AT&T left its meetings empty-handed, no new law in sight.
All of these things forced AT&T to think about the unthinkable: would it have to redesign the entire nationwide telephone network and install a new signaling system?
This was a huge question. The estimates of the costs for such a redesign varied from a quarter of a billion to a billion dollars (between $2 billion and $8 billion today). It would take years to deploy whatever new signaling system its engineers came up with. After all, the design of the original system had taken decades, starting in the late 1920s and with effort in earnest during the 1940s and ’50s, and that deployment was still years from being finished. While the company was deploying whatever new system it came up with, the network would still be vulnerable.
Then there was the niggling question in the back of the minds of AT&T’s leaders, namely, what if the new system also turned out to be vulnerable? As one person familiar with the matter put it, they had “no assurance at all that if we did modify [the signaling system], that that in turn would not be overcome, too.”
None of this sat well with the executives at American Telephone and Telegraph in New York City. The directive to the engineers at Bell Labs from AT&T headquarters at 195 Broadway was clear: “You guys created this mess, you clean it up!”
Engineers are funny animals. If you tell an engineer about a problem, any problem, his first instinct is to measure it. Tell an engineer you don’t love him anymore and he’ll ask for a graph of your love over time so that he can understand exactly how big the problem is and when it started.
But there were no graphs of the extent of electronic toll fraud, at least not in the early 1960s. After all, the key thing that blue and black boxes did was to defeat AT&T’s carefully designed billing system, the very system that kept tabs on the number and length of calls being made on its network. If there were no billing records for fraudulent calls, there was no way to know how many fraudulent calls there were or how long they lasted. And that meant AT&T was gazing into the abyss. Say the phone company catches some college students with electronic boxes. Fantastic! But elation is soon replaced by worry. Is that all of them? Or is that just the tip of the iceberg? Are there another ten college students doing it? A hundred? Are there a thousand fraudulent calls a year or are there a million?
Engineers hate stuff like this.
Bell Labs, filled to the brim with engineers, proposed a crash program to build an electronic toll fraud surveillance system and deploy it throughout the network. It would keep a watchful eye over the traffic flowing from coast to coast, ever vigilant for suspicious calls—not every call, mind you, but a random sampling of a subset of them, enough to gather statistics. For the first time Bell Labs—and AT&T’s senior management—would have useful data about the extent of the electronic toll fraud problem. Then they’d be in a position to make billion-dollar decisions.
The project was approved; indeed, AT&T gave Bell Labs a blank check and told them to get right to work. Tippy-top secret, the program had the coolest of code names: Project Greenstar. Within Bell Labs Greenstar documents were stamped with a star outlined in green ink to highlight their importance and sensitivity. Perhaps as a joke, the project lead was given a military dress uniform hat with a green general’s star on it, an artifact that was passed on from one team lead to the next over the years.
Greenstar development began in 1962 and the first operational unit was installed at the end of 1964. Bill Caming, AT&T’s corporate attorney for privacy and fraud matters, became intimately familiar with the program. “We devised six experimental units which we placed at representative cities,” Caming said. “Two were placed in Los Angeles because of not only activity in that area, but also different signaling arrangements, and one was placed in Miami, two were originally placed in New York, one shortly thereafter moving to Newark, NJ, and one was placed in Detroit, and then about January 1967 moved to St. Louis.”
Ken Hopper, a longtime Bell Labs engineer involved in network security and fraud detection, recalls that the Greenstar units were big, bulky machines. “I heard the name ‘yellow submarine’ applied to one of them,” he says. They lived in locked rooms or behind fenced-in enclosures in telephone company switching buildings. A single Greenstar unit would be connected to a hundred outgoing long-distance trunk lines and could simultaneously monitor five of them for fraud. The particular long-distance trunk lines being monitored were selected at random as calls went out over them. At its core, Greenstar looked for the presence of 2,600 Hz on a trunk line when it shouldn’t be there. It could detect both black box and blue box fraud, since both cases were flagged by unusual 2,600 Hz signaling.
As Caming described it, “There were in each of these locations a hundred trunks selected out of a large number, and the [. . .] logic equipment would select a call. There were five temporary scanners which would pick up a call and look at it with this logic equipment and determine whether or not it had the proper [. . .] supervisory signals, whether, for example, there was return answer supervision. When we have a call, we have a supervisory signal that goes to and activates the billing equipment which usually we call return answer supervision. That starts the billing process and legitimizes the call, and if you find voice conversation without any return answer signal, and that is what it was looking for, it is an indication, a strong indication, of a possible black box that the caller called in; and if, for example, you heard the tell-tale blue box tone [. . .] this was a very strong indication of illegality because that tone has no normal presence upon our network at that point.”
When Greenstar detected something unusual, it took an audacious next step: it recorded the telephone call. With no warrant and with no warning to the people on the line, suspicious calls were silently preserved on spinning multitrack reel-to-reel magnetic tapes. If Greenstar judged it had found a black box call it recorded for sixty to ninety seconds; if it stumbled upon a blue box it recorded the entire telephone call. Separate tracks recorded the voice, supervisory signals, and time stamps.
