Subject: "Computer hackers tap into phone gold mine" This was one of todays headlines on the front page of today's Detroit Free Press... Computer hackers tap into phone gold mine Voice mail fraud put at $4 billion a year By David Ashenfelter Free Press Business Writer In the late 1980s, high-tech pranksters got their kicks by breaking into unprotected computer systems. Then, they infected computers with harmful binary viruses. Today, hackers are wreaking havoc on computerized telephone systems. "It's a big problem, and getting worse," said John Haugh, a Portland, Ore., a telecommunications expert who estimated that hackers are responsible for about $4 billion a year in toll fraud. "Once they get inside the system and get a dial tone, they can make phone cals all over the world," Haugh added. "By the time the customer gets his phone bill, the criminals are long gone." The Detroit Newpaper Agency (DNA), publisher of the Detroit News and Free Press, recently became a victim of one variation of the telescam. Three months ago, DNA employees starte fing strange messages in the company's computerized voice mail system. The messages were intended for someone else and were left by callers wdentified themselves as "Black Lightning," "Phantom," or "Plastic Man." What initially appeared to be a glitch in the voice mail system turned out to be the wof a hacker who broke into the message system through a dial-in maintenance line, said telecommunications manager Ricardo Vasquez. Once inside, the hacker cracked the system administrator's pass code and set up score of voice mailboxes for freinds and associates who dialed in on the DNA's toll-free number. Later, officials at Sl Oil Co. in Huston and Shearson Lehman Bros. in St. Louis notified Vasquez that their voice mail systems had been penetrated by hackers who left messages urging their friends to call a mail box at the DNA. "We were lucky," Vasquez said. "Our losses amounted to only a few hundred dollars for calls on our toll-free phone line." He said the company's losses would have beenfar worse had the system been equipped tlow the intruders to make worldwide long-distance calls on DNA phone lines. Vasquez said the DNA does not plan to request a criminal investigation because losses were small. Officials at Shell Oil and Shearson Lehman declined to comment. Michigan Bell security employees referred inquiries to the public relations staff, which, in turn, referred inquiries to the Tigon Corp., an Ameritech subsidiary in Dallas which sells and leases voice mail systems. "It is a growing problem and people need to be aware of it," said Tigon spokeswoman Jill Boeschenstein. "In most cases, has try to get in to have some fun and fool around with the message system. "The real expense comes when they're able to make outgoing calls that the company ends up paying for. That can be a considerable sum before the company realizhat is going on." Boeschenstein said companies that uy or lease voice mail systems are responsible for unauthorized usage. She said companies can protect their phone systems relatively easily be using longer pass codes and disconnecting maintenance phone lines, which enable system administrators to operate the system from a remote location. Boeschenstein also said companies should do a more thgh job of monitoring their systems. Telecommunications expert Haugh, whose company interviewed more than 400 toll-fraud victims or near victims, said the most the most sinister telephone hackers break into a phone system and set up hidden mail boxes, then sell them to drug, prostitution and child pornography rings that want to make free calls that are hard to trace. Hackers also marke mailboxes to nationwide rings that sell long-distance phone calls for $10-$30 apiece from payphones on the streets of large U.S. cites. Haugh said many of the customers are immigrants who want to call relatives in their homelands. A favorite time for hackers to sell phone services is on weekends, when companies aren't using or monitoring thier phone systems, some of which aer capable of handling hundreds of lodistance calls simultaneously. Haugh said one nationally known manufacturer, which he declined to identify, belatedly discovered that it was on the hook for $1.4 million worth of long distance calls made on it's phone lines in just one weekend. And after companies are victimized, they rarely are willing to discuss it publicly. "They're afraid of bad publicity or liability and in almost all cases their fears are unfounded," Haugh sa"It's a very foolish attitude. Until the problems becometter understood, other companies aren't going to do enough to protect their systems from abuse." There were also two VERY helpful sidebars to the article: +-----------------------------+ | FREE RIDE | | | | By invading telephone | | systems and using them for | | their own calls and messages| | telephone hackers are | | costing companies plenty. | | Here is one way it's done: | | | | 1: Hacker dials number for | | the companies maintenance | | line | | and, | | once | <-----sinister looking picture of hacker | on it | dialing phone to allow communication | cracks | with kiddie-porn friends | the password code for the | | administrator. | | | | 2: Acting as the company's | | telephone administrator, | | hacker sets up network of | | phony voice mail boxes | | for friends and associates. | <-----Drug dealers and prostitutes! | | | 3: Hacker gives company's | | 800 number to phriendz and | | associates, so they can dial| <----- see above | into the system. They can | | leave messages for the | | hacker or others in network,| | and pick up messages in the | | mailboxes. | | | | (lame-looking 1964 800 | | service graphic dragged | | out of closet and put | | here) | | | | 4:In some systems, once | | connection is established, | | INVADERS can also make long-| | distance calls, which will | | be billed to the company. | | | | Source: Telecommunications | | Advisors, Inc. | +----------------------------+ +-----------------------------+ | SYSTEM SECURITY | | | | To protect you company's | | voice mail system from | | telephone hackers: | <---------EVIL, NASTY Ones! Oh, NOOOO! | | | o Use longer passwords, | <---------What a concept. | which are harder to decipher| | | | o Disconnect the maintanence| | phone line, so outsiders | <---------Shit, what phun is THAT?!?!?!? | can't gain control of the | | system | | | | o Encourage employees to | | report any suspicious | | messages on their voice mail| | | | o Scrutinize system reports | | to look for unauthorized | | entry into the system. | | | | Source: Ameritech Corp. | | | +-----------------------------+  Downloaded From P-80 International Information Systems 304-744-2253