Hackers Invade Texas A&M Phone System

[InfoSec News <isn () c4i org>]

http://www.local6.com/orlpn/news/stories/news-188235220030110-120116.html

January 10, 2003

COLLEGE STATION, Texas -- Hackers in Saudi Arabia infiltrated Texas
A&M's phone system, using it as a conduit to make free collect calls,
officials said.

Phone carriers alerted the school to the suspicious activity Thursday,
said Walt Magnussen, A&M's associate director of telecommunications.  
The university sent an emergency e-mail to employees about the attack
that urged them to change their mailbox passwords.

The fraud affected five voice mailboxes among the university's 25,000
phone lines. The number or cost of the unauthorized calls wasn't
immediately known, The Eagle reported Friday.

"Initial indications look like we caught it pretty quickly," Magnussen
said.

The hackers guessed each mailbox password because it was the same as
the phone number.

"It's like using your name for your password," he said. "It's one of
the first things people are going to guess."

The hackers manipulated the outgoing messages by recording "Hello?",
followed by a pause, then "Yes." The new recording was designed to
fool international operators into thinking they were talking to a live
person who answered the phone, then agreed to take a collect call.

Once inside the mailbox, hackers could transfer the call anywhere they
wanted at A&M's expense. It may take a month or more to learn how much
damage was done, Magnussen said.

The call transfer feature on university lines has been disabled to
prevent a future attack.

Magnussen said A&M has successfully shut down similar attacks made
from within Texas jail facilities, where inmates must use pay phones
to call out. This is the first known attack from overseas.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.