Subject: "Computer hackers tap into phone gold mine"

This was one of todays headlines on the front page of today's Detroit Free 
Press...

Computer hackers tap into phone gold mine

Voice mail fraud put at $4 billion a year

By David Ashenfelter
Free Press Business Writer


    In the late 1980s, high-tech pranksters got their kicks by breaking into 
unprotected computer systems.
    Then, they infected computers with harmful binary viruses.
    Today, hackers are wreaking havoc on computerized telephone systems.
    "It's a big problem, and getting worse," said John Haugh, a Portland, 
Ore., a telecommunications expert who estimated that hackers are responsible 
for about $4 billion a year in toll fraud.
    "Once they get inside the system and get a dial tone, they can make phone 
cals all over the world," Haugh added.  "By the time the customer gets his 
phone bill, the criminals are long gone."
    The Detroit Newpaper Agency (DNA), publisher of the Detroit News and Free
Press, recently became a victim of one variation of the telescam.
    Three months ago, DNA employees starte fing strange messages in the 
company's computerized voice mail system.  The messages were intended for 
someone else and were left by callers wdentified themselves as "Black 
Lightning," "Phantom," or "Plastic Man."
    What initially appeared to be a glitch in the voice mail system turned out
to be the wof a hacker who broke into the message system through a dial-in
maintenance line, said telecommunications manager Ricardo Vasquez.
    Once inside, the hacker cracked the system administrator's pass code and 
set up score of voice mailboxes for freinds and associates who dialed in on 
the DNA's toll-free number.
    Later, officials at Sl Oil Co. in Huston and Shearson Lehman Bros. in 
St. Louis notified Vasquez that their voice mail systems had been penetrated 
by hackers who left messages urging their friends to call a mail box at the 
DNA.
    "We were lucky," Vasquez said.  "Our losses amounted to only a few hundred
dollars for calls on our toll-free phone line."
    He said the company's losses would have beenfar worse had the system been
equipped tlow the intruders to make worldwide long-distance calls on DNA 
phone lines.
    Vasquez said the DNA does not plan to request a criminal investigation 
because losses were small.
    Officials at Shell Oil and Shearson Lehman declined to comment.
    Michigan Bell security employees referred inquiries to the public 
relations staff, which, in turn, referred inquiries to the Tigon Corp., an 
Ameritech subsidiary in Dallas which sells and leases voice mail systems.
    "It is a growing problem and people need to be aware of it," said Tigon 
spokeswoman Jill Boeschenstein. "In most cases, has try to get in to have 
some fun and fool around with the message system.
    "The real expense comes when they're able to make outgoing calls that the 
company ends up paying for. That can be a considerable sum before the company 
realizhat is going on."
    Boeschenstein said companies that uy or lease voice mail systems are 
responsible for unauthorized usage. She said companies can protect their phone
systems relatively easily be using longer pass codes and disconnecting 
maintenance phone lines, which enable system administrators to operate the 
system from a remote location. Boeschenstein also said companies should do a 
more thgh job of monitoring their systems.
    Telecommunications expert Haugh, whose company interviewed more than 400 
toll-fraud victims or near victims, said the most the most sinister telephone 
hackers break into a phone system and set up hidden mail boxes, then sell them
to drug, prostitution and child pornography rings that want to make free calls
that are hard to trace. 
    Hackers also marke mailboxes to nationwide rings that sell long-distance 
phone calls for $10-$30 apiece from payphones on the streets of large U.S. 
cites. Haugh said many of the customers are immigrants who want to call 
relatives in their homelands. 
    A favorite time for hackers to sell phone services is on weekends, when 
companies aren't using or monitoring thier phone systems, some of which aer 
capable of handling hundreds of lodistance calls simultaneously.
    Haugh said one nationally known manufacturer, which he declined to 
identify, belatedly discovered that it was on the hook for $1.4 million worth 
of long distance calls made on it's phone lines in just one weekend.
    And after companies are victimized, they rarely are willing to discuss it 
publicly.
    "They're afraid of bad publicity or liability and in almost all cases 
their fears are unfounded," Haugh sa"It's a very foolish attitude. Until 
the problems becometter understood, other companies aren't going to do 
enough to protect their systems from abuse."

There were also two VERY helpful sidebars to the article:

+-----------------------------+
|         FREE RIDE           |
|                             |
| By invading telephone       |
| systems and using them for  |
| their own calls and messages|
| telephone hackers are       |
| costing companies plenty.   |
| Here is one way it's done:  |
|                             |
| 1: Hacker dials number for  |
| the companies maintenance   |
| line                        |
| and,                        |
| once                        |     <-----sinister looking picture of hacker
| on it                      |           dialing phone to allow communication
| cracks                      |           with kiddie-porn friends
| the password code for the   |
| administrator.              |
|                             |
| 2: Acting as the company's  |
| telephone administrator,    |
| hacker sets up network of   |
| phony voice mail boxes      |
| for friends and associates. |     <-----Drug dealers and prostitutes!
|                             |
| 3: Hacker gives company's   |
| 800 number to phriendz and  | 
| associates, so they can dial|     <----- see above
| into the system. They can   |
| leave messages for the      |
| hacker or others in network,|
| and pick up messages in the |
| mailboxes.                  |
|                             |
|   (lame-looking 1964 800    |
|    service graphic dragged  |
|    out of closet and put    |
|            here)            |
|                             |
| 4:In some systems, once    |
| connection is established,  |
| INVADERS can also make long-|
| distance calls, which will  |
| be billed to the company.   |
|                             |
| Source: Telecommunications  |
| Advisors, Inc.              |
+----------------------------+

+-----------------------------+
|      SYSTEM SECURITY        |
|                             |
| To protect you company's    |
| voice mail system from      |      
| telephone hackers:          |     <---------EVIL, NASTY Ones! Oh, NOOOO!
|                             |
| o Use longer passwords,     |     <---------What a concept.
| which are harder to decipher|     
|                             |
| o Disconnect the maintanence|     
| phone line, so outsiders    |     <---------Shit, what phun is THAT?!?!?!?
| can't gain control of the   |
| system                      |
|                             |
| o Encourage employees to    |
| report any suspicious       |
| messages on their voice mail|
|                             |
| o Scrutinize system reports |
| to look for unauthorized    |
| entry into the system.      |
|                             |
| Source: Ameritech Corp.     |
|                             |
+-----------------------------+


Downloaded From P-80 International Information Systems 304-744-2253