TUCoPS :: Cyber Law :: busweek.txt

Phone Hackers are Tapping PBXs (article)

The following article is from "Business Week" February 4, 1991.
page 90


Does Someone Have Your Company's Number?: Phone Hackers are
Tapping PBXs, Running Up Millions in Charges

by Mark Lewyn


     When Linda N. Paris opened the August, 1989, phone bill for
Philadelphia Newspapers Inc., the telecommunications manager was
stunned.  On a single day, more than 6,000 calls had been placed
from the telephone switch that serves the company's two papers,
the "Inquirer" and the "Daily News," to numbers in Pakistan,
Egypt, and the Dominican Republic--places Philadelphia reporters
rarely call.  During the month, such calls added up to about
$90,000--nearly a quarter of the Knight-Ridder Inc. unit's entire
phone bill.

     Philadelphia Newspapers was a victim of a relatively new
high-tech crime wave: PBX fraud.  By stealing numerical
passwords, thieves can tap into corporate switchboards, known as
private branch exchanges, or PBXs.  Once inside, they can dial
anywhere-on the victim's tab.  Often, the culprits are drug
dealers, who use PBXs to place hard-to-trace calls.  Others are
shady entrepreneurs, who sell the access numbers on the streets,
usually to immigrants who can't otherwise afford to call home. 
By the time a PBX owner realizes what's going on, there's not
much chance of tracking the criminals down.  "I doubt we'll ever
find them," says Paris of the Philadelphia PBX hackers.

     HEAVY TOLL.  Dozens of companies have been hit, including
Procter & Gamble, Sumitomo Bank, and Christian Broadway Network. 
The cost of companies could be as high as $500 million annually,
estimates Rami Abuhamdeh, executive director of the
Communications Fraud Control Assn., a group of phone companies
and law-enforcement officials.  Abuhamdeh concedes that accurate
loss estimates don't exist but says: "This is one of the fastest-
growing problems in the communications business."

     Toll-call fraud is nothing new.  Since the 1960's, for
example, college students have circulated stolen calling-card
numbers.  But computers at American Telephone & Telegraph, MCI
and U.S. Spring now alert security officials to suspected card
ripoffs in as little as two hours by spotting unusual usage.  And
new technologies have rendered useless the "blue boxes" that
"phone phreaks" once used to place free calls by mimicking the
tone of network switches.

     The corporate PBX is one of the last weak links.  Hackers
start by finding the toll-free 800 number of a particular PBX. 
Then, they determine the code that an employee away from the
office uses to place a long distance call through the switch. 
According to law-enforcement officials, some thieves obtain 800
numbers and passwords by spying on executives using pay phones. 
Others known as "dumpster divers," ransack garbage for numerical
keys to the switching systems.  Some hackers use computer
programs that try thousands of numbers until they hit working
passwords.  For kicks, they sometimes post them on electronic
bulletin boards.

     EVASIVE MANEUVERS.  Thieves who sell the codes are a bigger
problem.  "Call-sell" operations, run from pay phones or out of
apartments, offer illegal toll calling for a cash payment. 
Security officials at MCI Communications Corp. say that call-
selling began in NYC but in the past year has spread to LA,
Chicago, and other cities.  Last April, MCI led investigators to
a man and a woman in upper Manhattan whose call-sell operation
ran up more than $178,000 in charges to unwitting companies. 
They pleaded guilty last fall to state grand larceny and
computer-trespass charges.

     More often, though, the lawbreakers disappear without a
trace.  To evade detection, they use a technique known as
"looping."  They break into one PBX, but instead of dialing the
final destination from there, they tap into a second PBX and then
complete the call.  That makes it harder to track the caller. 
Even if they're caught, PBX hackers usually get off lightly
because judges don't regard such fraud as a major crime.  The two
operators in New York were sentenced to perform community
     Long-distance carriers are working with customers to keep
PBX fraud from spreading.  MCI has sent security tips to 250,000
corporate customers.  It suggests lengthening customers.  It
suggests lengthening passwords, to make them harder to figure
out, and blocking the PBX from making international calls if
employees have little need to make them.  Another tip: Shut off
remote access to the PBX during nonbusiness hours.

     Customers have good reason to adopt preventive measures.  So
far, courts have ruled that they're liable for the charges, even
if their employees didn't make the calls.  However, some
companies have persuaded carriers to forgo charges for the stolen
calls.  Christian Broadcasting Network, which in 1987 was hit
with $40,000 in fraudulent calls, "hasn't paid MCI anything,"
says Paul D. Flannigan, CBN's vice-president for information
services.  "I expect it to stay that way."

     Still most customers have no idea how vulnerable they are to
PBX fraud, carriers say.  That means there is a flock of
corporate pigeons ready for phone thieves to pluck.


The Big Bills from PBX Fraud
A Sampling of Major Losses

victim                             fraudulent charges
New York City Human                $704,000
Resources Administration
Procter & Gamble                   300,000
Sumitomo Bank                      97,000
Philadelphia Newspapers            90,000
Tenessee Valley Authority          65,000
Christian Broadcasting Network     40,000

data: company reports, Los Angeles Police Dept.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH