[ISN] Phone Hackers discovered by system service biz

From: InfoSec News (isnat_private)
Date: Wed Dec 04 2002 - 22:58:04 PST

  • Next message: InfoSec News: "[ISN] PGP Opens Up Encryption Source Code"

    Forwarded from: "Bill Scherr IV, GSEC, CGIA" <bschnzlat_private>
    By Jason Schreiber
    November 29, 2002 
    RAYMOND - A Raymond company has uncovered an unusual telephone-hacking
    scheme that could cost businesses big bucks when they get their phone
    John Laurence, owner of Telephone Systems Consultation and
    Maintenance, said his company has discovered that hackers are breaking
    into business voice-mail systems to make long-distance calls and send
    numerical codes to the Philippines.
    Company technicians have spent the last few weeks helping businesses
    repair their voice-mail systems after they were hit. The phone systems
    being attacked are all a brand made by Panasonic, Laurence said.
    The problem was first discovered when Laurence's company, which sells
    and installs telephone and voice-mail systems for businesses here and
    across the country, began receiving calls from clients reporting that
    their voice mail wasn't working properly.  Some businesses have
    discovered problems when they attempt to retrieve messages but find
    their voice-mail is not accessible.
    After investigating the complaints, Laurence said his company found
    several cases where someone, presumably a hacker familiar with phone
    systems, managed to call businesses at night and alter their voice
    mail systems by creating a new mailbox that the person could then use
    to dial long-distance phone calls from an unknown location.  Many of
    the bogus calls from business voice mail systems were made to the
    Philippines, Laurence said.
    Technicians haven't been able to trace the location where the calls
    from the hacker originated, nor do they know to whom the overseas
    numbers that were called belong.
    All of the long-distance calls are being billed to the affected
    businesses, said Laurence, who urged employees in charge of handling
    company phone bills to closely examine their bills. Some businesses
    may not be aware that their voice mail systems have been hacked into.
    "This could be happening to a lot of businesses across the country.
    This has happened to us several times over the past two weeks, so I
    can just imagine the volume of this that could be happening around the
    country," said Laurence, adding that companies should make sure that
    their phone systems are password-protected to make them less
    Laurence's company has a customer base of 600 businesses in New
    England and 1,000 more in other parts of the country. He said
    customers as far west as California have reported problems with
    apparent voice-mail hacking.
    Chris Goodrow, a senior technician for the Raymond phone company, said
    the hackers have also found a way to change the voice-mail programming
    so that it can forward voice mail messages from the company's system
    to the Philippines. For instance, he said some businesses have
    discovered strange voice mail messages that include what appear to be
    numerical codes followed by the voice of a person speaking just a few
    words in an unknown foreign language.
    EOS Research in Portsmouth is among the growing number of businesses
    attacked by the phone hackers. Ron Gehl, the company's president, said
    the problem was detected when employees noticed that one of the
    company's many phone lines appeared to be in use even though no one in
    the building was using that line.
    "Something was picking up the line and placing what seemed to be a
    brief call. After investigating, we found the voice mail was up to
    something. We unplugged the voice mail device and the problem seemed
    to go away," Gehl said.
    Technicians researched the problem and found that the voice mail
    system had been attacked.
    "Whoever hacked into it had established a new voice mail account which
    automatically was going out and repeatedly dialing long-distance
    numbers overseas and was transmitting numerical messages," Gehl said.
    Gehl said some of the voice mail box accounts were not protected by a
    password and he believes that was how the hacker was able to get into
    the system. Now, he said, all of the company's voice mail accounts are
    Businesses need to be aware of the problem before they become victims
    too, Gehl said. People usually try to make sure their computers are
    protected from hackers, Gehl said, but now they must worry about their
    phone system.
    "I would certainly recommend that folks consider this as a potential
    target of a hacker.  It may not be the first thing that comes to mind.
    Here's just another device that's essentially opened to the outside
    world in some form or another," he said. "I would simply recommend
    people look into the security of what their current voice mail system
    is and if it appears there may be a way to break into it, there may be
    steps to additionally secure it."
    Authorities say it's the first time they've heard of such a
    phone-hacking scheme.
    Raymond Police Chief David Salois said that because the case involves
    several businesses in different states, the FBI would be an
    appropriate agency to launch an investigation. Salois said he put
    Laurence in touch with an FBI agent.
    "I've never heard a thing about it," said Mike Bahan, chief criminal
    investigator for the state attorney generalís office. Bahan referred
    calls on the matter to the FBI.
    While Laurence's company is in Raymond, no crime has actually occurred
    in that town because the businesses hit by the hackers are located in
    other parts of the state and country.
    "A crime could be where the call originated from and also where the
    theft took place, in this place at the company. The theft would be
    considered the cost of the phone call,"  Salois said.
    Whether the case is ever prosecuted really depends on the dollar
    amount attached to the illegal long-distance calls, said Jay Grant, a
    spokesman for the FBI's Boston office.  At this point no one knows the
    cost of all the calls made by the hackers through different
    businesses. Laurence pointed out that many companies do not know their
    voice mail was attacked until they receive their phone bill and find
    unusual long- distance calls.
    Laurence said he has wondered whether the calls are just a prank or
    somehow connected to terrorists.
    Grant quickly discounted that theory, saying the odds are slim that
    the calls to the Philippines could be tied to terrorism, even though
    there have been reports in recent months of increased terrorist
    activity in that country. After all, he said, most people who live in
    the Philippines aren't terrorists.
    Salois was not so quick to write off Laurenceís theory that the case
    could be linked to terrorism.
    "There is the potential. Not knowing and given the climate we live in
    I'd say it should definitely be looked at," he said.
    Amanda Noonan, director of consumer affairs for the state's Public
    Utilities Commission, said she also has never heard of a problem with
    hackers corrupting voice-mail systems. While the PUC does not
    investigate cases such as this, Noonan said, the agency will help
    those companies victimized by phone hackers. Noonan said the PUC would
    assist customers having trouble getting their long-distance phone
    carrier to take the illegal calls off their phone bill.
    "We will work with them and their phone company to get an adjustment
    made for their calls. I think we would be able to assist customers in
    that respect," she said.
    Bill Scherr IV, GSEC, GCIA
    Electronic Warfare Associates / IIT
    Lafayette RTI, Camp Johnson
    Colchester, VT 05446
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Thu Dec 05 2002 - 01:36:04 PST