated mobile communications. Their are satelites orbiting very fast around the earth, each in its own orbit pattern which provide global coverage for diplomatic usage. These systems are sometimes called Satelite Personal Communications Systems or SPCS. At present, their is a satelite network called the IRIDIUM network, which was launched in 1998. The IRIDIUM satelite network implements 66 satelites each relaying mobile data back to the ground. IRIDIUM is considered to be fairly secure, in the sense that anyone trying to intercept network data would have great trouble as the satelites are fast moving and only beam information back down to earth in a concentrated beam. b) ILC Processing Techniques Covert agencies employ a vast array of multi-protocol data interception systems and devices. Such devices are capable of intercepting selectable, or randomly chosen communications channels implementing a new concept called "topic analysis". It has been a rumour for a long time that covert agencies use equipment that is capable of reacting to certain keywords when intercepting voice or modem traffic. It is rumoured that if you say somthing like "kill_the_presedent" over the telephone, you'll have a gathering of feds outside your front door. This rumour however, is probably not true when refering to a residential line, unless a line has been "tapped" beforehand. However, such systems DO exist, and all operate on topic analysis techniques. For example: Such systems are based on dictionary computers with built in (pre-programmed) key words. These systems are designed to be placed in the paths of communications channels, such as standard voice traffic, or modem links. The properties of such systems are as follows: o A topic analysis COMINT system would be "attracted" to certain levels of communications traffic, such as international calls to and from "hotspot" areas, above normal calling freqency (scanning, or suspicious overusage of a given communications protocol). o ability to "pick-up" on certain keywords, or signitures. o voicetracking capabilitys, ie: voice recognition, freqency analysis of voice patterns. It is therefore presumarable that such monitornig devices may be attracted to any given voice/data channel if such patterns are emited, ie: heavy call usage. However, such interception techniques can be impaired to a certain extent, when the channels being monitored implement voice or data encryption, hense the international export laws on cryptographic engines and alghorithms. Comint interception devices are individualy designed to intercept differnt arrays of communications protocols, for example, some devices are designed soly to intercept internet traffic (packet analysis, headers etc) others are designed to intercept pager signals, and voice traffic (topic analysis). Any type of publically known communications medium is subject to interception by a foreign source (if their is motive). 7. Hardcore Telecommunications Covert Interception ================================================== a) Broadband (High Capacity Multi-Channel) Communications taken from a 9x file by me (FDM): http://www.ninex.com/9x/rawtext/9X_TEL.TXT ------------------------------------------------------------------------begin- To maximise the frequency spectrum available over trunk cables and international links, the subscribers base band voice signals covering from 300 to 3400 Hz are translated usinga sideband (SSB) modulation to a higher frequency range suitable for propagation over coaxial cables and radio links. 12 basic channels are modulated on to carriers in the range 64 to 108 KHz and speed 4 kHz apart. When the lower sideband (LSB) is selected, these form a 'group' with a bandwidth of 48 kHz, extending from 60 to 108 kHz. Five groups are then modulated in a similar manner onto carriers spaced at 48 kHz intervals from 420 to 612 kHz to form a 'supergroup'. 16 supergroups are then LSB-SSB modulated onto carriers spaced by 248 kHz from 1116 kHz upwards. This results in band of freqencies from 564 kHz upwards. To utilise the range bellow 564 kHz, a supergroup is modulated on to a 612 kHz carrier which after selection of LSB is reduced to a band between 60 and 300 kHz. The band between 300 and 564 kHz is filled with another supergroup in basic form (312 to 552 kHz). This hierarchy, referred to as 'master' or 'hypergroup', provides a muliplex (including freqency gaps or guardbands to cater for the characteristics of practical filters), with an upper frequncy of close to 4 MHz which is easyily carried over a coax cable. --------------------------------------------------------------------------end- Analouge communications are now more or less obsoleet as literaly all international telecommunications protocols and developments turn digital. Digital telecoms are based on a method called TDM (Time Division Multiplexing), this alows multi-channel communications to take place. The individual conversational channels are first digitised. Information concerning each channel is then transmitted sequentially rather than similtaneously, with each link occupying successive time slots. Bell implement t1 links as part of the majour routng backbones on the US PSTN which handle 24 phone channels at 1.544 Mbps. European countrys, such as the UK, operate on slightly higher transmission speeds as part of the backbone. Instead of T-1 technology, European telco providers have implemented a different protocol called E-1, which carrys 30 phone channels at 2 Mbps. Most COMINT telecommunications interception equipment is designed to intercept the European transmission protocols. New digital telephony techniques are emerging all the time, so Comint agencies spend alot of time and money investigating each new transmission technique. One of the latest developments, is the implementation of the SONET network, which uses synchronised signals which are carried by high capacity optical fibres, and are supposidly easily extractable by Comint agencies when high capacity links are involved. b) Covert Telecommunications Interception Equipment The NSA contract many organisations to devlop and produce Comint and Sigint sophisticated interception equipment. Such entitys include Space Systems, Lockheed, TRW, Raytheon and Bendix. The two majour contracted NSA developers include AST (Applied Signal Technology) and IDEAS corp, where the directors are ex NSA employees. Out of all these NSA contracted developers, AST seems to be the most conspicuous, and describes its equipment as "TEMPEST screened" Such an organisation was described as "the one stop ECHELON shop". Extraction of Wideband Signals and Data Analysis ================================================ Where wideband/broadband siganl interception is concerned, they are usually intercepted from satelite relays and tapped digital multiplexed cables. One such method used by COMINT agencies is called "wideband extraction", and involves utilising specialsed Sigint equipment manufactured by the NSA contracted companies. Interception applications available to COMINT agencies is as followed: (transponder survey equipment) o satellite downlink inception o demodulators o decoders o demultiplexers o microwave radio link analysers o link survey units o carrier analysis systems Satelite data link interception is analysised with AST equipment (AST model 196 transponder charactorisation system) where the basic structure of the siganl is broken down and analyised. The AST model 195 "the SNAPPER" is a wideband snapshot analyiser and capture data from extensivly high capicity systems for extraction. A newly developed system is the AST model 990, "Flexible Data Acquisition Unit", which is designed to record and analyise data from 2.488 Gbps SONET OC-48 telecommunications backbones, this device is fitted with 48 Gigs of memory and is capable of intercepting every packet of data from multiple internet exchanges. The data that is intercepted is then stored on RAID HD networks and then later analyised by an AST SONET 257E analyiser. Their are many steps and procedures that Comint agencies follow when intercepting such data. First, obviously the data is intercepted at links, channels and exchanges, then the captured data is broken down into parts so that multi channel processors can extract then filter the contained messages such as voice channels, fax communication, and modem data. " The AST Model 120 multi-channel processor - used by NSA in different configurations known as STARQUAKE, COBRA and COPPERHEAD - can handle 1,000 simultaneous voice channels and automatically extract fax, data and voice traffic. Model 128, larger still, can process 16 European E-3 channels (a data rate of 500 Mbps) and extract 480 channels of interest. The 1999 giant of AST's range, the Model 132 "Voice Channel Demultiplexer", can scan up to 56,700 communications channels, extracting more than 3,000 voice channels of interest. AST also provides Sigint equipment to intercept low capacity VSAT satellite services used by smaller businesses and domestic users. These systems can be intercepted by the