In today’s news there are headlines showing the darkest side of Telecom Fraud:
- Terrorists Steal $2m in US Phone Hacking - PC Magazine
- AT&T Hackers Have Terrorism Ties, Police Say – InformationWeek
- AT&T customers in $2M Saudi terror hack, via Philippines - Computerworld (blog)
- Philippines police arrest four over phone scam - The Guardian
Although the titles are different, the
source and the story is all the same. The Philippine National Police –
Criminal Investigation and Detection Group (CIDG) put out a press release
explaining how a “joint operatives from the CIDG and the
United States Federal Bureau of Investigation (FBI) have busted a group of
Filipino hackers whose operation is allegedly being financed by a Saudi-based
terrorist group”.
This operation was in response to a
complaint filed by AT&T about the hacking of AT&T customer’s PBX’s.
ATCCD
chief, Police Senior Superintendent Gilbert Sosa said the “hackers in Manila
were being used by the Zamir’s terrorists group to hack the trunk-line (PBX) of
different telecommunication companies including the AT&T. Revenues derived
from the hacking activities of the Filipino-based hackers were diverted to the
account of the terrorists, who paid the Filipino hackers on a commission
basis via local banks.”
Sosa
said that FBI agents who have been investigating incessant hacking of
telecommunication companies in the US and in the country since 1999 have
uncovered paper trail of various bank transactions linking the local hackers to
the Saudi-based cell whose activities include financing terrorist activities.
AT&T has made it clear that they
were not hit directly, Jan Rasmussen, a spokeswoman for AT&T, said it wrote
off some fraudulent charges that appeared on customer bills. She declined to
elaborate or comment on the $2m figure.
The Guardian article adds:
Though
the FBI declined to give official details of how the group took the money, one
person familiar with the situation said that the hackers broke into the phone
systems of some AT&T customers and made calls to international premium-rate
services whose payments would be diverted.
Such
scams are relatively common, often involving bogus premium-service phone lines
set up across Eastern Europe, Africa and Asia. Fraudsters make calls to the
numbers from hacked business phone systems or mobile phones, then collect their
cash and move on before the activity is identified. Telecommunications carriers
often end up footing the bill for the charges.
Now this is a long way from Captain Crunch and the
original phone phreaks,
and it is way beyond what Steve
Jobs and Steve Wozniak used blue boxes to steal long distance calls. In
those cases it was both the thrill of the geek being able to break the system.
But in hind sight, the progression
from teens and college students playing for the thrill of it, to organized
crime using calling cards or breaking into PBXs for premium number or pass
through fraud, to terrorist doing the same is an easy progression to follow.
The lessons are easy to see – no one
can protect you if you do not take proactive action. Just like you are not
protected from computer infections if you do not install anti-virus, if you do
not protect your PBX you can be exposed to millions of dollars in fraud – and you
can be helping terrorist. AT&T could not protect its customers even once it
identified the fraud.
