Phone Hackers discovered by system service biz

[InfoSec News <isn () c4i org>]

Forwarded from: "Bill Scherr IV, GSEC, CGIA" <bschnzl () bigfoot com>

http://www.seacoastonline.com/news/rock/11292002/news/777.htm

By Jason Schreiber
news () seacoastonline com
November 29, 2002 

RAYMOND - A Raymond company has uncovered an unusual telephone-hacking
scheme that could cost businesses big bucks when they get their phone
bill.

John Laurence, owner of Telephone Systems Consultation and
Maintenance, said his company has discovered that hackers are breaking
into business voice-mail systems to make long-distance calls and send
numerical codes to the Philippines.

Company technicians have spent the last few weeks helping businesses
repair their voice-mail systems after they were hit. The phone systems
being attacked are all a brand made by Panasonic, Laurence said.

The problem was first discovered when Laurence's company, which sells
and installs telephone and voice-mail systems for businesses here and
across the country, began receiving calls from clients reporting that
their voice mail wasn't working properly.  Some businesses have
discovered problems when they attempt to retrieve messages but find
their voice-mail is not accessible.

After investigating the complaints, Laurence said his company found
several cases where someone, presumably a hacker familiar with phone
systems, managed to call businesses at night and alter their voice
mail systems by creating a new mailbox that the person could then use
to dial long-distance phone calls from an unknown location.  Many of
the bogus calls from business voice mail systems were made to the
Philippines, Laurence said.

Technicians haven't been able to trace the location where the calls
from the hacker originated, nor do they know to whom the overseas
numbers that were called belong.

All of the long-distance calls are being billed to the affected
businesses, said Laurence, who urged employees in charge of handling
company phone bills to closely examine their bills. Some businesses
may not be aware that their voice mail systems have been hacked into.

"This could be happening to a lot of businesses across the country.
This has happened to us several times over the past two weeks, so I
can just imagine the volume of this that could be happening around the
country," said Laurence, adding that companies should make sure that
their phone systems are password-protected to make them less
vulnerable.

Laurence's company has a customer base of 600 businesses in New
England and 1,000 more in other parts of the country. He said
customers as far west as California have reported problems with
apparent voice-mail hacking.

Chris Goodrow, a senior technician for the Raymond phone company, said
the hackers have also found a way to change the voice-mail programming
so that it can forward voice mail messages from the company's system
to the Philippines. For instance, he said some businesses have
discovered strange voice mail messages that include what appear to be
numerical codes followed by the voice of a person speaking just a few
words in an unknown foreign language.

EOS Research in Portsmouth is among the growing number of businesses
attacked by the phone hackers. Ron Gehl, the company's president, said
the problem was detected when employees noticed that one of the
company's many phone lines appeared to be in use even though no one in
the building was using that line.

"Something was picking up the line and placing what seemed to be a
brief call. After investigating, we found the voice mail was up to
something. We unplugged the voice mail device and the problem seemed
to go away," Gehl said.

Technicians researched the problem and found that the voice mail
system had been attacked.

"Whoever hacked into it had established a new voice mail account which
automatically was going out and repeatedly dialing long-distance
numbers overseas and was transmitting numerical messages," Gehl said.

Gehl said some of the voice mail box accounts were not protected by a
password and he believes that was how the hacker was able to get into
the system. Now, he said, all of the company's voice mail accounts are
password-protected.

Businesses need to be aware of the problem before they become victims
too, Gehl said. People usually try to make sure their computers are
protected from hackers, Gehl said, but now they must worry about their
phone system.

"I would certainly recommend that folks consider this as a potential
target of a hacker.  It may not be the first thing that comes to mind.
Here's just another device that's essentially opened to the outside
world in some form or another," he said. "I would simply recommend
people look into the security of what their current voice mail system
is and if it appears there may be a way to break into it, there may be
steps to additionally secure it."

Authorities say it's the first time they've heard of such a
phone-hacking scheme.

Raymond Police Chief David Salois said that because the case involves
several businesses in different states, the FBI would be an
appropriate agency to launch an investigation. Salois said he put
Laurence in touch with an FBI agent.

"I've never heard a thing about it," said Mike Bahan, chief criminal
investigator for the state attorney general’s office. Bahan referred
calls on the matter to the FBI.

While Laurence's company is in Raymond, no crime has actually occurred
in that town because the businesses hit by the hackers are located in
other parts of the state and country.

"A crime could be where the call originated from and also where the
theft took place, in this place at the company. The theft would be
considered the cost of the phone call,"  Salois said.

Whether the case is ever prosecuted really depends on the dollar
amount attached to the illegal long-distance calls, said Jay Grant, a
spokesman for the FBI's Boston office.  At this point no one knows the
cost of all the calls made by the hackers through different
businesses. Laurence pointed out that many companies do not know their
voice mail was attacked until they receive their phone bill and find
unusual long- distance calls.

Laurence said he has wondered whether the calls are just a prank or
somehow connected to terrorists.

Grant quickly discounted that theory, saying the odds are slim that
the calls to the Philippines could be tied to terrorism, even though
there have been reports in recent months of increased terrorist
activity in that country. After all, he said, most people who live in
the Philippines aren't terrorists.

Salois was not so quick to write off Laurence’s theory that the case
could be linked to terrorism.

"There is the potential. Not knowing and given the climate we live in
I'd say it should definitely be looked at," he said.

Amanda Noonan, director of consumer affairs for the state's Public
Utilities Commission, said she also has never heard of a problem with
hackers corrupting voice-mail systems. While the PUC does not
investigate cases such as this, Noonan said, the agency will help
those companies victimized by phone hackers. Noonan said the PUC would
assist customers having trouble getting their long-distance phone
carrier to take the illegal calls off their phone bill.

"We will work with them and their phone company to get an adjustment
made for their calls. I think we would be able to assist customers in
that respect," she said.


Bill Scherr IV, GSEC, GCIA
Electronic Warfare Associates / IIT
Lafayette RTI, Camp Johnson
Colchester, VT 05446
802-338-3213



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.