AST Model 285 SCPS processor, which identifies and extracts up to 48 channels of interest, distinguished between voice, fax and data. " Covert Data Processing, Fax Transmission Analysis ================================================= After the actual transmission interception has taken place, the extracted data is then analyised by sophistaicated AST developed software with "user friendly" equipment. AST have developed specialised covert operations data filtering and extraction software called ELVIRA which opertates on given specifications such as STRUM. THe software analysises the data and informs the user of phone call destinations and other signal related information. The information is then sent back to a remote NSA location in the form of CSDF (Collected Signals Data Format). Included in this file is a screenshot of a special software platform designed by AST called TRAILMAPPER which can operate upto speeds of 2.5 Gbps, and is designed to be very versatile, in the sense that it can intercept any type of telecommunications medium (especialy optitical protocols). The trailmapper software is especialy suited to extracting and analysising data from the new ATM (Asychronous Transfer Mode) networks which are becoming increasing popular from implementation from IXCs such as AT&T. AT&T operate a special ATM network which spans the US, aswell as another ATM network which is backboned via European locations. COMINT agencies are esspecialy interested in ATM networks because telco providers offer ATM networking for VPNs, LANS and international WANS. AST also offer very specialised equipment and software which is designed to intercept data from devices used to connect to networks and the internet. When a telecommunications link is intercepted, a transmission from an individual using a modem to connect to a network or the internet is easily extracted and then later anlayised. Aswell as modem interception, FAX transmissions are also of intellegence interest. A fax transmission can be intercepted at any point juring its journy over a PSTN, and then later analysied (or analyised in real time) by AST software such as the Fax Image Workstation which implements OCR (Optical Charcter Recognition). And if you think that's scary.. AST also produce a system called "Pager Identification and Message Extraction" system which automatically collects and processes data from commercial paging systems. The NSA contracted collective "IDEAS" also produce specialised covert equipment like the VTP (Video Teleconferencing Processor) which has the ability to intercept and record multiple similtanious video, and/or teleconference calls. Multi Protocol Traffic Analysis Techniqes ========================================= Covert agencies participate in the art of traffic analysis, where information from telephone calls is processed and then later studied, depending on the area of "interest". For example, in such activities, information about the subjects line is always tranmitted when placing a call, such as the CLID and the origin of the call via SS7 protocols. Even if voice encryption is used, the intercepted voice channel still reveals important, and potentialy sensitive data about the call type: o CLID o duration of call o OPC codes o destination of call o freqency of call setups Text locators: Applications have been built that are designed to intercept and sift through large arrays and quantitys of data and information. Such applications are essential to the effective operation of systems such as ECHELON, as the ECHELON system uses dictionary based applications to filter important or un-inportant data. Such systems can be ported to act as robots on most communication protocols, such as IP or voice traffic. Data that has been intercepted is stored on massive databases for later retreavel, so a covert agency could implement topic analysis technology to search an internal database for keywords, ie: "counter attack" or "kill the president". The NSA currently use a filtering method known as "N-gram" which is designed to sort through a textual database for any topic, regardless of language. "To use N-gram analysis, the operator ignores keywords and defines the enquiry by providing the system with selected written documents concerning the topic of interest. The system determines what the topic is from the seed group of documents, and then calculates the probability that other documents cover the same topic. In 1994, NSA made its N-gram system available for commercial exploitation. NSA's research group claimed that it could be used on "very large data sets (millions of documents)", could be quickly implemented on any computer system and that it could operate effectively "in text containing a great many errors (typically 10-15% of all characters)". The "Data Workstation" Comint software system analyses up to 10,000 recorded messages, identifying Internet traffic, e-mail messages and attachments Speech Recognition and Voice Interception ========================================= The UK's GCHQ combined with the US's NSA all conduct research into speech recognition techniques. Rumours that such technology is used to "pick up" on certain keywords in telephone speech cannot be classified as concrete fact, because obviously such organisations would deny this type of communications monitoring. However, if such a system is deployed by these agencies, they would be able to gather a higher degree of intellegence information, rather than picking on areas of suspition. If software is available to the public that allows a pc user to talk to a computer, then have the computer dictate what the person is saying into text format, just imagine what the COMINT agencies have.. Advanced Speech Recognition, Real CallerID ========================================== GCHQ and the NSA currently have TE464375-1 VADA (Voice Activity Detector and Analyser) equipment installed inside a GCHQ base in Cheltenham England. Advanced specch recognition systems can be produced to operate on a mass scale basis, whereas a subjects voice patterns can be programmed into such a device, which will then hunt that particular voice patter down on a given set of telephone channels. System descriptions must be classified "secret" if NSA "determines that they represent major advances over techniques known in the research community". 8. Closing, Summerisation This article only covers a very limited set of covert communications interception techniques, their are many more out their. The COMINT and SIGINT organisations are very resourcfull, in the sense that they have vast funds to back up research into covert communications devices. The idea that technology exists that can distinguish voice patterns over telephone channels it particulary scary, and in a sense, a complete infringment of the "private" service that the telco providers offer. The fact is, such technologys do exist, and can (or have) been implemented. Telecommunications equipment is intended for the interception of "hotspot" information such as military and diplomatic communications, it is however strange that such systems are designed to be attached to majour telecommunications backbones (Opticaly Derived) to "filter" the imporatant information. Its a case of whether or not you "trust" the NSA or GCHQ or whatever to only intercept real intellegence information, or whether they'll adopt the "big brother" approach and monitor ALL communications. Either way, they are unlikely to admit to any such activitys, the fact is, they have the technology and the ability to monitor all majour communications protocols.. Do you trust them? Do they trust you? Its all in the name of "National Security"... Well, thats it for this file, I hope you enjoyed it. Werd/Shouts to: D4RKCYDE, 9x, b4b0, kelticphr0st, jasun, zomba, bodie, gr1p, shadowx, lowtek, psyclone, shylock, digiphreq, downtime, elaich, oxidation, substance, tip, pbxphreak, lusta & nou, force, microwire, oclet, knight, siezer, devious. ------------------------------------------------------------------------------ B L 4 C K M 1 L K teleph0nics FUCKIN HARDCORE, BABY http://hybrid.dtmf.org/ ------------------------------------------------------------------------------ Type Bits/KeyID Date User ID pub 2048/86298E99 1999/09/18 hybrid -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.3ia mQENAzfjBzcAAAEIANaRNlbj/1FQo3V6JK4L+lziSwsXh/axd7trkB9lP2Sxwv/U F7/avmxY3PhjjpqG3o85z2D1qduVSZcXoN6iF/JiCMqAU2nsfmZwvO9U7WZX5Xv/ wEUuqDAt59YKLqSjpZXue/ROZJLSAJXbhbOEZdq24gzDMAvCmqJJWk/7QdFoJYl1 0aszUPTyw6JA0ys+K9YRyiYAPe4RvJV0VaImP5uNaf8w+H1znTL8dUmUYqSbbRx2 0p5AJTxPTYsNWRg9LopF2qVIOf8SGpvJTCfsLoZxfmezUBWv5nrSU6H9xlFGdlJK RezXi8QYGEyljAZODt930r9iS9XxckKelIYpjpkABRG0GGh5YnJpZCA8aHlicmlk QGR0bWYub3JnPokBFQMFEDfjBzhyQp6UhimOmQEBC70H/R+rZfFef3PzGO0ez9ct dNq7lTUkuStXmqpJhHNSuNEAx9b5q2DjKS/LJQYn+WymfA0mSeGaYL8yJ7wroh1N JHySe266qEjov6R/WjUk1f/OEz38UCfzln7MtLykhk9bnWC745uwTiXAdU6hUzUN J45opUpWwAQ843MWypN3Mm4q7UnBMAlcUXyyWEWpZrc9lxSaZDyw9acEZLKqDgwB m6fMiyq4QXeoVI4HbLHiZFDll7+XE5HripXyKXU0qhACcr7JbM5jYWrmob9XL94r 3HAiOfJQbQIC25D3Cbf++ilwLsTdVR6bCFsiw3YPEK9/v0WTZHAIr8ftXl2C2OjG