Automatic Number Identification (ANI)
Disclaimer: Neither Janus nor The Gashous take no responsibility
for what you do with this file. It is for informational purposes only. Use at your own risk.
Part I: Automatic Number Identification
ANI, automatic number identification, is exactly as its name
implies. It automatically identifies the 10-digit number of the
phone line that is calling. Orignially, this system was originally
used to utilize Centralized Automatic Message Accounting (CAMA)
in systems like SxS, Panel, XBar #1, and a few minor other ones.
ANI was utilized by sending messages through ANI circuitry that
was placed in the control rooms of the Central Offices (CO) mentioned
before. Before ANI came about, COs used a type of number-marking
device to keep track of all tolls made on a local loop (subscriber
line). This was achieved by placing the device either in a trunk
or directly in the CO. It would be read by another device and then
all those calls made would appear on your phone bill. This process
was fine for the early periods of large telcos, but once every house
started owning 2, 3, even 4 or 5 lines each, they decided they needed
a much less time-consuming method of gathering line information
about the loop. Thus, ANI was developed.
II. How ANI works (basically)
An identifier circuit is installed to recognize each line. Every
time a call is made, the mechanical devices go to work. It identifies
the caller, party being called, and some other information. That
information is then sent to another circuit in an outgoing trunk,
and then relayed to a Tandem office.
As soon as the call is made, a 5800hz identification tone is applied
to the line, and the circuitry knows the numbers of the party calling,
but not yet the party being called. The tone is transmitted at a
2-volt level. At the same time all this is happening, an identifier
idle is seized which sends a message to the directory network and
over a few series of busses and the like. The identifier begins
to scan the number and finds out the calling office number, and
the number being called. All the information is then sent, via MF
tones, to CAMA equipment that puts all information on tape, except
YOUR number, under normal circumstances, because this has already
been determined by the first set of circuitry. Occasionally, an
Automatic Identification Number Failure (ANIF) may occur, which
can be caused by many kinds of complications. When this happens,
another protocol called Operator Number Identification (ONI) is
used. All that happens is an operator comes on the line and asks
you what number you're calling from.
When a company that uses ANI and CAMA equipment is called, a small
vaccuum or LCD display screen, or sometimes directly on a computer
monitor, the calling party's number, their address, and the name
of the person that the telephone line account is under. Limited
telephone information may also be accessed, but it's usually never necessary.
III. Why ANI is used
ANI is used when you call 911, pizza places, 411, or sometimes
even when you talk to an operator. It is used when you call 911,
of course, because if it's an emergency, they automatically know
the place being called from, just in case the person is panicing,
doesn't know where he/she is, or accidentally gets disconnected.
Operators always ask for verification of their information, just
in case a call box (the things on the side of highways), cell phones,
mobile phones, etc are being used. The same goes for pizza places.
They always ask for your number first, and then pull up your information
on the computer screen. This isn't really a direct form of ANI actually,
but another form of identification that isn't discussed in this text.
IV. How ANI can be useful to phreaks
ANI can be useful to phreaks in the following ways:
1) COCOTs. Customer owned, coin operated telephones. Why,
you ask? Because when you call a special ANI number that is set
up by the telco, it reads back the number being called from. Then,
you can write the number down, and dial it from another phone. You
might be able to get a special menu where you can do cool things
with the phone, such as disable it, make it ring, use its 200/300
baud modem, and other things. Plus, calling the ANI number is free.
Payphones are, by law, obligated to be used to dial toll-free, 911, and operator lines for free.
2) Beige boxing. When boxing, if you don't know the number
you're calling from (for some odd reason) and want to know, just dial the ANI number.
3) Spying. If you're over a friends house, and want to
know the number of a cell phone, home phone, fax, or something else,
just get them out of the room and call the toll-free ANI number.
This can be useful in many ways, such as:
b. Finding out where to fax things
c. Getting the parent's cell phone MIN :)
d. If it's an enemy instead of a friend, you
could call the number to get their line, then cause anarchy with it.
Part II: Tracing
I. Steps Involved in Tracing
Step One: making of a police report. There must be some reason
WHY the line is being traced, such as obscene
phone calls, computer hacking, phreaking, etc.
Step Two: make a request from phone company, with police report in hand, that they trap the line. Phone companies and government
agencies are about the only people that posess trace equipment.
