A little over a year ago I was explaining on the
VoIP Users Conference weekly call about how Al Qaeda had been hacking AT&T customers for over US$2 million in the session titled
Shssshhhhhh!!!! Al-Qaeda Phreaking! (a recording of the session is available at: http://www.voipusersconference.org/?powerpress_embed=3669-podcast.
Now a year later New York
Sen. Schumer: Al Qaeda-linked phone hackers costing NY small businesses says that another:
phone hacking ring with ties to Al Qaeda-related groups in the
Philippines and Somalia have targeted small businesses in New York,
stealing hundreds of thousands of dollars worth of overseas long
distance calls.
It is not as large an amount stolen as last time, but it is scary to think that in-spite of the assassination of their leader Al Qaeda is back to their old tricks of hiring people to hack to fund them.
As Sen. Schumer reports
26 businesses in New York's capital area, which includes Albany, have come forward to say they’ve been victims of a communications
scheme. Schumer said hackers were manipulating businesses’
voicemail systems to make thousands of costly long-distance calls
overseas, leaving New York businesses on the hook for the substantial
bills.
For example:
One dry cleaning company in the area, he said, was hit with a $150,000
phone bill for nearly 9,000 overseas calls. That business is currently
in a legal battle with its telephone provider over the bill .
On his
official site he has called on carriers to put in place limits.
A copy of Schumer’s letter to the telecom industry and the Federal Communications Commission appears below:
Dear US Telecom and NTCA,
I am writing today after learning of several instances of a voicemail
scam praying on multiple New York small businesses. As I am sure you
are aware, this fraud occurs when hackers discover a loophole in the
voicemail system and use this to make long-distance calls that can cost
thousands of dollars. As this scam can occur over a series of days or
even weeks, many of these victims are left with a bill of hundreds of
thousands of dollars. During these times, small businesses need all the
available help in order for them to continue to prosper and grow.
Both your members and these small businesses have been victims of
this crime. These hackers, as they mostly operate from overseas, can be
very difficult for law enforcement to catch. Therefore, I am hopeful
that we can work together on adequate steps to provide stringent fraud
detection services for small business phone lines so that we can
eliminate the charges for small businesses and for your members. I
believe that the credit card industry could provide inspiration in this
effort. They have established robust fraud prevention services to allow
businesses and customers to learn almost immediately when a suspicious
purchase is made. In addition, they can require authorization prior to a
suspicious purchase.
We all have an interest in
ending this fraud. Neither your members nor their customers wish to
help connect potential criminals or terrorists with their allies
overseas. I believe an industry-led effort to detect voicemail fraud and
end these unauthorized charges would allow small businesses to continue
to innovate without the fear of extremely high charges. I have copied
the Federal Communications Commission to ask them to assist your members
with their expertise in this matter.
I thank
you for your attention to this important matter, and look forward to
working with you to assist you in protecting American small businesses
from unfair and deceptive practices.
Sincerely,
U.S. Senator Charles E. Schumer
CC: Federal Communications Commission
Although Senetor Schumer is correct that this is a problem that the carriers need to address, that does not mean that businesses can not, or should not, be proactive with monitoring, blocking, and call restrictions on their phone switch.
As our
security audits have shown many PBXs leave open holes that can be exploited.
- Do all phones need long distance or international calling?
- Have unused/unneeded voicemail boxes been left open?
- Do you have time of day/day of week restrictions on your phones (why can calls be made at 2 am on a Saturday if you are only open Monday to Friday 9-5)?
- Do you still have easy to use or default passwords on your voicemail, PBX, or phones?
Have your phone staff or vendor check to make sure that these basic problems have been addressed or contact me and we can discuss a security audit.
Protect yourself because the phone companies will almost always expect you to pay at least part of the phone fraud done using your phone lines.