Q0s= =8jkO -----END PGP PUBLIC KEY BLOCK----- . : | +-+[ DDSN intellegent network ]+---> by kelticphrost <-----------------------+ +-+[ D4RKCYDE ]+---> <-----------------------+ | : . _\|/_ [ GBH ] Ghwan Burnin Haxorz [ GBH ] _\|/_ /////////////////////////////////////////////////////////////////////////// // // // DDSN Intelligent Network // // // // A full rundown of our LinkLine (0800) and LoCall (0345) Services // // // // Presented in full By Keltic Phr0st // // // /////////////////////////////////////////////////////////////////////////// "...the most sophisticated network of its type ouside North America." Steve Webster, BT ; DDSN Development Team FOREWORD ======== This article shook me up very badly after reading it. At the time I'd been working extensively on a Unix Box in 896, and abusing the fuck out of P****** for global calls in 892. Not only this, but a host of other activities, which are probably nestling on some AMA tape somewhere, waiting to be looked at... . Its not all doom and gloom though - AMA has yet to pinpoint Blue Boxing for some reason, and in so far this would seem to be the only real 'safe' method of putting your calls away for free alongside cellular, I reccomend you start to view it in a new light. Anyway, after that suitably apocalyptic snippet, here we go. ///// ///// ///// ///// ///// ///// ///// ///// ///// ///// INTRODUCTION ============ In 1983, British Telecom identified a major market potential for automatic freephone and premium rate services. An Analogue Network, with extended register translation and call charging facilities overlayed on the PSTN was proposed as an interim solution. The analogue derived services network, consisting of eight fully-interconnected switching nodes, was brought into limited public service in April 1985 and full public service in July 1985. The LinkLine 0800 service permits calling customers to make calls free of charge while callers to LinkLine 0345 service numbers are charged at the local call rate irrespective of distance. The balance of the call charge is billed to the called customer known as the Service Provider (SP). In keeping with its buisness modernisation programmes, British Telecom awarded a contract to AT&T for the supply and installation of a digital derived services network (DDSN), comprising 5ESS-PRX digital switches to be implemented in two distinct phases: Phase 1, which was completed in 1988, involved the supply of eight digital units, utilising CCITT No. 7 common-channel signalling, as replacements for their analogue units (Figure 1). In addition, two new digital units were provided in London. Figure 1 : Digital Derived Services Network Interconnection ÚÄÄÄÄÄ¿ ÚÄÄÄÄÄ¿ ³ DLE ³ ³ DLE ³ ÀÄÄÂÄÄÙ ÀÄÄÂÄÄÙ ³ ÉÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ» ³ ÚÄÄÁÄÄÄ¿ º SP DIGITAL DERIVED SP º ÚÄÄÄÁÄÄ¿ ³ DMSU ³ º  SERVICES NETWORK  º ³ DMSU ³ ÀÄÄÂÄÄÄÙ º ³ ³ º ÀÄÄÄÂÄÄÙ ³ º ³ ³ º ³ ³ º ³ ³ º ³ ³ º ÚÄÄÄÁÄÄÄ¿ ÚÄÄÄÁÄÄÄ¿ º ³ ÀÄÄÄÄÄÄÄÄ´ DDSSC ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ´ DDSSC ÃÄÄÄÄÄÄÄÄÙ º ÀÄÄÄÂÄÄÂÙ ÀÂÄÄÂÄÄÄÙ º º ³ ³ ÚÄÄÄÙ ³ º º ³ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄijÄÄÄ¿ ³ º º ³ ³ ³ ³ º º ³ ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ ³ ³ º º ÚÄÄÄÁÄÄÁ¿ ÚÁÄÄÁÄÄÄ¿ º ÚÄÄÄÄÄÄÄÄ´ DDSSC ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ´ DDSSC ÃÄÄÄÄÄÄÄÄ¿ ³ º ÀÄÄÄÂÄÄÄÙ ÀÄÄÄÂÄÄÄÙ º ³ ³ º ³ (Only 4 centres ³ º ³ ³ º ³ shown for clarity) ³ º ³ ÚÄÄÁÄÄÄ¿ º ³ ³ º ÚÄÄÄÁÄÄ¿ ³ AMSU ³ º Á Á º ³ AMSU ³ ÀÄÄÂÄÄÄÙ º SP SP º ÀÄÄÄÂÄÄÙ ³ º º ³ ³ ÈÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍͼ ³ ÚÄÄÁÄÄ¿ ÚÄÄÁÄÄ¿ ³ ALE ³ ³ ALE ³ ÀÄÄÄÄÄÙ EXISTING PUBLIC SWICHED ÀÄÄÄÄÄÙ TELEPHONE NETWORK AMSU Analogue Main Switching Unit ALE Analogue Local Exchange DDSSC Digital Derived Services Switching Centre DLE Digital Local Exchange DMSU Digital Main Switching Unit SP Service Provider Phase 2 makes provision for an advanced freephone service using an intelligent network architecture. INTELLIGENT NETWORK CONCEPT =========================== In a traditional telecommunications network, call control 'intelligence' resides in the call processing software in its switching nodes. One disadvan- tage of this approach for some services is that customer-specific data has to be replicated in each node. As features become more sophisticated, then system complexity increases. In the DDSN Intelligent Network, specialised customer feature and routing information is held centrally in a network database which can be accessed by all switching nodes using dedicated datalinks and common-channel signalling (Figure 2). These signalling datalinks are used to pass requests for call handling information to the database and return instructions to the originating switching node. Figure 2 : Network DataBase Concept ÚÄÄÄÄÄÄÄÄÄÄ¿ ³ NETWORK ³ /³ DATABASE ³\ / ÀÄÄÄÄÄÄÄÄÄÄÙ \ ACCESS TO/FROM ALL DDSN SWITCHES / | \ / | \ ÚÄÄÄÄÄÄÄÄ¿ | \ ÚÄÄÄÄÄÄÄÄ¿ ³ DDSN ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ´ DDSN ³ ³ SWITCH ³ ³ SWITCH ³ ÀÄÄÄÂÄÄÂÄÙ ÀÂÄÄÂÄÄÄÄÙ ³ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ ³ ³ Ú³Ù ³ ³ ³³ ³ ³ ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³ ÚÄÄÄÁÄÄÁÄ¿ ÚÄ¿ ÚÁÄÄÁÄÄÄÄ¿ ³ DDSN ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄijÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ´ DDSN ³ ³ SWITCH ³ ³ ³ ³ SWITCH ³ ÀÄÄÄÄÄÄÄÄÙ ÀÂÙ ÀÄÄÄÄÄÄÄÄÙ ³ ³ SPEECH AND SIGNALLING An Intelligent network centralised call management fucntion allows an economical implementation of advanced features, simplifies administration of complex services and assures optimum use of network-wide, rather than switch-based, resources. DDSN INTELLIGENT NETWORK ARCHITECTURE ===================================== Three network elements are concerned with call processing for service providers with advanced features: o Action Control Point (ACP) o Network Control Point (NCP) o Network Services Complex (NSC) The network architecture is illustrated in Figure 3, and the role of each of the elements will become apparent as the call processing aspects are explained. Figure 3 : DDSN Intelligent Network Architecture ÚÄÄÄÄÄ¿ ÚÄÄÄÄÄ¿ ÚÄÄÄÄÄ¿ ³ NSC ³ ³ NSC ³ ³ NSC ³ ÀÄÂÄÂÄÙ ÀÄÄÂÄÄÙ ÀÄÄÂÄÄÙ C T ³ ³ 7 T ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ÚÄÄÄÄÄÄÄÄÄÄÄÄ´ N T ³ C7NA ³ ³ C7NA ³ A ³ ³ÚÄÄÄÄÄÄÄÄÄÄÄÄijÄÄÙ ³ ³ ³ ³³ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿³ ÚÁÄÁÄÄÄÄÄÄÄÄÄÁÁÄ¿ ÚÄÁÁÄÄÄÄÄÄÄÄÄÄÄÄ¿ ÄÄTÄÄTÄÄTÄ´ ÃÄÄÄÄÄÄÄÄÄC7NAÄÄÄÄÄÄÄÄÄÄÄ´ ÃÄTÄÄÄTÄÄÄTÄÄ ³ ACP/STEP/HOST ÃÄÄÄTÄÄÄÄÄÄÄTÄÄÄÄÄÄÄÄTÄÄÄ´ ACP / STEP ³ ÄÄÄC7BTÄÄÄ´ ÃÄÄÄÄÄÄÄÄÄC7BTÄÄÄÄÄÄÄÄÄÄÄ´ ÃÄÄÄC7BTÄÄÄÄÄ (PSTN) ÀÂÄÂÄÂÄÄÄÄÄÄÄÂÂÂÙ ÀÂÂÂÄÄÄÄÄÄÄÂÄÂÄÂÙ (PSTN) C V C ³³ÀÄÄÄÄÄÄÄÄÄÄC7BTÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ C V C ³ O ³ ³ÀÄÄÄÄÄÄÄVOICE TRUNKSÄÄÄÄÄÄÄÄÄ¿³ ³ O ³ 7 I 7 ÀÄÄÄÄÄÄÄÄÄÄÄÄC7NAÄÄÄÄÄÄÄÄÄÄÄÄ¿³³ 7 I 7 ³ C ³ ÚÄÄÄÄÄÄÄÄÄÄÄÄC7BTÄÄÄÄÄÄÄÄÄÄÄij³³ ³ C ³ N E B ³ÚÄÄÄÄÄÄÄVOICE TRUNKSÄÄÄÄÄÄÄij³³ N E B ³ ³ ³ ³³ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄij³³ ³ ³ ³ A T T ³³³ ³³³ A T T ³ R ³ ³³³ ³³³ ³ R ³ ³ U ³ ³³³ ³³³ ³ U ³ ³ N ³ ³³³ ³³³ ³ N ³ ³ K ³ ³³³ ³³³ ³ K ³ ³ S ³ ³³³ ³³³ ³ S ³ ÚÁÄÁÄÁÄÄÄÄÄÄÄÁÁÁ¿ ÚÁÁÁÄÄÄÄÄÄÄÁÄÁÄÁ¿ ÄÄTÄÄTÄÄTÄ´ ÃÄÄÄTÄÄÄÄÄÄÄTÄÄÄÄÄÄÄÄTÄÄÄ´ ÃÄTÄÄÄTÄÄÄTÄÄ ³ ACP ³ ³ ACP / HOST ³ ÄÄÄC7BTÄÄÄ´ ÃÄÄÄÄÄÄÄÄÄC7BTÄÄÄÄÄÄÄÄÄÄÄ´ ÃÄÄÄC7BTÄÄÄÄÄ (PSTN) ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ ÀÄÄÄÄÄÄÄÄÄÄÄÄÂÄÂÙ (PSTN) C T 7 T N T ÄTÄTÄTÄ = VOICE TRUNKS A ³ ³ ³ ÚÄÁÄÁÄ¿ ACP ACTION CONTROL POINT ³ NSC ³ STEP SIGNAL TRANSFER AND END POINT ÀÄÄÄÄÄÙ C7BT CCITT #7 SIGNALLING (BT) NCP NETWORK CONTROL POINT NSC NETWORK SERVICES COMPLEX C7NA C7 NORTH AMERICAN (Only four switching nodes are shown for simplicity) Action Control Point -------------------- The Action Control Points (ACPs) are the 5ESS-PRX Switching Nodes, which serve as transit and terminating nodes for DDSN traffic. All ACPs are fully interconnected by digital line systems and CCITT #7 (BT) common channel signalling. The CCITT #7 (BT) signalling links are used exclusively for setting up speech paths both within the DDSN and between the DDSN and the PSTN. A Second totally independent common channel signalling network, utilising a proprietary form of #7 signalling (C7 North American), is used for transporting non-circuit related signalling methods between the ACPs and the Network Control Points (NCPs). This network is used only for advanced feature calls. Two of the ACPs have been nominated as a signal transfer and end point (STEP) and funnel the signalling traffic from the remaining ACPs to the NCPs. ACPs load share the C7NA signalling messages across both STEPs in the ACP-to-NCP direction, and the NCPs load share the signalling messages across both STEPs in the reverse direction. Network Control Point --------------------- The Network Control Point (NCP) constitutes the core of the intelligent network and holds the data defining the treatment for specific advanced feature calls. NCPs are always provided in mated pairs. Each NCP consists of a duplex processor, duplicated hard discs for data storage, tape drives and interfaces to the other network elements through a Local Area Network. This