[ISN] Phone hackers stick city for $15,000

From: InfoSec News (isnat_private)
Date: Fri Mar 29 2002 - 00:55:40 PST

  • Next message: InfoSec News: "[ISN] Gilmore warns of threat to information systems"

    Wednesday, March 27, 2002
    By Jim Harger
    The Grand Rapids Press
    Grand Rapids taxpayers are footing a $15,000 telephone bill for
    international calls rung up because of hackers who broke into the
    city's phone system over a weekend last summer.
    Hackers broke into the city's voice-mail system in July and used a
    "back door" code to get access to an outgoing line. The access code
    was sold on the street and used to make $36,400 worth of international
    phone calls, said Tom McQuillan, the city's director of information
    Phone companies have agreed to forgive all but about $15,000 of the
    According to McQuillan, "very sophisticated" hackers in New York,
    using decommissioned cellular phones, broke the codes to the city's
    switchboard the weekend of July 20-23.
    The hackers used a little-known feature that allowed voice-mail access
    to reach an outgoing line. That feature, which was not used by city
    employees, has since been taken out of the system, McQuillan said
    It was the first time the city's phone system has been hacked since it
    was installed 18 years ago, he said.
    Access to the outgoing line was sold to users who called numbers in
    Asia and the Middle East, McQuillan said. The calls were made during
    off-hours when the city's own phone traffic was too low to detect the
    Worldcom, the city's local service provider, discovered the problem on
    July 23,the Monday after the hackers broke in, McQuillan said.
    The city has been negotiating since then to determine how much of the
    bill taxpayers must foot.
    Sprint has agreed to forgive $11,132 worth of calls billed through its
    long-distance service, McQuillan said in a memorandum to city
    commissioners. However, AT& is willing to write off only $10,119.71 of
    the $25,299.28 worth of calls made through its service.
    "AT& believes that it has legal standing to demand such payment," said
    McQuillan, who asked the City Commission to sign off on the $15,000
    settlement Tuesday.
    "We do not dispute that the calls were made through our phone system,
    even though they were made by outsiders," McQuillan said. "AT& has
    worked with us during the entire process, and there is no real fault
    to be assigned. Unfortunately, toll fraud is a fairly common business
    City Attorney Philip Balkema told commissioners AT&'s case was a
    strong one. "There is an FCC ruling that is identical on all the
    points," he said. "Their ruling is that AT& was entitled to recovery."
    AT& spokesman Mike Pruyn said he was not familiar with the Grand
    Rapids case, but noted AT& routinely holds telephone customers
    responsible for their telephone numbers.
    "We deal with each complaint on a case-by-case basis," he said. "But
    in general, each customer is responsible for their telephone and calls
    made by their telephones, whether they're made by hackers or not."
    Due to confidentiality agreements in the city's contract with AT&,
    McQuillan said he could not comment on the negotiations that led to
    the agreement.
    McQuillan also said he could not comment on any findings of the
    investigation into identifying the hackers.
    Assistant City Manager Gregory Sundstrom said city officials have
    taken steps so it won't happen again. He said an investigation
    determined no city employees were involved in the fraud.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Fri Mar 29 2002 - 04:33:01 PST