It all began circa 1957, when a seven-year-old boy named Joe Engressia stumbled upon what would one day become a widespread threat to the phone system. When Engressia whistled into his telephone with perfect pitch at a frequency of 2600 Hz, the automatic switch disconnected the line from one end, leaving the other end wide open to call long-distance free of charge.
Not long after Engressia’s discovery, John Draper, later known by the name Captain Crunch, replicated these techniques using a toy whistle from a box of Captain Crunch breakfast cereal. It was only a matter of time before he developed a piece of hardware called a “phreak box” that was used to fuel a subculture of phone phreakers in to the 1970s and beyond.
Phreaking Goes Mainstream
Phreak boxes were tools used by phone phreakers to produce tones that could signal the automatic telephone line switches. Supposedly named after the original color of the actual boxes, the names came to simply represent the tool’s use:
Blue boxes invoked switching functions through audible tones
Black boxes enabled free incoming long-distance calls by falsely signaling to the switching equipment that a call had not been answered
Beige boxes were an improvised lineman's handset typically made from a one-piece telephone and alligator clips
Red boxes were able to create the tones of coins deposited in payphones, resulting in free calls
What’s the Point of Learning Phreaking History?
Phreak boxes are mostly obsolete and younger generations might not even know about long-distance telephone charges or might have never seen a payphone. However, knowing the history of cyber-attacks provides greater insight and context in to today’s attack vectors. It is noteworthy to observe that phreak boxes not only fueled a subculture of phone phreakers, but these devices also were also used maliciously by those who set their sights beyond free long distance calling. These perpetrators used phreaking to affect government offices, businesses, and other organizations, shifting the view from hackers to cyber criminals.
As mentioned in the earlier History Matters post [link to previous post], the more your users know about cybersecurity history and the threatscape as a whole, the better protected your organization from the threats of today and the future.