http://www.accessatlanta.com/partners/ajc/epaper/editions/thursday/business_b3130921445570660025.html Michael E. Kanell - Staff Thursday, June 21, 2001 Hackers from metro New York used a Covington company's toll-free line, slipping through a technological loophole to run up $89,911.80 in overseas calls. Now, it's a question of who pays the bill. Since no bad guys have been caught, the question of who ought to eat that cost --- racked up in one week of reaching out to several other continents in September 1999 --- depends on which version of events you believe and which interpretation of the law. Officials of the Covington company, Gerri Murphy Realty, say they bear no blame for the calls to Pakistan, India, Bangladesh and other spots outside metro Atlanta. Finding that the phone line was misused was unpleasant. Finding that the company is supposed to pay sent the trio who owns and runs Murphy Realty scrambling for lawyer Robert Stansfield. Ralph Murphy, corporate secretary for the realty company and also Gerri Murphy's husband, said he wants businesses to know they are vulnerable, but he is worried about his company's survival. "How many people have their britches down and they don't know it? The only thing we could do is go bankrupt if we got a judgment for $90,000," he said. While AT&T has offered to settle for $45,000, it has sued Murphy Realty in federal court because it believes the scam was carried out using the company's voice mail, said AT&T spokesman David Arneke. "The basic principle is that customers are responsible for calls made using their own phone lines. We told them it was their problem, and we told them they had responsibility for fixing the problem." It started Sept. 6 when Murphy's office manager was awakened at home by someone at AT&T who noticed unusual activity --- overseas calls --- on the real estate company's line. Thieves had already rung up about $6,000 in charges. Murphy said he was assured by AT&T it would do what it could to solve the problem. But hours and days slid by, and the numbers on the meter kept mounting. "Basically, we told them that whatever it takes, turn it off," Murphy said. "We thought at that point that they had pulled the plug, but they had not pulled the plug." That's not the way AT&T representatives remember it. The crooks were calling the toll-free number and using the Murphy voice mail to get an open line, Arneke said. "And if your system is being hacked, we can't fix it for you." AT&T did block international calls from the lines. But the hackers scooted around that. AT&T has since added protections to prevent hackers from taking that detour, but that doesn't absolve Murphy, Arneke said. His position is that the hackers were still getting an open line via the company's voice mail. No, no, no, insists Murphy Realty, which is convinced the hacker got the open line from a BellSouth switch. A Murphy technician has testified he did what AT&T suggested, eliminating any way a caller could get an open line from the voice mail. The international charges continued until Sept. 13 when AT&T blocked use of the toll-free line from anywhere in the continental United States. Murphy thought that was the end of it. Until the bill came. Accustomed to a phone bill of $400 to $500 a month, even AT&T's settlement offer looks steep, he said. "We are a mom-and-pop operation. We can't afford to pay $45,000." As it is, the company has rung up more than $15,000 in legal expenses, he said. The lawyer, Stansfield, wonders why AT&T didn't make the fix sooner. Why didn't AT&T offer Murphy Realty the option of turning off the 800 line? Why did AT&T assure Murphy that it would not be liable --- at least after AT&T told them about the scam and Murphy Realty did what it was asked? Stansfield argues AT&T's inability to shut down the scamsters should absolve Murphy Realty of responsibility. Not when it was Murphy's responsibility, contends AT&T. AT&T sued Gerri Murphy Realty in federal court, an action placed on hold while the parties slug it out later this month before the Federal Communications Commission in Washington. No arrests have been made. The calls were made from pay phones in New York and New Jersey. The amount involved probably wouldn't justify an international investigation. Not paying a $90,000 bill meant a cutoff. So now, the two-office company has long-distance service from WorldCom's MCI unit, although Ralph Murphy said he doesn't think it has any more protection from a phone scam than before. The odds are against a repeat --- it's just not that common a scam. The phone hacking phenomenon is less frequent than before. For one thing, the feloniously tech-savvy person has more options --- the Internet, for example. And the Net itself provides a much cheaper way to make international calls. AT&T says it sees 1,400 to 1,500 cases a year amounting to $15 million in stolen services from AT&T and its customers out of a $4 billion-a-year total fraud cost. A typical scam can easily be as costly as the $90,000 tab run up in the Murphy Realty case, Arneke said. But the company doesn't end up in court often, he said. "These cases are usually settled out of court now because there are such a significant number of rulings on this that customers realize that the law is well-established. We try to negotiate with the customer, as we did here. And what we would really like is to reach a point where the customer is satisfied and we are satisfied." ISN is hosted by SecurityFocus.com --- To unsubscribe email isn-unsubscribeat_private
This archive was generated by hypermail 2b30 : Thu Jun 21 2001 - 23:07:02 PDT