Phone System Hacking

Phreakin’ hell: phone hacking costing Australia millions

Phreaking, or telephone hacking, has resulted in significant losses for some of Australia’s largest companies. David Hovenden investigates this disturbing twist on traditional hacking

Australian companies are regularly falling victim to a form of hacking, which has cost some companies up to $1 million in a single attack, and yet the threat is neither new nor particularly difficult to prevent. ‘Phreaking’, as the crime is known, is essentially gaining access to an organisation’s telephone system and using it to make calls, charge phone cards or commit other forms of larceny.

Media reports of companies falling victim to this crime in Australia date back to 1992 and beyond, but it’s the wholesale absence of such reports that has allowed the crime to go largely unnoticed and unchecked, so much so that there could be as many as 50 such attacks every week in Australia. According to the US-based Communications Fraud Control Association, annual worldwide telecom fraud losses are believed to be in the range of US$35-$40 ($48-$55) billion.

COMMON ATTACKS

Calling his company’s services an audit, Stevens says that his percentile success rate of being able to hijack a company’s phone system is in the very high nineties. Worse news still, is that having secured a company’s system, often within 12 months he’s able to get back into a company’s phone system against his own security measures.

“Just as in conventional computer hacking, you’re only ever one step behind the hackers, you’re always one step behind the phreakers,” he says. “However, unlike computer hacking, where just about every business, not to mention individuals, has some sort of antivirus software or firewall at least, the vast majority of Australian companies are completely unprotected.

“So while you may risk falling victim to a phreaker who’s more driven by ego than criminal intent, if you have put security measures in place, the more serious side of phreaking, that being driven by organised crime, is far more likely to go for the low-hanging fruit – organisations with little or no defences in place.”

Among the most common forms of phreaking attacks are the direct accessing of a company’s PABX system via a dial-in modem. Frequently unguarded by a password, or easily worked around security, once a phreaker gains access to your PABX system, it’s a very quick and easy step to turn your PABX into an international exchange. Numbers can be assigned to other users, or made via computer to relentlessly dial into 0055 style numbers anywhere in the world and rack up enormous bills practically overnight. This was precisely what happened to Canberra’s John James Hospital. It has since removed dial-up access to the PABX as well as several other functions. It still receives calls attempting to get back into the system.

If the PABX system proves secure, the next most common form of attack according to Stevens, is via a company’s voicemail system. Just about every voicemail system can be accessed via a remote telephone line. Using relatively straightforward hacking programs, phreakers are able to gain access to an organisation’s staff voicemail boxes. Cracking the four digit passwords, a process which usually takes less than two days at most and if common pass codes such as “0000” or “1234” are used, “a matter of seconds”, gives the phreakers access to another phone line or lines depending on how many they can access.

From here it’s easy to forward that line to another number. “It just so happens that that number can easily be 0011,” says Stevens. This method is most common with phone card scams. Operating on a global scale, this is the realm of organised crime and it is so far proving impossible to catch the perpetrators.

Stevens explains a typical scenario: A backbacker in South America buys a phone card, which like all phone cards requires the user to dial a series of numbers before entering the number they wish to dial. Usually, via multiple countries and through potentially a bank of computers, the call is routed through one of a selection of phreaking victims’ PABX systems. The backpacker is none the wiser that they have not been using a legitimate service.

COUNTER MEASURES

“With all the precautions being undertaken to prevent computer network hacking these days, it is surprising how little mention is made about phreaking or PABX hacking,” said Denis Rowe, national marketing manager, Macquarie Telecom. “While perhaps not as common as the current spate of phishing scams hitting Australia, it is lethal in its cost to business.”

Phreakers breech PABX security and re-originate calls to anywhere in the world. While it has been going on for many years, the widespread use of email, the internet and mobile communications has left company ‘weak spots’ open to exploitation by ever more sophisticated phreakers.

“Phreakers don’t discriminate between small or large business – in some instances the costs can be enough to put a company out of business,” he said.

Minimising the risk?

There are a number of simple precautions business and government can put in place to lower the risk of phreaking. These include:

1. Change all default passwords on remote access to PABX and voicemail systems

2. Potentially disconnect remote programming modems when not in use

3. Implement a policy of monthly changes to personal voicemail and remote access pins