Step Three: installation of the tracer. The line is traced. Kaboom. :)
The calling party's ANI information will be recorder the next time
he calls and immediately sent to the telco and/or proper government
agencies and police forces. The only problem with installing the
tracer is the time it takes for the phone company to come and put
it in. It could take up to a week. Unless, of course, the NSA/FBI/CIA
are involved. Then, it can be installed in... probably in as little
time as 3 minutes. (No exaggeration in previous sentence. :) )
A large quantity of hackers and phreaks are apprehended via MCI's
new port-monitoring soft/hardware. All it does is look for a certain
string in the recorded calls. Woohoo. MCI recently claimed that
they caught almost 50 phreaks in a 7-month period. We all highly
doubt that. MCI does NOT have direct access to ESS. All they probably
did was look at the Dialed Number Records and the such. I hate those 2-bit telcos....
II. Time Synchronization Tracing
Time Synchronization Tracing is a very simple method in which
a device is implemented to monitor exactly the times in which the
calls were made, and the number of the called party. When the called
party's number is detected, it automatically stops the clock at
the time that the phone of one of the calling parties goes on hook.
Then, the records are compared with that of the phone companies,
and the caller is questioned, and, usually, caught. There is usually
no possibly way I know of around this, unless you make calls on
a Friday night or something at 7 or 8 o'clock when millions of calls
all over the world are being made.
III. Manual Tracing
Manual Tracing, as it's name suggests, is just tracing by following a call back to its source via the use of hundreds of circuits. It usually takes about 5-20 minutes, and is not used anymore that much. There are 3 kinds:
a) Retrieves city/general area only
b) Retrieves phone number general area
c) Retrieves phone number and exact location
IV. FBI Lock-In Trace
The lock-in trace is used to "lock-in" to a number and not let the other
party's line completely hang up. Mostly used only by the FBI, because it is
so expensive, it is usually referred to as the FBI Lock-In Trace. They can
sort of tap into a conversation, almost like a 3-way caller, and then use a
manual trace while always being connected, even if the parties hang up. How,
you ask? Well, if you think about your basic knowledge of phones, you should
already know that the only thing keeping a line connected is VOLTAGE. Once
the party hangs up, the voltage is cut, and the connection no longer exists.
The pigs, being sort of like the third caller, keep the voltage up on the
line after both parties hang up. You know the lock-in trace is in use when
you hang up, and the phone keeps ringing immediately after you place it
on-hook. So, the only way to beat this type of trace is to lower the voltage
on the line. Every time another person connects to a line that's already in
use, the voltage decreases a little. That's why, on 3-way conversations, you
experience more static and line noise than you do on a normal connection.
Sure, you could pick up 10,000 phones at the same time... but that's almost
impossible. That's why the aqua box was invented. Aqua box plans are
included at the end of this document.
Part III: Caller ID
I. What is Caller ID?
Caller ID is a relatively new technology that allows a called party to receive either:
a) The calling party's number, date/time, and subscriber's name
b) The calling party's number, date/time, subscriber name,
and additional information, such as address or telephone information.
**Note that in both instances, I say "subscriber name," not just
"name." This is because the Caller ID box can only view the information
of the calling party's line, not the EXACT person who is calling.
For example: A telephone line is issued under Joe Schmoe's name.
The number is (666)555-4242. His daughter, Jane Schmoe, makes a
call to one of her teenage girlfriends. Tammy Smith, the friend,
has a caller ID box in her room. The box displays:
[ Schmoe, Joe F. ]
[ 666-555-4242 ]
[ 1.16.99 ]
[ 4:54 PM ]
[ Schmoe, Joe F. ]
[ 666-555-4242 ]
[ 1.16.99 ]
[ 4:54 PM ]
[ Anytown, USA 99642 ]
[Bell Atlantic Telephone]
The second instance is usually very uncommon... it's only availible
in certain areas, and most likely costs more.
