[ISN] Australia: Millions Lost to Phone Hackers

From: mea culpa (jerichoat_private)
Date: Thu May 14 1998 - 13:22:38 PDT

  • Next message: mea culpa: "[ISN] Russia thwarts hacker attacks of Yeltsin Web chat"

    Forwarded From: Nicholas Charles Brawn <ncb05at_private>
    MILLIONS of dollars are being ripped off phone users in Australia by
    hackers using increasingly elaborate phone scams.  Households, businesses
    and mobile phone users have become victims of widespread and systematic
    phone fraud.
    As carriers Telstra and Optus make advances in protecting their
    telecommunications networks, hackers are increasingly adept at breaking
    their security codes to rip off users. 
    The Herald Sun has discovered many cases of billing discrepancies blamed
    on hackers, including one householder charged $10,000 for calls he said he
    never made. 
    A Herald Sun investigation has also shown:  SEX calls to chat lines in the
    United States, Guyana, the Dominican Republic, Russia, Chile and the
    Seychelles are commonly charged to other people's accounts.  HACKERS can
    divert their Internet, local and international call costs without
    BUSINESSES with internal exchanges, or PABX, are particularly vulnerable
    and are frequently being billed for hackers' forays.  MOBILE phones
    thought tamper-proof can be hacked into by cloning their SIM cards, the ID
    chip that controls billing.  Telecommunications industry deputy ombudsman
    Wally Rothwell said hacking had become a costly reality. 
    "Hacking could be costing consumers in the region of millions of dollars," 
    he said. "Some of these calls are very expensive - sex calls, for example,
    can be up to $30 just to be connected." 
    Between January and March this year, 426 complaints were made over calls
    householders and small businesses believed they never made.  Mr Rothwell
    said "phreaking" - a fraud in which calls are diverted through someone
    else's phone - had been proven possible from within telephone exchanges.
    "However, we are yet to see it proved that hacking can be done remotely or
    from outside the telephone exchange," he said. 
    But a former "phreaker" told the Herald Sun hackers established years ago
    how to illegally get into exchanges from external lines.  Andre Dedio, 32,
    an Internet service provider, said methods ranged from crude to advanced. 
    "When I was doing it I was using my computer to program the exchange to do
    what I wanted it to do," Mr Dedio said.
    "Expert phreakers use normal telephone lines and home computers to
    generate certain sounds that will open the exchange trunk," he said.  He
    said hackers also access private telephone lines by manipulating gadgetry
    inside exchange pits in suburban streets.  They could easily divert their
    calls through their neighbors, he said, but this was crude. 
    "If you can get into the exchange you don't have to hijack someone's
    telephone line," he said.
    Head of Queensland University of Technology's school of data
    communications, Prof. Bill Caelli, said even the most sophisticated
    national network was not safe.  Many companies with PABX systems had
    succumbed to multi-million dollar phone fraud in the UK, US and Canada. 
    Researchers at Berkeley University, California, last month proved digital
    phones were no longer secure, having cloned the SIM chip that controls
    billing, he said. 
    The Australian Communications Authority said big companies had to be extra
    "The bigger the company, the bigger the bill and the easier it is for
    hackers to avoid being spotted," spokesman Frank Nowlan said.  The maximum
    penalty for phreaking is five years' jail under the federal Crimes Act. 
    Telstra spokesman Stephen Nason said Telstra believed its network security
    was world's best practice in protection against hackers.  "While no
    network is 100 per cent bullet-proof, we believe the Telstra network to be
    absolutely world-class," he said.  Hacking was not widespread, he said,
    with probably fewer than 50 cases a year in Australia. 
    Optus spokeswoman Kristin Meagher said Optus had no evidence of hacking on
    its network.
    (C) 1998 Herald and Weekly Times Limited. 
    HERALD SUN 14/05/98 P7 
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:53:08 PDT