Application vulnerability specialist Fortify says that reports of a US firm being hit by $52,000 phone bill after hackers gained unauthorised access to the company’s PBX, is a timely warning for all companies to protect their telephony resources.
“The advent of IP-enabled PBXs, and remotely- programmable conventional PBX systems means that hackers can rack up large phone bills on the unfortunate victim’s account,” says Robert Rachwald, Fortify’s director of product marketing.
Once a hacker has reprogrammed a company PBX to allow free dial- through international calls, one or more people act as `human operators,’ he explains, accepting payments – always in cash – and then allowing callers to place international calls.
Meanwhile, Fortify is also warning businesses to beware of hacker fall-out from the ongoing Israeli-Palestinian conflict – even those with the remotest connections to the Middle East.
“Our observations suggest that a large number of web sites have been defaced by a variety of hacker groups from Iran, Lebanon, Morocco and Turkey, and the trend is accelerating,” says Bruce Jenkins, a retired major with the US Air Force and current Fortify security expert.
“In the past, attacks were focused on the Department of Defense and other government organizations. But as the government, led by the US Air Force, have built up their cyber defences, hackers need to move to less suspecting targets.
“Basically this means that any company with an Internet connection and which has perceived or rumoured connections with the two countries involved in this conflict – or has links with allegedly partisan firms who are also connected – could find their web site and/or Internet-connected systems under active attack,” he adds.