network, called the Common Network Interface, consists of the signalling terminals for the C7NA links from the STEP nodes and two peripheral controllers which communicate with the duplex processor. The common network interface ring (Figure 4) is automatically reconfigured under fault conditions to isolate the faulty section. Figure 4 : Common Network Interface Ring ÚÄÄÄÄÄÄÄÄÄÄ¿ ÚÄÄÄÄÄÄÄÄÄÄ¿ ³ ACP/STEP ³ ³ ACP/STEP ³ ÀÄÄÂÄÄÄÄÂÄÄÙ ÚÄÄÄÄÄÄ¿ ÀÄÄÂÄÄÄÄÂÄÄÙ ÚÄijÄÄÄijĿ ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ´ ÃÄÄÄÄÄÄÄÄÄÄ<ÄÄÄÄÄÄ¿ ³ ³ ÃÄÄÄÄÄÄÄÄÄÙ ³ ³ RPCN ³ ³ ³ ³ ³ ³ 7 ³ ÚÄÄÄÄÄÄÄÄÄÄÄÄÄ´ ÃÄÄÄÄÄÄÄÄÄ>ÄÄÄÄ¿ ³ ³ ³ ³ ³ N ³ ³ ÀÄÄÄÂÄÄÙ ³ ³ ³ ³ ³ ³ A ÚÁÄÄÁ¿ ³ ³ ³ ³ ³ ³ C ÀÄÄÄÄÄ´ LN ³ ³ ³ ³ ³ ³ ³ 7 ÀÂÄÄÂÙ ³ ³ ³ C ³ ³ N ³ ³ ³ ³ ³ 7 ³ ³ A ³ ³ ÚÄÄÄÄÄÁÄÄÄÄÄ¿ ³ ³ N ³ ³ ³ ÚÁÄÄÁ¿ ³ CENTRAL ³ ÚÁÄÄÁ¿ A C ³ ÀÄÄÄÄÄÄÄÄÄÄ´ LN ³ ³ PROCESSOR ³ ³ LN ÃÄÄÄÄÄÙ 7 ³ ÀÂÄÄÂÙ ÀÄÄÄÄÄÂÄÄÄÄÄÙ ÀÂÄÄÂÙ N ³ ³ ³ ³ ³ ³ A ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ÚÁÄÄÁ¿ ³ ³ SIGNALLING ³ ³ ³ ³ LN ÃÄÄÄÄÄÄÄÄÄÄÙ ÀÄ LINKS ³ ³ RING 1 ÚÄÄÄÁÄÄ¿ ÀÂÄÄÂÙ ³ ÀÄÄÄÄ<ÄÄÄÄÄÄÄÄ´ ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ ³ ³ ³ RPCN ³ ³ ÀÄÄÄÄÄÄÄÄ>ÄÄÄÄÄÄÄ´ ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ RING 0 ÀÄÄÄÄÄÄÙ LN LINK NODE RPCN RING PERIPHERAL CONTROLLER NODE Advanced freephone call handling data is duplicated both within and and between each NCP in the mated pair. Call routing queries from the ACPs are balanced between the two NCPs by designating specific dialled codes to each NCP, and the decision on which NCP to query is taken at the ACP where the call entered the DDSN network. Although data is held on both NCPs, the secondary NCP is only accessed if the primary is not available. Under these conditions, the remaining NCP is capable of handling 100% of the load. This architecture virtually guarantees 100% service availability. Automatic network management controls initiated by the NCP maintain the integrity of the intelligent network under overload conditions by sending code gapping messages instructing the ACPs to throttle back on the number of queries being forwarded to the NCP and defining the treatment for failed calls. Network Services Complex ------------------------ The Network services complex (NSC) provides the capability to give callers standard or customised interactive spoken information pertaining to the number called, such as, call prompting, courtesy response and call queing announcements. During or after a call prompting announcement the caller may communicate with the NSC by keying-in appropriate digits on an MF keyphone or keypad. The NSC can collect up to 15 digits which it forwards, via its host ACP, to the NCP via a C7NA common channel signalling link. Initially, two NSCs loaded with the same announcements have been provided in the DDSN intelligent network and are co-located with the NCPs. Each NSC can handle 60 simultaneous calls and provide up to 2000 different announcements which are stored on triplicated moving head discs. In the even of an NSC failure, calls requiring these features are routed to the remaining NSC. The NSC architecture is given in Figure 5. Figure 5 : Network Services Complex Architecture ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³ ACP / HOST ³ ÀÄÄÄÂÄÄÄÄÄÄÄÂÄÄÄÙ T C ³ 7 T N ³ A T ³ ÚÄÄÄÄÄÄÄÄÄÄÄÄ¿ ÚÄÄÄÁÄÄÄÄÄÄÄÁÄÄÄ¿ ³ SIGNALLING ³ ³ TIME-SLOT ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ´ LINK ³ ³ INTERCHANGE ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³ TERMINAL ³ ÀÄÄÄÂÄÄÄÄÄÄÄÂÄÄÄÙ ³ ÀÄÄÄÄÄÄÂÄÄÄÄÄÙ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³ ³ ³ ³ ³ ÚÄÄÄÄÄÄÁÄÄÄÄÄÄ¿ ³ ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÂÄÄÄÁÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ´ PROCESSOR ³ ³ ³ ³ ³ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÙ ÚÄÁÄÄÄÄÄÄÁÄÄ¿ ³ ³ ³ DATA ³ ³ ³ ³ STORAGE ³ ³ ³ ³ UNITS ³ ³ ³ ÀÄÄÄÄÄÂÄÄÄÄÄÙ ÚÄÄÁÄÄÄÄÄÁÄ¿ ÚÄÄÄÁÄÄÄ¿ ³ TONE ³ ³ DISCS ³ ³ RECEIVER ³ ÀÄÄÄÄÄÄÄÙ ³ UNITS ³ ÀÄÄÄÄÄÄÄÄÄÄÙ ADVANCED FEATURES ================= The DDSN Intelligent Network will permit a range of new features to be offered as Advanced LinkLine to LinkLine service providers. These include (Advanced LinkLine feature name is in brackets) : o Time and Day Routing - The routing of calls can be made dependant on the time of day, day of week and week of the year. (TimeLink / DayLink) o Call Allocator - This provides the capability to route incoming calls proportionally to a number of service provider destinations and / or announcements. (DistributionLink) o Call Queuing - This provides queues for calls at the originating ACP when all available lines to a service provider destination are engaged. An announcement informs the caller of the call status. (QueueLink) o Call Barring - This feature allows service providers to define the treatment of a particular Advanced LinkLine number based on where the call origniated in the PSTN. (AreaLink) o Alternative Destination on Busy - When a busy condition is encountered and no queuing is define, an alternative destination may be chosen automatically. (BusyLink) o Call Prompter - Announcements will prompt callers to enter digits on their telephone set in order to realise caller interactive routing. (SelectLink) o Courtesy Response - If no destination can be reached, for example, due to an unattended office, a pre-defined standard or customised announcement may be played. (CourtesyLink) o Command Routing - This feature allows the service provider to instruct British Telecom to redirect calls to a preset alternate set of destinations. This is intended for emergency and other contingency situations. (CommandLink) CALL ROUTING PLANS ================== The true power of intelligent network call processing is not solely its list of advanced features, but combinations of the feature set which can be defined to meet a service provider's own unique telecommunications needs and, consequently, buisness requirements. An example of a simple call routing plan is shown in Figure 6. The data defining the call treatment(s) for a service provider are held in the NCP database in a service provider record. Figure 6 : Combining service features DIAL PULSE ÜÜÜÜÜÜÜÜ NO RESPONSE ß ÜÜÜÜ ß ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÛ°°Û ³ OPERATOR SELECTLINK ³ ÉÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ» ³ º "KEY 1 FOR COMMERCIAL LOANS, º ³ ÜÜÜÜÜÜÜÜ º KEY 2 FOR CONSUMER LOANS..." º ³ DIGIT #1 ß ÜÜÜÜ ß ÈÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÑÍÍͼ ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÛ°°Û ³ COMMERCIAL À Ä ³ LOANS ³ ³ DAYLINK AREALINK ÚÁÄÄÁÄÄÄÄ¿ ÜÜÜÜÜÜÜÜ ÚÄÄÄÄÄÄ¿ MON - FRI ÚÄÄÄÄÄÄÄ¿ LONDON ³ WHAT ³ DIGIT #2 ß ÜÜÜÜ ß ÄÄÄ>ÄÄÄ´ WHAT ÃÄÄÄÄÄÄÄÄÄÄÄ´ WHAT ÃÄÄÄÄÄÄÄÄ´ MF ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÛ°°Û ³ DAY? ³ ³ AREA? ³ ³ DIGIT? ³ CONSUMER ÀÄÄÂÄÄÄÙ ÀÄÄÂÄÄÄÄÙ ÀÄÄÄÂÄÄÄÄÙ LOANS ³ ³ ³ ³ ³ ³ ³ ³ ³ ÜÜÜÜÜÜÜÜ ³ ³ ³ DIGIT #3 ß ÜÜÜÜ ß ³ ³ ALL ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÛ°°Û ³ ³ OTHER OTHER ³ ³ ³ ³ ³ ³ ³ ³ ÜÜÜÜÜÜÜÜ ³ ³ ß ÜÜÜÜ ß ³ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÛ°°Û ³ BRISTOL ³ BRANCH ³ ³ SATURDAY ³ AND ÉÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ» ³ SUNDAY º "ALL OFFICES ARE º ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄĶ CLOSED FOR THE º º WEEKEND..." º ÈÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍͼ COURTESYLINK SERVICE ADMINISTRATION ====================== Service Administration for Advanced LinkLine features is handled by the network subscriber transaction, administration and recording system (NETSTAR), which has on-line access to the NCPs. NETSTAR provides user friendly access to the NCP advanced feature database to modify, create or delete service provider call routing plans via dedicated or dialup/dialback links to VDUs. An NCP can have only one active call routing plan for any service provider number, but additional plans may be prepared and held in NETSTAR for transmission to, and activation at, the NCP when required. NETSTAR holds security backup copies of all call routing plans and NCP operating parameters. CALL PROCESSING =============== Derivation of the Calling Subscriber Geography (CSG) ---------------------------------------------------- All 0800 and 0345 calls are routed via a DMSU to a DDSN action control point (ACP) (Figure 7). During Call set-up, the ACP requests additional set-up information to be sent via the C7BT Link. This cause the calling line identity (CLI) to be forwarded from the first exchange in the call path with C7BT signalling. Figure 7 : Access to the Digital Derived Services Network PSTN DDSN ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÁÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÁÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ÚÄÄÄÄÄÄÄ¿ ÚÄÄÄÄÄÄÄÄÄÄ¿ ÚÄÄÄÄÄÄÄÄÄÄ¿ ÚÄÄÄÄÄÄÄÄÄÄ¿ ³ DLE ÃÄÄÄÄC7BTÄÄÄ´ ÃÄÄÄÄC7BTÄÄÄ´ ÃÄÄÄÄC7BTÄÄÄ´ ³ ³ or ³ ³ DMSU ³ ³ 5ESS-PRX ³ ³ 5ESS-PRX ³ ³ E-ALE ÃÄTÄTÄTÄTÄTÄ´ ÃÄTÄTÄTÄTÄTÄ´ (ACP) ÃÄTÄTÄTÄTÄTÄ´ (ACP) ³ ÀÄÄÄÄÄÄÄÙ ÚÄÄÄÄÄÄÄÄÄ´ ³ ³ ³ ³ ³ ÚÄÄÄÄÄÄÄ¿ ³ ÀÄÄÄÄÄÄÄÄÄÄÙ ÀÄÄÄÄÂÄÄÄÄÄÙ ÀÄÄÄÄÂÄÄÄÄÄÙ ³ AMSU/ ÃÄÙ ³ ³ ³ +ALE ³ ³ ³ ÀÄÄÄÄÄÄÄÙ ³ ³ Á Á SP SP * ALE may