Forwarded From: Nicholas Charles Brawn <ncb05at_private> 14May98 AUSTRALIA: MILLIONS LOST TO PHONE HACKERS. By ANDREW PROBYN. MILLIONS of dollars are being ripped off phone users in Australia by hackers using increasingly elaborate phone scams. Households, businesses and mobile phone users have become victims of widespread and systematic phone fraud. As carriers Telstra and Optus make advances in protecting their telecommunications networks, hackers are increasingly adept at breaking their security codes to rip off users. The Herald Sun has discovered many cases of billing discrepancies blamed on hackers, including one householder charged $10,000 for calls he said he never made. A Herald Sun investigation has also shown: SEX calls to chat lines in the United States, Guyana, the Dominican Republic, Russia, Chile and the Seychelles are commonly charged to other people's accounts. HACKERS can divert their Internet, local and international call costs without detection. BUSINESSES with internal exchanges, or PABX, are particularly vulnerable and are frequently being billed for hackers' forays. MOBILE phones thought tamper-proof can be hacked into by cloning their SIM cards, the ID chip that controls billing. Telecommunications industry deputy ombudsman Wally Rothwell said hacking had become a costly reality. "Hacking could be costing consumers in the region of millions of dollars," he said. "Some of these calls are very expensive - sex calls, for example, can be up to $30 just to be connected." Between January and March this year, 426 complaints were made over calls householders and small businesses believed they never made. Mr Rothwell said "phreaking" - a fraud in which calls are diverted through someone else's phone - had been proven possible from within telephone exchanges. "However, we are yet to see it proved that hacking can be done remotely or from outside the telephone exchange," he said. But a former "phreaker" told the Herald Sun hackers established years ago how to illegally get into exchanges from external lines. Andre Dedio, 32, an Internet service provider, said methods ranged from crude to advanced. "When I was doing it I was using my computer to program the exchange to do what I wanted it to do," Mr Dedio said. "Expert phreakers use normal telephone lines and home computers to generate certain sounds that will open the exchange trunk," he said. He said hackers also access private telephone lines by manipulating gadgetry inside exchange pits in suburban streets. They could easily divert their calls through their neighbors, he said, but this was crude. "If you can get into the exchange you don't have to hijack someone's telephone line," he said. Head of Queensland University of Technology's school of data communications, Prof. Bill Caelli, said even the most sophisticated national network was not safe. Many companies with PABX systems had succumbed to multi-million dollar phone fraud in the UK, US and Canada. Researchers at Berkeley University, California, last month proved digital phones were no longer secure, having cloned the SIM chip that controls billing, he said. The Australian Communications Authority said big companies had to be extra careful. "The bigger the company, the bigger the bill and the easier it is for hackers to avoid being spotted," spokesman Frank Nowlan said. The maximum penalty for phreaking is five years' jail under the federal Crimes Act. Telstra spokesman Stephen Nason said Telstra believed its network security was world's best practice in protection against hackers. "While no network is 100 per cent bullet-proof, we believe the Telstra network to be absolutely world-class," he said. Hacking was not widespread, he said, with probably fewer than 50 cases a year in Australia. Optus spokeswoman Kristin Meagher said Optus had no evidence of hacking on its network. (C) 1998 Herald and Weekly Times Limited. HERALD SUN 14/05/98 P7 -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:53:08 PDT