• Choose a category
• All
• Classic-Fiction

By that evening, I had the fax in my hands—the basic information that I hoped would allow me to wiretap any Pacific Bell phone in all of Southern California. But we still had to figure out how to use the SAS protocols.

Lewis and I attacked the puzzle of trying to figure out how SAS worked from a number of different angles. The system gave a technician the ability to connect to any phone line, so he could run tests to find out why a customer was hearing noise on his line or whatever the problem was. The tech would instruct SAS to dial in to the particular CO that handled the telephone line to be tested. It would initiate a call to a part of the SAS infrastructure at the CO known as a “remote access test point,” or RATP.

That was the first step. In order to hear audio on the line—voices, noise, static, or whatever—the tech would then have to establish an audio connection to the SAS unit in the CO. These units were designed with a clever security provision: they had a list of phone numbers preprogrammed into their memories. The technician would have to send a command to the SAS unit to dial back to one of the preprogrammed numbers—the phone number at the location where he was working.

How could we possibly bypass such a clever, apparently infallible security measure?

Well, it turned out not to be all that hard. You’d have to be a phone company technician or a phone phreaker to understand why this worked, but here’s what I did. I dialed from my telephone into the phone line I knew SAS would use to make its outgoing call, then immediately triggered SAS to call back an authorized number programmed into its memory.

When SAS picked up the line to make an outgoing call, it actually answered the incoming call from my phone. But it was waiting for a dial tone and couldn’t get one because I had the line tied up.

I went mmmmmmmmmmmmmm.

I couldn’t have hummed exactly the right sound, because a dial tone in the United States is actually made up of two frequencies. But it didn’t matter because the equipment wasn’t designed to measure the exact frequencies; it needed only to hear some kind of a hum. My Campbell’s Soup mmmmmmm was good enough.

At this point, SAS attempted to dial the outgoing call… which didn’t go through because I was already connected on the line it was trying to use.

Final step: from my computer, I typed in cryptic commands that instructed SAS to drop in on the phone number of the subscriber line I wanted to monitor.

On our first attempt, I was so excited I could barely breathe.

It worked!

Lewis said afterward, “Kevin, you were beside yourself, dancing around in circles. It was like we had found the Holy Grail.”

We could remotely wiretap any phone number within all of Pacific Bell!

Meanwhile, though, I was really growing antsy to find out the truth about Eric. Too many things about him seemed suspicious.

He didn’t appear to have a job. So how could he afford to hang out at the clubs he talked about? Hot places like Whiskey à Go-Go, where acts like Alice Cooper and the Doors, as well as rock gods from back in the day like Jimi Hendrix had sometimes dropped in to jam.

And that business about not giving me a phone number? Eric wouldn’t even give me his pager number. Very suspicious.

Lewis and I talked about the situation and decided we needed to find out what was going on. First step: penetrate the screen of “I won’t give you my phone number.” Then, once we had his phone number, use it to find his address.

Caller ID wasn’t being offered then to customers in California because the state’s Public Utilities Commission was fretting over privacy issues and hadn’t yet authorized its use. But like most phone companies, Pacific Bell used central office switches developed by Bell Labs and manufactured by AT&T, and it was common knowledge in the phreaker community that these switches already had the caller ID feature built into their software.

In the building where my friend Dave Harrison had his offices, a terminal on the