Phone Phreaks to Rise Again?

[William Knowles <wk () C4I ORG>]

http://www.wired.com/news/business/0,1367,36309,00.html

by Michelle Finley
3:00 a.m. May. 16, 2000 PDT

Back before there were hackers, phreakers ruled the underground.

They may be making a comeback, to the chagrin of those on whom they
prey.

A phreaker explores the telephone system. Some are just electronic
voyeurs who want to understand how telecom structure works. Others
exploit vulnerabilities in the system to get free long-distance
service, re-route calls, change phone numbers, or eavesdrop on
conversations.

In the 1960s and '70s, phreaking usually involved building devices
that could trick telephone systems into believing that the phreaker's
instructions were originating from the telephone company's internal
systems.

But computer-based telephone systems weren't susceptible to these
sorts of creative workarounds. So phone phreaks had to learn some
hacking skills.

And, as the world moves towards integrated voice and data systems,
"black hat" phreaks may soon pose more of a threat to computer system
security than the "pure" hackers and crackers who disrupt and
vandalize computer systems and websites.

Chad Cooper of ProDX Professional Data Exchange, an information
technology consulting company, said he believes that IP-based
telephone systems, where phones are connected into a PC's RJ-45
Ethernet jack, may represent a new backdoor into corporate networks.

Some of the new PBX systems run voice and data over the same network.
Remote offices could be connected via a WAN and would use the same
connections for voice traffic between offices. If a remote office had
high-speed access to the Internet and the home office did as well,
users could technically take advantage of IP telephony to place a
phone call through the Internet.

A company can save a lot of money this way, since data lines from
telephone carriers are cheaper than voice lines from the same
carriers.

The rub is the phones have to have access to the Internet, and this is
all the hacker phreak needs, Cooper said.

"Essentially, the software and hardware of this phone system would be
tied directly into MS Windows MAPI (mail API's) and TAPI (telephony
API's) extensions, which are commonly exploited in Trojans and worm
viruses," he said.

Halcon founder Valiant (who goes by one name) disagrees. He believes
that apart from social engineering, there's not much you can achieve
with or through a phone alone. And he dismisses the idea of phreak
hack attacks taking down networks like the Love Bug did.
"Theoretically, I suppose it could be possible, just as sustained life
in non-inhabitable places could be possible in freak-of-nature
occurrences."

But Cooper said he still believes that hacking possibilities are
endless with convergence of voice and data, PCs, and phones.

Soon, Cooper said, phreakers will be using the Internet to penetrate
the phone systems. Phreakers will be acting like hackers, and hackers
will be acting like phreakers.

That convergence is plausible, Valiant agreed.

"When I took out the Australian Republican Movement's headquarters'
telecommunications, I found a PABX switch dial-up number from an old
elytra workers information site, along with pin code for admin access.
That's how I flooded them," Valiant said.

Cooper thinks it could be taken further. He said he believes it's
possible to plant a Melissa-type virus into a phone system, causing
messages to be sent out to everyone else who is listed in your speed
dial, or perhaps to everyone in your office. He also thinks that
voicemail could be sent as a .wav attachment to your email address
list.

"We have all seen the power of VBS scripts lately. A script can easily
be written to exploit all of the functionality of these converging
technologies."

"Oh come on," Valiant scoffed. "Bad drugs, bad drugs. It's possible,
but not plausible."

Cooper also said he wonders if an attack could be mounted by leaving a
carefully constructed voice message in someone's voicemail box, "then
phreak/hacking the voicemail box to propagate the message to
everyone's voicemail box in the local PBX, then have each IP phone
automatically place a call to a 1-800 service number, where the
message would prompt through an automated answering system -- sort of
a phoneBot, you know ... 'Say or press 1' -- and essentially create a
denial-of-service attack against a call center."

"Again, this is possible, but not plausible," Valiant said. "Why would
you bother? No one would. You wouldn't find enough phones for it. I
only owned the ARM's phone system because I used a PABX system's
entire bandwidth to flood their PABX."

In phreaking, size does matter, he notes.

Valiant also points out that there are many fun things to do with a
standard phone system. For example, he says it's possible to put
someone's voicemail into a recursive loop, forever sending voicemail
to itself, leaving a message, then sending that voicemail to itself
again, and on and on.

In fact, he set up a macro on his phone to do that.

"I press one button and it'll loop the mail -- if the mail system is
the correct type."

"What's even better is weenies who leave default PINs to their
voicemail box on their mobile phone: You login with your admin PIN of
the phone company, then you change their voicemail message to
something abusive, silly, or just plain funny, like cows mooing."

Perhaps it's time to firewall those phones.


*-------------------------------------------------*
"Communications without intelligence is noise;
Intelligence without communications is irrelevant."
Gen. Alfred. M. Gray, USMC
---------------------------------------------------
C4I Secure Solutions             http://www.c4i.org
*-------------------------------------------------*

ISN is sponsored by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".