[ISN] Phone hackers tap into hospital
InfoSec News
isn at c4i.org
Wed Mar 30 01:37:09 EST 2005
http://finance.news.com.au/story/0,10166,12699755-31037,00.html
By Paul Osborne
March 30, 2005
CYBER criminals have hacked into a private hospital's telephone
system, racking up almost $5000 in international calls in an attack
experts warn is becoming increasingly common.
Hackers believed to be operating from overseas tapped into the PABX
system at Canberra's John James Hospital.
They then made between $4000 and $5000 worth of calls to South America
and the Asia Pacific region in 24 hours from 1.30am on March 22.
Telstra technical staff who monitor irregular spikes in calls notified
the hospital and the system was shut down.
Hospital chief executive Phil Lowen said that if it was not for the
warning from Telstra it was possible a bill of $50,000 to $100,000
could have been run up over the Easter break.
Experts say older Private Automatic Branch Exchange systems, or PABX,
which are used in many companies and organisations across the country
are vulnerable to such attacks.
ACT Policing spokesman Sandi Logan said it had been the first big
attack of its kind in Canberra this year, but there had been two
others last year.
Mr Logan said an investigation into the two previous matters found it
was likely the attackers were based overseas.
But the location of the offenders could not be determined and the
investigations hit a dead end.
"What we are resigned to accepting on the cases thus far is that it
may just be impossible to determine a jurisdiction so that we can seek
assistance on formal basis from telecommunications providers or law
enforcement agencies," he said.
"But we are treating the matter seriously and we continue to do our
best to assist victims within our own jurisdiction."
Telstra and police have warned PABX users to fix any vulnerabilities
in their systems.
"They've got to harden the target," Mr Logan said.
ACT police are awaiting a report from Telstra before the John James
Hospital investigation goes any further.
Telstra estimates that up to 20 organisations are attacked by
"phreaks", as the telephone hackers are known, every month.
But the extent of damage varies depended on whether the phreaks made
calls, or simply listened in to other calls or changed messages on
phone systems.
Mr Lowen said the hospital's PABX had a facility which allowed someone
to dial in from outside the hospital to check the system.
It appeared that hackers had dialled into the line and then made
international calls.
"It looks like it was some sort of organised group," Mr Lowen said.
"It was ... like we were being used for someone else's business for a
while."
The director of the Australian High Tech Crime Centre, Federal Agent
Kevin Zuccato, said it was hard to put a figure on the impact of
hacking, but there was no doubt criminals were becoming more astute.
"I think that that type of crime is only limited by the imagination of
the criminals who perpetrate them," Mr Zuccato told ABC radio.
"I think we are going to see some far greater sophistication in terms
of the attacks."
More information about the ISN
mailing list