The following article was transcribed from Tele Mgr, a magazine for, you guessed it, managers of telecommunications systems. I thought everyone would like to get an idea of how the people on the other side see them. When reading over the article, be sure to take note of the methods that are not mentioned. And like any other writing on phreaks, this article is filled with over generaliztions and unfounded connections between p/hacking and organized crime. But despite the standard lies, the article is fairly informative. Feedback or comments can be directed to me at: CybernetI [504] 272-1710, Johnny Rotten >>>>>>>>>Ratfink By now the stories are all too familiar. Your PBX/CPE customer receives a long distance telephone bill in a huge box, rather than an envelope. Throughout the bill are pages of calls from international locations and locations your customer doesn't do business with: The Dominican Republic, Mexico, Pakistan or Colombia. A total of $50,000 in international calls. Another victim of PBX/CPE fraud. For as long as there has been direct dial long distance service, there have been ways to steal it. Methods have constantly evolved over the years. First, the "boxes" fraud. Blueboxes, Redboxes, Silverboxes. With the advent of competitive long distance service, a new avenue became available, Feature Group. A FGA offers access to the interexchange carriers' network through a subscriber-type line connection rather than through a trunk. Thus the birth of "hackers" and "phreakers". Phreakers are aspiring hackers sharpening their skills by uncovering long distance authority codes.(auth codes). This is accomplished by breaking in to a company's telecommunications computer and uncovering the auth code identifying long distance customers to which phone calls are billed. The more experienced hackers are skilled in breaking into modem ports, including PBX/CPE. With divestitures and advancements in monitoring systems, FGA became less of a problem. Carrier calling cards became the favorite method for stealing service. Calling cards were wonderfully easy to steal. You didn't need to hack. All you needed was to hang around the payphone banks at any major transportation facility, watch the legitimate users dial their code or listen to them repeat it to an operator, and you were in business. All the carriers eventually developed advance monitoring systems to detect calling card abuse. Now fraudulently used calling cards are good for a few hours at most before the card is deactivated. The migration continued to the PBX/CPE environment, and extremely fertile area of attack. Many PBX/CPE owners were unaware of fraud potential. Systems were not in place to detect this fraud in a short time frame. The abuse could often continue unabated until the PBX/CPE owner received the aforementioned bill. As the years have passed, fraud migrated from one product to the next. What started as a problem with college students trying to call friends and family for free, or businesses trying to reduce their phone bill, has turned into a very lucrative market. The "call sellers" stealing phone service are professionals. The resale of lang distance service at very low rates is their full time job. While the problem was once confined to domestic calls, it has evolved almost totally to international calls. These professionals work from their homes or from payphones on the street. For as little as $5, they will sell you a 15-minute telephone call to anywhere in the world. Phreakers are still uncovering authcodes; however, this is no longer the only method employed to garner information . The migration has moved to technical expertise. Now, hackers no longer attack only dialtones, they attack modems that are the maintenance ports on PBX/CPE equipment. Once inside the equipment, the hackers reprogram features. They turn on function, such as Direct Inward System Access (DISA), that owners have turned off. They reprogram certain call processing features allowing outbound dialing from voice mail boxes or call attendants. Previously, these two communities (call sellers and hackers) worked individually. Hockers posted codes on bulletin boards or pirated voice mail boxes, and call sell operators accessed for the information. Recent activities indicate this relationship has changed to one of direct cooperation. As PBX/CPE owners have become more aware of the fraud issues over the last two or three years, they have taken steps to protect their systems. EISAs have been removed, and international calling has been blocked. The PBX/CPE equipment can no longer be abused with simple keypad manipulation. This places call sell operators in a bind. They have customers to support and cannot provide the service those customers desire. As a result, hackers and call sell operators have joined forces. A call sell operator puts a hacker on the payroll. The hacker, armed with PBX/CPE manuals, accesses the equipment and modifies it to allow a fraudulent call to be placed. These crimes require total industry cooperation to be combated. It's no something that can be solved without a combined effort by the interexchange carriers (IXCs), PBX/CPE manufacturers and distributors, and end users. EDUCATION AND AWARENESS This is the area that has produced the best results to date. Over the last two years there have been many articles published in trade journals and the general media highlighting the problem. Seminars have been conducted by the Communications Fraud Control Association, American Society of industrial Security, and other organizations, highlighting potential exposure. The IXDs have all developed some form of customer awareness training, forcing the hackers call sell operators to resort to drastic measures. It's not as east to beat a PBX as it was two years ago. Despite the advances made, however, the efforts need to be refocuses. Resources should be directed at law enforcement and the judicial system. Many believe telecommunications fraud is still a victimless crime being perpetrated against the "deep pockets" of the local and interexchange carriers. But as many PBX?CPE owners unfortunately know, industry tariffs hold the owner responsible for this type of fraud. Law enforcers need to know the carriers will assist them in any way possible to put a case together. They must know that many times there is a connection between telecommunications fraud and everyday street crimes, including the drug trade. Likewise, prosecutors and judges need to understand the impact of these crimes and to hand out appropriate sentences when a suspect has been convicted. In a recent case in New York City, a fraud suspect was convicted and sentenced to 300 hours of community service for over $375,000 of documented fraudulent phone calls attributed to this individual. That equates to over $1,000 stolen for each hour of community service, or something far less than an effective deterrent. BETTER LAWS The federal laws most often used against hackers are Title XVIII Sections 1029 and 1030. These laws offer reasonable penalties for the criminal. Many state laws lack teeth, however. In many states the best that can be done under existing laws is to charge the hacker with a misdemeanor offense. The time for change is now. Hackers don't believe they are doing anything wrong. They think confidential and marketable information should be accessible and free. They rant and rave about their First and Fourth Amendment rights. Mitch Kapor, creator of LOTUS 1-2-3 has even started a fund to help arrested hackers defend themselves. The industry needs to regain the upper hand. These hackers are nothing less than thieves stealing information and services. SECURITY Security for PBX/CBE equipment must be developed. The first area to approach is the maintenance modem port. Dial-up access to a bare modem protected by only user IDs and passwords does not offer security. PBX/CBE manufacturers should assist their customers in finding a suitable security Access Unit (SAU) to protect the dial-up port or offer such a product themselves. These SAUs work with multiple authentication schemes and can cost anywhere from $200 to $1,000 per line. All these products provide an additional layer of security. The cost differences stem from additional features such as real time alarms and audit trails. Manufacturers, suppliers and vendors must fully explain to equipment owners the existing security features of their systems. These include call restriction capabilities, event logging, traffic reporting, and auth code management features, to name a few. Emphasize to your customers that the key to protection against fraud is diligence. Customers are battling a very resourceful and tenacious enemy. Letting one's guard down for a minute could cost one's company literally thousands of dollars a day. Remember, we're up against a professional industry stealing $1 to $1.5 billion annually. It is unlikely the hackers/call sell operators will go away any time soon. They will uncover and develop methods we have yet to imagine. However, by addressing the legal issues and putting more teeth in our laws and sentences, we may be able to turn the corner on toll fraud. Until then, you must offer your customers not only great products and services, but advice on how to prevent the wrong hands from using them as well.