Breaking and Entering - The Telco Way By Keltic Phr0st
===================================== ================
I think I wrote a file on this topic before, but to tell the truth,
it was just too lame for words. So here I go...Rehash and Improve, with
accurate info this time.
Some of you may be aware of the obsession I seem to have with UXD5b
GEC Plessey 600 Line switch. This is primarily because there is an abundance
of them in my local area, the telco is stupid enough to leave all their
trash outside the building, and they are not even visited by BT unless
something radically service-threatening rears its ugly head.
If you've read my file "Various BT Documents" You'll see a draft
of a document I snarfed one night after a B+E spree that sets out the
category and seriousness of any particular failure. This basically deals
with Mega/Kilo Stream failures, H-H Xmission failure, Dialtone loss, etc..
BIG things that can go wrong, basically. Needless to say, unless its
acting as a subs concentrator, there aint going to be any abundance
of heavily used high capacity Trunks leaving the building. There is
really only one or two things that can fuck up in a major way, and that
is why I like this type so much. Theyr'e simple, theyr'e digital, they
have all the advantages of System X, and none of the disadvantages such
as Caller ID. (UXD's do not come equipped with the CLID unit as standard...
If you recieve a call from one of these exchanges, and you have CLID,
then the display just says "UNAVAILABLE").
Ok...Now down to the B+E. What you basically need is the following:
1: Black Rucksack and Impossible Mission Clothes for Trashing
2: Steel Draftsmans Ruler with Rubber Tape on one end
3: Torch
4: Gloves (VERY IMPORTANT...DUH)
If you live in a rural area, and you know every building in your general
locale, then you should by now be aware of which one the exchange is.
It usually has Frosted reinforced windows, a blank door, concrete hatches
round about, etc...More often than not, they are quite far away from
residential areas and potential hazards. Ie : Look for something vaguely
resembling a gas chamber in the middle of fucking nowhere.
Just a word on External Security : None. Its that simple. Just walk
straight up to the door. No alarms, no guard dogs, no engineers constantly
in the building, no vans, no nothing. Just a flawed lock mechanism and
a Fill-wood door standing between you and all the telco info you can carry.
Remove your ruler, and grab the rubber end. This...is...the...grip.
Have you worked out what to do with the other end yet? Look at the door.
Does it resemble the following diagram?
+---------------------+
| | <---- Frosted/Clear Glass
+---------------------+
| |
| |
| |
| |
| # | <---- Ingersoll Lock
| ! | <---- Door Handle
| |
| |
| |
| |
| |
|_____________________|
| | <---- Sloped Panel
+---------------------+
Now force the ruler into the side of the lock. Push it down and in until
you can hear an audible click. You may spend some time trying to find
the lock bar, but it will pop open quite amicably when forced.
If you cant force the lock just by popping it...Then there is
probably a wooden panel put there to stop filthy little herberts like
you embarking on this sort of task. Dont give up though...
In the Olden days, when exchanges were manned by a full time
human operator, there used to be mail slot for the Post-bloke to pop
the mail thru the door. The mail in those days was pretty dull...Just
info on subscribers such as number changes, New procedures to follow,
reminders of an imminent Engineer visit, reminders to check the cells...
Because of the tight wad gits that run BT now, a lot of these exchanges
still have the post slot on them...and its large enough to allow an arm
through quite comfortably...
However...A bit of metal work or dexterity is needed to get your
paws in there. Take a gudgey at the following :
| <---------- Door
|
|
|------+
Mail Flap ------> \ |<---- Metal Shelf
\ |
| |
|
|
The basic operation of the shelf is to foil the casual burglar. Simply
take a lever orientated object ( Like...A Crowbar!! Yeah!!) and pop it
in thru the mail flap. It will stop against the shelf. Simply raise it
at your side until it goes under the shelf at the same angle as the
flap, and pull down on the fucker until you hear the screws holding the
shelf in place pop out, or the shelf bends right up.
