Editing Blue box (section)

==Operation==

===Automating dialing===
Local [[plain old telephone service]] works by watching the voltage on the telephone lines between the telephone company's [[telephone exchange|exchange office]] and the customer's telephone. When the phone is on-hook ("hung up") the approximately 48{{nbs}}[[volt]] electricity from the exchange flows to the phone and is looped back without passing through the handset. When the user picks up the handset, the current has to flow through the speaker and microphone in it, causing the voltage to drop to under 10{{nbs}}V. This sudden drop in voltage signals the user has picked up the phone.

Originally, all calls were routed manually by an operator who would look for small [[light bulb]]s that would illuminate when a subscriber picked up the phone to make a call. The operator would connect a handset to the line, ask the user who they were calling, and then connect a cable between two [[Phone connector (audio)|phone jacks]] to complete the call. If the user was placing a long-distance call, the local operator would first talk to an operator at the remote exchange using one of the trunk lines between the two locations. When the local operator heard the remote customer come on the line, they would connect their local customer to the same trunk line to complete the call.

The calling process began to be automated from the earliest days of the telephone system. Increasingly sophisticated [[electromechanical]] systems would use the changes in voltage to start the connection process. The [[rotary dial]] was introduced around 1904 to operate these switches; the dial repeatedly rapidly connects and disconnects the line, a process known as [[pulse dialing]]. In common systems, these periodic changes in voltage caused a [[stepper motor]] to rotate one position for each pulse of a digit, with longer pauses to switch from one rotary switch to another. When enough digits had been decoded, typically seven in North America, connections between the rotors would select a single line, the customer being dialed.

The idea of using changing voltages to complete the call worked well for the local exchange where the distance between the customer and exchange office might be on the order of a few kilometers. Over longer distances, the [[capacitance]] of the lines filter out any rapid changes in voltage and dialing pulses do not reach the remote office in clean form, so that long-distance calls still required operator intervention. As telephone use grew, long-distance calling in particular, telephone companies were increasingly interested in automating this type of connection.

===Long-distance direct dialing===
To address this need, the Bell System adopted a second system on the circuits that connected the exchanges. When the user dialed a long-distance number, indicated in North America by dialing a "1" at the beginning of the number, the call was switched to a separate system known as a "[[Class-4 telephone switch|tandem]]". The tandem would then buffer the remaining digits and decode the number to see which remote exchange was being dialed, generally using the [[area code]] for this purpose. They would then look for a free trunk line between the two exchanges; if none were available the tandem would play the "fast busy" reorder signal to tell the user to try again later.{{sfn|Rosenbaum|1971}}

The basic protocol for finding a free line worked by playing a 2600{{nbs}}Hz tone into the line whenever it was not being used. The tandems at both ends of a given trunk line did this. When the tandem determined which remote exchange was being called it scanned the trunk lines between the two exchanges looking for the tone. When it heard the tone on one of the lines, it knew that line was free to use. They would then select that line and drop the 2600{{nbs}}Hz tone from their end. The remote tandem would hear the tone stop, drop their tone, and then play a ''supervision flash'', making a "ka-cheep" sound, to indicate they had noticed the signal. The line was now free on both ends to connect a call.{{sfn|Rosenbaum|1971}}

Pulse dialing still had the problem that sending the dialed number to the remote exchange would not work due to the capacitance of the network. The tandems solved this by buffering the phone number and then converting each digit into a series of two tones, the [[multi-frequency signaling]] system, or "MF". Once the local tandem had found a free line and connected to it, it then relayed the rest of the phone number over the line using the tone dialing method. The remote tandem then decoded the tones and turned them back into pulses on the local exchange. To indicate the start and end of a series of MF digits, special MF tones, KP and ST, were used.{{sfn|Rosenbaum|1971}}

When the call was finished and one of the parties hung up the phone, their exchange would notice the change in voltage and begin playing the 2600{{nbs}}Hz tone into the trunk line. The other end of the connection would respond to the tone by causing their local call to hang up as well, and then began playing the tone into their end as before, to mark the line as free at both ends.{{sfn|Rosenbaum|1971}}

