Three charged with hijacking corporate phone systems

Share this article:
Three Filipino residents have been charged with hacking into the telephone networks of major businesses so a group of conspirators could offer cheap rates at overseas call centers, according to a federal indictment unsealed in New Jersey.

Mahmoud Nusier, 40; Paul Kwan, 27 and Nancy Gomez, 24, each were charged with conspiracy to commit wire fraud, possession of unauthorized access devices and two counts each of unauthorized access to computer systems, the U.S. Department of Justice said Friday in a news release. The unsealing of the indictments coincided with Italian police conducting raids that resulted in the arrests of at least five Pakistani financiers who used the hacked networks to offer cheap rates at their call centers to anyone who wanted to use them.

Using the hacked networks of the U.S. companies alone, between October 2005 and December 2008, individuals were able to place more than $55 million in calls lasting 12 million minutes, authorities said. The victims included the companies whose systems were hijacked and long-distance carriers, such as AT&T, who routed the calls.

The hackers were able to break into the telephone networks, known as private branch exchange (PBX) systems, by using brute force attacks that allowed them to guess the default passwords, authorities said. The three Filipino defendants were paid $100 for each system they successfully exploited.

"This was an extensive and well-organized criminal network that worked across continents," Acting U.S. Attorney Ralph Marra Jr. said. "The hackers we've charged enabled their conspirators in Italy and elsewhere to steal large amounts of telecommunications capacity, which could then be used to further or finance just about any sort of nefarious activity here or overseas."

Peter Thermos, CTO of Palindrome Technologies, a technology risk management company, said he expects to see more incidents of telecom fraud in the next few years.

Thermos told SCMagazineUS.com on Monday that many organizations that have implemented PBX systems, which largely are VoIP based, are not properly configured or secured. He said management often is unable to recognize the threats posed to its networks.

"Basically, [this case] confirms earlier sentiments on VoIP security where companies fall victim to fraudsters due to poor security controls," he said.

PBX hacking appears to be a global problem.

In May, the Commission of Communications Regulation (ComReg) in Ireland issued an alert to businesses, warning them to the dangers of PBX hacking. The notice said that often times, businesses are unaware when they have been victimized and can lose thousands of euros as a result.

"These hacking incidents tend to occur predominantly during out-of-office hours where the perpetrators gain remote access to private exchange belonging to the business by hacking through unsecured points within the telephone system," ComReg Chairman John Doherty said in the notice.

If convicted, the defendants in this case face up to 25 years in prison and fines of up to $250,000.
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Ground system for weather satellites contains thousands of 'high-risk' bugs

Ground system for weather satellites contains thousands of ...

An audit of the Joint Polar Satellite System ground system revealed thousands of vulnerabilities, most of which will be addressed in two years when the next version of the system ...

Threat report on Swedish firms shows 93 percent were breached

The study by KPMG and FireEye also found that 49 percent of detected malware was unknown.

Former acting HHS cyber director convicted on child porn charges

Former acting HHS cyber director convicted on child ...

Timothy DeFoggi, who was nabbed by the FBI last year in its Operation Torpedo investigation was convicted by federal jury in Nebraska.