Hey there 👋
Glad to have you back.
A while ago, I wrote about hacking as a lifestyle, breaking down what hacking actually is and how it’s more about mindset than just code. But there’s a bigger misconception that keeps showing up.
Nearly all people think hacking started when the internet came into being, but that’s not true.
Hacking started with a whistle and a phone line. It started long before modern cybersecurity, the first hackers were experimenting with telephone systems and were trying to figure out how a global communication network actually worked.
So how did that even happen?
How did a system built for communication become something people could manipulate? And why does it still matter today?
That’s what this piece is about.
But before we get into the history, you need to understand one term.
What Phreaking Actually Is
Phreaking is one of the earliest forms of hacking. It sits at the intersection of curiosity and exploitation, focused entirely on telephone networks.
The term itself comes from combining phone and freaking, which gives you a sense of what it represents - people experimenting with systems they weren’t supposed to touch.
At its core, phreaking was about understanding how telephone systems worked and then using that knowledge to manipulate them. Sometimes that meant making free long-distance calls. Sometimes it meant accessing parts of the network that were never meant to be public.
What made this possible was how early phone systems were designed. Those phones weren’t like the ones we have now, they relied on tones.
Every action in the network such as routing a call, switching lines, connecting across regions, was controlled by specific audio signals. Back then the system didn’t verify identity and blindly trusted the signal behind it.
Phreakers figured this out and reverse engineered those tones and started reproducing them. Once you could generate the right frequency, you could tell the network what to do.
The Origins of Telephone Hacking
How Phone Systems Worked
Long before computers were everywhere, the global communication system ran on sound.
Early telephone networks relied on what’s called in-band signaling. This meant the same line that carried your voice also carried the control signals that told the network what to do. Things like: routing a call, marking a line as busy, connecting long-distance, all of these, depended on specific tones moving through the line. These telephone networks had a major problem, they assumed all those tones being received by it were always legitimate.
Somewhere in the late 1950s and early 1960s, a few curious individuals started noticing the flaw in the system and wondered if the system responded to tones, what would happen if you reproduced them yourself?
That question was the starting point.
The First Phreaker: Joe Engressia (Joybubbles)
One of the earliest figures in this space was Joe Engressia, later known as Joybubbles.
He was born blind and early on he developed an unusually sharp sense of hearing. As a child in the late 1950s and early 1960s, he began experimenting with telephone tones because he wanted to understand them more and due to these experiments, he discovered something critical.
He was able to whistle at a frequency of around 2600 Hz, a tone used by the telephone system to signal that a line was idle. When he produced this tone into the phone, the network responded. Calls could be disrupted, redirected, or reset.
This proved that the system could be controlled using sound.
His work didn’t stay isolated. It spread through early communities and inspired others who were trying to understand the same system. According to early telecom histories and accounts documented in 2600 Magazine, Engressia’s discoveries became a foundation for later phreaking techniques.
John Draper (Captain Crunch) Taking It Public
Put it this way, if Engressia proved it was possible, John Draper made it widespread.
In the early 1970s, Draper discovered that a toy whistle found in Cap’n Crunch cereal boxes could produce the same 2600 Hz tone. The whistles were originally used by sailing officials to signal mealtimes or command, but somehow - one of them fell into the hands of John Draper, a former U.S. Air Force electronics technician.
The uniqueness of this whistle involved producing certain tones that allowed the whistler to bypass AT&T’s analog system and get free long-distance phone calls.
Draper’s work helped shape an early underground culture around telephone hacking. His influence extended beyond telecom systems. Figures like Steve Wozniak and Steve Jobs famously built and experimented with blue boxes before founding Apple, a story later referenced in multiple tech retrospectives.
The Core Vulnerability of the System
The reason all of this worked comes down to design.
Telephone networks used in-band signaling, where control signals traveled along the same path as voice communication. A 2600 Hz tone told the system a line was idle. Additional tones could then direct where the call should go.
This vulnerability existed for decades. It wasn’t fully addressed until the introduction of out-of-band signaling systems like Signaling System No.7 (SS7), which moved control signals off the voice line, but by that point, the damage had already been done.
The Tools That Broke the System
Once people understood that telephone networks responded to tones, the next step was obvious. Phreakers knew that if they wanted consistent control, they needed something more precise.
That’s when phreaking moved from curiosity-driven experiments to something more structured. Instead of trying to imitate tones, hobbyists started building devices that could generate them exactly. Over time the knowledge started spreading and tools began to standardize.
Blue Boxes: The Turning Point
The most important of these tools was the blue box. A blue box was a device designed to reproduce the exact tones used by telephone systems for long-distance routing. It allowed users to send precise signals into the network and direct calls however they wanted.
In practical terms, this meant you could take control of a call after it connected. By sending the right sequence of tones, the system would treat you like an internal operator. Calls could be rerouted, extended, or made across long distances without being billed correctly.
John Draper played a key role in popularizing these devices, but the idea didn’t stop there. In the mid-1970s, even Steve Wozniak and Steve Jobs experimented with building and selling blue boxes before starting Apple Inc. That alone tells you how accessible the concept had become.
Other Tools in the System
The blue box was the most well-known tool, but it was part of a larger set of devices.
Phreakers didn’t stick to one approach. As they learned more about how the network behaved, they built different tools to experiment with different parts of it. Black boxes and red boxes are some examples circulating within the same communities.
