Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Phreaking Technical System Info :: investld.txt

Bell Security Investigative Procedures

$                                     $
$  ---------------------------------  $
$  !--------------------------------  $
$                                     $
$                OF                   $
$                                     $
$  ---------------------------------  $
$  ---------------------------------  $
$                                     $
$                                     $
$        Typed and Uploaded by:       $
$                                     $
$$$$$$$$$$$$-=>Lex Luthor<=-$$$$$$$$$$$
$                                     $

--------------- -----------

This section reviews the investigative procedures used by the Security
Department of Ma Bell.

Most of the discussion will concern Blue Box investigations because of the
frequency of the Blue Box cases referred to law enforcement officials for

The Security Department may initially discover evidence of ETF activity. This
may result from an analysis of calling patterns to particular numbers. Such
analyses may reveal abnormal calling patterns which possibly are the result of
ETF activity. Moreover, cases of suspected ETF are referred to the Security 
Department from the various operating departments of Bell, from other telephone 
companies, or from law enforcement officials. In some instances, detection and 
indentification of a calling station originating suspected Blue Box tones can 
be provided by use of a special nonmonitoring test equipment.

If initial indications are that there is a substantial possibility that a Blue
Box is being used on a particular line, the Security Department determines 
certain information about the line. The name of the subscriber to that line is 
identified, and an inventory is made of the line and station equipment being 
provided to him. A discreet background investigation (record) is conducted to
establish the subscriber's identity. After this preliminary data is gathered,
ETF detection units are installed on the suspected line to establish
"probable cause" for further investigation. If the "probable cause" equipment 
indicates repeated ETF activity on the line, other equipment is then installed 
to document such activity.

The "probable cause" equipment ascertains the presence of multifrequency tones 
on the subscribers end of the line which would not be present in normal usage. 
The "probable cause" device now being used by some Bell central offices 
register each and every application of 2600Hz tones in single-frequency (SF) 
signalling and/or 2600Hz tone followed by KP tones used in multi-frequency (MF) 
signalling. As previously stated, such tones should not normally be present on 
the line.

If "probable cause" is established, other detection, indentification and
documentation equipment is installed. The primary equipment now being used is
the dialed number recorder (DNR), coupled with an auxillary tape recorder. The
DNR is activated when the suspect subscriber's phone goes "off-hook" andb
prints on paper tape the following information concerning the call: The date
and time of the call and the digits dialed over the suspects line. Moreover,
the DNR records on the paper tape an indicator of the presence of 2600Hz tones
on the line and the presence of multi-frequency signalling tones on the
subscriber's line. The auxiliary tape recorder is activated
*ONLY* after the presence of 2600Hz tone on the line is detected by the DNR
(indicating the use of a Blue Box). Once the tape recorder is activated, it 
records the tones being emitted by the Blue Box, other signalling tones, and 
the ringing cycle on the called end. It also records a minimum amount of 
ensuing conversation for the purpose of
(1) Establishing that the fraudulent call was consummated
(2) Establishing the identity of the fraudulent caller. The timing duration of
the tape recorder is pre-set. A time of one-minute (including pulsing, ringing
and conversation) is the stand ard setting; however, if the Blue Box user is
suspected of making overseas calls, the timing may be set for 2 minutes because
of the greater time required by the Blue Box user to complete the call. Upon
termination of the call, the DNR automatically prints the time of termination
and the date. It should be pointed out that the presence of 2600Hz tones *plus*
multifrequncy signalling tones on a subscriber's line positively estab-
lishes that a Blue Box is being used to place a fraudulent call because such
tones are not normally originated from a subscribers line.

Once the raw data described above is gathered, the Security Department collects
and formulates the data into legally admissable evidence of criminal activity.
Such evidence will establish:
(1) that a fraudulent call was placed by means of an ETF device,
(2) that conversation ensued,
(3) that the fraudulent call was placed by an identified individual, and(4)
that such call was not billed to the subscriber number from which the Blue Box
call originated. The evidence which is then available consists of documents and
also of expert witness testimony by telephone company personnel concerning the
contents of those documents, the operation of the Blue Box, and the operation 
of the detection equipment. (note- Similar techniques are used in
the investigation of other forms of ETF.)


------------ -- -------- -- -----------

The evidence accumulated by the Security Department is carefully review ed by
the Legal Department for the purpose of determining whether sufficient evidence 
exists to warrent the presentation of the evidence to law enforcement 
officials. If the evidence does warrent such action, it is presented under 
appropriate circumstances to the proper law enforcement officials. In all cases 
where prosecution is recommended, a professionally investigated and documented 
summary of the case will be preparted and presented by the Security Department 
to the prosecutor's office. Each case recommended for prosecution will be 
prepared as completely as possible, usually necessitating little or no
pre-trial investigation for the prosecutor. The summary of the case will 
include the following:

(a) A background of the case with details of the defendant's activities and a
summary of all pertinent investigative steps and interviews conducted in the 
course of the investigation.
(b) Identification of witnesses.

(c) Synopsis of pertinent points to which each witness can testify.
(d) Description of all documents and items of evidence and the suggested order 
of proof showing the chronology of events. The physical evidence presented will 
normally consist of one or more of the following: magnetic tapes from the 
auxilairy tape recorder, paper tapes from the DNR, worksheets and notes 
prepared in connection with the analysis of each fraudulent call, the suspect's 
toll billing records covering the period during which the fraudulent activity 
occured, computer printouts which established probably cause or a statement of
the source of the "probable cause", and the telephone company records of 
equipment being provided to the suspect.

(e) Upon request, the law applicable to the case.

Other pertinent Company records will be furnished under subpoena or demand of
lawful authority. If an arrest or search warrent is sought, the Security
representitives will cooperate fully and furnish affidavits required to support
the application for the warrent s, nevertheless, upon request, such
representatives will accompany the executing officers to assist in the
identification of any suspected ETF equipment found. The Security repre-
sentitive will also be available to suggest pertinent areas for interro-
gation of the persons suspected of engaging in the fraudulent activity.

(I hope that this will help most of you who Blue Box and who commit other
various Electronic Toll Fraud crimes to avoid detection of using a DTF. Also it
would seem that they could get almost *no* proof if you went to pay phones
instead of at your home.)


$$$$$$$$$$$$-=>Lex Luthor<=-$$$$$$$$$$$

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH