http://finance.news.com.au/story/0,10166,12699755-31037,00.html By Paul Osborne March 30, 2005 CYBER criminals have hacked into a private hospital's telephone system, racking up almost $5000 in international calls in an attack experts warn is becoming increasingly common. Hackers believed to be operating from overseas tapped into the PABX system at Canberra's John James Hospital. They then made between $4000 and $5000 worth of calls to South America and the Asia Pacific region in 24 hours from 1.30am on March 22. Telstra technical staff who monitor irregular spikes in calls notified the hospital and the system was shut down. Hospital chief executive Phil Lowen said that if it was not for the warning from Telstra it was possible a bill of $50,000 to $100,000 could have been run up over the Easter break. Experts say older Private Automatic Branch Exchange systems, or PABX, which are used in many companies and organisations across the country are vulnerable to such attacks. ACT Policing spokesman Sandi Logan said it had been the first big attack of its kind in Canberra this year, but there had been two others last year. Mr Logan said an investigation into the two previous matters found it was likely the attackers were based overseas. But the location of the offenders could not be determined and the investigations hit a dead end. "What we are resigned to accepting on the cases thus far is that it may just be impossible to determine a jurisdiction so that we can seek assistance on formal basis from telecommunications providers or law enforcement agencies," he said. "But we are treating the matter seriously and we continue to do our best to assist victims within our own jurisdiction." Telstra and police have warned PABX users to fix any vulnerabilities in their systems. "They've got to harden the target," Mr Logan said. ACT police are awaiting a report from Telstra before the John James Hospital investigation goes any further. Telstra estimates that up to 20 organisations are attacked by "phreaks", as the telephone hackers are known, every month. But the extent of damage varies depended on whether the phreaks made calls, or simply listened in to other calls or changed messages on phone systems. Mr Lowen said the hospital's PABX had a facility which allowed someone to dial in from outside the hospital to check the system. It appeared that hackers had dialled into the line and then made international calls. "It looks like it was some sort of organised group," Mr Lowen said. "It was ... like we were being used for someone else's business for a while." The director of the Australian High Tech Crime Centre, Federal Agent Kevin Zuccato, said it was hard to put a figure on the impact of hacking, but there was no doubt criminals were becoming more astute. "I think that that type of crime is only limited by the imagination of the criminals who perpetrate them," Mr Zuccato told ABC radio. "I think we are going to see some far greater sophistication in terms of the attacks." _________________________________________ Network Security - http://www.auditmypc.com Free vulnerability test - How secure is your computer?
This archive was generated by hypermail 2.1.3 : Wed Mar 30 2005 - 12:30:29 PST