The Mechanism Behind It
At their core, all of these tools did the same thing - They generated sound.
Telephone networks used predefined audio frequencies to manage connections. A blue box could produce combinations of these tones, allowing users to simulate internal commands. By controlling the sequence, you could influence how a call moved through the network.
That’s what made these tools so powerful. All one had to do was understand how to speak to the system. And for a brief period, the network couldn’t tell the difference between a legitimate signal and a manufactured one.
Jobs and Wozniak’s Phreaking Phase
By now, you’ve probably noticed that whenever phreaking comes up, the names Steve Jobs and Steve Wozniak aren’t far behind. Their involvement shows up again and again, but it’s worth looking at it directly to understand why.
In the early to mid-1970s, Wozniak came across phreaking through the same circles influenced by John Draper and then built his own version of the blue box and improved it to make it more stable and reliable.
What Wozniak built as a technical challenge, Jobs saw as something that could be sold. Together, they started building and selling blue boxes to students. And don’t get it wrong, it wasn’t organized crime - it was two curious outsiders testing a system and realizing they could push it further.
Jobs later summed it up in a line that still gets quoted:
“If we hadn’t built blue boxes, there would be no Apple.”
That same mindset still carries forward. The mindset that forces people to learn how systems behave, where they fail, and what happens when you take control of them. If you want to go deeper into that way of thinking, I’ve already broken it down in more detail here: Hacking as a Lifestyle: Beyond Computers.
The Consequences of Phreaking
The concept of phreaking didn’t stay contained for long. It started spreading like a virus with the passage of time.
And surprisingly, this pattern shows up everywhere. A small group explores a system to understand how it works. They find weaknesses along the way. Then a second group arrives, interested, only in using those weaknesses.
That’s when things begin to change.
By the 1970s, phreaking had moved beyond isolated experimentation. As techniques spread, telecom companies began facing real consequences. Phone fraud was costing companies tens of millions of dollars annually and the bigger issue wasn’t just the money.
Phreaking exposed that the entire system relied on trust, and that trust could be bypassed. Media coverage also started picking up on it. Stories about “phone hackers” began appearing more frequently, bringing attention to a problem tons of users didn’t even know existed.
At that point, ignoring this problem wasn’t an option anymore and once that realization set in, the pressure to completely redesign the system became unavoidable.
The End of an Era
Legal Action Against Phreakers
By the mid-1970s, phreaking, which started as small-scale experimentation, had grown into something telecom companies could measure. AT&T and other carriers began reporting consistent revenue losses tied to toll fraud. According to some sources, from that period, losses were running into millions of dollars annually as long-distance networks were exploited.
After that, the big guys aka law enforcement got involved. Phreaking moved into the category of criminal activity, prosecuted under fraud and unauthorized access laws. Arrests became more common, and well-known figures like John Draper were arrested for wire fraud charges.
Telecom companies also adapted. They began working directly with law enforcement, setting up monitoring systems and sting operations to track down active phreakers.
The System Had to Change
As I have mentioned previously in the piece - In-band signaling had a built-in flaw. It trusted whatever came through the line, as long as it sounded correct. But the moment outsiders figured out how to reproduce those signals, things started going downhill because there was no patch for this.
So the industry moved toward a redesign. Through the late 1970s and into the 1980s, telecom networks began separating control from communication. Instead of sending instructions over the same line as voice, signaling was moved to a dedicated channel.
This change eventually led to systems like Signaling System No. 7 (SS7), where the network no longer relied on tones from the user side to make decisions. And while it fixed the original weakness…it wasn’t perfect and like most large systems, it came with its own trade-offs.
If you want to understand that side of it without going too deep here, this video does a solid job:
How Phone Hacking Evolved
If you look close enough, you’ll realize that phreaking only evolved. The old systems ran on tones. Today’s systems run on software and networks. But the core idea stayed the same. If you understand how a system works, you can find where it breaks.
Take Voice over Internet protocol (VoIP) systems. Instead of physical phone lines, calls now move over the internet. That makes them flexible, but also easier to manipulate. Attackers can spoof caller IDs, reroute calls, or inject traffic into poorly secured systems.
Then there’s SIM swapping. An attacker convinces a telecom provider to transfer your number to a new SIM card. Once that happens, they control your calls and messages. That means access to OTPs, account resets, and anything tied to your number.
Telecom fraud operates at a broader level. According to the Communications Fraud Control Association, global losses reached $38.95 billion in 2023, showing how large this problem has become.
Lessons from Phreaking
Long before cybersecurity became an industry, a small group of outsiders looked at a global system and refused to treat it as something untouchable. They didn’t have formal training or access. But what they did have was - curiosity and time.
Back then there was no internet to learn from. Knowledge only moved through conversations, small circles, and eventually through publications like 2600: The Hacker Quarterly, a culture formed around understanding systems instead of blindly using them. That mindset still shows up today.
Anyway, if you’ve made it this far, you’ve basically walked through that entire phase. From a system that trusted tones to a world where everything is connected and constantly targeted.
Thanks for reading.
See you next time.
One Last Thing
Most people use technology every day without ever stopping to ask how it works, who controls it, or what happens when things go wrong.
This publication exists for the opposite reason.
So, if you enjoy deep dives into technology, privacy, AI, cybersecurity, and the systems shaping the modern world, consider subscribing.
That way, the next article will show up directly in your inbox.