Phone hackers target NZ firms

By Anthony Doesburg

NZ Herald·

5 Apr, 2010 04:00 PM2 mins to read

Hackers are hijacking office telephones and running up massive bills.

New Zealand businesses are being targeted by overseas phone system hackers who are running up big bills on the victims' accounts.

Telecom and TelstraClear are warning customers to ensure they are not vulnerable to the scam, in which office phones are hijacked and used for calling an 0900 number in Somalia.

One of the victims was Auckland pharmaceutical company Boehringer Ingelheim, which found itself with a bill for hundreds of dollars.

General manager Darcy Downey says dozens of calls were made to a Somalian number in the early hours of a Saturday in February. Telecom's fraud team spotted the unusual activity, tipped him off and a toll bar was put on the company's line.

"Full credit to Telecom for getting on to it so quickly," Downey said.

Telecom gave Boehringer Ingelheim, and about 40 other affected customers, a credit for the charges.

It is not known how much money was collected by the scam, one of a variety hackers can use to profit from insecure office PABXs.

In this instance, every call to the 0900 number saw money added to the number owner's account, and victims are also hit by international toll charges. Thousands of automatically dialled calls can be made in a very short time.

The hackers, who could be operating from anywhere in the world, have a number of ways into a badly managed PABX.

They can exploit the voicemail feature of office phones that lets staff call from a remote location, enter a PIN and check messages. Or they can breach codes used by engineers to carry out system maintenance.

TelstraClear advises PABX owners to introduce PIN and password policies to foil would-be hackers. Spokesman Chris Mirams says it is the PABX owner's responsibility to make sure it is secure. The telco is seeing "a couple of customers a week" being hacked.

TelstraClear does not have a blanket policy of waiving the charges of scam victims, but deals with each on a case-by-case basis, Mirams says.

Igor Portugal, whose company Vadacom installs phone systems, says he has warned of the risk of PABX hacking. "Of all computer systems you have on your network, your PABX is one of the few that is directly linked to your wallet through your phone account."