Keys to the Kingdom

Through some Google searches, The Don learned that Telecom Egypt primarily used 5ESS switches, which made him smile.

By looking at the country and city codes, it was obvious that all the numbers on the crumpled receipt were located in Shebin El Kom, a sleepy Egyptian country town known for its wonderful shisha. The numbers all had the same exchange code, which meant they were in the same area.

One number was in a different format than the others. It looked like a Service Profile Identifier (SPID) for an ISDN BRI line. On a 5ESS switch, the actual subscriber number usually fits neatly between the 01 and 0 padding. ISDN often is used in place of less reliable analog modems, and The Don had seen these used with ATM machines ”he d often stick his head behind the ones in convenience stores and gas stations to see if any telephone information was written on the little tags attached to the phone wire (usually, there was).

Finding the landline phone switch for Shebin El Kom was no different than finding the cellular switch in Mauritius, though an entire 5ESS switch is much more complex than the switch he had encountered earlier. 5ESS is broken up into separate channels, each performing a specific job, and each with its own terminal connection.

The Don needed access to the Recent Change, the channel that is used to add, change, or remove services in the switch database. All the activity is logged directly to the SCCS, the Switching Control Center System, but no need to worry. There is usually so much legitimate activity on a switch that a few extra things added by The Don won t be noticed.

The Don went through the motions ” researching the switch, obtaining another mobile phone, wardialing , and reviewing the list of carriers ”until he found the prompt he needed.

A 5ESS switch, running on DMERT, a customized version of UNIX, was easy enough to identify.

 CONNECT 9600 5ESS login  16 WCDS1 5E6(1) ttsn-cdN TTYW  Account name: 

There are no default passwords for a 5ESS. The account name, also called a Clerk ID, is usually the name of an employee or his or her assigned employee number. The password usually is set to a commonly used word like RCV, RCMAC, SCC, SCCS, 5ESS, SYSTEM, MANAGER, or CLLI, though not necessarily . The Don didn t want to raise suspicion by guessing various login combinations, in case invalid login attempts were being logged.

Now, if The Don were in Shebin El Kom, he could have gone dumpster diving at the local telephone central office to obtain legitimate login and password credentials. As Artie Piscano, a mobster from the movie Casino , found out the hard way, writing things down that should be kept secret can lead to trouble. In Artie s case, detailed records of illegitimate transactions led to his death. It is obvious that most people have never taken this lesson to heart since all around the world there are passwords written on sticky notes attached to the sides of monitors , credit card receipts littered outside of gas stations, and printouts of financial records tossed ignorantly into the trash. It s a hacker s dream. Even knowing about the threat of trashing, companies rarely make any effort to destroy this type of information.

However, The Don was far from Egypt. So, social engineering was the next best thing. Through a few innocent phone calls to Telecom Egypt, The Don obtained the main number for RCMAC, the Recent Change Memory Administration Center, which is the physical office in Shebin El Kom where the RC requests were handled. He took a deep breath and dialed .

As-salaam a alaykum, said an unfamiliar voice on the other end of the line.

Hello? This is Dave Sullivan with Lucent 5ESS technical support services. Do you speak English? said The Don.

Yes, a little, the lineman responded with broken English. Luckily, though Arabic is the official language of Egypt, most educated people also speak English.

Listen, I m here at the AT&T Technical Support Center in Cairo and we re having trouble applying a critical service patch to the 5E software. My boss is breathing down my neck to get this fixed. Can you do me a favor?

By now, the person on the other end would have hung up if he thought he was being tricked. But, not this time.

Yes, Dave. How can I help? The Don had this guy in his pocket.

We are going to need you to log into the system and tell us what you re typing. We ll be verifying it on this end to make sure that our patch was installed correctly without affecting the line history block information.

It was that easy. The friendly lineman spelled out his Clerk ID and password. The Don held back a giggle as he wrote down the information.

Well, it seems to be working. Hey, thanks a bunch for the help. I owe you one!

You are welcome, said the lineman, Have a good day.

The Don hung up and took another deep breath. Sometimes all it took was to act as if you belong and to find a helpful person on the other end of the line. Social engineering always made him nervous. His palms were sweaty and his heart was racing, but he had what he needed. The keys to the kingdom.