The advantage being that this leaves no external evidence of your
work, and you are now -Guaranteed- entry. Simply remove the lever, pop
your arm through the hole, and reach over towards the door handle.
You should find a horizontal lever approx. 2 inches in length resting in
your sweaty grip. Push it away from you. Ta-da!! The door is
now open!!
Quickly get inside and close the door. Bag the Shelf as a souvenir
if its fallen off. It might take BT some time to realise that somebody
has forced entry, and then get a new shelf, assuring your unhassled
entry to the building until that day. If its still on, but bent beyond
belief, simply push it back into shape. Its not very strong metal...Its
just designed to stop a hand or nosey bastards looking in.
You should now be standing in a lobby with another door in front of
you, and one to your left. The door on the left is the toilet. Have a shit
at BT's expense...But be warned, their Bog roll is like Tracing paper.
Above the Toilet door is what looks like a burglar alarm. Correction :
Its an early warning system in the event of a fire. The exchange is
designed to inform the authorities if it catches fire!! It should have green
leds calmly staying on all over it, and the by now familiar BT logo
in grey on the case. Ignore. Proceed to open the door in front of you...
ALLADINS CAVE!! Hello!! Look at all that yummy telco stuff,
waiting to be snarfed!! Wanna Map? Ok....
+-------------------------#########################----------------------+
| +------------+ +------------+ +-------------------+ |
| | | | A | | | |
| | | +------------+ | | |
| | B | | K | |
| | | | | |
| | | +-----+ | |
| | | | | |
| +------------+ +-------------+ |
| | | |
| | | |
| | | +-----------+ |
| | C | | J | |
| | | | | |
| | | +-----------+ |
| +------------+ | | |
| | | |
| | I | |
| | | |
| | | |
| | | |
| +-----------+ |
| |
| +--+ |
| | |===============|
| | |===============|
| H ---> | |===============|
| | |===============|
| | |===============|
| +--+ |
| +------+ |
| | | |
| | G | |
| | | |
| +------+ |
+------------------------------@@@@@@@@@@-----+ |
| | | | |
| D | | | |
#---------+ @ | |
# @ | |
# @ F | |
| +-------+ @ | |
| | E | | | |
| | | | | |
+--------------------------+---@@@@@@@@@@@----+----#############---------+
| |
| |
| |
Where @@@@ = Doors A = Component Workbench
#### = Windows B = Switching Cab 1
C = Switching Cab 2
D = The Sink
E = The Shitter
F = The Lobby
G = Line Pressurisation Unit/Gauging
H = Main Distribution Frame
I = General Work Area
J = Filing Cabinet
K = Emergency Diesel Generator
First thing you should always check is the General Work area. Rifle thru
the drawers on the desk and then check to see if the filing cabinet is
open. There should also be a waste paper basket close by...Empty that into
your rucksack. If the desk drawers are open, you can find MDF Records for
your entire exchange, Work permit forms, BT Pens(!) Carrier allocation
cards, Work pending sheets and all sorts of other assorted BT Excretia
which they would -rather- you didnt have access to. The MDF Records are
the best, cause they list all the numbers in your exchange, what they
are, If they share any pairs with any other numbers...They also list
ALL test numbers, Loops, Operator Sub-System Dial-ins, OG/IC Trunk pairs,
Basically, every pair currently allocated within the exchange. This is
without a doubt, one of the most accurate "scans" you're gonna get, so
pocket these immediately.
Now make your way over to the MDF (Main distribution Frame). Now is
your chance to see if the bastards are REALLY tapping your line. Refer to
your MDF record, and look up your DN (Directory Number). It should also
have an EN (Equipment Number) and the pair it has been allocated, usually
just entitled 'number'. Look at the frame. See all the wires? Thats where all
the subscribers lines leave and enter the building. Look up your pair...
Its quite easy, becuase all the wires are labelled on the frame bars...
Found it? Can you see any 'supplementary' Jumpers or wires connected to it?
