Printer Friendly

Internet phone systems become the fraudster's tool.

Byline: (Staff)

Cybercriminals have found a new launching pad for their scams: the phone systems of small and midsized businesses across the United States United States, officially United States of America, republic (2005 est. pop. 295,734,000), 3,539,227 sq mi (9,166,598 sq km), North America. The United States is the world's third largest country in population and the fourth largest country in area. . <p>In recent weeks, they have hacked into dozens of telephone systems across the country, using them as a way to contact unsuspecting bank customers and trick them into divulging their bank account numbers and passwords. <p>The victims typically bank with smaller regional institutions, which typically have fewer resources to detect scams. Scammers hack into phone systems and then call victims, playing prerecorded pre·re·cord  
tr.v. pre·re·cord·ed, pre·re·cord·ing, pre·re·cords
To record (a television program, for example) at an earlier time for later presentation or use.

Adj. 1.
 messages that say there has been a billing error or warn them that the bank account has been suspended because of suspicious activity. If the worried customer enters his account number and ATM password, the bad guys use that information to make fake debit cards and empty their victim's bank accounts. <p>Hackers made headlines for breaking into phone company systems more than 20 years ago -- a practice that was known as phreaking (jargon) phreaking - /freek'ing/ "phone phreak" 1. The art and science of cracking the telephone network so as, for example, to make free long-distance calls.

2. By extension, security-cracking in any other context (especially, but not exclusively, on communications
 -- but as the traditional telephone system has become integrated with the Internet, it's creating new opportunities for fraud that are only just beginning to be understood. <p>VoIP hacking is "a new frontier New Frontier

President John F. Kennedy’s legislative program, encompassing such areas as civil rights, the economy, and foreign relations. [Am. Hist.: WB, K:212]

See : Aid, Governmental
 in the crossover world of telecom and cyber (1) From "cybernetics," it is a prefix attached to everyday words to add a computer, electronic or online connotation. The term is similar to "virtual," but the latter is used more frequently. See virtual.  [crime]," said Erez Liebermann, assistant U.S. attorney for the district of New Jersey. "It is an ongoing threat and a serious threat that companies need to be worried about." <p>Attacks on one of the most popular VoIP systems, called Asterisk, are now "endemic," said John Todd John Todd is the name of:
  • John Todd (Virginia) (1750-1782), early Virginia official, Kentucky soldier, and grand-uncle of Mary Todd Lincoln
  • John Blair Smith Todd (1814-1872), delegate to US Congress from Dakota Territory
, who works for the product's creator, Digium, as open-source community director. "It's like stealing a baseball bat to break into a car. The first step is to break into Asterisk." <p>Asterisk hacking began evolving from a fairly "low-level problem" into a more serious issue around September of 2008, when easy-to-use tools were first published, Todd said. "There are now people doing videos on it and there are blogs and podcasts," he said. "The information is out there." <p>With these tools, it can be pretty easy to hack a VoIP system by hitting the server designed to connect traffic from the office's LAN (Local Area Network) A communications network that serves users within a confined geographical area. The "clients" are the user's workstations typically running Windows, although Mac and Linux clients are also used.  to a network provider such as AT&T, which connects the calls to the rest of the world. <p>The hacker tries to guess the VoIP system's passwords, making thousands of guesses. While an Internet program such as Gmail will block visitors after a handful of failed password guesses, VoIP systems are often not configured this way and will often let any computer connect to them. So hackers pound away at them, trying to guess working phone extensions. Once they find an extension, they run their dictionary attack A brute force attack that uses common words as possible passwords or decryption keys and may provide a more efficient way of discovering the user's code. Sophisticated dictionary attacks sort words by frequency of use and start with the most likely possibilities; for example, names of  software. If the password is easy to guess, they're in the network and can phone out for free. <p>That's what happened to Innovative Technologies, in Wheeling, W.Va. It was hacked in early October, apparently by Romanian cybercriminals who used its VoIP system to make telephone-based phishing calls to customers of Liberty Bank, a small regional bank with offices in California. <p>"They had scanned a whole bunch of IP addresses on the Internet in order to find [VoIP] servers," said Terry Lewis, CEO (1) (Chief Executive Officer) The highest individual in command of an organization. Typically the president of the company, the CEO reports to the Chairman of the Board.  of Innovative Technologies. <p>On Oct. 3, Lewis started getting voicemail from Liberty customers who had received the scam calls. He checked his VoIP system logs the next day and found that the hackers had made about 300 calls over the weekend -- not so many calls that it would normally have even been noticed. <p>Once the VoIP system is hacked, the criminals use it to perform phone-based phishing attacks, sometimes called vishing. Vishing attacks have been around for a few years now, but they've largely flown under the radar This article is about the magazine. For other uses, see Under the Radar (disambiguation).

