February 11, 2009 2:27 PM
- Text
Homeland Security Phones Hacked
(AP)
A hacker broke into a Homeland Security Department telephone system over the weekend and racked up about $12,000 in calls to the Middle East and Asia.
The hacker made more than 400 calls on a Federal Emergency Management Agency voicemail system in Emmitsburg, Md., on Saturday and Sunday, according to FEMA spokesman Tom Olshanski.
FEMA is part of Homeland Security, which in 2003 put out a warning about this very vulnerability.
The voicemail system is new and recently was installed. It is a Private Branch Exchange, or PBX, a traditional corporate phone network that is used in thousands of companies and government offices. Many companies are moving to a higher tech version, known as Voice Over Internet Telephony.
This type of hacking is very low-tech and "old school," said John Jackson, a St. Louis-based security consultant. It was popular 10 to 15 years ago. Telecommunications security administrators now know to configure security settings, such as having individual users create unique passwords and not continue to use the password assigned to users in the initial setup.
"In this case it's sort of embarrassing that it happened to FEMA themselves - FEMA being a child of DHS, with calls going to the Middle East," Johnson said.
Afghanistan, Saudi Arabia, India and Yemen are among the countries calls were made to, Olshanski said. Most of the calls were about three minutes long, but some were as long as 10 minutes.
Sprint caught the fraud over the weekend and halted all outgoing long-distance calls from FEMA's National Emergency Training Center in Emmitsburg.
FEMA's chief information officer is investigating who hacked into the system and where exactly the calls were placed to. At this point it appears a "hole" was left open by the contractor when the voicemail system was being upgraded, Olshanski said. Olshanski did not know who the contractor was or what hole specifically was left open, but he assured the hole has since been closed.
In 2003, Homeland Security and the FBI investigated multiple reports about private industry being breached by these types of hackers.
"This illegal activity enables unauthorized individuals anywhere in the world to communicate via compromised U.S. phone systems in a way that is difficult to trace," according to a department information bulletin from June 3, 2003.
The hacker made more than 400 calls on a Federal Emergency Management Agency voicemail system in Emmitsburg, Md., on Saturday and Sunday, according to FEMA spokesman Tom Olshanski.
FEMA is part of Homeland Security, which in 2003 put out a warning about this very vulnerability.
The voicemail system is new and recently was installed. It is a Private Branch Exchange, or PBX, a traditional corporate phone network that is used in thousands of companies and government offices. Many companies are moving to a higher tech version, known as Voice Over Internet Telephony.
This type of hacking is very low-tech and "old school," said John Jackson, a St. Louis-based security consultant. It was popular 10 to 15 years ago. Telecommunications security administrators now know to configure security settings, such as having individual users create unique passwords and not continue to use the password assigned to users in the initial setup.
"In this case it's sort of embarrassing that it happened to FEMA themselves - FEMA being a child of DHS, with calls going to the Middle East," Johnson said.
Afghanistan, Saudi Arabia, India and Yemen are among the countries calls were made to, Olshanski said. Most of the calls were about three minutes long, but some were as long as 10 minutes.
Sprint caught the fraud over the weekend and halted all outgoing long-distance calls from FEMA's National Emergency Training Center in Emmitsburg.
FEMA's chief information officer is investigating who hacked into the system and where exactly the calls were placed to. At this point it appears a "hole" was left open by the contractor when the voicemail system was being upgraded, Olshanski said. Olshanski did not know who the contractor was or what hole specifically was left open, but he assured the hole has since been closed.
In 2003, Homeland Security and the FBI investigated multiple reports about private industry being breached by these types of hackers.
"This illegal activity enables unauthorized individuals anywhere in the world to communicate via compromised U.S. phone systems in a way that is difficult to trace," according to a department information bulletin from June 3, 2003.
Popular Now in SciTech
- Tesla's Model X: Finally, an electric car we all want
- Apple iPad 3 rumors: thicker, sharper, coming soon
- Retro Duo will play your old Nintendo games
- iPad 3 mini on the way, says analyst
- Apple iPad 3 rumors resurface, sources say March release
- Happy 50th to computer game Spacewar
- Apple iPhone 5 rumors, reports say June release
- Obama's 2012 campaign playlist now on Spotify
- Google developing home entertainment system
- Facebook graffiti artist David Choe, from homeless to millions
- Facebook required for Spotify account, here's a trick
- Apple iPad 3 rumors, let's get real
- FBI releases Steve Jobs background report
- Ethical iPhone 5 petitions head to Apple stores
- Shocking Stats on Texting While Driving
- Hackers release Symantec pcAnywhere source code
- How to get the Diablo III beta test
Latest CBS News Headlines
on Facebook
on CBS News
- The nation's weather
- Filmmaker Douglas Trumbull receives honorary Oscar
- Houston's body taken to morgue; autopsy planned
- Obama to submit his budget to Congress on Monday
on Facebook
- Whitney Houston 1963-2012
- Adele sings a cappella for Anderson Cooper
- Remembering Whitney Houston 1963-2012
on CBS News