===Blue boxing===
The blue box consisted of several of [[audio oscillators]], a [[telephone keypad]], an [[audio amplifier]] and a [[Loudspeaker|speaker]]. To operate a blue box, the user placed a [[long-distance telephone call]], often to a number that was in the target area. Usually, this initial call would be to a [[toll-free telephone number|1-800 number]] or some other non-supervising telephone number such as [[directory assistance]].{{sfn|Rosenbaum|1971}} Using a toll-free number ensured that the phone being used for access would not be billed.

When the call began to ring, the caller would hold the blue box speaker over the microphone in the handset and use the box to send the 2600{{nbs}}Hz tone (or 2600+2400{{nbs}}Hz on many international trunks followed by a 2400{{nbs}}Hz tone). The called office interpreted this tone as the caller hanging up before the call completed, disconnected the call, and began playing 2600{{nbs}}Hz to mark the line free. However, this did not disconnect the call at the caller's end, but instead would leave the caller on a live line that was connected via a long-distance trunk line to a target exchange.{{sfn|Rosenbaum|1971}}

The caller would then stop playing the tone, which the exchange would interpret to mean the exchange's tandem was attempting to place another call. It responded by dropping its tone and then playing the flash to indicate it was ready to accept routing tones. Once the called end sent the supervision flash, the caller used the blue box to send a "Key Pulse" or "KP", the tone that starts a routing digit sequence, followed by either a telephone number or one of the numerous special codes that were used internally by the telephone company, then finished with a "Start" tone, "ST".{{sfn|Rosenbaum|1971}} At this point, the called end of the connection would route the call the way it was told, while the caller's local exchange would act as if the call was still ringing at the original number.

===Countermeasures===
Blue boxing remained rare until the early 1970s when the required systems began to drop in cost and the concept began to be more widely known. At the time, phreakers felt there was nothing [[Bell Telephone Company|Bell Telephone]] could do to stop blue boxing because it would require Bell to upgrade all their hardware.{{sfn|Rosenbaum|1971}}

For the immediate term, Bell responded with a number of blue box detection and law enforcement countermeasures. Armed with records of all long-distance calls made, kept by both mechanical switching systems and newer [[electronic switching system]]s, including calls to [[toll-free telephone number]]s which did not appear on customer bills, telephone security employees began examining those records looking for suspicious patterns of activity. For instance, at the time, calls to long-distance information, while answered, deliberately did not return the electrical "off hook" signal indicating that they had been answered. When an information call was diverted to another number that answered, the billing equipment would log that event. Billing computers processed the logs and generated lists of calls to information that had been answered with an off-hook tone. In the early days, the lists were probably intended to detect equipment malfunctions, but the follow-up investigation did lead to blue box users. After the toll free "800" service was inaugurated, the billing computers were also programmed to generate lists of lengthy calls to toll free numbers. While many of these calls were legitimate, telephone security employees would examine the lists and follow up irregularities.

In this case, filters could be installed on those lines to block the blue box. Bell also would [[wiretap]] the affected lines. In one 1975 case, the [[Pacific Bell|Pacific Telephone Company]] targeted one defendant's line with the following equipment:
* A CMC 2600, a device which registers on a counter the number of times a 2600{{nbs}}Hz tone is detected on the line;
* A tape recorder, activated automatically by the CMC 2600 to record two minutes of telephone audio after each burst of 2600{{nbs}}Hz activity; and
* A Hekemian 51A, which replicates the functions of the CMC 2600 and also produces a paper tape print-out of outgoing calls. Ordinary calls were recorded in black ink and destination numbers called via the blue box were recorded in red ink.<ref>[https://law.resource.org/pub/us/case/reporter/F2/563/563.F2d.967.76-3391.html UNITED STATES of America vs. Bernard CORNFIELD, dba Grayhall Inc], No. 76-3391, United States Court of Appeals, Ninth Circuit. October 27, 1977.</ref>

These actions resulted in several highly publicized trials.