be via a digital concentrator centre exchange E-ALE : Enhanced analogue Local Exchange (C7BT signalling capability) If a call is originated from a local exchange with C7BT signalling, a full calling line identity (FCLI) is returned to the ACP. The FCLI includes the caller's national number group (NNG) code, or all figure numbering (AFN) code in the case of a director area. If the call is originated from an analogue local exchange (ALE), then a partial calling line identity (PCLI) is derived by the first digital exchange in the call path. This will normally be a DMSU, but in cases where an ALE is parented on a digital concentrator centre exchange (DCCE), the DCCE generates the PCLI. A PCLI must comprise sufficient information to uniquely identify the digital entry point to the PSTN used by that ALE. This information includes the region, area and unit identity portions of the network nodal identity plus the telephony process number and route numbers used by the call processing software of the digital exchange. Whe a PCLI or FCLI is received by a DDSN action control point, the call processing software searches through a set of look-up tables for a comparison with the CLI sent. This search will result in the calling subscriber geography (CSG) being identified. Figures 8 and 9 illustrate the CLI and CSG derivation process. Figure 8 : CLI derivation ÚÄÄÄÄÄÄÄ¿ ÚÄÄÄÄÄÄÄÄÄÄÄÄ¿ ÚÄÄÄÄÄÄÄÄÄÄÄÄ¿ ÚÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³ DLE ÃÄ<ÄÄÄÄÄÄÄÄÄ¿ DMSU ³ ³ 5ESS-PRX ÃÄÄÄÄÄÄÄÄÄ´ 5ESS-PRX ³ ³ E-ALE ³ ³ ³ ³ ³ (ACP) ³ ³ (ACP) ³ ÀÄÄÄÄÄÄÄÙ ³ ³ ³ ³ ³ ³ ³ ³ ÃÄÄÄÄÄÄÄÄÄÄÄÄ<ÄÄÄÄÄÄÄÄÄÄÄ¿ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ³ ÚÄÄÄÄÄÄÄ¿ ³ ³ ³ ³ REQUEST ³ ³ ³ ³ ALE ³ ?ÄÄÄÄÄÄÄÄÄÙ ³ ³ CLI ³ ³ ³ ÀÄÄÄÄÄÄÄÙ ÀÄÄÄÄÄÄÄÄÄÄÄÄÙ ÀÄÄÄÄÄÄÄÄÄÄÄÄÙ ÀÄÄÄÄÄÄÄÄÄÄÄÄÙ Figure 9 : CSG derivation ÚÄÄÄÄÄÄÄ¿ ÚÄÄÄÄÄÄÄÄÄÄÄÄ¿ ÚÄÄÄÄÄÄÄÄÄÄÄÄ¿ ÚÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³ FCLI ÄÄÄ>ÄÄÄÄÄÄÄÄÄ¿ DMSU ³ ³ 5ESS-PRX ÃÄÄÄÄÄÄÄÄÄ´ 5ESS-PRX ³ ³ DLE ³ ³ ³ ³ ³ (ACP) ³ ³ (ACP) ³ ÀÄÄÄÄÄÄÄÙ ³ ³ ³ FCLI ³ ³ ³ ³ ³ ÃÄÄÄÄÄÄÄÄÄÄÄÄ>ÄÄÄÄÄÄÄÄCLI/CSG ³ ³ ³ ³ ³ ³ PCLI ³ TABLES ³ ³ ³ ÚÄÄÄÄÄÄÄ¿ ³ ³ ³ ³ ³ ³ ³ ³ ³ ALE ³PCLIÄ>ÄÄÄÄÄÙ ³ ³ CSG ³ ³ ³ ÀÄÄÄÄÄÄÄÙ ÀÄÄÄÄÄÄÄÄÄÄÄÄÙ ÀÄÄÄÄÄÄÄÄÄÄÄÄÙ ÀÄÄÄÄÄÄÄÄÄÄÄÄÙ Global Title Translation ------------------------ Call processing for service providers with basic features is handled within the DDSN switching nodes. To differentiate between calls to SPs with advanced and basic features, the ACP checks for the existence of a translation for the number dialled. If a translation exists, the call is routed to the specified network termination. If the translation does not exist, call handling instructions are returned from the NCP database in response to a query message from the originating ACP. A number of query messages are neccesary for some types of call; the initial query is therefore termed QRY1. The process is illustrated in Figures 10 and 11. Figure 10 : DDSN ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ Intelligent Network call ³ INCOMING CALL ³ Processing (Call not ³ FROM PSTN ³ requiring NSC and no ³ DIGITS RECEIVED ³ network controls active) ³ AT ORIGINATING ³ ( OR (0) 345 DEFGHJ ) ³ ACP ³ ³ (0)800 345800 ³ ÀÄÄÄÄÄÄÄÂÄÄÄÄÄÄÄÄÄÙ GTT : GLOBAL ÚÄÄÄÄÄÄÄÁÄÄÄÄÄÄÄÄÄ¿ TITLE ³ ACP REQUESTS ³ TRANSLATION ³ ADDITIONAL ³ ( SEE FIGURE 8 ) ³ SET-UP INFO ³ ³ VIA C7BT LINK ³ ÀÄÄÄÄÄÄÄÂÄÄÄÄÄÄÄÄÄÙ ÚÄÄÄÄÄÄÄÁÄÄÄÄÄÄÄÄÄ¿ ³ FCLI OR PCLI ³ ( SEE FIGURE 8 ) ³ FORWARDED TO ³ ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³ ACP ³ ³ ORIGINATING ACP ³ ÀÄÄÄÄÄÄÄÂÄÄÄÄÄÄÄÄÄÙ ³ DEALS. ³ ÚÄÄÄÄÄÄÄÁÄÄÄÄÄÄÄÄÄ¿ YES ³ CALL SETUP ³ ³ TRANSLATION HELDÃÄÄÄÄÄÄ>ÄÄÄÄÄ´ NORMALLY USING ³ ³ AT ACP ³ ³ C7BT LINK ³ ÀÄÄÄÄÄÄÄÂÄÄÄÄÄÄÄÄÄÙ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ  NO ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ NO ÚÄÄÄÄÄÄÄÁÄÄÄÄÄÄÄÄÄ¿ YES ³ SEND QRY1 ³ ÚÄÄÄÄÄÄÄÄÄÄÄ<ÄÄÄ´ IS 0800-345 ÃÄÄÄ>ÄÄÄÄÄÄÄÄ´ MESSAGE TO NCP ³ ³ ³ DEFINED IN GTT? ³ ³ VIA C7NA ³ ³ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ ³ LINK ³  ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ÀÄÄÄÄÄÄÄÂÄÄÄÄÄÄÄÄÙ ³ ³ SEND A FINAL ³ ÚÄÄÄÄÄÄÄÁÄÄÄÄÄÄÄÄ¿ ³ ³ TREATMENT OF ³ NO ³ IS A PLAN HELD ³ ÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ´'VACANT CODE' TO ÃÄÄÄÄÄ<ÄÄÄÄÄÄ´ AT NCP FOR 800 ³ ³ ³ ACP ³ ³ 345800? ³ ³ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ ÀÄÄÄÄÄÄÄÂÄÄÄÄÄÄÄÄÙ ³  YES  ÚÄÄÄÄÄÄÄÄÄÄÁÄÄÄÄÄÄÄÄÄÄ¿ ³ ³ NCP DETERMINES ³ ³ ³ CALL TREATMENT. ³ ÚÄÄÄÄÄÄÄÄÄÄÁÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³ BILLING AND ROUTING ³ ³ 'VACANT CODE' ³ ³ DETAILS TO ACP ³ ³ NUMBER UNOBTAINABLE TONE ³ ³ VIA C7NA ³ ³ RETURNED ³ ÀÄÄÄÄÄÄÄÄÄÄÂÄÄÄÄÄÄÄÄÄÄÙ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ ÚÄÄÄÄÄÄÄÄÄÄÁÄÄÄÄÄÄÄÄÄÄ¿ ³ ORIGINATING NCP ³ ³ SETS UP CALL USING ³ ³ C7BT LINK ³ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ Figure 11 : ACP Communication with NCP ÚÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³ (ACP 1) ³ ³ TRANSLATION ³ ³ NOT HELD ³ ³ Ä ³ ³ ³ ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³ 0800 DEF ³ ³ NCP ³ ³ IN GTT ³ ÃÄÄÄÄÂÄÄÄÄÄÄÄÄÄÄÄÄÄ´ ³ = ³ ÚÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³ C ³ ÚÄÄÄÄÄÄÄÄÄ¿³ ³ ³ ³ (ACP 2) ÚÄÄÄ´ ³ N ³ ³ SP ³³ ³ SEND QRY1 ÄÄ>ÄÄÄC7NAÄÄÄ>ÄÄÄÄÄÄÄÄÄÄÄÄÄ´ S ÃÄ>ÄC7NAÄ>ÄÄÄ´ I Ã>Ä´ RECORD ³³ ³ TO NCP ³ ³ ³ T ³ ³ R ³ ÀÄÄÄÄÂÄÄÄÄÙ³ ÃÄÄÄÄÄÄÄÄÄÄÄÄÄ´ ³ ³ E ³ ³ I ³ ³ ³ ³ BILLING ÄÄ<ÄÄÄC7NAÄÄÄ<ÄÄÄÄÄÄÄÄÄÄÄÄÄ´ P ÃÄ<ÄC7NAÄ<ÄÄÄ´ N Ã<ÄÄÄÄÄÄÙ ³ ³ INSTRUCTIONS³ ÀÄÄÄÄÄÄÄÄÄÁÄÄÄÙ ³ G ³ PROCESSOR ³ ³ + ³ ÚÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ÀÄÄÄÄÁÄÄÄÄÄÄÄÄÄÄÄÄÄÙ ³ ROUTE ³ ³ (ACP n) ³ ³ MESSAGE ³ ³ CALL SET-UP ³ ³ OR ³ ³COMPLETED TO ³ ³ FINAL ÄÄÄÄÄÄÄC7BTÄÄÄÄÄÄÄ´ SERVICE ÃÄÄÄÄÄÄÄÄÄÄÄÄ SP ³ TREATMENT ³ ³ PROVIDER ³ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÙ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÙ ACP 1 = ACP receiving call from PSTN ACP 2 = ACP with directly connected NCP ACP n = The ACP on which the SP is terminated The QRY1 message includes: a) 10 digit dialled number, which excludes any leading 0 but includes a trailing 0 as padding if only 9 digits long. b) Calling subscriber geography (CSG). c) The ACP which originated the query. This is used to reference a table in the NCP which defines the capabilities of the ACP,; for example, whether it has an NSC. d) The destination of the query. The route message includes a network code of up to 10 digits which is used by the ACP to route the call to its destination. This is normally a service provider (SP) line, but can be an NSC announcement. A final treatment command is sent to the ACP when the NCP cannot route a call normally. The final treatment command results in either a tone or an announcement being returned to the caller. Calls Requiring an NSC ---------------------- As not all ACPs are hosts to an NSC, a call which requires an NSC at some point during the call treatment must be setup in two parts. After the QRY1 Message, the call is routed to an ACP/HOST, using C7BT in the normal manner, where a voice trunk to the NSC is allocated. This action is termed a 'service assist' if the NSC is required as intermediate step in the call treatment (SelectLink) or a 'hand-off' if the NSC is required to play an announcement as the final routing conclusion (CourtesyLink). During a service assist or a hand-off, the ACP/HOST then queries the NCP a second time (QRY2) with details of the NCP and call number used for the QRY1 message. The call treatment now continues with a list of commands being sent from the NCP to the NSC. This could be to play an announcement and collect digits from the caller. NCP/NSC communication takes place via the C7NA links with any digits collected being returned to the NCP to determine the final disposition of the call. CALL LOGGING ============ In response to a query message from the originating ACP, the NCP returns a billing command instructing the ACP what details to record; the ACP acknowledges receipt of the instructions to the NCP. On answer, the terminating exchange sends a message to the originating ACP giving either 'answer / no charge' or 'answer / charge' depending on which LinkLine (0800/0345) is defined. On Call termination, the ACP records the details of the call in an automatic message accounting (AMA) record. The originating ACP normally controls the call and is responsible for generating an automatic message accounting record. These records are periodically polled by an on-line data collector which validates them before passing them to an off-line charge raising system which calculates call charges in preparation for the production of the service provider's bill. Where a 'hand-off' has occurred, the ACP/HOST takes over control of the call for supervisory and logging purposes. OPERATIONS AND MAINTENNANCE =========================== The Multi-Function Operations System (MFOS) is central to the operations and maintennance fucntions for the DDSN intelligent network. These functions include: o On-line access to the ACPs/NCPs/NSCs o Alarm Collection and Monitoring o Collection and analysis of traffic data o Real time Network management Connection between the multi-function operations