When the tapes filled up they were removed by two plant supervisors. “They were the only two who had access from the local [telephone] company,” Caming says. Then they were sent via registered mail to New York City. There, at the Greenstar analysis bureau, specially trained operators—“long-term chief operators who had great loyalty to the system [who] were screened for being people of great trust,” Ken Hopper says—would listen to the tapes, their ears alert for indications of fraud. The operators would determine whether a particular call was illegal or was merely the result of an equipment malfunction or “talk off”—somebody whose voice just happened to hit 2,600 Hz and had caused a false alarm. When these operators were finished listening, the tapes would be bulk erased and sent back for reuse.
“The greatest caution was exercised,” Bill Caming recalls. “I was very concerned about it. The equipment itself was fenced in within the central office so that no one could get to it surreptitiously and extract anything of what we were doing. We took every pain to preserve the sanctity of the recordings.”
Project Greenstar went on for more than five and a half years. Between the end of 1964 and May 1970, Greenstar randomly monitored some 33 million U.S. long-distance phone calls, a number that was at once staggeringly large and yet still an infinitesimally tiny fraction of the total number of long-distance calls placed during those years. Of these 33 million calls, between 1.5 and 1.8 million were recorded and shipped to New York to be listened to by human ears. “We had to have statistics,” said Caming. Statistics they got: they found “at least 25,000 cases of known illegality” and projected that in 1966 they had “on the order of 350,000 [fraudulent] calls nationwide.”
“Boy, did it perk up some ears at 195 Broadway,” says Hopper. It wasn’t even that 350,000 fraudulent calls was that big a number. Rather, it was the fact that there was really nothing that could be done about it, at least not at once. “I
t was immediately recognized that if such fraud could be committed with impunity, losses of staggering proportions would ensue,” Caming said. “At that time we recognized—and we can say this more confidently in public in retrospect—that we had no immediate defense. This was a breakthrough almost equivalent to the advent of gunpowder, where the hordes of Genghis Khan faced problems of a new sort, or the advent of the cannon.”
The initial plan with Greenstar was simple: Wait. Watch. Listen. Gather statistics. Tell no one. Most important, don’t do anything that would give it away. “There was no prosecution during those first couple of years,” Hopper says. “It was so the bad guys would not be aware of the fact that they’re being measured.” It was only later, Hopper says, that AT&T decided to switch from measurement to prosecution. Even then, Hopper said, “The presence of Greenstar would not be divulged and that evidence gathered to support toll fraud prosecutions would be gathered by other means.” Instead, Hopper relates, Greenstar would be used to alert Bell security agents to possible fraud. The security agents would then use other means, such as taps and recordings, to get the evidence needed to convict. “Greenstar bird-dogging it would not be brought out,” says Hopper. “It was just simply a toll fraud investigation brought about by unusual signaling and you would not talk about the fact that there was a Greenstar device. That was the ground rule as I understood it. Any court testimony that I ever gave, I never talked about any of that.” As another telephone company official put it, “If it ever were necessary to reveal the existence of this equipment in order to prosecute a toll fraud case, [AT&T] would simply decline to prosecute.”
Bill Caming became AT&T’s attorney for privacy and fraud matters in September 1965. Greenstar had been in operation for about a year when he was briefed on it. His reaction was immediate: “Change the name. I don’t even know what it is, but it just sounds illegal. Change the name.” More innocent-sounding code names like “Dewdrop” and “Ducky” were apparently unavailable, so AT&T and Bell Labs opted for something utilitarian and unlikely to attract attention: Greenstar was rechristened “Toll Test Unit.”
As the new legal guy at AT&T headquarters, Caming faced questions that were both important and sensitive. Forget how it sounded, was Greenstar actually illegal? And if it was, what should be done about it? Before joining AT&T Caming had been a prosecutor at the Nuremberg war crimes trials after World War II. He was highly regarded, considered by many to be a model of legal rectitude. Was there any way he could see that the AT&T program was legit?
There was. He later stated under oath that there was “no question” Greenstar was in fact legal under laws of the day—a surprising conclusion for what at first blush appears to be an astonishing overreach on the part of the telephone company. There were two parts to Caming’s reasoning. The first had to do with the odd wording of the wiretap laws of the early 1960s; using this wording Caming was able to thread a line of legal logic through the eye of a very specific needle to conclude that the program was legal under the law prior to 1968. The second part had to do with his position at American Telephone and Telegraph. In 1968, when Congress was considering new wiretapping legislation, Caming was in a position to help lawmakers draft the new law. He made very sure that the new wiretap act didn’t conflict with AT&T’s surveillance program.
Caming even informed the attorneys at the Justice Department’s Criminal Division about Greenstar in 1966 and 1967, in connection with some prosecutions. “Now, that does not say that they cleared it or gave me their imprimatur,” he allowed. But then, he added, “we did not feel we needed it.”