===Decline===
The ultimate solution to the blue box vulnerability was to do what the phreakers thought impossible and upgrade the entire network. This process occurred in stages, some of which were already well underway in the early 1970s.

The [[T-carrier|T1]] system was developed beginning in 1957 and began to be deployed around 1962. It digitized the voice signals so that they could be more efficiently carried in high-density connections between exchanges, carrying 24 lines on a single 4-wire connection. Depending on the network layout, the user might no longer be connected directly to a tandem, but instead to a local office that forwarded the signal over a T1 to a more distant exchange that did have the tandem. Simply due to the way the system worked, the supervisory signals had to be filtered out in order for the digitization of the analog signal to work. Recall that the 2600{{nbs}}Hz tone was not dropped from the trunk until the line was connected all the way and would be mixed with other tones like the ringing or busy signal; when used over a T1 this tone mixed with other signals and caused a problem known as "quantization noise" that distorted the sound. These tones were thus filtered down on either side of the T1 connection. Thus it was difficult to blue box in such an environment, although successes are known.

But blue boxing was eventually eliminated entirely for unrelated reasons. In the existing tandem-based network, completing a call required several stages communicating over the trunk line, even if the remote user never answered the call. As this process might take on the order of 10 to 15 seconds, the total wasted time across all of the trunk lines could be used to carry additional calls. To improve line usage, Bell began the development of the [[Number One Electronic Switching System]] (1ESS). This system performed all the calling and line supervision using a separate private line between the two offices. Using this system, when a long-distance call was placed the trunk line was not initially used. Instead, the local office sent a message containing the called number to the remote exchange using this separate channel. The remote office would then attempt to complete the call, and indicate this to the original office using the same private line. Only if the remote user answered would the systems attempt to find a free trunk line and connect, thereby reducing the use of the trunk lines to the absolute minimum.

This change also meant the signaling system was available internally to the network on this separate line. There was no connection between the user lines and this signaling line, so there was no route by which the users could influence the dialing. The same rapid reduction in prices that made the blue box possible also led to the rapid reduction in cost of the ESS systems. First applied only to their busiest connections, by the 1980s, the latest [[4ESS]] models and similar machines from other companies were deployed to almost all major exchanges, leaving only corners of the network still connected using tandems. Blue boxing worked if one connected to such an exchange, but could only be used end-to-end if the entire network between the two endpoints consisted only of tandems, which became increasingly rare and disappeared by the late 1980s.

Analog long-distance transmission systems remained more cost effective for the long haul circuits until, at least, the 1970s. Even then, there was a huge installed base of analog circuits, and it made better economic sense to keep using them. It was not until competitor Sprint built its all digital, "quiet", network, where "you could actually hear a pin drop",<ref>Archived at [https://ghostarchive.org/varchive/youtube/20211211/qiJOdBxlhhA Ghostarchive]{{cbignore}} and the [https://web.archive.org/web/20171115031219/https://www.youtube.com/watch?v=qiJOdBxlhhA Wayback Machine]{{cbignore}}: {{Citation|title=Sprint Phone Service commercial 1986 pin drop|url=https://www.youtube.com/watch?v=qiJOdBxlhhA|language=en|access-date=March 16, 2021}}{{cbignore}}</ref> that AT&T took a multi-billion dollar write-off and upgraded its long-distance network to digital technology.

The phreaking community that had emerged during the blue box era evolved into other endeavors and there currently exists a commercially published hacking magazine, titled ''[[2600: The Hacker Quarterly|2600]]'', a reference to the 2600{{nbs}}Hz tone that was once central to so much of telephone hacking.<ref>{{Cite web |url=http://www.2600.com/wall/24-05-2016 |title=NEW 'Off the Wall' ONLINE &#124; 2600 |access-date=May 31, 2016 |archive-url=https://web.archive.org/web/20160602035336/http://www.2600.com/wall/24-05-2016 |archive-date=June 2, 2016 |url-status=dead }}</ref>