[ISN] Toll-Free lines open door to hackers

From: mea culpa (jerichot_private)
Date: Mon Jul 06 1998 - 19:02:23 PDT

  • Next message: mea culpa: "[ISN] Thawte certificate rollover"

    Forwarded From: William Knowles <erehwont_private>
    [TechWeb] (7.6.98) A number of Australian companies that operate 
    toll-free phone-line connections to their computer networks are 
    leaving themselves open to security breaches, according to a 
    new study.
    Australian security company Shake Communications used a modem 
    to dial up every toll-free number it could locate in Australia. 
    Two percent of the 48,000 numbers called let Shake connect to a 
    computer system, some of which offered no resistance to intrusion.
    Toll-free 1-800 numbers are widely used to encourage customers 
    to call sales or service personnel. But the numbers are also 
    used for internal purposes such as interoffice communications, 
    remote access by staff, and, in some cases, electronic access 
    for customers. These internal numbers are not generally published.
    Shake's modem was able to connect to 1,389 computer systems, 
    and to get information from 166 of them without breaking the 
    law. Under Australian law, any attempt to penetrate a computer 
    system is illegal, so Shake was limited to dialing the phone 
    number, seeing what was at the other end, then hanging up. 
    Shake's modem took more than 500 hours to dial all the numbers.
    Of the 166 phone numbers connected to computers, 16 of them 
    had no authentication procedures, two allowed callers to bypass 
    log-in procedures, and another three gave callers access to 
    the computer's root directory, usually reserved for system 
    administrators. Just over one-third of the computers revealed 
    their operating system and version.
    Only four of the systems connected to appeared to have a 
    sophisticated means of establishing user authentication, said 
    Shake's technical director, Simon Johnson. "I was astounded at 
    the lack of security," he said, adding that banking and finance 
    companies, followed by IT and media, appeared to be the most 
    lax. "In some cases, we were automatically logged on to their 
    internal networks," he said.
    Shake got the idea for the study from hackers themselves, who 
    often circulate lists of 1-800 numbers as lines of attack for 
    company computer systems. The obvious lesson: Don't use 1-800 
    numbers for internal corporate access, Johnson said. "If you do 
    -- and I advise not to -- at least have some strong authentication," 
    he said.
    The study showed how slack some Australian companies can be 
    about computer security, said Ben Barton, business-development 
    manager with the Australian Computer Emergency Response Team, 
    a Queensland computer-security company. But he said Australia 
    was probably little different in this regard than anywhere else, 
    especially the United States.
    The level of computer security in Australia is unlikely to be
    significantly lower than in the United States, said a computer 
    crime specialist with the Australian Federal Police, who asked 
    not to be named. He said the size of a company doesn't 
    necessarily reflect its commitment to security.
    "I've seen some very serious [about security] large companies 
    and some very serious small companies," he said. "I've also 
    seen the reverse."
    Subscribe: mail majordomot_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:58:08 PDT