system processors, the network elements and the users is achieved using a virtual circuit switch for flexibility. ///// ///// ///// ///// ///// ///// ///// ///// ///// ///// . : | +-+[ being arrested in th uk ]+---> by bodie <-------------------------------+ +-+[ D4RKCYDE ]+---> bodi3@usa.net <--------------------------+ | : . NO COMMENT - A DEFENDENTS GUIDE TO ARREST Reprinted from booklet by AK Disrtibution by Bodie - ****** This information is primaraly based on the english legal system. Although most of the information is valid for other countries including the US ****** GETTING ARRESTED IS NO JOKE It's a serious business. All convictions add up: eg, if your arrested 3 times for shoplifting, you stand a good chance of getting sent down. If theres a chance of you getting nicked, get your act together: know what to do in case you're arrested. Unless you enjoy cells, courtrooms and prisons, you owe it to yourself to wise up. WHEN YOU HAVE BEEN ARRESTED You have to give the police your NAME, ADDRESS and your DATE OF BIRTH. They also have the right to take your fingerprints and other non-intermate body samples. The Criminal Justice and Public Order Act 1994 has now removed the traditional 'Right to Silence' (from April 10th 1995). Howver, all this means is that the police/prosecution can point to your refusal to speek to them when the case comes to court, and the court MAY take this as evidence of your guilt. THE POLICE CAN NOT FORCE YOU TO SPEEK OR MAKE A STATEMENT, WHATEVER THEY SAY TO YOU IN THE STATION. Refusing to speek cannot be used to convict you by itself. It's yet to be seen how the police will use this change in the law but we reckon the best policy IF YOU WANT TO GET OFF is to REMAIN SILENT. The best place to work out a good defence is afterwards, with your solicitor or witnesses, not under pressure in the hands of the cops. If yout refusal to speek comes up in court, the best defence we think is to refuse to speek until your solicitor gets there, then get them to agree your position. You can then say you acted on legal advice. KEEPING SILENT IS STILL THE BEST THING TO DO IN POLICE CUSTODY. REMEMBER: ALL CHARGES ADD UP. Q: WHAT HAPPENS WHEN I GET ARRESTED? When you are arrested, you will be taken to a police station, you will be asked your name, address and date of birth. Your personal belongings will be taken from you. These are listed on the custardy record and usually you will be asked to sign that the list is correct. You should sign immediately below the last item, so the cops can't add something incriminating to the list. You should also refuse to for something which isn't yours, or which could be incriminating. You will then be placed in a cell until the police are ready to deal with you Q: WHEN CAN I CONTACT A SOLICITOR? You should be able to ring a solicitor as soon as you've been arrested. Once at the police station it is once of the first things you should do, for two reasons: 1. To have someone know where you are 2. To show the cops you are not going to be a soft target, they may back off a bit. It is advisable to avoid using the duty solicitor as they are often either crap or hand in glove with the cops. It's worth finding the number of a good solicitor in your area and memorising it. The police are wary of decent solicitors. Also avoid telling your solicitor exactly what happened: this can be sorted out later. For the time being, tell him you are refusing to speek. Your solicitor can come into the police station while the police interview you: you should refuse to be interviewed unless your solicitor is present. Q. WHAT IS AN INTERVIEW An interview is the police questioning you about the offences they want to charge you with. The interview will usually take place in an interview room in the police station. An interview is only of benefit to the police. Remember they want to prosecute you for whatever charges they can stick on you. THE INTERVIEW IS A NO WIN SITUATION. For your benefit the only thing to be said in an interview is 'No Comment' Remember: THEN CAN'T LEGALLY FORCE YOU TO SPEEK Q: WHY DO THE POLICE WANT ME TO ANSWER QUESTIONS? IF THE POLICE THINK THEY HAVE ENOUGH EVIDENCE AGAINST YOU THEY WILL NOT NEED TO INTERVIEW YOU. eg, in most public order arrests they rely on witness statements from 1 or 2 cops or bystanders, you won't even be interviewed. The police want to convict as many people as possible because: 1. They want to convict you because it makes it look like they're doing a good job at solving crime. The 'clear-up rate' is very important to the cops, they have to be seen to be doing their job. The more crimes they get convictions for, the better it looks for them. 2. Police officers want promotion, to climb the ladder of hierarchy. Coppers get promotion through the number of crimes they 'solve'. No copper wants to be a bobby all their life. A 'solved crime' is a conviction against somebody. You only have to look at such cases as the Birmingham 6 to understand how far the police will go to get a conviction. Fitting people up to boost the 'clear-up rate' and at the same time removing people the cops don't like is a widespread part of all police forces. Q: SO IF THE POLICE WANT TO INTERVIEW ME, IT SHOWS I COULD BE IN A GOOD POSITION? Yes, they may not have enough evidence, and hope you'll implicate yourself or other people Q: AND THE WAY TO STAY IN THAT POSITION IS TO REFUSE TO BE DRAWN INTO A CONVERSATION AND ANSWER "NO COMMENT" TO ANY QUESTIONS? Exactly Q: BUT WHAT IF THE EVIDECE LOOKS LIKE THEY HAVE GOT SOMETHING ON ME? WOULDN'T IT BE BEST TO EXPLAIN AWAY THE CIRCUMSTANCES I WAS ARRESTED IN, SO THEY'LL LET ME GO? The only evidence that matters is the evidence presented in court to the magistrate or judge. The only place to explain everything is in court. If they've decided to keep you in, no ammount of explaining will get you out. If the police have enough evidence, anything you say can only add to the evidence against you. When the cops interview someone, they do all they can to confuse and intimidate you. The questions may not be related to the crime. Their aim is to soften you up, get you chatting. Don't answer a few small talk questions and then clam up when they ask you a question about the crime. It looks worse in court. To prosecute you, the police must present their evidece to the Crown Prosecution Service. A copy of the evidence will be sent to your solicitor. The evidence usually rests on very small points: this is why it's important not to give anything away in custody. If they don't have enough evidence the case could be thrown out of court or never even get to court. This is why they want you to speek. They need all the evidence they can get. One word could cause you a lot of trouble. Q: SO I'VE GOT TO KEEP MY MOUTH SHUT. WHAT TRICKS CAN I EXPECT THE POLICE TO PULL IN ORDER TO MAKE ME TALK? The police try to get people to talk in many devious ways. The following four pages show some pretty common examples, but remember they may try some other line on you. THESE ARE THINGS THAT OFTEN CATCH PEOPLE OUT DON'T GET CAUGHT OUT 1: "Come on now, we know it's you, your mate's in the next cell and he's told us the whole story" (If they've got the story, why do they need your confession? Plauing co-accused off against each other is a common trick as you have no way of checking what the other person is saying. If you are up to something dodgy with other people, work out a story and stick to it. Plus you can't be convicted just on the word of a co-accused.) 2: "We know it's not you, but we know you know who's done it. Come on Jane, don't be silly, tell us who done it" --- (The cops will use your first name to try and seem as though they're your friends. If you are young they will act in a fartherly/motherly way, etc.) 3: "As soon as we find out what happened you can go" (Fat chance) 4: "Look you little bastard. don't fuck us about. We've dealt with some characters, a little runt like you is nothing to us. We know you did it, you little shit and your going to tell us" 5: "Whats a nice kid like you doing messed up in a thing like this?" (They're trying to get at you) 6: "We'll keep you in till you tell us" (Unless they charge you with a 'serious offence' they have to release you within 24 hours. Even if you are suspected of a 'serious offence' you have the right to a solicitor after 36 hours, and only a magistrate can order you to be heald without charge for longer) 7: "You'll be charged with something far more serious if you don't answer our questions, sonny. You're for the high jump. Your not going to see the light of day for a long time. Start answering our questions cos we're getting sick of you" (Mental intimidation. They're unlikely to charge you with a serious offence that won't stick in court. Don't panic) 8: "My niece is a bit of a rebel" 9: "If someone's granny gets mugged tonight it'll be your fault. Stop wasteing our time by not talking" (They're trying to make you feel guilty. Don't fall for it - did you ask to be nicked or interviewed?) 