Because Doucette turned the cards around quickly, checking their validity within hours of receiving their numbers and then, more importantly, getting the good numbers disseminated on a code line within days, they remained live for a longer period. It was a very efficiently run hacker service industry. To supplement her income, she would pass on card numbers to members of her ring in other cities, who would use them to buy Western Union money orders payable to one of Doucette's aliases. The cards were also used to pay for an unknown number of airline tickets and for hotel accommodation when Doucette or her accomplices were traveling.
The key to Doucette's business was communication--hence the emphasis on PBX and voice-mail computer access codes. The PBXs provided the means for communication; the voice-mail computers the location for code lines.
PBX is a customer-operated, computerized telephone system, providing both internal and external communication. One of its features is the Remote Access Unit (RAU), designed to permit legitimate users to call in from out of the office, often on a 1-800 nunlher. and access a long-distance line after punching in a short code on the telephone keypad. The long-distance calls made in this way are then charged to the customer company. Less legitimate users-- hackers, in other words--force access to the RAU by guessing the code. This is usually done by calling the system and trying different sequences of numbers on the keypad until stumbling on a code. The process is time-consuming, but hackers are a patient bunch.
The losses to a company whose PBX is compromised can be staggering. Some hackers are known to run what are known as "call-sell" operations: sidewalk or street-corner enterprises offering passersby cheap long-distance calls (both national and international) on a cellular or pay phone. The calls, of course, are routed through some company's PBX. In a recent case, a "callsell" operator ran up $1.4 million in charges against one PBX owner over a four-day holiday period. (The rewards to "call-sell" merchants can be equally enormous: at $10 a call some operators working whole banks of pay phones are estimated by U.S. Iaw enforcement agencies to have made as much as $10,000 a day.) PBXs may have become the blue boxes for a new generation of phreakers, but voice-mail computers have taken over as hacker bulletin boards. The problem with the boards was that they became too well known: most were regularly monitored by law enforcement agencies. Among other things, the police recorded the numbers of access device codes trafficked on boards, and as the codes are useful only as long as they are live--usually the time between their first fraudulent use and the victim's first bill--the police monitoring served to invalidate them that much faster. Worse, from the point of view of hackers, the police then took steps to catch the individuals who had posted the codes.
The solution was to use voice mail. Voice-mail computers operate like highly sophisticated answering machines and are often attached to a company's toll-free 1-800 number. For users, voicemail systems are much more flexible than answering machines: they can receive and store messages from callers, or route them from one box to another box on the system, or even send one single message to a preselected number of boxes. The functions are controlled by the appropriate numerical commands on a telephone keypad. Users can access their boxes and pick up their messages while they're away from the office by calling their 1-800 number, punching in the digits for their box, then pressing the keys for their private password. The system is just a simple computer, accessible by telephone and controllable by the phone keys.
But for hackers voice mail is made to order. The 1-800 numbers for voice-mail systems are easy enough to find; the tried-and-true methods of dumpster diving, social engineering, and war-dialing will almost always turn up a few usable targets. War-dialing has been simplified in the last decade with the advent of automatic dialers, programs which churn through hundreds of numbers, recording those that are answered by machines or computers. The process is still inelegant, but it works.