You can? Good lord. How simply unspeakable. Invading peoples privacy like
that!!
If you came tooled up PROPERLY, you'd have your test set out now,
and be clipping onto every available pair to listen in and dial out. Stop
now, and pay attention to your pair. Clip onto it. Got a dial tone? Good.
Now clip onto the supplementary pair if its there. Silence? Snip the bastard.
Make it a good job, so it looks like an engineer messed up (Try clipping it
really deep into the frame, right next to the connection point) and forgot
to reconnect it.
Now, just to make sure you havent disconnected yourself, pick up
the phone on the general work area. Dial your number. Ringing? Excellent.
Hang up. DONT let it connect, or the call will be registered and
cross registered with engineer visits. If they find out someone has dialled
out of the exchange when an engineer wasnt present, questions will indeed
be asked, and there will be tears before bedtime.
Now, dirty work and back covering done, take a sniff around. Ignore
The diesel Generator and the Pressure unit...Take my word for it...They're
DULL articles just put there to annoy the ardent burglar. They are also
EXTREMELY DANGEROUS and LIFE THREATENING To mess around with. Observe the
WARNING!!! Logos splashed all over them.
Next...Switching Cabs! Cabinet one should look like this :
-----+------------------------------------------+
| |
| |
+------------------------------------------+
| |
| ######## ######## ######## |
| ######## ######## ######## |
|------------------------------------------|
| |
| +--------------+ |
| | @@@@@@@@@@@@ | |
| | @@@@@@@@@@@@ | |
| | @@@@@@@@@@@@ | |
| +--------------+ |
| | | |
| +--------------+ |
| / ::::::::::::: \ |
+------------------------------------------+
| |
| +----------------+|
| | ||
| | ||
| | ||
| +----------------+|
| |
-----+------------------------------------------+
The articles composed of ####'s in the top of the rack are BT Standard issue
2422 Modems, 2400bps. Used for Decibel loss testing, External Module
Interfacing and External Dial-in access. Usually there is just one in the
rack, and they arent worth nicking. They're crap. Besides which, if the
vaguely terminal like ASCII below it is present, then they will need to be
there if you want to actually gain access to the switch.
The Terminal is the CSS Terminal, and is used to allow On the spot
and remote diagnostics via the keyboard/modem/whatever, and to allow
interpretation of the messages thrown back by the switch. Im not about to
go into the CSS Terminal in depth here...Its a file in its own right, and
Im still researching it. If its there, you can get in externally.
End of Story.
The vague square in the bottom right is a printer. This provides
hard copy of all the switch's activities, and any repair/Diagnostics
that may be in operation at the time. Tear off the Reams of paper spilling
out of it, and bag them. You'll need them if you want to learn more about
how the UXD unit handles basic procedures and diagnostics. The paper
is that shitty fax paper, so remember to keep it out of the sunlight.
Cabinet Two should just be a big blank cabinet. Its in here that
all the switching and call handling takes place. Open the cabinet, and take
ALL the documents sitting in the dockets inside the doors. Take the key
that should be hanging there as well. This is the key for the building,
and wont be missed. Stay a while and watch the switch. Look at the flashing
lights. Marvel at the wonders of digital telephony. Nick an unused rack
module as a souvenir.
You should by now be ready to get the fuck out of the building and
home to rifle thru your booty. Before you go...Take a visit to the Component
Assembly Workbench. See that Glass display cabinet full of components above
the desk? Take some for good measure. I was lucky enough to get a DSP one
time. Now walk towards the door...Halt!
Look at all the Documents and information on the noticeboard and
door back! Steal it ALL! Into the bag, you know the drill. NOW leave.
Make sure no-one sees you leaving. Now go home and rifle thru all your
swag. Im sure you dont need a T-File to tell you what to do with the info
you've blagged, but if you do, mail me on P80, 1066 or UABBS for help or
details. So long, and happy hunting.