10: Mr Nice: "Hiya, whats it all about then? Sergent Smith says your in a bit of trouble. He's a bit wound up with you. You tell me what happened and Smith won't bother you. He's not the best of our officers, he loses his rag every now and again. So what happened?" (Mr Nice is as devious as Mr Nasty. He or she will offer you a cuppa, cigarettes, a blanket. It's the softly-softly approach. It's bollocks. 'No Comment') 11: "We've been here for half an hour now and you've not said a fucking word. Look you little cunt, some of the CID boys will be down in a minute. They'll have you talking in no time. Talk now or i'll bring then down" (Keep at it, they're getting desperate. They're about to give up. You've got a lot to lose by speaking) 12: "Your girlfriend's outside. Do you want us to arrest her? We'll soon have her gear off for a strip search. I bet she'll tell us. You're making all this happen by being such a prick. Now Talk" (They pick on weak spots, family, friends, etc. Gerry Conlon of the guildford 4 was told that his mother would be shot by the RUC unless he confessed. Cops sometimes do victimise prisoners families, but mostly they're bluffing) 13: "You're a fucking loony you! Who'd want you for a mother, you daft bitch? Confess or your kids are going into care" 14: "Look, we've tried to contact your solicitor, but we can't get hold of them. It's going to drag on for an ages this way. Why don't you use one of our duty solicitors, and we'll soon get this situation cleared up so you can go home" (Never accept an interview without your solicitor present, and don't make a statement even if your solicitor advises you to - a good one won't) 15: "You're obviously no dummy. I'll tell you what, we'll do a deal. You admit to one of the charges and we'll drop the other two. You admit to it and we'll recoment to the judge you get a non-castodial sentence, because you've co-operated. How does that sound?" (They're trying to get you to do a deal. There are no deals to be made with the police. This bloke got sent down for not paying a fine. The prisoner he was hand-cuffed to in the prison bus did a deal with the police. He pleaded guilty to a charge after being promised a non-castodial sentence. The man trusted the police, he was a small-time businessman accused of fraud. When it came to court, the judge gave him two years, the bloke was speechless) 16: "We've been round to the address you gave and the people there say they don't know you. We've checked up on the DSS computer and theres no sign of you. Now come on, tell us who you are. Wasteing police time is a very serious offence. Now tell us who you are or you've had it" (If you've sorted out a false address with someone, make sure they're reliable, and everyone in the place knows the name you're using. Stick at it, if you're confident. You can't be charged for wasteing police time for not answering questions) 17: "They've abolished the right to silence - you have to tell us everything now, it's the law" (As we said at the beginning, you can still say nothing, there is no obligation to tell the cops anything beyond your name, address and date of birth) --- If you are nicked on very serious charges, or for serious violence to a police officer, the cops may rough you up or use violence and torture to get a confession (true or false) out if you. Many of the people freed after being fitted up by the West Midlands Serious Crime Squad or comming to light now in manchester, were physically abused till they admitted to things they hadn't done. If this happens, obviously it's your decision to speek rather than face serious injury, but remember, what you say could land you inside for a long time, even if it's not true. Don't rely on retracting a confession in court - it's hard to back down once you've said something. In the police station the cops rely on peoples naivety. If you are sussed the chances are they'll give up on you. In these examples we have tried to show how they'll needle you to speek. Thats why you have to know what to do when you're arrested. The hassle in the copshop, but if you are on the ball, you can get off. You have to be prepared. We've had a lot of experience with the police and we simply say: 1: Keep calm and cool when arrested (remember you are on their home ground) 2: Get a solicitor 3: Never make a statement 4: Don't get drawn into conversations with the police 5: If they rough you up, see a doctor immediately after being released. Get a written report of all bruising and marking. Remember the officers names and numbers if possible Having said nothing in the police station, you can then look at the evidence and work out you alibi, your side of the story. THIS IS HOW YOU WILL GET OFF REMEMBER: An interview is a no-win situation. You are not abliged to speek. If the police want to interview you, it shows you're in a good position... ...And the only way to stay in that position is to refuse to be drawn into any conversation and answer "NO COMMENT" to any questions Q: WHAT CAN I DO IF ONE OF MY FRIENDS IS ARRESTED? If someone you know is arrested there's a lot you can do to help them from the outside. 1. If you know what name they are using as soon as you think they've been arrested, ring the police station. Ask whether they are being held there and on what charges 2. Inform a decent solicitor 3. Remove anything from the arrested persons house that the police may find interesting: letters, address books, false ID, etc, incase the police raid the place 4. Take food, cigarettes, etc, into the police station for your arrested friend. BUT don't go into enquire at the police station to ask about a prisoner if you run the risk of arrest yourself. You'll only get arrested. The police have been known to lay off a prisoner if they have visible support from the outside. It's solidarity which keeps prisoners in good spirits. SUPPORT PRISONERS . : | +-+[ meridian security audit /switch hacking ]+---> by hybrid <--------------+ +-+[ D4RKCYDE ]+---> hybrid@dtmf.org <--------+ | : . . .. ... .......... BL4CKM1LK teleph0nics .......... ... .. . . .. ... .......... http://hybrid.dtmf.org ......... ... .. . Meridian I Switch and Trunk Interception.......... ..... ... . An account of how an ENTIRE companys PBX.......... ..... ... . can be taken over (The hardcore phreak way)....... ..... ... . by hybrid ...... ..... ... . Hi. I'm not going to write a mad big introduction to this article, because I dont feel their is a need for one. All I want to say here is that this article is intended for the more "hardcore" phreak, yes, hardcore phreak, not for lame ass calling card leeching kiddies who call themsleves phreaks. If you are intersted in hacking telephony switches, and you have prior/prefixed knowledge of Meridian, read on.. Through my experience, I've seen alot of meridian admins go through many different and sometimes repetitive lengths to supposidly secure an internal PSTN connected PABX. In this article I'm going to share my knowledge of PBX switch hacking, and enlighten you to the intricate techneques that can be used to "trunk hop" etc. The information provided in this article has been obtained from my own personal accounts of hacking telephony switches, which I'd like to state, I don't participate in anymore. Now, for the sake of timesaving, I'll setup a possible scenario.. Consider the following: o You have stumbled accross a nice Meridian Mail system, which you have already compromised by finding yourself a few boxdes in their. You discover that the Meridian Mail system you have gained access to belongs to a certain telco, and is used for internal communication between emloyees high up in the hierarchial chain. Now, any "normal" phreak would gradually take over the system by finding as many free boxes as possible and hnading them over to friends, or would keep the nice lil' system to themselves as a means of obtaining information about the telco that owns the PBX, via the the means of eavesdroping on used voicemail boxes. This is a very primitive form of remote eavesdroping, which this file is not designed to illistrate. Meridian PBX systems are all administered by a primary system console, which can be remotely accessed by many different protocols. The most popular of which is remote dialup via assigned extensions. If the companys main switch is centrex based, it is likely that the meridian admin console is accessable via IP on the companys intranet. If you manage to gain access to the actual switching conponment, you are likely to have the following privalges on the meridian based network: o 100% control over every single inbound/outbound trunk group o Access to every single voicemail box on the switch o Access to trunk/group/node administration Basically, the meridian administration module is designed to make the admin (or whoever has access to it) GOD over the entire system, I say GOD because you could do anything you wanted, as far as your telephony derived imagination extends. OK, enough of this.. I'm just going to stop going on about what if's for the time being, now I'm going to concentrate on the factual based