Wednesday, May 28, 2014

Phone Hack

To my son Tommy,

If they can figure out a way to make money on it, they will do it. Of course the proverbial "they" here refers to all the ne'er-do-well types out in the world. My company was victim of one of these scams/hacks over the weekend.

To my defense, I protect and am in charge of the computers for our company, not the phone system. The corporate phone structure was set up way before I got here and maintained by a third party contract. Still, this type of hack could have happened with whatever system because the weak link in the system is the end user.

You see, someone hacked some of our corporate mailboxes for our phone system. When an end user uses a passcode like 1111 or such, it is quite easy to do. At first I asked myself why and for what gain. I mean we aren't the target for corporate espionage and most of the information that our competitors could use, like what jobs we are bidding etc, is public knowledge. Nope this is about long distance phone calls.

They hack a phone extensions mailbox. Then they set up a call forward. This call forward is to some international number, in this case the most common one was to Sierra Leone. Then when they call our office and dial that extension, the phone in the office doesn't ring and instead some phone in Africa does.

At first I thought this was ingenious and only a minor nuisance. I pictured some poor immigrant trying to call his grandparents and found a clever workaround. I couldn't really even get mad as I was just impressed. Then I found out the plan was much more insidious.

Countries like Sierra Leone get paid every time a phone call comes into their country from the States. All the long distance carriers have to cough up some dough when a phone rings and, I assume, is answered. Probably more for the connection charge than for any conversation. You know...twenty dollars the first minute, a dollar a minute there on out...type thing. So these countries hire hackers to run equipment to hack corporate phone systems and just make call after call so their utilities can bill AT&T or whomever is the long distance carrier.

This news stunned me. Governments hiring hackers to charge up the phone systems. Sure you here about Chinese computer hackers now supposedly attacking corporate interests in the United States, and the old Nigerian scam email system is rampant, but I had never heard of African phone hackers. I knew these countries ignored the dubious computer activities and hacker groups, but I thought they just had more important things to worry about and were in no position to stop it. I didn't realize they were actively promoting it and paying people to do it. This to me is an act of war and I would think our country would step in and do something about it. At least you would think the phone companies would stop it by refusing service to these countries or at minimum creating a default opt in policy to call these countries instead of an opt out policy which we are implementing right now.

Be careful out there my son. The world is filled with nefarious people who will find ways to screw you or your company. Hopefully my company doesn't have to pay any of these charges, but I don't think the African countries will forgive the bill to the long distance carriers, so in the end someone is paying. It makes me think that returning to an old phone system, without all the bells and whistles that could be exploited, is the way to go. Old school for the win. Now where is my rotary phone...

Sincerely with love from your dad,

No comments:

Post a Comment