Years later, the Congressional Research Service agreed with Caming regarding the legality of the program—to a degree. While not going so far as to say there was “no question” that Greenstar was legal, it was concluded that “It is not certain that the telephone company violated any federal laws by the random monitoring of telephone conversations during the period from 1964 to 1970. This uncertainty exists because the Congressional intent [in the law] is not clear, and case law has not clearly explained the permissible scope of monitoring by the company.”
This whole mess formed a challenging business conundrum for AT&T executives, the sort of thing that would make for a good business school case study. Put yourself in their shoes. You have made an incredibly expensive investment in a product—the telephone network—that turns out to have some gaping security holes in it. You have, as Bill Caming said, no immediate defense against the problem. You finally have some statistics about how bad the problem is. It’s bad, but it’s not terrible, unless it spreads, in which case it’s catastrophic. Replacing the network will take years and cost a billion dollars or so. The Justice Department isn’t sure there are any federal laws on the books that actually apply. And every time you prosecute the fraudsters under state laws, not only do you look bad in the newspapers—witness the Milwaukee Journal’s 1963 front-page headline “Lonely Boy Devises Way of Placing Free Long Distance Calls”—but the resulting publicity makes the problem worse.
AT&T played the best game it could with a bad hand. For now, it would quietly monitor the network, keeping a weather eye on the problem. When the company found college kids playing with the network, investigators would give them a stern talking-to and confiscate their colored boxes. Execs would start thinking about a slow, long-term upgrade to the network to eliminate the underlying problem. And if opportunity knocked and they could help out the feds with an organized crime prosecution—and in the process set a clear precedent for the applicability of the federal Fraud by Wire law—well, that would be lovely.
That opportunity came knocking in 1965. As it turned out, it used a sledgehammer.
Eight
Blue Box Bookies
IT WAS JANUARY 8, 1966, a cloudy winter day in Miami. Special Agent Heist rang the doorbell to Kenneth Hanna’s apartment.
Nothing.
Heist glanced down at the clipboard he was carrying where his FBI identification was clipped—along with arrest and search warrants. Standing next to Heist was Special Agent Roussell. Instead of a clipboard, Roussell was carrying a fourteen-pound sledgehammer.
“FBI!” Heist shouted. “We are here to execute a search warrant!”
Still nothing.
Heist looked at his watch. Seconds ticked by.
Heist pounded the door with his fist. He rang the doorbell a few more times.
Finally he turned to Roussell. “Hit the door.”
Roussell swung his sledge. The door buckled but it didn’t open.
“Hit it again,” Heist ordered.
At the second blow the door opened. And with it so did a legal can of worms—worms that would, over the next four years, crawl all the way to the Supreme Court.
Special Agent Heist was there because of a blue box. But Kenneth Hanna—the guy whose door got sledged—was a bookie, not a phone phreak. If you’re a bookie, the service you provide is accepting bets from your customers on a particular event—in football, say, maybe it’s the upcoming Packers versus Patriots game. You charge a small commission for that service. But if that’s the service you provide, your real business is a delicate balancing act. In aggregate, you need to get your customers to bet the same number of dollars on the Packers as they’re betting on the Patriots. If they don’t, if their bets are lopsided, then you’re now running a risk: if the wrong side loses, you—personally—are on the hook for the difference.
Getting customers to bet evenly on both sides is tough to do if the Packers are widely expected to kick Patriot butt. So the way you even things out is with something called “the line.” The line is the point spread, that is, the number of points by which the bookie claims one team is going to beat the other. Kind of like a handicap in golf, it aims to turn an uneven match into an even one. By adjusting the line, the bookie can influence which side his customers are betting on. But even then a bookie might still end up with lops
ided bets and financial risk. When this happens, street-level bookies turn to higher-level “layoff” bookies: they lay off—outsource—some of their bets to a bookie higher up in the bookie food chain, someone with more financial wherewithal who is able to take on greater risk.
Even more than teenage girls, bookies are telephone junkies; good bookies are always on the phone. Not just to take bets from their customers but to stay in touch with their colleagues, from the casinos of Las Vegas and Atlantic City to informants in college football towns across the country. Did a big bookie in Vegas just change his line? Better figure out why. And if the Packers’ quarterback bruised his shoulder in a fender bender, or Michigan State’s star defensive end is drinking too much while pledging a fraternity, our bookie needs to know this ASAP. In the 1950s and ’60s, before the Internet, the telephone was a bookie’s lifeline. In fact, a bookie cut off from his sources is a bookie who will be out of business very quickly.
This telephone monkey on their backs gave bookies two problems. The first was just business, plain old profit and loss. If you were on the phone all day long to faraway places back in the 1960s, well, let’s just say that AT&T was getting rich and you probably weren’t. Money saved on your long-distance bill was money in your pocket.
Exploding the Phone : The Untold Story of the Teenagers and Outlaws Who Hacked Ma Bell (9780802193759) Page 11