http://www.mlive.com/news/grpress/index.ssf?/xml/story.ssf/html_standard.xsl?/base/news/101724390467486.xml Wednesday, March 27, 2002 By Jim Harger The Grand Rapids Press Grand Rapids taxpayers are footing a $15,000 telephone bill for international calls rung up because of hackers who broke into the city's phone system over a weekend last summer. Hackers broke into the city's voice-mail system in July and used a "back door" code to get access to an outgoing line. The access code was sold on the street and used to make $36,400 worth of international phone calls, said Tom McQuillan, the city's director of information technology. Phone companies have agreed to forgive all but about $15,000 of the debt. According to McQuillan, "very sophisticated" hackers in New York, using decommissioned cellular phones, broke the codes to the city's switchboard the weekend of July 20-23. The hackers used a little-known feature that allowed voice-mail access to reach an outgoing line. That feature, which was not used by city employees, has since been taken out of the system, McQuillan said Tuesday. It was the first time the city's phone system has been hacked since it was installed 18 years ago, he said. Access to the outgoing line was sold to users who called numbers in Asia and the Middle East, McQuillan said. The calls were made during off-hours when the city's own phone traffic was too low to detect the problem. Worldcom, the city's local service provider, discovered the problem on July 23,the Monday after the hackers broke in, McQuillan said. The city has been negotiating since then to determine how much of the bill taxpayers must foot. Sprint has agreed to forgive $11,132 worth of calls billed through its long-distance service, McQuillan said in a memorandum to city commissioners. However, AT& is willing to write off only $10,119.71 of the $25,299.28 worth of calls made through its service. "AT& believes that it has legal standing to demand such payment," said McQuillan, who asked the City Commission to sign off on the $15,000 settlement Tuesday. "We do not dispute that the calls were made through our phone system, even though they were made by outsiders," McQuillan said. "AT& has worked with us during the entire process, and there is no real fault to be assigned. Unfortunately, toll fraud is a fairly common business occurrence." City Attorney Philip Balkema told commissioners AT&'s case was a strong one. "There is an FCC ruling that is identical on all the points," he said. "Their ruling is that AT& was entitled to recovery." AT& spokesman Mike Pruyn said he was not familiar with the Grand Rapids case, but noted AT& routinely holds telephone customers responsible for their telephone numbers. "We deal with each complaint on a case-by-case basis," he said. "But in general, each customer is responsible for their telephone and calls made by their telephones, whether they're made by hackers or not." Due to confidentiality agreements in the city's contract with AT&, McQuillan said he could not comment on the negotiations that led to the agreement. McQuillan also said he could not comment on any findings of the investigation into identifying the hackers. Assistant City Manager Gregory Sundstrom said city officials have taken steps so it won't happen again. He said an investigation determined no city employees were involved in the fraud. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Fri Mar 29 2002 - 04:33:01 PST