home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Hacker Chronicles 1
/
HACKER1.ISO
/
misc
/
goldmine.txt
< prev
next >
Wrap
Text File
|
1992-11-14
|
8KB
|
166 lines
Subject: "Computer hackers tap into phone gold mine"
This was one of todays headlines on the front page of today's Detroit Free
Press...
Computer hackers tap into phone gold mine
Voice mail fraud put at $4 billion a year
By David Ashenfelter
Free Press Business Writer
In the late 1980s, high-tech pranksters got their kicks by breaking into
unprotected computer systems.
Then, they infected computers with harmful binary viruses.
Today, hackers are wreaking havoc on computerized telephone systems.
"It's a big problem, and getting worse," said John Haugh, a Portland,
Ore., a telecommunications expert who estimated that hackers are responsible
for about $4 billion a year in toll fraud.
"Once they get inside the system and get a dial tone, they can make phone
cals all over the world," Haugh added. "By the time the customer gets his
phone bill, the criminals are long gone."
The Detroit Newpaper Agency (DNA), publisher of the Detroit News and Free
Press, recently became a victim of one variation of the telescam.
Three months ago, DNA employees starte fing strange messages in the
company's computerized voice mail system. The messages were intended for
someone else and were left by callers wdentified themselves as "Black
Lightning," "Phantom," or "Plastic Man."
What initially appeared to be a glitch in the voice mail system turned out
to be the wof a hacker who broke into the message system through a dial-in
maintenance line, said telecommunications manager Ricardo Vasquez.
Once inside, the hacker cracked the system administrator's pass code and
set up score of voice mailboxes for freinds and associates who dialed in on
the DNA's toll-free number.
Later, officials at Sl Oil Co. in Huston and Shearson Lehman Bros. in
St. Louis notified Vasquez that their voice mail systems had been penetrated
by hackers who left messages urging their friends to call a mail box at the
DNA.
"We were lucky," Vasquez said. "Our losses amounted to only a few hundred
dollars for calls on our toll-free phone line."
He said the company's losses would have beenfar worse had the system been
equipped tlow the intruders to make worldwide long-distance calls on DNA
phone lines.
Vasquez said the DNA does not plan to request a criminal investigation
because losses were small.
Officials at Shell Oil and Shearson Lehman declined to comment.
Michigan Bell security employees referred inquiries to the public
relations staff, which, in turn, referred inquiries to the Tigon Corp., an
Ameritech subsidiary in Dallas which sells and leases voice mail systems.
"It is a growing problem and people need to be aware of it," said Tigon
spokeswoman Jill Boeschenstein. "In most cases, has try to get in to have
some fun and fool around with the message system.
"The real expense comes when they're able to make outgoing calls that the
company ends up paying for. That can be a considerable sum before the company
realizhat is going on."
Boeschenstein said companies that uy or lease voice mail systems are
responsible for unauthorized usage. She said companies can protect their phone
systems relatively easily be using longer pass codes and disconnecting
maintenance phone lines, which enable system administrators to operate the
system from a remote location. Boeschenstein also said companies should do a
more thgh job of monitoring their systems.
Telecommunications expert Haugh, whose company interviewed more than 400
toll-fraud victims or near victims, said the most the most sinister telephone
hackers break into a phone system and set up hidden mail boxes, then sell them
to drug, prostitution and child pornography rings that want to make free calls
that are hard to trace.
Hackers also marke mailboxes to nationwide rings that sell long-distance
phone calls for $10-$30 apiece from payphones on the streets of large U.S.
cites. Haugh said many of the customers are immigrants who want to call
relatives in their homelands.
A favorite time for hackers to sell phone services is on weekends, when
companies aren't using or monitoring thier phone systems, some of which aer
capable of handling hundreds of lodistance calls simultaneously.
Haugh said one nationally known manufacturer, which he declined to
identify, belatedly discovered that it was on the hook for $1.4 million worth
of long distance calls made on it's phone lines in just one weekend.
And after companies are victimized, they rarely are willing to discuss it
publicly.
"They're afraid of bad publicity or liability and in almost all cases
their fears are unfounded," Haugh sa"It's a very foolish attitude. Until
the problems becometter understood, other companies aren't going to do
enough to protect their systems from abuse."
There were also two VERY helpful sidebars to the article:
+-----------------------------+
| FREE RIDE |
| |
| By invading telephone |
| systems and using them for |
| their own calls and messages|
| telephone hackers are |
| costing companies plenty. |
| Here is one way it's done: |
| |
| 1: Hacker dials number for |
| the companies maintenance |
| line |
| and, |
| once | <-----sinister looking picture of hacker
| on it | dialing phone to allow communication
| cracks | with kiddie-porn friends
| the password code for the |
| administrator. |
| |
| 2: Acting as the company's |
| telephone administrator, |
| hacker sets up network of |
| phony voice mail boxes |
| for friends and associates. | <-----Drug dealers and prostitutes!
| |
| 3: Hacker gives company's |
| 800 number to phriendz and |
| associates, so they can dial| <----- see above
| into the system. They can |
| leave messages for the |
| hacker or others in network,|
| and pick up messages in the |
| mailboxes. |
| |
| (lame-looking 1964 800 |
| service graphic dragged |
| out of closet and put |
| here) |
| |
| 4:In some systems, once |
| connection is established, |
| INVADERS can also make long-|
| distance calls, which will |
| be billed to the company. |
| |
| Source: Telecommunications |
| Advisors, Inc. |
+----------------------------+
+-----------------------------+
| SYSTEM SECURITY |
| |
| To protect you company's |
| voice mail system from |
| telephone hackers: | <---------EVIL, NASTY Ones! Oh, NOOOO!
| |
| o Use longer passwords, | <---------What a concept.
| which are harder to decipher|
| |
| o Disconnect the maintanence|
| phone line, so outsiders | <---------Shit, what phun is THAT?!?!?!?
| can't gain control of the |
| system |
| |
| o Encourage employees to |
| report any suspicious |
| messages on their voice mail|
| |
| o Scrutinize system reports |
| to look for unauthorized |
| entry into the system. |
| |
| Source: Ameritech Corp. |
| |
+-----------------------------+
Downloaded From P-80 International Information Systems 304-744-2253