information, and how one would go about accessing such a switch. The simpilist way to find the internal dialup to a meridian switch is to scan the internal extensions which the switch controls. It's generaly a good idea to begin scanning network/node extensions such as 00,01,02,03[xx] etc. What you are looking for is a modem carrier, which when you connect should ask you for a singular password, which in most cases is bypassed by hitting control-SD. Once you are in, you should recieve the switches command line prompt, somthing similar to this: > or SWITCH0> OMG, I hear you think.. It looks like a DMS switch prompt.. Well, it is, in a funny kind of way. Meridian switches are designed to emualte certain levels of DMS-100 O/S types, so you'll find that many of the BCS leveled commands that you know from DMS will be usefull here. The information that follows has been obtained from public Meridian Mail Administration sources on the net.. /* Basic Meridian 1 Security Audit ------------------------------- "Users will go nuts calling a radio station to win a free toaster, taking over all the trunks in your phone system." An audit of the Meridian 1 telephone system will ensure that every possible "system" precaution has been made to prevent fraud. The first step involves querying data from the system in the form of printouts (or "capturing" the data to a file in a PC). The next step is to analyze the data and confirm the reason for each entry. Please be advised that this procedure is not designed for all "networked" Meridian 1 systems, however, most of the items apply to all systems. Use at your own risk. PRINTOUTS REQUIRED FOR SECURITY AUDIT: It is suggested that you "capture" all of the data from these printouts to separate files. This can be accomplished with a PC and communications program. For the BARS LD90 NET printout, try this file. (enclosed in faith10.zip barparse.zip) ------------------------------------------------------------------------------ LD22 CFN LD22 PWD LD21 CDB LD21 RDB LD21 LTM LD23 ACD LD24 DISA LD20 SCL LD86 ESN LD86 RLB LD86 DMI LD87 NCTL LD87 FCAS LD87 CDP LD90 NET LD90 SUM LD20 TNB LD22 DNB LD88 AUB ------------------------------------------------------------------------------ GATHERING DATA FROM LD81 ------------------------ List (LST) the following FEAT entries to form an information base on the telephones. ------------------------------------------------------------------------------ NCOS 00 99 CFXA UNR TLD SRE FRE FR1 FR2 CUN CTD ------------------------------------------------------------------------------ DATA BLOCK REVIEW ITEMS ----------------------- From the printouts, a review of the following areas must be made. Some of the items may or may not be appropriate depending on the applications of the telephone system. ------------------------------------------------------------------------------ CFN - Configuration Verify that History File is in use. ------------------------------------------------------------------------------ PWD - Passwords Verify that FLTH (failed login attempt threshold) is low enough. Verify that PWD1 and PWD2 (passwords) use both alpha and numeric characters and are eight or more characters long. Note any LAPW's (limited access passwords) assigned. Enable audit trails. ------------------------------------------------------------------------------ CDB - Customer Verify that CFTA (call forward to trunk access code) Data Block is set to NO. Verify NCOS level of console. Verify that NIT1 through NIT4 (or other night numbers) are pointing to valid numbers. EXTT prompt should be NO to work in conjunction with trunk route disconnect controls (See RDB) ------------------------------------------------------------------------------ RDB - Trunk Route Verify that every route has a TARG assigned. Confirm Data Block that FEDC and NEDC are set correctly. ETH is typical, however for maximum security in blocking trunk to trunk connections, set NEDC to ORG and FEDC to JNT Confirm that ACCD's are a minimum of four digits long (unless for paging). If ESN signaling is active on trunk routes, verify that it needs to be. ESN signaling, if not required, should be avoided. NOTES ON TGAR: For demonstration purposes, this document suggests that sets be a "TGAR 1". The only requirement for TGAR is that it match one of the TARG numbers assigned in the Route Data Block ------------------------------------------------------------------------------ ACD - Automatic Verify ACD queues and associated NCFW numbers. Call Distrobution Verify all referenced extensions. ------------------------------------------------------------------------------ DISA - Direct Remove DISA if not required. If required, verify that Inward System security codes are in use. Access ------------------------------------------------------------------------------ ESN - Electronic AC1 is typically "9". If there is an AC2 assigned, Switched Network verify its use. If TOD or ETOD is used - verify what NCOS levels are changed, when they are changed and why they are changed. Apply FLEN to your SPNs to insure nobody is ever allowed to be transferred to a partially dialed number, like "Transfer me to 91800" Study EQAR (Equal Access Restriction) to insure that users can only follow a "Carrier Access Code" with a zero rather than a one: (1010321-1-414-555-1212 is blocked but 1010321-0-414-555-1212 is allowed with EQAR) ------------------------------------------------------------------------------ NCTL - Network Use LD81 FEAT PRINT to verify all NCOS being used. Control Does NCOS 0 = FRL 0? Does NCOS X always equal FRL X in the NCTL? Does FRL 0 have any capabilities? - It should not be able to dial anything. ------------------------------------------------------------------------------ FCAS - Free Call Confirm the need to use FCAS and remove it if Screening possible. FCAS is usually a waste of system memory and complicates the system without saving money. ------------------------------------------------------------------------------ DGT (DMI) - Digit Confirm all numbers referenced in the "insert" Manipulation section of each DMI table. ------------------------------------------------------------------------------ RLB - BARS Route Are any RLB ENTR'S assigned FRL 0 - typically, only List Block the RLB that handles 911 calls should have an FRL 0. If DMI is in use, confirm all "inserted" numbers. ------------------------------------------------------------------------------ CDP - BARS Are all CDP numbers valid? Check the RLBs they point Coordinated to and see what the DMI value is. Confirm insertions. Dialing Plan ------------------------------------------------------------------------------ NET - ALL - BARS Add 000,001,002,003,004,005,006,007,008,009 as SPNs Network Numbers pointing to a route list block that is set to LTER YES. These entries block transfers to "ext. 9000" and similar numbers. Point SPN "0" to a RLI with a high FRL, then consider adding new SPNs of 02, 03, 04, 05, 06, 07, 08, 09 to point to a RLI with a lower FRL so that users cannot dial "0", but can dial "0+NPA credit card calls. Check FRL of 0, 00, 011 and confirm that each is pointed to separate NET entry requiring a high FRL. Remove all of shore NPAs (Like 1-809 Dominican Republic) if possible. Regulations are almost non-existent in some of those areas and they are hot fraud targets. Verify blocking 900 and 976 access. Also consider blocking the NXX of your local radio station contest lines. Users will go nuts calling a radio station to win a free toaster, taking over all the trunks in your phone system. Restrict the main numbers and DID range within the BARS system. There is no need to call from an outgoing to an incoming line at the same location. ------------------------------------------------------------------------------ TRUNKS Confirm that all trunks have TGAR assigned. Confirm that all incoming and TIE trunks have class of service SRE assigned. (caution on networked systems) Confirm that all trunks have an NCOS of zero. NOTES ON TGAR: For demonstration purposes, this document suggests that sets be a "TGAR 1". The only requirement for TGAR is that it match one of the TARG numbers assigned in the Route Data Block ------------------------------------------------------------------------------ SETS-PHONES Does every phone have a TGAR of 1 assigned? (This must be checked set by set, TN by TN). Can you change every phone that is UNR to CTD? Review LD81 FEAT PRINT to find out the UNR sets. CTD class of service is explained below. Confirm that all sets are assigned CLS CFXD? Confirm that the NCOS is appropriate on each set. In Release 20 or above, removing transfer feature may be appropriate. Confirm that all sets CFW digit length is set to the system DN length. NOTES ON TGAR: For demonstration purposes, this document suggests that sets be a "TGAR 1". The only requirement for TGAR is that it match one of the TARG numbers assigned in the Route Data Block Apply Flexible Trunk to Trunk Connections on the set, and FTOP in the CDB if deemed appropriate. These restrictions are done on a set by set basis a