Editing Phreaking (section)

===Toll fraud===
The [[Bell System divestiture|1984 AT&T breakup]] gave rise to many small companies intent on competing in the long-distance market. These included the then-fledgling [[Sprint Nextel|Sprint]] and [[MCI Inc.|MCI]], both of whom had only recently entered the marketplace. At the time, there was no way to switch a phone line to have calls automatically carried by non-AT&T companies. Customers of these small long-distance operations would be required to dial a local access number, enter their calling card number, and finally enter the area code and phone number they wish to call. Because of the relatively lengthy process for customers to complete a call, the companies kept the calling card numbers short – usually 6 or 7 digits. This opened up a huge vulnerability to phone phreaks with a computer.

6-digit calling card numbers only offer 1 million combinations. 7-digit numbers offer just 10 million. If a company had 10,000 customers, a person attempting to "guess" a card number would have a good chance of doing so correctly once every 100 tries for a 6-digit card and once every 1000 tries for a 7-digit card. While this is almost easy enough for people to do manually, computers made the task far easier.<ref>{{cite web|url=http://www.scoop.co.nz/stories/SC0306/S00026.htm |title=W32.Bugbear.B Worm Identified As Targeting Banks &#124; Scoop News |publisher=Scoop.co.nz |date=2003-06-09 |access-date=2014-07-24}}</ref><ref>{{cite web|author=Angela Moscaritolo |url=http://www.scmagazine.com/att-sues-two-over-scheme-to-steal-customer-data/article/209763/ |title=AT&T sues two over scheme to steal customer data |publisher=SC Magazine |date=2011-03-18 |access-date=2014-07-24}}</ref> "Code hack" programs were developed for computers with modems. The modems would dial the long-distance access number, enter a random calling card number (of the proper number of digits), and attempt to complete a call to a computer bulletin board system (BBS). If the computer connected successfully to the BBS, it proved that it had found a working card number, and it saved that number to disk. If it did not connect to the BBS in a specified amount of time (usually 30 or 60 seconds), it would hang up and try a different code. Using this method, code hacking programs would turn up hundreds (or in some cases thousands) of working calling card numbers per day. These would subsequently be shared amongst fellow phreakers.

There was no way for these small phone companies to identify the culprits of these hacks. They had no access to local phone company records of calls into their access numbers, and even if they had access, obtaining such records would be prohibitively expensive and time-consuming. While there was some advancement in tracking down these code hackers in the early 1990s, the problem did not completely disappear until most long-distance companies were able to offer standard 1+ dialing without the use of an access number.