The THC Hack/Phreak Archives: AMEXFONE.STO (77 lines) Note: I did not write any of these textfiles. They are being posted from the archive as a public service only - any copyrights belong to the authors. See the footer for important information. ========================================================================== An American Express Phone Story By: Chester Holmes Reprinted from 2600 magazine, March 1986 ------------------------------------------------------------------------------- This story is a memory of hacking a formidable American institution - American Express. No, not AX's internal telecommunications network, but the corporation's toll-free charge card authorization number. The following can be safely told as our "system" went down a few years ago. It all started in the summer of 1982. I had been on the lookout for various extenders and other nifty things a phone could link up with. Most were found by scanning and searching 800 number series using the time-honored "hang-up-if-a-human-answers" technique. After a long and fruitless afternoon of such looking, I decided to take a run on down to the local Chinese eatery as my stomach's contents had been depleted several hours earlier. I wasn't wont on dining there; take-out would have been fine. Well, as Murphy would predict, my fried rice order wasn't ready at the appointed time, so I found myself at the register with a few moments to kill. Murphy struck again: on the register was a sticker with several 800 numbers and the words "American Express Charge Authorization" emblazoned theron. The MSG in Chinese food affects people in a variety of ways. Some folks get rambunctious, but I get sleepy. I told my associate about this number, and told him my right index finger was worn down from hours of dialing. He understood, and made some discoveries while playing with the system all that night. If I can recall correctly, when one dialed the number (alas, time has erased the number from my brain's RAM), the merchant would be prompted to enter the card number, amount, etc., and the computer would give an approval code. A *# would abort the procedure at any time and disconnect. Merely pressing ## during the call would get an AX operator. This was accomplished by the system obtaining a dial tone and then automatically touch-toning the four-digit extension. We had our fun harassing the operators, for when they hung up, the dial tone would return, but would not automatically dial! We were thus free to make local calls within New York City! We soon tired of this game, so instead we developed a method of beating the system's demon dialer. Upon dial tone receipt, we quickly touch-toned 9958. The first 9 would give us an outside line, and the 958 was the Automatic Number Identification for New York. The four system-generated digits would then come through and be ignored. This trick saved us from continual arousal of credit-operator suspicion, and the dial tone was returned after ANI did her thing. We also learned how many different phone numbers they used for this system. You'll note I said we were free to make local calls. We were able to dial 9-0 to get a Bell operator, who was most happy to assist in placing our rong-distance calls. For some reason, however, these operators couldn't help with 900 calls (I got the same operator three times in one night while trying to listen to the space shuttle. We developed a kinship by the last call). The AX PBX would give a stern warning if we tried to dial a long distance call directly ("Class of Service Restriction. Class of Service Restriction."), but we soon outsmarted it: it wasn't looking for a 1+NPA etc., but had a timer going, and if you dialed more than eight digits (9+, etc.) in a period of about five seconds, you'd get that mesge. So we dialed the first few digits, paused, dialed the remainder, and the call went through (even to the space shuttle). Connections were generally less than optimum (in fact they sucked) but if you and your called party were in quiet rooms, you could talk for hours. Another minor annoyance was crosstalk. I had often heard the familiar 9958 off in the background, and once I even faintly heard my buddy. We shouted at one another for a while until one of us hit *#. I don't think AX was ever quite aware of our exploits since it was online for several months: a new system was installed when their authorization people moved to Florida. I had an Amex card all the while, but recently gave it up when they raised their annual "membership" to $45, and didn't tell me. It was them pissing me off like that that prompted me to tell this tale.