Under the Radar is an American magazine that bills itself as "The solution to music pollution." It features interviews with accompanying photo-shoots.
, because they often target smaller regional banks rather than high-profile national institutions. The scammers move from bank to bank each week after completing their campaigns. <p>According to according to
1. As stated or indicated by; on the authority of: according to historians.

2. In keeping with: according to instructions.

 Liberty Bank, other regional institutions have also been hit with vishing attacks from hacked VoIP systems in recent weeks. <p>Liberty did not name the other banks involved, but in recent weeks, Union State Bank and Solvay Bank have reported similar scams. <p>Lewis was lucky that he didn't get hit with major phone charges. Depending on how their systems are configured, businesses can be held responsible for any phone charges -- international call charges, for example -- that arise from the incident. <p>"If someone starts abusing your telephone system, you are potentially on the hook Adj. 1. on the hook - caught in a difficult or dangerous situation; "there I was back on the hook"
dangerous, unsafe - involving or causing danger or risk; liable to hurt or harm; "a dangerous criminal"; "a dangerous bridge"; "unemployment reached dangerous
 for a lot of money," Digium's Todd said.<p>Liberty Bank First Vice President Jill Hitchman believes that the scammers who targeted her bank probably hit between 30 and 35 businesses and were making between 20,000 and 30,000 phone calls per day. "I don't think these companies realize they're probably going to be getting charges," Hitchman said. "The bigger issue is, how are these phone systems being accessed and why can't we stop it?" <p>Only a few Liberty customers fell for the scam, Hitchman said, but the attackers knew what they were doing. First they would sign up for AOL (A division of Time Warner, Inc., New York, NY, The world's largest online information service with access to the Internet, e-mail, chat rooms and a variety of databases and services.  accounts, to test that the card numbers worked. Because AOL offers free trial memberships, these charges do not show up for months. By that time, the scammers have put the information on fake ATM cards and emptied the bank accounts. <p>Businesses could prevent a lot of these attacks by changing the port they use for Session Initiation Protocol (protocol) Session Initiation Protocol - (SIP) A very simple text-based application-layer control protocol. It creates, modifies, and terminates sessions with one or more participants. Such sessions include Internet telephony and multimedia conferences.

It is described in RFC 2543.
 (SIP) connections on their VoIP systems, by blocking connections after a certain number of failures, and by simply using better passwords on their voice systems, security experts say. <p>The problem is that for most small and midsized businesses, security is just not a priority. "People care way more about whether their conference calls are going to have decent phone quality," said Rodney Thayer, CTO (Chief Technical Officer) The executive responsible for the technical direction of an organization. See CIO and salary survey.  with VoIP security company Secorix. <p>They don't think about their VoIP systems as vulnerable to Internet attacks just like Web or e-mail servers, and that's a mistake, Thayer said. "They think about it as a different system, and it's not," he said. "It's all the same stuff; it's all data going over a network." <p>Copyright 2009 IDG IDG International Data Group
IDG Integrated Drive Generator
IDG Installation Design Guide
IDG Internet Discussion Group
IDG Inset Dielectric Guide
IDG International Dangerous Goods (mail, shipping) 
 Middle East. All rights reserved.

Provided by an company
COPYRIGHT 2009 Al Bawaba (Middle East) Ltd.
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2009 Gale, Cengage Learning. All rights reserved.

 Reader Opinion




Article Details
Printer friendly Cite/link Email Feedback
Publication:Network World Middle East
Date:Nov 1, 2009
Previous Article:China claims supercomputer among world's fastest.
Next Article:Twitter Lists rolled out to masses.

Related Articles
Unawed by fraud: new techniques and technologies have been enlisted in the fight against online fraud.
ClearCommerce issues warning against `Second Address Line` scam.
Easy money.
pounds 580m a year cost of cyber crime.
S African customers alerted.
Your Life: DON'T HAVE AN identity crisis.. CONSUMER It's a growing problem - thousands of people are being targeted by criminals trying to steal...
Telecoms firm finds a way to cut off the phone fraudsters; science & technology In association with NETPARK.

Terms of use | Copyright © 2014 Farlex, Inc. | Feedback | For webmasters