II. How does Caller ID work?
The calling party's information is sent as a data stream containing
7 data bits and 1 stop bit. The stop bit just indicates that the
information is done sending, and the box at the other end can start
displaying the message. The signal is usually transferred at 1200
baud, but may be different in other countries/regions. The caller
ID box then interprets the message with it's circuitry. It determines
the date and time (which is in 24 hour format, not 12), number,
and subscriber's name. An example of a data stream would look like:
The box intreprets this message as:
Date: February 28
Time: 1:34 PM
III. What is Caller ID blocking?
Since people want their privacy, the FCC and all those other
3-letter government-associated agencies have required the telco
to install a way to block Caller ID. Bell Atlantic uses *67, but
different countries/regions may have different digits. 2 forms exist:
a) By-Call: The preferred method, caller purposely presses
*67 before EACH call, and blocking the following call.
b) By-Line: Has a few disadvantages, the major one being
that the caller must go through a lengthy process before he/she can toggle the ID blocking on or off. Usually accomplished by calling the telco and telling them you want all calls blocked.
IV. Caller ID errors
Many different kinds of errors can occur.. these are the more common ones:
a) Buffer Full: The box has filled up its memory because
the person has not bothered to delete old calls, and
the box must begin to delete old numbers for you.
b) No Data Sent: The box cannot decide the proper information
because the data stream is full of null characters, but
still has a proper checksum.
c) Out of Area: The tleco of the caller is using a different
type of switching system and the data is different,
or, it's just because the caller is out of Caller ID range.
d) Blocked/Private/Unknown: The caller has blocked Caller ID.
e) Data Error: Proper checksum was not received.. can occur
during an improper data transmission.
Aqua Box Plans
(As taken from The Traveler's version)
Materials needed- a BEOC (Basic Elictrical Output Socket), like a small lamp
type connection, where you just have a simple plug and wire
that would plug into a light bulb.
- One of cords mentioned above, if you can't find one then
construct your own... same voltage connection, but the
restrainor must be built in (i.e. the central box)
- TWO phone jacks (one for the modem, one for if you are
being traced to plug the aqua box into)
- Some creativity and easy work.
NOTICE: No phones have to be destroyed/modified to make this box, so don't go
out and buy a new phone for it!
All right, this is a very simple procedure. If you have the BEOC, it could
drain into anything, a radio, or whatever. The purpose of having that is
you are going to suck the voltage out from the phone line into the electrical
applicence so there would be no voltage left to lock you in with.
1)Take the connection cord. Examine the plug at the end. It should have only
two prongs, if it has three, still, do not fear. MAKE SURE THE ELECTRICAL
APPLIENCE IS TURNED OFF unless you wanna become a crispy critter while making
this thing. Most plug will have a hard plastic design on the top of them to
prevent you from getting in at the electrical wires inside. Well, get a knife
and remove it. If you want to keep the plug (I don't see why...) then just cut
the top off. When you look inside, low and behold, you will see that at the
base of the prongs there are a few wires connecting in. Those wires conduct
the power into the appliance. So, you carefully unwrap those from the sides
and pull them out until they are about and inch ahead of the prongs. If you
don't wanna keep the jack, then just rip the prongs out. If you are, cover the
prongs with insultation tape so they will not connect with the wires when the
power is being drained from the line.
2)Do the same thing with the prongs on the other plug, so you have the wires
evenly connected. Now, wrap the end of the wires around each other. If you
happen to have the other end of the voltage cord hooked into the phone, stop
reading now, your too fucking stupid to continue.
After you've wrapped the wires around each other, then cover the whole thing
with the plugs with insulating tape. Then, if you built your own control box
or if you bought one, then cram all the wires into the and reclose it. That
box is your ticket out of this.
3)Re-check everything to make sure it's all in place. This is a pretty flimsy
connection, but on later models when you get more experienced at it then you
can solder away at it and form the whole device into one big box, with some
kind of cheap Mattel hand-held game inside to be the power connector.
In order to use it, just keep this box handy. Plug it into the jack if you
want, but it will slightly lower the voltage so it isn't connected. When you
plug it in, if you see sparks, unplug it and restart the WHOLE thing. But if
it just seems fine then leave it.
Now, so you have the whole thing plugged in and all... DO NOT USE THIS UNLESS
THE SITUATION IS DESPERATE! When the trace has gone on, don't panic, unplug
your phone, and turn on the appliance that it was hooked to. It will need
energy to turn itself on, and here's a great source... the voltage to keep
a phone line open is pretty small and a simple light bulb should drain it all
in and probably short the F.B.I. computer at the same time.
*This file may be copied and placed anywhere, as long as author's name and Gashous URL appear at end of document*
The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to email@example.com.